One of the biggest things I've been looking at recently is computer security. I very commonly have to deal with problems from people who don't secure their computers properly. The reason they don't secure their computers is simply - it's just too damm hard! Microsoft has made it as easy they can to secure your system and maintain usability at the same time, but with the internet, whenever something is fixed, there is soon away to get around that fix again, which is why it is REALLY IMPORTANT to keep on top of it. Patching and security software is only 1/2 of the equation though - your actions are the other 1/2 of the equation. This article will teach you about computer security and hopefully prevent you from ever becoming compromised by the bad guys.
User Accounts
Windows XP
Before you even start thinking about Anti-Virus and Internet and everything, you should start with Windows. Ever since Windows XP (or Windows NT for Business users) Windows has provided a way to have separate user accounts. These accounts kept everything each member of the household did in their own separate section of the computer and also allowed the parent to make their kids limited accounts so they could not muck around with the system settings. Unfortunately this idea that parents should be running as Administrator was not the best idea to put across and caused a lot of problems. If you are running as an Administrator and you get a virus or other piece of software on your system and you run it - it has full access to your system, it can change, delete or add whatever it wants. If you are running as a limited account, then if you run that same virus or program, it cannot change any of the system files, the worst it can do is muck your user profile up, which you can delete and create again if needed. So if you are running as an Administrator on Windows XP - please stop it. Create another Administrator account with a good password, login with that and then change your user account type to limited. If you need to install a program or change a setting then login with the Administrator account, make the change and log off again. This will definitely help in keeping your Windows XP computer.
Windows Vista and Windows 7
In Windows Vista, Microsoft realised that they had gotten that security model in XP wrong and needed to switch to the system the Mac OS X and Linux use - elevation. In these systems, you always run as a limited account and when you need to make a system change or install something, you get asked to provide your Administrator password to make the change. This is where UAC came from. UAC stands for User Account Control and it's that box that comes up in Vista (and Windows 7) asking you if you would like to Continue or Cancel. Unlike what a lot of people perceive, this box does not simply appear because Windows doesn't trust you can make decisions yourself, this box is asking for permission to elevate to Administrator level to allow you to change a setting, install a program or edit a system folder. Unlike OS X it doesn't even require you to enter your password. Even if you set yourself up as an Administrator in Windows Vista or 7, you are still a limited account, it simply provides a token to say that you are an administrator and not to ask for a password if a UAC prompt is triggered, so you only have to click Continue. UAC makes the screen go dim so that a program cannot click the Continue button for you, this dimmed screen is called the Secure Desktop. The reason it used to appear so much on Windows Vista when it was first released was that most programs written for XP automatically decided they would take Administrator control - simply because they could. When Microsoft cracked down on this in Windows Vista, you got more of these screens asking for permission. Programs that are properly written for Windows Vista should not pop up these screens unless they actually are making a change. So as much as people say to disable UAC - please DON'T. It's there for a reason, if you see one of these UAC boxes pop up when you're doing something like writing a word document, surfing a web site or checking an e-mail, ALWAYS CLICK CANCEL! These type of things should never produce a UAC box and if they do, then it's probably something like a virus or trojan trying to edit something, clicking Cancel will stop it in it's tracks. Lastly UAC means that when you run your kids on Limited Accounts if they do need to make a settings change, you can simply type in your password without having to log them out and in again.
^^^ A UAC Prompt in Windows Vista/7 ^^^
Windows Update
Windows Update is another extremely important part of Windows. Patching Windows is arguably more important than running an anti-virus program. Every month, Microsoft finds all the problems, security holes and other assorted bugs from Windows, Office and it's other products and puts fixes into Windows Update. Windows Update is a website on Windows XP and an actual program in your Control Panel in Windows Vista and 7. It is extremely important that every week (every month at a minimum) to have a look and make sure that there are 0 updates waiting to be installed. If there is any available, then make sure you install them. Windows will automatically install most of them if you have it configured properly, but it is still important to check as sometimes it gets stuck and future updates don't get installed. Also if it asks you to restart to complete updates, then you really should restart the next time you stop using your computer. To access Windows Update goto Start, All Programs and click on Windows Update. The following story is the reason why you need to update. In October 2008, Microsoft found a serious bug in Windows where the networking had a bug in it. Microsoft patched this bug in October and you'd think, problem solved! Well it wasn't, some hackers took the patch and reversed engineered it so that they could figure out the problem and exploit it. The exploit they created only affected people who had not updated Windows with this patch. If you kept Windows up to date this had no problem whatsoever. The worm they created from this hole was called Conficker - it has to date, infected over 11 million computers worldwide. The hackers can control these computers and if they want to, could use it to take down websites, though they haven't done it yet. So the moral of this story is UPDATE WINDOWS and Update it regularly.
^^^ Windows Update as it should look on every secure system ^^^
Anti-Virus, Anti-Spyware and Firewall
These are your second in line defense. If you update Windows and surf the web safely then you will probably never need to use any of these. I would personally avoid using security suites like Norton 360 and McAfee. These are the first things that most viruses will target and they also bloat the system out with a whole bunch of junk that you will never need. Currently the best paid Anti-Virus is NOD32 ( http://www.eset.com/ ) and the best free ones are AVG ( http://free.grisoft.com/ ) and Avast! ( http://www.avast.com/ ). In October though, you must grab this program called Microsoft Security Essentials ( http://www.microsoft.com/security_essentials/ not currently downloadable). This is Microsoft's security suite and it will be free. It is actually a really good program and I highly recommend it when Microsoft releases it. The program is fast, quiet and just does the job without bloating your system. Also because it's written by Microsoft, it's not going to muck around with system files that should be left alone. It also won't attempt to sell you the "Professional Version" - it's in Microsoft's best interest to get you to secure your computer as much as you can, they get better media coverage, they have less Windows PCs involved in botnets and their software is all up more reliable. So in October if you are using AVG or Avast! then I'd switch over to Microsoft Security Essentials. If you're using Norton or McAfee then I would also think about it too, or if you still like the idea of using a paid product, check out NOD32. Windows comes with it's own Firewall which is quite adequate. You router also has a firewall built into it which is more secure than any software firewall.
^^^ Microsoft Security Essentials - The Free Anti-Virus/Anti-Spyware soon to be available for your PC ^^^
Safe Computing Practices
Finally, when using a computer you can't rely on the computer to manage your security for you completely. Some of the security comes from your actions. When surfing the web, make sure that you you only visit sites that you know you can trust. In Internet Explorer and Firefox, if you go to a website which wants to install something on your computer, it will bring up a bar at the top of the Window offering to install a Control or Addin. Be very careful about whether you install them or not. They are a common way of tricking people to install nasty content on their PCs. Most websites will not need any plugins installed. When using e-mail, avoid clicking on Spam messages, instead just delete them immediately and never respond to them. In e-mail, try not to click the links in messages, instead copy and paste links into your web browser. Finally (and this is a really hard one), when surfing the internet, if you get a message that pops up saying, spyware and viruses were detected on your computer and click here to fix it, or offering to do a free scan, IGNORE THEM! These are tricks to get you to install bad software on your system. When you click the fix button, it normally takes you to a website which will allow you to download a free scanner and you do not want this at all. If in doubt, always close and do not allow the scan to run and then go to your anti-virus installed on your computer and run the scan manually.
In Summary
Following these steps should ensure you keep your computer safe and virus free. In summary:
- Run as a Limited Account for everyday use in Windows XP or do not disable UAC if you are using Windows Vista or 7.
- UPDATE Windows. Always run Windows Update and make sure it is fully up to date.
- Install a quick, simple and effective anti-virus program including Microsoft Security Essentials or NOD32 and keep the Firewall enabled.
- Practise Safe computing, if in doubt, exit quickly and never allow online scans to fix problems on your computer.
