It seems my holiday “vacation” to go see friends and family back in the Chicago suburbs is turning into one giant service call for several computers. That’s okay, really, as its something I enjoy doing. Just seems a little funny to me (the curse of nerd-dom). Folks have let me know many of their problems, and a lot of the work ahead has to do with fixing issues related to spyware and viruses, and then securing the computers to prevent future problems.
Here is a reference for everyone (and myself) of some general steps to take with each PC that is connected to the Internet. Before we get started, if you are thinking “who cares” about this, visit my favorite friendly port scanner at this link. See how vulnerable your system is:
https://www.grc.com/x/ne.dll?bh0bkyd2
#1. Use a password on your account. I know, it’s a home computer, why bother? Well, for one thing, unless you wouldn’t mind publishing everything on your computer on the Internet, USE A PASSWORD. This is the final level of defense if someone manages to penetrate all your other security measures. Its simple, its easy, just do it.
#2. Use a router. Even if there is only one computer connected to your broadband (or dial-up!) connection, use a router. Doing so will implement something called Network Address Translation, or NAT. A router acts as an in-between you and the Internet, so you are not directly connected.
#3. If using a wireless network, secure it! Its surprisingly easy to connect to someone else’s unsecured network in the neighborhood, and if you can do that (and they don’t have passwords on their computer, or use a router), guess what you can do? Read the documentation that came with your wireless router about implementing security. At a minimum:
- Encrypt the connection. This scrambles all the traffic flying between your computer and your neighbors. It essentially password-protects your network.
- Use address filtering (also called MAC address filtering). If your router supports it, it specifies what computers can connect to your network; all other computers are rejected. You can easily obtain your MAC address (unique address for your network card) by typing ipconfig /all from a DOS prompt.
- If your router specifies it, disable SSID broadcast. Your SSID is your “network name”. If its not broadcast, its that much harder to break into your network.
- And speaking of the SSID, change it to something that a) does not identify you, and b) is not the default. There is nothing funnier than scanning an area and seeing people’s names on their routers, or that they are using the default SSID that came with the router. It screams “easy target”.
#4. Use anti-virus software. Just do it, and keep it updated. Weekly. Mark your calendar if not using automatic updates.
#5. Stay current with Windows Updates. As security flaws are discovered and reported, Microsoft turns around and releases a patch. This helps keep your computer safe and secure. Just do it, if not automatically, at least monthly. Mark your calendar.
#6. Consider a software firewall (optional). For moderate to advanced users, a software firewall represents another layer of defense from both internal and external attacks. If you run a malicious piece of software that attempts to access the Internet, the software firewall will intercept the call and ask you if you will allow it. Say no, its stopped in its tracks. The downside to a software firewall, and why its not for everyone, is who is to say what is a “good call” and what is not. Checking your e-mail, playing online games, surfing the web constitute good calls. Beyond that, many users could get confused and simply say “yes” to everything, which doesn’t help.
Okay, now that this is out of the way, here are some links.
Detect computer vulnerability
If you want to see how vulnerable your computer is, visit my favorite friendly computer scanner.
https://www.grc.com/x/ne.dll?bh0bkyd2
Anti-virus software
I use F-Prot anti-virus software. Its inexpensive, very effective, and non-intrusive (e.g. doesn’t make a mess of your computer configuration like other products).
http://www.f-prot.com/
Software firewall
If you decide this is something you want to do, I love Sygate Personal Firewall. The free edition is great, the paid version is even better. Update: Sygate has been purchased by Symantec. Symantec does offer good products, but this is not what I am recommending. Google for “Sygate Personal Firewall” and download from a mirror site. Here is one.
http://www.pcworld.com/downloads/file_description/0,fid,8132,RSS,RSS,00.asp
Wireless network scanner
See all the wireless networks in your neighborhood.
http://www.netstumbler.com/downloads/
Please note these are the basics of computer security. There is always more than can be done, and many tasks vary with the each manufacturer of equipment. Seek professional assistance (or your own personal nerd) to help with you with any of this that you may not understand.
The threads are, unfortunatelly, real. There are plenty of folks in the world with not much else to do but see what you can on your computer. Could be a neighborhood kid, or a kid in another country. Implementing basic security makes your computer (and network) "not easy", and since there are plenty of "easy" targets out there they are likely to move on.