Securing your PC

by Alastair Ainslie

These are just some notes I have put together as a quick guide to securing your PC.
They are mostly aimed at Windows users, but most of the principles apply to other operating systems.

Get up to date!

The first thing that anyone with a Windows PC should do is to visit Microsoft's official Windows Update site, www.windowsupdate.com and get all the latest patches. You may want to get that started whilst you are reading this page, just open that site in a new window by right-clicking on the link and selecting "Open in New Window".

There's also one notable security hole that you can fix yourself. Open up Windows Explorer and select the Tools menu. From there select Folder Options and then the View tab. Make sure that "Hide extensions for known file types" is unchecked. The reason for doing this is that many virus writers disguise their creations by giving them filenames with double file extensions, such as VIRUS.TXT.EXE If you have the default Windows setting of "Hide extensions" enabled, you might assume that this file was a perfectly safe text file, VIRUS.TXT, and open it.

Guarding the mail

This double extension trick is the sort of thing that is particularly easy to do in Outlook and Outlook Express, which is one reason why I would always recommend that people use an alternative email client such as

• Pegasus Mail (freeware) - what I use
• The Bat! (€35 for individuals) - the power user's choice, has sophisticated security add-ons
• Eudora($50 or free advert-supported version)
• Becky! (?$40)

Good email clients 'sandbox' potentially dangerous emails such as those containing HTML code, thus emasculating many of the viruses that target Outlook or Outlook Express. If you must use the latter, you should plug some of the security holes that result from the fact that they use Internet Explorer to handle HTML emails.

Whatever email client you use, the golden rule is never open an email you aren't expecting or are at all suspcious about, even if it is from someone you trust. It is trivially easy to spoof a 'From:' email address, and many viruses send copies of themself to everyone in the address book of their victim. If possible, send documents in forms that can't harbour viruses - save Word documents as .RTF or .TXT, and spreadsheets as .CSV for instance.

Discouraging 'visitors'

There are all sorts of trojans, viruses, and teenagers trying to get into your computer - or, heaven forbid, inside it trying to call home with all your innermost secrets. A great way to stop this is to install a firewall. I use Sygate, and would also recommend Kerio - they just do what it says on the tin and unusually their free versions protect home networks using Windows' Internet Connection Sharing (ICS). Zone Alarm and Outpost are also popular, but they have become bloated of late, leading to more clashes with other software. With firewalls, simpler is definitely better - they shouldn't need updating. Windows XP includes a firewall but it only works one way, it can't control nasties calling home with the contents of your hard disk. The forthcoming Service Pack 2 is promised to include a 'proper' firewall, but for the time being you have to disable the Windows firewall (on the Advanced tab of the Properties of your internet connection to allow a third-party firewall to work properly.

Unfortunately some mild nasties can sneak onto your system while you are using the Net even if you do have a firewall. Two bits of software that are essential for controlling spyware, startpage hijackers and their friends are Ad-aware and Spybot - Search & Destroy. The two are complementary, and catch things that the other miss, so I would run Ad-aware first, as it is more about cleaning out the bad guys, followed by Spybot, which puts more emphasis on 'immunisation'. Run Spybot in Advanced mode, click on "Immunise", and check the three "Lock...." checkboxes at the bottom of the Immunise page.

If you get a really persistent spyware bug or start page hijacker, first trying cleaning it with CW Shredder, and if that doesn't crack it, read the Spywareinfo.com FAQ and download the more comprehensive, but much less user-friendly, Hijack This!.

In theory, if you have a good firewall and aren't stupid about opening email attachments, you shouldn't need antivirus protection. But it's still a good idea, especially when there are free antivirus programs that are as good as AVG antivirus. Online scans such as Trend Micro's are useful but shouldn't be relied on as a first line of defence. I'd steer clear of Norton Antivirus though, people just seem to have too many problems with it, particularly with Zone Alarm. Symantec remains the definitive source of information about viruses though, and they're quite good at providing free tools to clean your system of the most common viruses. The Symantec hoax section is the first place you should check if someone sends you an email about a 'new virus', usually the virus is fictitious, but the warning emails spread like a virus! I must emphasise that it is vital to keep your virus definitions up to date. An old antivirus is worse than none at all, as you are lulled into a false sense of security while remaining defenceless against the latest viruses. Ideally, if you receive a suspect file, you should wait a week or two before scanning it with your (newly-updated) antivirus program, to protect yourself from viruses that are so new that the antivirus company hasn't seen it yet. They're pretty good at creating new definitions quickly, but that's no good if you are infected in the first few minutes of an epidemic!

Safer browsing

The Worldwide Web has changed rapidly in the last few years. In the late 1990's, Netscape and Microsoft grew impatient with the bodies that set standards for writing web pages, so they developed all sorts of proprietary codes that wouldn't work with the 'other' browser. This was a real nightmare for web developers, fortunately with version 4 of their browsers, Netscape and Microsoft started to support common web standards such as CSS stylesheets. Any browser prior to then will not format modern webpages correctly - the only thing that can be said for those early browsers is that they were not as bloaty as modern ones.

Unfortunately, the version 4 browsers were somewhat idiosyncratic in their implementations of the standards (and tended to crash a fair bit too). If you want to see the web as its designers intended, you must have a browser that is later than version 4. Netscape 6 was still fairly buggy, IE5 for Mac was legendarily bad, but the latest versions of the major browsers are pretty good. As someone who builds web sites, I would urge you to junk any old browsers on your computers - it makes life a lot easier! You will also benefit in the long run, as it will mean that webmasters can spend their time creating and updating great websites, rather than worrying how to hack their code to accomodate some buggy, obsolete browser.

It's not just a question of webpages looking 'right' - the latest browsers have had many security holes fixed and not using the latest version of your browser must be considered a major security risk.

Among other things, www.windowsupdate.com will update Internet Explorer to the latest version. But given Microsoft's slapdash approach to security, and IE's popularity (which makes it an attractive target for the bad guys), many people are turning to alternative browsers :

• Mozilla (freeware) - should be your first choice, v1.0 is effectively Netscape v8 after AOL abandoned Netscape
• Netscape (freeware) - being overtaken by its sibling Mozilla, long-term future is uncertain
• Opera ($39 or free advert-supported version) - has devoted fans, but is less forgiving of dodgy HTML than others

You may find yourself facing a choice of downloads of these browsers, with and without a Java Virtual Machine (JVM). Java is a programming language invented by Sun Microsystems that is used in everything from TV set-top boxes to the security modules of banking websites and games on mobile phones. The idea behind it is that you write one lot of code, and then hardware-specific JVM's do all the tricky bits of interpreting that code into something that it will run on a particular type of hardware. Microsoft included their JVM as part of Internet Explorer up until Windows XP Service Pack 1a (SP1a) in early 2003, now you have to download a JVM from Sun. If you already have a JVM, you don't need to download another one with a new browser.

One advantage cited by fans of the alternative browsers is their page-tab interface. If you don't want to abandon Internet Explorer altogether (many websites ignore web standards and only work with IE, so you can't ditch it altogether in any case), then there are several add-ons that bring tabbed browsing to IE. These include Avant Browser, Browse3D, Childsoft, Crazy Browser, Cubic Eye, Fast Browser Pro, IBM Home Page Reader (for the partially sighted), myIE2, Neoplanet, Netcaptor, Rapid Browser, Secure IE, Simpliciti, Slim Browser, Smart Explorer. If you find that choice bewildering, try Avant first, followed by MyIE2 and Netcaptor.

Now open www.windowsupdate.com in a new window immediately, and in the meantime, continue to browse this site by going back up to the top navigation bar! Please mail me if you have any comments on this page, although I should emphasise that it is intended as an easily-digestible introduction rather than a comprehensive treatise on the subject...