Basic PC security

Freeware

Firewalls      

A firewall in our case is a piece of software that filters the information coming through the Internet connection into our PC. If  incoming information is flagged by the filters, it is not allowed through. Most firewalls also prevent unauthorised data from leaving the PC and spreading viruses and Trojans that have infected them.

            Windows Firewall
 Level of protection   Windows Firewall helps block computer viruses and worms from reaching your computer. It does not monitor or block outbound traffic. It does prevent unauthorized traffic from entering the system or network, but Microsoft has argued that software companies should be responsible for outbound traffic. For the majority of users who don't understand computer security or how firewalls work, the Windows Firewall is acceptable.  Briefly, it is a  stateful  firewall that keeps a table of all the communications that have originated from the computer running the firewall. Only packets matching a known connection state will be allowed by the firewall; others will be rejected. It compares all inbound traffic from the Internet to the entries in the table. When someone on the Internet or a network tries to connect to your computer, Windows Firewall blocks the connection. Inbound Internet traffic is permitted to reach your computer only if there is a matching entry in the table that shows that the communication exchange began in your computer.

Activation    By default, Windows Firewall is turned on. To configure Windows Firewall, use Security Center in Control Panel, or open the firewall itself from Control Panel.

In its simplest and most used form Windows Firewall needs no further attention.

It is not recommended to run Windows Firewall in conjunction with any other firewall

Advanced users should read more at http://support.microsoft.com/kb/843090#EHADAAA

            Zone Alarm                   
 Installation        Download and run the executable file from ZoneLabs

Level of protection    ZoneAlarm Free provides port blocking against hackers and other unknown threats and runs in Stealth Mode to make your PC invisible on the Internet. If you can`t be seen, you can`t be attacked.  It keeps personal data private and secure, deletes adware cookies, blocks pop-up ads, and provides limited e-mail protection in the free version by monitoring attachments for vulnerable file extensions..
               
                    Features    There are six main headings for features: click here to see screen shots.
                                          Overview    Firewall    Program Control    Anti-virus monitoring    E-mail protection     Alerts & Logs

A feature not provided by other firewalls is Internet lock. By right clicking on the ZoneAlarm icon in the system tray you can click on Engage Internet Lock which displays a yellow lock icon in the system tray. All Internet traffic initiated by programs without pass-lock permission is blocked. Or you can Stop all Internet activity, which displays a red lock icon in the system tray.To reverse this action simply right click on the lock icon and untick the feature.
                   
There is an excellent online tutorial available from:     
http://download.zonelabs.com/bin/media/flash/clientTutorial/overview.html

This is a large file and probably not suitable for dialup connections.

                    Updating    Automatic or Manual - set in Overview> Preferences

AntiVirus

            Avast
 Installation    Download and install the free avast! 4 Home Edition from http://www.avast.com/eng/download-avast-home.htm

Registration    Registration is free for 12 months (or 14 months including the initial 2 months when it can be run unregistered), and there are many paths to the one source. Click here for one recommended way.

Options    As with any software as complex as this there are countless options on how you set it up. Most users would be wise to leave the default settings, and not change anything they are not familiar with through reading the help file and are prepared to accept the consequences. The Program Settings are accessible by right clicking the system icon.

 Protection    The prime function of Avast is provision for virus detection and removal, scanning of incoming and outgoing mail, and restoration of corrupted files using a compiled Virus Recovery Database. In the free version we have a Simple User Interface that is intended for users who do not need to configure the program in detail, but just want to use the program as is. All the necessary functions can be easily accessed: virus scanning, accessing the Virus Chest, virus database updates, setting the level of resident protection.
Resident protection is a special type of task that monitors all applications being executed and all documents being opened, effectively avoiding virus infection in real time. The task contains a number of so-called providers that are special modules protecting various parts of your computer, e.g. file system or e-mail. Each of these modules can be set up independently.

Avast is able to show some basic information about the viruses in its database. For widespread viruses, quite comprehensive information can be obtained via the avast! connection to our web virus database.
To browse and search for information about viruses go to Menu - Virus database in Simple User Interface.

To keep the Avast users informed, the latest news is distributed in the same way as program updates; it informs users about new virus risks, important changes or improvements of the program etc. In the Simple User Interface click on the Menu button and select avast! iNews.

                    
Updating    I recommend you set the update options to Automatic as shown in the Program Settings image.
For broadband users whose PCs are always online the software will update its database and program files as often as necessary.
For users who choose to log on, the software will update its database immediately on connection to the Net and as often as necessary while connected. Updating is done in the background and announced by voice and popup message on completion. Program updates are announced by popup as being available, and will proceed in the background as soon as authorised. 
Nearing the end of the registration period the user will be notified by popup that reregistration is necessary. It is not necessary to download and reinstall the software! Simply walk through the registration process and get a new license key.
If you do not reregister the software will continue to work at the level of last update, but no new updates can be installed either automatically or manually.
Manual updating can be forced at any time during the registered period by choosing the Updating option available on right clicking the system icon.

Spyware & Malicious Software

Spyware is simply software that gathers personal information from your computer, generally for sale to companies creating demographic statistics. It is installed without your permission and almost always without your knowledge. A variation on spyware is adware, which tracks the content and advertisements you click on in your browser.This can be used to deliver targeted adverts to you in the form of popups. Tracking cookies are ubiquitous throughout the Internet and can notify companies about every site you visit that contains their ads.

            Spybot S&D
Installation     The latest version of Spybot S&D is always available from The home of Spybot. It is commonly available on the CDs with computer magazines but is often a version behind the current one after an update. Download and install the executable file.
                   
Features    Spybot - Search & Destroy can detect and remove spyware of different kinds from your computer that common anti-virus applications do not yet cover. These include toolbars in your Internet Explorer that you didn't intentionally install, and changes to your start page that you did not authorize. But there is increasingly more spyware that is silently tracking your surfing behaviour to create a marketing profile of you for sale to advertisement companies. This has its good points, but many people see it as an infringement of their privacy. Spybot-S&D can also clean usage tracks, removing any trace of what documents what you worked on and preventing other users from spying on your activities. And for advanced users it allows fixing some registry inconsistencies that are not covered by the conventional registry repair utilities. Click here for the tutorial.

            Spyware Blaster
                    Installation    Download and install the latest version from:
                    
http://www.javacoolsoftware.com/spywareblaster.html

Tools and features    SpywareBlaster has been developed to reduce or greatly eliminate spyware-related problems such as diallers, browser hijackers, and adware. Its primary function is to block spyware before it gets into the computer, and in this it works in close cooperation with Spybot S&D. It protects Mozilla Firefox as well as Internet Explorer, and has tools addressing specific areas of vulnerability. Like WindowsXP SpywareBlaster can create restore points for its system state.

Its three areas of interest are: Protection  System Snapshot  and  Tools.

Without getting too technical, SpywareBlaster blocks spyware by identifying its unique class identifier - (CLSID) and preventing it entering your PC. CLSID values are applied to all elements of a web page being opened by your Internet Explorer browser, and are specifically applicable to ActiveX. It appears that most malware attacks depend on ActiveX for their activation and propagation to other computers.

                   
Set & forget    SpywareBlaster does not need to remain open for its protection to be active!
Simply Check for Updates feature at least once a week to download the latest protection.

            Windows Malicious Software Removal Tool
                    Installation - automatic on 2nd Tuesday every month as part of Microsoft Windows Update.

                   
Activation -
                            self activates
                            runs and cleans
                            removes itself                    

Resources

            Process Library  &  Quick Access toolbar
Process Library is a free Internet site that provides an extensive library of Windows processes and applications, with definitions describing their various forms. Many of them have been hijacked by Trojans and are not immediately identifiable as such. Click here to see screen shots.

            Start-Up Applications
Paul Collins, who provides the database used in Spybot S&D maintains a searchable, comprehensive list of the programs you may find that run when you switch on your PC. It is not a list of tasks/processes taken from Task Manager and shown by pressing CTRL+ALT+DEL, but is a list of startup applications that is updated regularly, available at: http://www.sysinfo.org/startuplist.php?

A printable version in ZIP format is available from: http://www.pacs-portal.co.uk/startup_pages/startups_all.zip
           

Enjoy your computing


Terry Bibo

 NOTE: This presentation is not reproduced in full in PDF format in this magazine, therefore links from this page will not work.
To view the entire presentation off line you must download the ZIP file.

INDEX        NEXT