Computer Security 06-22-2008

Why is avoiding getting a virus so important? If your computer has a virus, people can see what you are doing, trap your passwords, steal your identity, steal from your bank accounts, use your computer without your knowledge for sending spam or illegal pornography that could result in your getting fired from your job or imprisonment, without your knowledge! Removing a virus could cost you up to $ 150.00 and result in loss of all your data.

It is better not to get a virus in the first place.

It is NOT SUFFICIENT to rely only on anti-virus programs supplied by your ISP.

Click here to OBTAIN Utilities.

Be sure your computer firewall is turned ON, especially if you are sharing your hard disk. Windows XP has a firewall that you can turn on; otherwise you can use the free ZoneAlarm firewall.

Check for any updates to the Windows operating system every second Tuesday: Update Here   Free

CAUTION: NEVER use the PC restore disks or recovery feature unless you have data backups and are willing to lose everything on your hard drive. If you change the hard disk partition table by accident and lose all your data, you MIGHT be able to restore some of it by using the RecoverMyFiles utility.

DETAILED INSTRUCTIONS

  1. Although Windows and some of these programs will try to update themselves automatically, if your computer is turned off or on standby at the scheduled "update time", your machine will miss the updates. You must be "dialed out" or connected to your Internet Service Provider (ISP) in order to download updates. Be sure to check for updates manually weekly to be sure you do not miss any. You could download all of your updates at once, then disconnect and scan the hard disk later. You do not have to be connected to the ISP to scan the hard disk.

  2. Be sure you have the Windows Firewall turned ON. Check this by going to Start, Control Panel, Windows Firewall. If the icon is missing, it means you need to update Windows to the critical Service Pack 2 (SP2) or Service Pack 3 (SP3). If you sometimes get a Windows pop-up warning that you may be at risk because your Firewall is turned off, but you know it is ON, you can turn off the warning at Control Panel, Security Center, Change the way Security Center alerts me, and unclick Firewall.

  3. To run Windows Update , do Start, All Programs, Windows Update. Choose Express. If the Download size is greater than 0 KB, click Install Updates. Otherwise, click on the upper-right window X to exit. If you see a message from Microsoft saying that an Update is ready to be installed, click on the icon to install it. These are free critical security fixes required for your Windows operating system.

  4. To update AVG Anti-Virus , click on the AVG Control Center icon. Click on Update. The disk should be scanned at least weekly, but if your machine is turned off when it is scheduled to scan, you will have to click on Test Center and Scan Computer to do this manually. When finished, click on the window X to exit.

  5. To update Ad-Aware , click on the Ad-Aware icon. Click on "Check for updates now" and Connect. Click Finish. To scan the hard disk, click either on Start or Scan Now. After having done the "Full System Scan" at least once initially, you may do "Perform Smart System Scan" thereafter. When finished, click on the window X to exit.

  6. To update Spybot , click on the Spybot icon. Click "Search for Updates." If there are any, click on the left boxes to Select All. When the updates are installed, click on Immunize. If some bad products need to be blocked, click on the PLUS sign (+) to Immunize. To begin the disk scan, click "Search & Destroy," then "Check for Problems". If any problems are found, select all the items, then click Fix. When finished, click on the window X to exit.

  7. Click on the Belarc Advisor icon to run it. Click the bar near the top of the browser to allow Active X controls to run, then "Allow Blocked Content." Check the hard disk to be sure it says "Healthy" on drives that have the Smart Drive enabled. (Some drives do not have the Smart feature.) Be sure all Windows updates are installed OK. If any of the upgrades have a red X beside them, click on "details" and download the upgrade again and re-install it.

  8. If you see a message from Sun Microsystems saying that a Java Update is ready to be installed, always choose YES to install it. These are free critical security fixes required to keep your computer safe. In fact, you should update Adobe Reader or ANY software that you have installed periodically.

  9. To see if your version of Macromedia Flash Reader (Adobe Flash Player) is up to date, Click Here.   Free

  10. Click on the RegSupreme Pro icon monthly to clean the Windows Registry file. Click on "Registry cleaner," Normal, Start. When the scan is complete, right-click on the left column, then choose Select All. Click on Fix at the bottom of the screen. Click on the window X to exit. Restart (reboot) Windows.

  11. Windows XP has a feature to synchronize the computer clock to the Internet. However, if it does not work, you can download and install the AboutTime utility to keep your clock accurate.

  12. Remembering passwords for all your Internet applications can be confusing, since you should NOT be using the same one for everything, and you should change them periodically. You do NOT want to be a victim of Identity Theft. Using AnyPassword will allow you to remember only ONE Master password, and it will store all of your passwords as well as other useful information in an encrypted format. (You can discard your paper notebook scraps before you lose them.) And it will help you to remember things that might fall into the Mental Black Hole.

  13. Be sure to make BACKUPS of all your important data, pictures, videos, emails, banking, etc. Since floppy disks no longer have enough space, and new computers do not even have floppy disk drives, the CMS BounceBack Pro with a removable hard disk is a great practical solution for making frequent backups. Think of it as an insurance policy. Eventually your computer hard disk WILL fail, or data may be lost from a static electricity charge, and now you will be covered.

  14. VIRUS INFECTIONS: If you have not done all of the above, and your computer starts running slowly and strange messages appear from time to time, you may have a virus or a batch of viruses. These can be very difficult to remove. Start by downloading and running a new, fresh copy of McAfee Stinger. This will remove some of the more common viruses. Then download and install AVG Anti-Virus. When all the viruses, trojans and zombies have been removed, you may notice that they may have damaged many Windows files, and you may need to re-install Windows and get all of the above updates all over again. Removing viruses is a huge aggravation, and it would be better to avoid them by doing all the steps above. Please see the CAUTION on the use of recovery disks above. After removing viruses, change all your passwords at banks, etc., to avoid Identity Theft.

WIRELESS SECURITY

Using a wireless router or access point, or a public hotspot, can give you great freedom with your laptop. However, someone nearby with a "sniffer" can snoop on your emails, collect your passwords and social security numbers, or take over your computer. To use the advantages of wireless safely, follow these steps:

  1. Change your router's username and password from the default setting so others cannot hijack your computer. Use a strong password.

  2. Change your computer settings so others cannot snoop or modify your hard disk files: Start, My Computer, right-click on the hard disk, Sharing and Security, uncheck "Share this folder on the Network."

  3. Be sure your router's Security Firewall is Enabled.

  4. Use the stronger WPA encryption instead of WEP. DO NOT turn encryption off. Use the TKIP algorithm with a 16-character encryption passphrase.

  5. You may want to disable the broadcasting of your router's SSID network name.

  6. There are other steps you can take, but these are essential.

BE VIGILANT

Today there are over 30,663 spybots, 75,078 known viruses out there, and over 263,300 files and programs on your computer that need to be checked. These viruses include hijackers, keyloggers, trojans, spybots and other malware. Even if you perform all of the right steps, you could still get a virus if you don't Practice Safe Computing:

  1. Remember that although the Internet opens you to a world of knowledge and convenience, there are lots of bad guys out there who want to steal your identity or use your computer to send malicious emails, and otherwise make a lot of money at your expense. You must Be Alert and Cynical.

  2. Avoid visiting dangerous web sites that offer free music or video downloads, X-rated, pornography, games, casino card games, some sports web sites, dating services, anything that you don't know to be safe. If you hit a BAD website by accident, shut down your browser immediately. Be aware of what your grandchildren are doing; they like music and games. For example, if you visit Victoria's Secret website, you are automatically asking for a ton of spam emails. And remember that your computer keeps cookie files of all the places you visit. Other people may someday be seeing where you have been.

  3. Don't click on website popups if you are not sure that they are safe, since that action may install malware on your computer. Don't ask for trouble. Don't click on things by accident when you are drowsy or tired.

  4. Do not click on email attachments that you are not expecting, or from people you don't know (especially executable filenames that end in .exe, .com, .msi, .bat or .zip).

  5. Don't answer obvious scams, that you have won a gazillion dollars or a gift certificate from a department store, or help a little rich lady in Africa who can't cash her $15 million dollar check (the Nigerian Scam). If the story seems too good to be true, it isn't.

  6. Avoid phishing scams that try to use social engineering to get your information. Such emails look like they are from reputable companies such as a bank, E-Bay, Amazon, or Dun and Bradstreet, and their websites look almost exactly like the real thing. But the real companies will never ask you for your personal information over the internet, especially Social Security numbers or bank accounts, etc. If you have not initiated the transaction, do not continue with it.

  7. When doing banking or using your credit card to order things on the internet, be sure that you are using a secure connection (the lock icon appears at the top of the browser page). Be sure your browser is using at least 128-bit encryption.

  8. If someone tells you about a computer scam, before you forward the email to everyone you know, you can check out computer hoaxes by visiting one of these:

    1. Snopes Hoax Site
    2. Symantec Hoax Site
    3. Urban Legends

  9. You can go to search engines like yahoo.com or google.com and search on your name, phone number, credit card and social security numbers. If anything turns up that you do not want on the worldwide web, you can notify yahoo or google to remove it from their database.

  10. How can you tell if an email message is fraudulent? Look for clues. Fraudsters often use URLs with typing errors in them that are easy to overlook, such as "Micosoft" instead of "Microsoft."

  11. Is it OK to click on links in email messages? No. The URL (address) that you see may not be the URL that is encoded in the link. You may think you are going to a good website, but it may be something completely different and bad. It's safer to copy and paste the URL from your email message into the address bar in your Internet browser.

    12. ANOTHER VIEWPOINT

    Expert's Exchange June 18, 2008- Nata's Corner -

    Like a lot of people, we have a wireless router at home, and since we travel, one of the things we look for in a hotel is whether or not it has wireless internet access. But we also make sure that our antivirus software and laptop firewalls are up to date, and here's why: there's a trojan out there that can modify the settings of a wireless router. There are lots of things you can do (the obvious one being to change the default login and password for the router); you can never be too safe.

    Speaking of the rotten things that are floating around out there, it looks like those smart guys at MIT are working on a way to keep worms from spreading -- at least, slowing them down a bit. It's a novel approach; instead of looking which way the flood is headed, look at which way it's coming from.

    I came across these in an old newsletter, and thought I'd pass them along, if only because I know how many of you get to suffer because your users violate about half these rules every day. They were listed as the "Ten Net Commandments" -- which seems good enough to me.

    1. Thou shalt not buy merchandise found in pop up ads or spam.
    2. Thou shalt not post thy e-mail address, phone number, address or social security number on the Internet, nor shalt thou post anyone else's.
    3. Thou shalt not forget to update thy Windows every second Tuesday.
    4. Thou shalt not connect to the Internet without installing an antivirus, nor shalt thou begin a scan without checking for updates.
    5. Thou shalt not connect to the Internet without installing a firewall.
    6. Thou shalt not covet thy neighbor's credit card number, nor his bank routing number, nor his social security number.
    7. Thou shalt not enter thy credit card number without seeing the tiny padlock icon on thy status bar.
    8. Thou shalt not reply to the e-mail from the Nigerian banker.
    9. Thou shalt not forward chain letters to thy friends and family.
    10. Thou shalt not use "password" as thy password, nor thy birthday, nor thy childrens' names.