Master Foo's Institute of Technology

Tutorial the Seventh - Keeping safe

Security

Last but not least, we come to our tutorial on keeping your computer secure. We'll cover basic guidelines to keep the bad guys out, and point out some useful tools to help you in doing so.

Safe surfing

If there were no internet, there essentially wouldn't be any security issuses with the average computing joe. No one could get to your computer, and thus, unless you had split-personality disorder and compromised the security your other self had set up, no one would be around to crack computers.

Then, the key is to keep your internet connection free from any sort of malicious presence. The next line of defense is to take care of malware already on your computer, but if you think while you surf, you won't have to worry nearly so much about cleaning up after malware. So, some basic rules:

Links

Where are you going? Before you click on this link, you need to ask some questions; is the author(s) trustworthy? Does the link indicate what should be behind it? Is the link location different from where you think it would lead1? Does the link lead to some place with a weird url? Does the link lead to a page that isn't really a page, but ends in .exe? If so, you should consider whether you want to click before actually doing so.

Ads

Although they're not malware, or lead to malware all the time, they're annoying, and they can trick people into clicking them through some unscruplous means. Take this example:

image

Which looks, to the uninitiated, like a serious issue. Which it isn't.

If you can, I recomend an automatic pop-up killer. Firefox and IE7 should have one as part of the browser, although some can get through. If you need a popup to get through, you can play with IE7 settings with tools>pop-up blocker>turn on pop-up blocker or FF settings at tools>options>content>block pop up windows and exceptions.

If you click on a flash-game, though, that's your fault.

Downloading

The easy situation to analyze is when a download dialoug pops up, and you haven't tried downloading anything. Just close it. Even if it looks interesting. If it's really interesting, first, check your tabs, in case you tried downloading something and you forgot about it2, then google it, and if you really want it, go to the official site and get that. But chances are that the download isn't interesting at all.

However, when you're looking for a free piece of software, you might download some bundled software. This is software, that when you install your free toy, will install itself as an unwanted add on that might either 'spy' on your surfing habits or give you random ads, even when you're not surfing the internet. Or worse. In this case, you have to ask yourself: is it worth the inconvinience of dealing with bundled software to get this toy? Most bundled malware is tied up with the free stuff, so it's not easy to seperate the two. It's your call, but in our experience, free software, especially open source software, is pretty good and doesn't force bundled malware on you.

Activex (IE only)

If you're surfing along, you get this sort of message:

image

Then you have to ask yourself a couple questions: did I ask for this? Who made the control? Is the site reputable? Is it cool enough to warrant giving a piece of software control over my computer? If you have doubt, or don't need it, just don't install it. Microsoft has been working on securing activex, but there's a reason recent IE browsers don't install them automatically.

Email

Email used to be the way to spread computer malware. Recently, enough people have wised up and now, the biggest thing plauging inboxes is spam. Essentially, the same question we ask of everything else applies here. Is the email unexpected? Is it from a trustworthy person? How do you know that his email hasn't been compromised? Is there a weird attachment or link? Why should you trust that link?

Most spam is obvious; if you can't tell spam from regular email, and your spam filter is broken, ask yourself: is it too good to be true? Is it too cheap to be true? Have I heard anything in the news recently? How do I know that this person is not going to run away with my credit card number and bank account, once I give him them to transfer some money out of africa? Isn't the price of that medicine the same as if you had stuffed a capsule with flour and inflated the price? Why does it use so many exclamation points, and why is everything capitalized? Is the sender from the bank they claim to be from? Is this guy really from the government? Why in the world would anyone ask for your pin over the internet? If it's at all suspicious, don't buy into it. If you seriously think that it could be legitimate, then google about it first, and if a credible site backs you up, it might be clean. Proceed with caution.

chain mails

These aren't spam persay, but they're still annoying. If it's a pyramid scheme, it's spam, and if it's a sensationalist article, snopes is your best friend. Check snopes if anything too fantastic to be true comes into your inbox.

Tools

Now you have an idea of how to surf, but just doing that, and keeping your computer open to attack won't do you too much good if a crack compromises your network connections. Here are a few pieces of software to 'harden', or secure, your computer.

Firewall

If you have nothing else, have a working firewall. Firewalls, if properly configured, will keep out malicious intruders, and if you don't download any malware, you should be okay. XP SP2 comes with a built-in firewall. It isn't incredible, but it does the job. If you don't have money to shell out for a better firewall, you might as well use it.

Spyware Scanner

This software is exclusively focused on destroying spyware, or software that 'spys' on you. Microsoft has a non-free Windows defender, while Ad-Aware, while it's name implies otherwise, targets spyware pretty well. I've heard that Spybot Search and Destroy is pretty good, even though I've never used it myself.

Virus Scanners

Virus scanners take out programs that spread all by themselves, much like real-world viruses. There are a few free, fairly good virus scanners out there: AVG has a nice virus scanner(among other things), and if you're really adventurous, you can try out Clamwin3.

Suites

If you've been around, you know that most people don't get their security solution piece-meal like that. Instead, they buy a security suite, which offers virus scanning, a firewall, spyware protection, and a spam filter. The only downside is that they not only cost money, but they require you to subscribe to get the latest virus definitions. If you have important information, though, it's worth the money. We'll look at the big ones:

McAfee and Norton

These two are, from a partial standpoint, essentially the same. While some interface things might be different, and McAfee is a little cheaper, the two do a good job at what they do. If it interests you, 3-user licenses recently came into fashion, so if you want to protect all of your computers, you just have to buy a cheaper license than buying 3 different licenses. Here is McAfee's page, and this is Norton's page.

One Care

This is Microsoft's answer to third party suites: their own suite! If one were cynical, one would say Microsoft should have made this part of their operating system, but even though you have to pay for it, it's better than nothing. It's cheaper (50$ for a 3-user license) than the stand-alone suites, but it also is younger, although nothing terrible has happened yet. If you want to take a look at One Care, take a look here.

Vista

Vista, while designed with security in mind, still warrants percautions. People have compromised the security of Vista systems, although to a lesser extent than XP. Only time will tell if security is truly better.

Yay! You've finished the beginner's set of tutorials! Have a nice day! Wait, you want more?...


1 IE7, FF - you can find the link location at the bottom of the browser if you hover your mouse over the link, Opera - hover mouse.
2 No, it really happened to me a few times.
3 It's not out of beta yet, so it might not be good for you.