±Recent Visitors

Recent Visitors to Com-Central!

±User Info-big


Welcome Anonymous

Nickname
Password

Membership:
Latest: cgsimpson
New Today: 0
New Yesterday: 0
Overall: 6645

People Online:
Members: 0
Visitors: 572
Total: 572
Who Is Where:
 Visitors:
01: CPGlang
02: Member Screenshots
03: Community Forums
04: Community Forums
05: Photo Gallery
06: Community Forums
07: Community Forums
08: Community Forums
09: Photo Gallery
10: Community Forums
11: Community Forums
12: Community Forums
13: Downloads
14: Community Forums
15: Photo Gallery
16: Downloads
17: Community Forums
18: Community Forums
19: Community Forums
20: Community Forums
21: Community Forums
22: Photo Gallery
23: Community Forums
24: Community Forums
25: Photo Gallery
26: Community Forums
27: Your Account
28: Community Forums
29: Photo Gallery
30: Photo Gallery
31: Community Forums
32: Home
33: Photo Gallery
34: Community Forums
35: Community Forums
36: Community Forums
37: Statistics
38: Community Forums
39: Downloads
40: Community Forums
41: Community Forums
42: Photo Gallery
43: Community Forums
44: Community Forums
45: Photo Gallery
46: Community Forums
47: Photo Gallery
48: Community Forums
49: Community Forums
50: Community Forums
51: Community Forums
52: Home
53: Community Forums
54: Community Forums
55: Community Forums
56: Community Forums
57: Community Forums
58: Statistics
59: Community Forums
60: Downloads
61: Community Forums
62: Community Forums
63: Community Forums
64: Community Forums
65: CPGlang
66: Community Forums
67: Photo Gallery
68: Community Forums
69: Community Forums
70: Community Forums
71: Community Forums
72: Community Forums
73: Community Forums
74: Your Account
75: Community Forums
76: Community Forums
77: Photo Gallery
78: Community Forums
79: Photo Gallery
80: Photo Gallery
81: Community Forums
82: Community Forums
83: Community Forums
84: Community Forums
85: Downloads
86: Community Forums
87: Photo Gallery
88: Community Forums
89: Community Forums
90: Home
91: Community Forums
92: Photo Gallery
93: Home
94: Community Forums
95: Community Forums
96: Home
97: Community Forums
98: CPGlang
99: Community Forums
100: Community Forums
101: Community Forums
102: Community Forums
103: Photo Gallery
104: Home
105: Photo Gallery
106: Home
107: Community Forums
108: Community Forums
109: Photo Gallery
110: Community Forums
111: Community Forums
112: Community Forums
113: Community Forums
114: Community Forums
115: Community Forums
116: Community Forums
117: Community Forums
118: Community Forums
119: Photo Gallery
120: Community Forums
121: Community Forums
122: Photo Gallery
123: Community Forums
124: Member Screenshots
125: Community Forums
126: Community Forums
127: Home
128: Community Forums
129: Community Forums
130: Statistics
131: Community Forums
132: Community Forums
133: Community Forums
134: Community Forums
135: Community Forums
136: Community Forums
137: Photo Gallery
138: Community Forums
139: Community Forums
140: Community Forums
141: Community Forums
142: CPGlang
143: Community Forums
144: Community Forums
145: Community Forums
146: Community Forums
147: Community Forums
148: Community Forums
149: Community Forums
150: Community Forums
151: Community Forums
152: Community Forums
153: Photo Gallery
154: Community Forums
155: Community Forums
156: Community Forums
157: Community Forums
158: Community Forums
159: Downloads
160: Community Forums
161: Community Forums
162: Community Forums
163: Community Forums
164: Photo Gallery
165: Home
166: Member Screenshots
167: Search
168: Community Forums
169: Community Forums
170: Community Forums
171: Community Forums
172: Community Forums
173: Community Forums
174: Community Forums
175: Community Forums
176: Community Forums
177: Community Forums
178: Community Forums
179: Community Forums
180: Downloads
181: Photo Gallery
182: Home
183: Community Forums
184: Community Forums
185: Community Forums
186: Community Forums
187: Home
188: Community Forums
189: Community Forums
190: Community Forums
191: Home
192: Community Forums
193: Photo Gallery
194: Community Forums
195: Photo Gallery
196: Community Forums
197: Community Forums
198: Community Forums
199: Community Forums
200: Community Forums
201: Photo Gallery
202: Community Forums
203: Community Forums
204: Photo Gallery
205: Downloads
206: Community Forums
207: Community Forums
208: Downloads
209: Your Account
210: Community Forums
211: Community Forums
212: Community Forums
213: Your Account
214: Community Forums
215: Community Forums
216: Community Forums
217: Photo Gallery
218: Community Forums
219: Community Forums
220: Community Forums
221: Community Forums
222: Photo Gallery
223: Member Screenshots
224: Photo Gallery
225: Community Forums
226: Community Forums
227: Community Forums
228: Community Forums
229: Photo Gallery
230: Home
231: Community Forums
232: Home
233: Downloads
234: Community Forums
235: Home
236: Community Forums
237: Home
238: Photo Gallery
239: Community Forums
240: Community Forums
241: Community Forums
242: Photo Gallery
243: Downloads
244: Downloads
245: Community Forums
246: Community Forums
247: Community Forums
248: Photo Gallery
249: Community Forums
250: Downloads
251: Community Forums
252: Community Forums
253: Community Forums
254: Community Forums
255: Community Forums
256: Your Account
257: Photo Gallery
258: Community Forums
259: Community Forums
260: Community Forums
261: Photo Gallery
262: Community Forums
263: Community Forums
264: Community Forums
265: Photo Gallery
266: Community Forums
267: Community Forums
268: Community Forums
269: Community Forums
270: Community Forums
271: Community Forums
272: Community Forums
273: Member Screenshots
274: Community Forums
275: Community Forums
276: Community Forums
277: Statistics
278: Community Forums
279: Community Forums
280: Community Forums
281: Community Forums
282: Home
283: Community Forums
284: Community Forums
285: Community Forums
286: Community Forums
287: Photo Gallery
288: Community Forums
289: Community Forums
290: Downloads
291: Photo Gallery
292: Photo Gallery
293: Home
294: Photo Gallery
295: Photo Gallery
296: Search
297: CPGlang
298: Photo Gallery
299: Your Account
300: Community Forums
301: Community Forums
302: Community Forums
303: CPGlang
304: Community Forums
305: Home
306: Photo Gallery
307: Community Forums
308: Home
309: Community Forums
310: Home
311: Photo Gallery
312: Community Forums
313: Downloads
314: Photo Gallery
315: Community Forums
316: Photo Gallery
317: Community Forums
318: Community Forums
319: Community Forums
320: Photo Gallery
321: Community Forums
322: Photo Gallery
323: Community Forums
324: Community Forums
325: Community Forums
326: Community Forums
327: Community Forums
328: Community Forums
329: Community Forums
330: Community Forums
331: Community Forums
332: Community Forums
333: Community Forums
334: Photo Gallery
335: Community Forums
336: Photo Gallery
337: Community Forums
338: Community Forums
339: Statistics
340: Community Forums
341: Community Forums
342: Community Forums
343: Community Forums
344: Community Forums
345: Community Forums
346: Community Forums
347: Community Forums
348: Community Forums
349: Home
350: Downloads
351: Community Forums
352: Photo Gallery
353: Community Forums
354: Your Account
355: Photo Gallery
356: Community Forums
357: Community Forums
358: Community Forums
359: Member Screenshots
360: Community Forums
361: Home
362: Community Forums
363: Your Account
364: Statistics
365: Photo Gallery
366: Photo Gallery
367: Community Forums
368: Community Forums
369: Photo Gallery
370: Community Forums
371: Photo Gallery
372: Community Forums
373: Home
374: Photo Gallery
375: Community Forums
376: Community Forums
377: Community Forums
378: Community Forums
379: Community Forums
380: Community Forums
381: Community Forums
382: Home
383: Statistics
384: Community Forums
385: Community Forums
386: Community Forums
387: Community Forums
388: Community Forums
389: Community Forums
390: Community Forums
391: Home
392: Downloads
393: Community Forums
394: Downloads
395: Community Forums
396: Community Forums
397: Community Forums
398: Community Forums
399: Home
400: Photo Gallery
401: Photo Gallery
402: Community Forums
403: Community Forums
404: Community Forums
405: Statistics
406: Community Forums
407: Community Forums
408: Community Forums
409: Photo Gallery
410: Photo Gallery
411: Photo Gallery
412: Community Forums
413: Community Forums
414: Community Forums
415: Community Forums
416: Community Forums
417: Community Forums
418: Community Forums
419: Community Forums
420: Community Forums
421: Home
422: Photo Gallery
423: Community Forums
424: Community Forums
425: Downloads
426: Community Forums
427: Community Forums
428: Photo Gallery
429: Community Forums
430: Community Forums
431: Home
432: Home
433: Downloads
434: Community Forums
435: Community Forums
436: Community Forums
437: Home
438: Community Forums
439: CPGlang
440: CPGlang
441: Community Forums
442: Community Forums
443: Community Forums
444: Your Account
445: Community Forums
446: Community Forums
447: Community Forums
448: Community Forums
449: Photo Gallery
450: Community Forums
451: Community Forums
452: Photo Gallery
453: Community Forums
454: Home
455: Downloads
456: Photo Gallery
457: Community Forums
458: Community Forums
459: Community Forums
460: Photo Gallery
461: Community Forums
462: CPGlang
463: Home
464: Community Forums
465: Community Forums
466: Your Account
467: Community Forums
468: Community Forums
469: Community Forums
470: Community Forums
471: Community Forums
472: Community Forums
473: Photo Gallery
474: Photo Gallery
475: Downloads
476: Your Account
477: Community Forums
478: Member Screenshots
479: Home
480: Community Forums
481: Downloads
482: Community Forums
483: Community Forums
484: Community Forums
485: Home
486: Community Forums
487: Community Forums
488: Home
489: Community Forums
490: Community Forums
491: Community Forums
492: Community Forums
493: Community Forums
494: Photo Gallery
495: Photo Gallery
496: Photo Gallery
497: Photo Gallery
498: Community Forums
499: Community Forums
500: Community Forums
501: Community Forums
502: Community Forums
503: Your Account
504: Photo Gallery
505: CPGlang
506: Community Forums
507: Community Forums
508: Community Forums
509: Community Forums
510: Photo Gallery
511: Downloads
512: Photo Gallery
513: Your Account
514: Community Forums
515: Community Forums
516: Community Forums
517: Photo Gallery
518: Community Forums
519: Member Screenshots
520: Member Screenshots
521: Community Forums
522: Community Forums
523: Photo Gallery
524: CPGlang
525: Community Forums
526: Community Forums
527: Community Forums
528: Community Forums
529: Community Forums
530: Home
531: Community Forums
532: Downloads
533: Community Forums
534: Community Forums
535: Photo Gallery
536: Home
537: Home
538: Community Forums
539: Community Forums
540: Community Forums
541: Your Account
542: Home
543: Community Forums
544: Community Forums
545: Statistics
546: Community Forums
547: Home
548: Community Forums
549: Community Forums
550: Community Forums
551: Community Forums
552: Downloads
553: Your Account
554: Community Forums
555: Community Forums
556: Your Account
557: CPGlang
558: Community Forums
559: Photo Gallery
560: Home
561: Community Forums
562: Home
563: Community Forums
564: Community Forums
565: Community Forums
566: Community Forums
567: Community Forums
568: Community Forums
569: Community Forums
570: Statistics
571: Community Forums
572: Photo Gallery

Staff Online:

No staff members are online!
Maximum Security: 94 Essential Tips for Staying Safe :: Archived
Resolve issues with your computer problems here or read about the latest computer parts and information.
Post new topic    Revive this topic    Printer Friendly Page     Forum Index ›  Hardware

Topic Archived View previous topic :: View next topic  
Author Message
Shadow_Bshwackr
Janitor

Offline Offline
Joined: Jan 21, 2005
Posts: 7015
Location: Central Illinois, USA
PostPosted: Wed Nov 16, 2005 10:06 am
Post subject: Maximum Security: 94 Essential Tips for Staying Safe

This is a rather good article PC Mag and Michael J. Steinhart in particular Wink

While this is a long article and takes some time to read, it's my recommendation that all do read it to the end even if it's over several visits. IMO this is quite good and Kudos to Mike Steinhart and his efforts.

Maximum Security: 94 Essential Tips for Staying Safe
11.02.05


By Michael J. Steinhart

How security-savvy are you? Many users simply aren't. Your machine may have come with an antivirus program preinstalled, but is the subscription up to date? Are you running a firewall of any kind? Are you conducting regular spyware and adware scans?

Or do you not mind hackers and unscrupulous marketers mining your PC for personal data?

We're always telling you about the latest and greatest security products, but at the core of any strategy must be common sense, healthy skepticism, and a willingness to learn. If money's tight, there are plenty of free resources that can help you protect your system or systems. It doesn't hurt to have some experts on your side, either, and that's where we come in.

We've collected dozens of our best security tips and pointers, broken down by category: system, networking and wireless, e-mail, Web surfing, malware, and mobile. Whether you're a novice or a seasoned user, you'll find plenty of valuable advice for shoring up your defenses and maximizing your security.

System Security
11.02.05
Get in the Zone


Safe Out of the Box

New computers are often the most vulnerable to Internet and e-mail–borne attacks. Before you connect a new machine to the Internet, make sure that it is protected by a firewall and patched to the greatest extent possible. And if you're giving a PC or laptop as a gift this year, secure the machine before you give it to a novice user.

Put up a hardware firewall. Ideally, the PC is on a network with a hardware firewall. This will ensure that the devices behind it are protected against most attacks. If the PC is not on a network, purchase a firewall device. Any of today's home wireless and wired routers provide some firewall functionality.

Put up a software firewall. You'll also want a software firewall on each PC, to further block hack attacks and protect against misbehaving applications. Windows XP comes with a partial solution; you should make sure it's enabled until you get a better one. Prior to Windows XP Service Pack 2, it was called the Internet Connection Firewall (ICF), and it's pretty bare-bones. The firewall in Service Pack 2 (called the Windows Firewall) is much better, but it still prevents only inbound unwanted traffic. You really want a two-way firewall, such as ZoneAlarm Pro or Norton Personal Firewall, to stop unwanted outbound traffic�for example, attempts by spyware to send personal data to its creators.

Install SP2. Windows XP Service Pack 2 fixed many security holes in XP and improved the operating system's patching tool. The safest way to update a system to SP2 is to order a CD from Microsoft or download a complete copy of the service pack from downloads.microsoft.com to an already updated system, then burn it to a CD and put it on the new computer. If you have enabled the ICF, you can feel safe enough to go to the Windows Update site (www.windowsupdate.com) and install SP2 on the new computer.

Watch out for malware. Even with a firewall in place, you need to be wary of virus-infected e-mails, Web pages that exploit browser holes, and adware you could install unwittingly off the Web. Install an antivirus program and update it before surfing the Web casually or setting up e-mail. Set the antivirus program and Windows to retrieve and install security updates automatically. When your update subscription runs out, resubscribe. If a newer version of the antivirus software is available, upgrade. Out-of-date antivirus protection is no protection at all!

You've got adware. It's possible your new machine may come preloaded with adware, so you may want to install a good antispyware product, such as Spyware Doctor from PC Tools or Webroot Spy Sweeper, and scan the system before going online.

How suite it is. The easiest way to protect yourself and ensure the apps doing the job don't conflict with one another is to get a package, such as ZoneAlarm Security Suite, that includes antivirus, antispyware, antispam, and firewall.

Protection on the cheap. There are several good, free antivirus filters and software firewalls available, such as avast! 4 Home Edition and ZoneAlarm 6 free. Generally they're only for personal use, and they aren't quite as easy to configure as the commercial products. (Check out "Web Resources" by visiting go.pcmag.com/freeware.)

System Security

Restrict Access

Windows XP's User Accounts applet offers two levels of user security: administrator and limited. An admin account lets you do anything on the system, which leaves you at risk for any malicious program installing code at will. The limited account does not allow program installation or changes in system settings.
Restrict Access

Limit yourself. By default, XP asks for a user name on installation, assigns it administrator privileges, and boots directly into that user from then on. But you can set up a limited account by clicking on Start | Control Panel | User Accounts. Select Create a new account, and name the user. Click Next and select Limited user on the Account Type screen, then click Create Account. Use the limited account for day-to-day activities.

Set a password. For increased security, assign a password to every account with administrator privileges. From the User Accounts screen, click on the user and select Create a Password. Follow the wizard and add a password to the account. Don't use an obvious password such as "password," "admin," or your username.

Doors are locked. Some people don't want to set a password because it slows down the log-on process. But password protection is absolutely essential. If you're sure your system is in a safe location, however, you can use Microsoft's TweakUI PowerToy (www.microsoft.com/windowsxp/downloads) to log on to a specified account automatically. Click the plus sign next to Logon, select Autologon, choose Logon automatically at system startup, and specify a username and password. Note that an office is not a safe place. We recommend this only if you trust all your housemates and visitors, and if your PC is always in a secure location.

Quick fix. Unfortunately, the limited user account makes some applications, such as games, difficult or impossible to run. But you can log on as a limited user and still use incompatible programs by using the Run with different credentials option. First install the app. Windows may balk if you try to install from the limited account, in which case you have to log out and log back on as the administrator, or it may just ask for an admin's username and password. Once it's up and running, log off and log on to the limited user account. The app should run properly, but if it doesn't, right-click on its shortcut or menu item, select Properties, and click the Advanced button on the Shortcut tab. Now check the Run with different credentials box and click OK.

Note that Windows won't let a Limited user change a shortcut that's shared by all users. If an "Access denied" error message pops up when you click OK, cancel your changes and right-drag the shortcut to the desktop, choosing Copy. Now edit the resulting local shortcut as described above. When you double-click on the icon, you'll get a log-on dialog telling you to enter a username/password that has administrator rights.

System Security

Get in the Zone

Even if Internet Explorer isn't your default browser, its rendering engine is used for everything from the Windows Explorer file manager to the Active Desktop. So you're still exposed to any threat that exploits IE security holes. We recommend using security zones to manage the Internet, but by default the local machine, or "My Computer," is not available from the zone settings. You can, however, set a value in the Registry to make it available.

Close all browsers and instances of My Computer or Windows Explorer, then open RegEdit (Start | Run, type in regedit and press Enter). Navigate to the Registry key: HKEY CURRENT USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0. (Right-click this key and choose Export to create a REG file that you can launch to undo your changes if necessary.)

Find the value Flags and double-click on it. In the editing window, change the value to 1. Click OK and exit RegEdit.

Once you've made the change, go to Control Panel, open Internet Options and choose the Security tab. Select the My Computer content zone (you may have to scroll to the right) and then click on Custom Level to make changes. Be careful; security changes may affect the way some programs work. When in doubt, set IE to alert you rather than block questionable events.

System Security

Rolling Back Time

Use System Restore. Windows System Restore (in Windows Me and XP) lets you roll back the system settings and critical files if installing or uninstalling a program causes problems. The tool sets restore points on a regular basis and creates additional points before apps and drivers are installed. When your security tools can't clean an infection, try restoring your system to an earlier time before the malicious app arrived.
Rolling Back Time

To verify that System Restore is running, go to Control Panel | System and choose the System Restore tab.

System Restore for Windows 2000: Win 2000 doesn't include System Restore. You can, however, replicate much of its functionality. The Windows 2000 Backup program (Start | Programs | Accessories | System Tools | Backup) has a System State option under the Backup tab. On a normal Windows 2000 system, this backs up the boot file, the COM+ class registration database, and the Registry.

Disable System Restore temporarily (XP). Unfortunately, antivirus and antispyware tools cannot clean infections from restore points, so even if you've cleaned out some malware, a rollback may bring reinfection. We've also seen infected restore points cause the security software's alarms to go off at each scan. To stop this from happening, you'll need to disable System Restore.

From the System Restore tab (Control Panel | System) check Turn off System Restore on all drives. This will delete all restore points. After the cleanup, turn System Restore back on. Just repeat these steps and uncheck the box.

System Security

Using Safe Mode
Using Safe Mode

Starting your computer in Safe Mode is often one of the only ways to regain control after a crash or a virus or spyware attack. Windows usually blocks you from deleting any files that are currently running (including malicious software), and malware often makes sure it loads at start-up. Safe Mode bypasses many drivers and start-up programs; by going into this mode you may be able to remove the offending apps. (We've also found that simply booting into Safe Mode and then rebooting back into Normal Mode may make an unstable system more reliable.)
Getting to Safe Mode

To enter Safe Mode, you need to coax Windows into displaying the Startup menu. Depending on the version, this menu offers Normal or Safe Mode, and sometimes Safe Mode with networking, command prompt, and other options.

Getting to Safe with F8. You can get to the Startup menu by pressing a hot key during boot time, or using the System Configuration Utility (MSConfig, not available in Win 2000).

Typically, you enter Safe Mode by pressing F8 after powering up. Some systems may prompt you to start tapping the button at a specific time in the boot sequence with a signal, such as a small line or square in the upper left corner of the screen, or with a beep. Whatever the signal, when you receive it, press F8. If your BIOS is set for quiet mode, though, you probably won't see the signal.

Safe Mode the MSConfig way (XP). If you're using Windows XP, choose Run from the Start menu, type msconfig and press Enter. Select the BOOT.INI tab, enable the /SAFEBOOT option and click the OK button. If you're going to need network or Internet connectivity, check NETWORK here, too. When the system asks you to restart, click Restart and Windows will boot into Safe Mode. To restart in normal mode, reopen MSConfig, select the BOOT.INI tab, and uncheck /SAFEBOOT, then select the General tab and check Normal Startup.

System Security

Extend Your View

Malware files often use double extensions. By default, Windows hides file extensions; this feature may help a malware file trick you into thinking it's safe to open. A virus named prettywoman.jpg.exe, for instance, would appear as prettywoman.jpg. Change your settings to see the real extensions.

In Windows XP/2000, open My Computer, then click on Tools | Folder Options. Select the View tab, look for the heading Hide extensions for known file types, and uncheck the box.

Network & Wireless Security
11.02.05
How Secure Are You?


How Secure are You?

Get a checkup. Vulnerability scanners probe computers on the network for potential security holes, and some even give you instructions on fixing them. There are many excellent commercial scanners, such as Retina from eEye ( www.eeye.com ), the ISS Internet Scanner ( www.iss.net ), and AppDetective by Application Security ( www.appsecinc.com ), which scan for a large number of known problems and are updated as new issues are discovered. You can specify a particular system to scan or, if you give the tools an address range, they will find all systems and scan them for you.
How Secure Are You?

These are probably overkill for a home network. Instead, you could try the NeWT security scanner, a free tool from Tenable Network Security ( www.tenablesecurity.com ). Microsoft also offers a free tool, the Microsoft Baseline Security Analyzer ( www.microsoft.com/tech...ahome.mspx ), which scans single systems or systems across a network for common misconfigurations and missing security updates. If you administer a business network, you should use these free tools in addition to a commercial scanner.

Scan from within and without. Scans run inside the network probe for vulnerabilities from the perspective of a user already logged on. If you have a firewall in place, your internal environment is protected from many outside threats. Run the scanner from outside your network and tell it to scan your outside IP address. Look for open ports and make sure they're all being used for the applications you want.

Be cautious. Vulnerability scanners can generate a flood of warning messages, many of them doing nothing more than telling you that you did something (like open port 80 on your Web server) that you plainly intended to do. So don't assume the scanner knows more than you, especially when it gives the warning a low priority. Take advice from these programs as suggestions, not orders.


Network & Wireless Security

Wireless? Go WPA

Even the people who designed WEP (Wired Equivalency Privacy, the first-generation wireless security protocol), admit that it's a weak protocol that's easily outwitted. The next generation, WPA (Wi-Fi Protected Access), is a much better solution, but it's not necessarily available for your old Wi-Fi equipment. Linksys, for example, includes WPA support in all its 802.11g equipment, but added it to only a few of the older, 802.11b devices. See "Wireless Security: WPA Step by Step" at go.pcmag.com/WPA to learn how to upgrade your equipment to WPA.

WPA provides enterprise mode, in which users enter individual usernames and passwords that are checked by a special server, and personal mode, where everyone uses the same shared password. That password is used as a key for encrypting all the data on the network. In our experience, we've found that all home users and almost all small businesses will get along fine with the shared password mode.

A relatively new WPA2 that implements even stronger encryption than WPA is beginning to appear in products. The improvements are benign overkill for home users, but WPA2 is backward-compatible with WPA, so there's no reason not to buy it.

For the best protection, use a passphrase of at least 20 characters and write it down somewhere safe.

Network & Wireless Security

Avoid Windows Messenger Spam

If you're using Windows XP or Windows 2000 and connect directly to the Internet, you can fall victim to Windows Messenger Service pop-ups. This is not related to any instant messaging app, but to an arcane network utility called Net Send.

The Net Send message service was used by network administrators to send pop-up messages to all users (like "The server's going down in 5 minutes, so save your work and shut down"), and to let users send notes to one another.
Avoid Windows Messenger Spam

By default, Windows XP and 2000 both have this service running when you start your computer, with the result that when you are connected to the Internet, anyone who knows your IP address can send you a pop-up message that looks like a Windows alert, not an ad. Some spammers scan through a series of Internet addresses and find computers that have this service turned on. When they find one, they send it a message.

Turn off Net Send. In Windows 2000 and XP, you can turn off the Messenger Service by clicking on the Start button, then selecting Run and typing Services.msc. Press Enter. In the Services window, scroll down to the Messenger entry. Double-click on it to bring up the Messenger Properties window. First click the Stop button to end the Messenger Service. Once the Service status is tagged Stopped, click on the Startup type drop-down box and select Disabled. Now click on OK. You will be brought back to the Services window, and the Messenger Properties window will now say Disabled under Startup type. Close the window and you're done.

Or keep it on. The fix above can eliminate the problem, though it can sometimes get in the way of legitimate application alert functions from antivirus programs, print spoolers, or a UPS device.

If you find that you must keep the Net Send Messenger Service running, you can block external messages using a firewall. When using a hardware or software firewall, block inbound NetBIOS and UDP protocol broadcast traffic. When setting up a personal firewall, such as ZoneAlarm, you may need to create exceptions for your own subnet, or for individual machines with which you want to share data.

Network & Wireless Security

Working on the Chain

Some browser hijackers insert themselves into the Windows Winsock (Windows Sockets) component�the mechanism that applications use to make Internet connections�and when they're removed they leave the component broken and unable to connect.
Working on the Chain

The new Winsock 2, installed by upgraded versions of Internet Explorer and native to Windows XP, incorporates a feature called Layered Service Provider (LSP), which allows third-party vendors to insert their own code�for monitoring or content filtering�into the Winsock data stream. The feature is also used by spyware companies to facilitate their own monitoring. When a legitimate program (such as Net Nanny or Cybersitter) is uninstalled, it patches up the Winsock. Spyware products don't always extend the same courtesy.

When the Winsock is broken, you may be able to use IM but not e-mail and Web browsing. This odd behavior makes troubleshooting difficult, because you're connected to the Internet and you have an IP address, but the browser still won't work.

The easiest way to fix the broken chain is to use a freeware utility called LSP-Fix. This utility is primarily for Windows 98, though it works on Windows Me, 2000, and XP. It is available from Counterexploitation, a Web site dedicated to identifying and removing spyware, adware, and other malicious programs, at www.cexx.org/lspfix.htm. LSP-Fix works by "reconnecting" the disconnected layers in the Winsock stack. In most cases it can repair the damage without further problems.


E-mail Security
11.02.05
Don't Get Attached


Don't Preview

We all know we shouldn't open unknown attachments, but having the message preview pane enabled in Outlook or Outlook Express can automatically open messages that may infect your system. Note that if you have Service Pack 2 installed (as we recommended in the first section), Outlook and OE do prevent many problematic items from displaying in the preview pane, but it's safer to disable it entirely.

In Outlook Express, select View | Profiles | Preview Pane and turn it off.

In Outlook 2000, select View | Preview Pane (it's a toggle, click on, click off).

In Outlook 2003, select View, then Reading Pane, and click Off.

E-mail Security

Don't Get Attached

Block attachments in Outlook. Not opening attachments is probably the best way to prevent infection. Outlook 2003, Outlook 2002, and Outlook Express 6 come configured to block dangerous attachments automatically; in Outlook Express you can turn the blocking off, but in Outlook 2003, it's always on. You can also update Outlook 98 or Outlook 2000 to include attachment blocking.

Block attachments in OE6. If you're using Outlook Express 6 and extension blocking is off, click on Tools, then select Options. Select the Security tab, and click the check box for Do not allow attachments to be saved or opened that could potentially be a virus.

Early warning. In Outlook Express, check the box marked Warn me when other applications try to send mail as me for a little extra protection.

Add to the block list. What about ZIP, PIF, and other file formats that could hide malware? These aren't stopped by default, but the Microsoft Knowledge Base article at support.microsoft.com/kb/837388 describes how to add extensions to Outlook's block list; unfortunately, it doesn't work with Outlook Express. The technique requires editing the Registry, but it is basically the same for Outlook 2000, 2002, and 2003.

Here are the steps for home users (non-Exchange environments) using Outlook 2003. For Outlook 2000, substitute a 9.0 for the 11.0 in the HKEY. For Outlook 2002, substitute 10.0. We recommend backing up this Registry key before using the editor.

Click Start | Run, type regedit, and then click OK. Locate and then click the following key: HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\Security. On the Edit menu, point to New | String Value. Type Level1Add, and then press Enter. On the Edit menu, click Modify. Type <, then a list of the attachment file extensions (separated by semicolons, not spaces), then >. For example, you would type .zip;.pif if you wanted to block both formats from appearing in the e-mail message as an attachment. The value string would look like this: <.zip;.pif>

Unblocking files. If you need to open up access to a blocked attachment, you can use the Level1Remove key. Surf over to Slipstick Systems (www.slipstick.com) for instructions and a full list of the blocked extensions, as well as a list of tools that let you add or remove attachment blocking without editing the Registry.

E-mail Security

Return to Sender

Clever spoofs. An unwelcome side effect of the latest worms is the barrage of undeliverable mail. Many viruses use "undeliverable" or similar messages in the subject line so users will be duped into opening the message and infecting their machines. Also, e-mail viruses deliberately spoof the return address when sending themselves to a harvested list. This prevents legitimate nondelivery messages from alerting the victim to the virus's presence�and dumps irrelevant nondelivery messages on the owner of the spoofed address. In either case, delete the message without opening it.

Check the header. If you think that it might be from a legitimate address, right-click on the message line in the Outlook Inbox and select Options to view the header (do not double-click, or you'll open the message). In Outlook Express, right-click, select Properties, and choose the Details tab.

Even though the header seems indecipherable, you can use it to find out whether a real correspondent bounced back the message. Check the To: area for a legitimate e-mail address; if you find one, this is a real undeliverable response for the server where that e-mail was sent.

E-mail Security

Certified Mail

How do you know that e-mail from your mom is really from her? You don't. E-mail doesn't have any built-in authentication. There are efforts under way to add authentication between e-mail servers, but personal authentication options have been around for years. Your mom just needs her own digital certificate.
Certified Mail

Buy a certificate. When you receive a message that is digitally signed, it comes with a seal icon. Double-click on it, start exploring, and you'll find information about the sender, and, potentially, a certificate authority. This is a company that issues certificates (typically for a fee) and vouches for the information in them. To get a certificate in Outlook, click Tools | Options and go to the Security tab. Click the Get a Digital ID… button near the bottom. This will open the browser to a Microsoft page with information on digital certificate vendors.

Or get one free. There are tools you can get for free to generate unique certificates, but if they are not held by a public authority, all they can prove is that the message wasn't tampered with. A better idea is to visit thawte (www.thawte.com), a subsidiary of VeriSign that offers personal certificates for free.

Certification pays. Digital certificates let you encrypt message contents and prove that they have not been tampered with, and AOL Instant Messenger (among other apps) can use your certificate to authenticate your ID.

Use Outlook for encryption. S/MIME (or Secure Multipurpose Internet Mail Extensions) is the standard for encrypted and "signed" e-mail. All recent versions of Microsoft Outlook and Outlook Express, Eudora, and Netscape Messenger support it, but no product makes working with certificates easier than Outlook.

E-mail Security

Something's Phishy
Clever Spoofs

When searching for bargains on the Internet, be very skeptical of sites with which you don't have a relationship and which you don't know from reputation. Scammers put a lot of work into search-engine placement to attract deal-hunters. Links to these shady stores lead to a checkout screen asking for the card name, number, expiration date, and CVV (card verification value). After you provide the information, you're brought to a page that says an error has occurred and you should pay by postal money order. This means some victims could actually lose their credit card information and the value of the money order.

E-mail Security

Don't Be a Spam Magnet

Spammers make money not just by spreading advertisements, but by reselling their lists, and the more live people on the list, the more valuable it is.

Don't buy it. The worst thing you can do is buy something from a spammer. It puts you on a list of "real live ones."

Don't unsubscribe. Don't click the Unsubscribe or Click here to be removed from our list links at the bottom of spam messages. Doing so lets spammers know your address is valid. Note that many legitimate sites�such as e-tailers�also provide an unsubscribe link with their e-mail messages, and those are honored.

Don't open or preview. Spammers can confirm your existence when you open an HTML spam message. Through images on the page, or "Web bugs," the spammer's server gets alerted that you opened the e-mail. The latest versions of Outlook and Outlook Express address this by not downloading images unless you tell the program to do so. If you don't know the sender, don't get the pictures.

Web-Browsing Security
11.02.05
Get Inside


Internet Explorer's default settings, while allowing you to enjoy all the Web has to offer, can sometimes be too open. Here are some ways to tighten up IE's security.

Web-Browsing Security

Get Inside

Open Control Panel | Internet Options to access Internet Explorer's settings. In the Internet Properties dialog, select the Security tab, then click on the Custom Level button. You can scroll through all the available settings. In each instance, you have the option of Enabling, Prompting, or Disabling the function.

Disable by default. In most cases, it's best to disable something questionable. If you choose to be prompted, you may end up with many more annoying alerts than you've encountered in the past.

Prevent pop-ups. Completely preventing active scripts from running is a drastic move, as many sites use scripting for legitimate purposes. However, if you frequent sites that pop up dozens of extra windows, try this: Scroll down the Security Settings list to Scripting and disable all settings (in IE 6, it's three settings). You may also want to disable ActiveX controls; certainly don't automatically enable them. You can also block signed controls (which have a valid certificate) or unsigned ones. In Medium security mode, unsigned controls are disabled, signed ones are allowed.
Get Inside

Establish trust. What if you want to disable scripting for most pages, but want to look at PCMag.com or eBay without a flurry of alerts? IE has settings that let you manage these "trusted" sites without compromising general security. To add often-visited Web sites to the Trusted category, choose Tools | Internet Options from the menu and click the Security tab. You will see icons for several "Web content zones." Click on the "Trusted sites" zone icon, and then click on Sites. Type in the domain of the trusted site, such as ebay.com, and click Add. You may need to uncheck the box titled Require server verification (https:) for all sites in this zone. IE will prefix the domain with the "*" wildcard character, though you won't see it until you exit and reenter. When you're done, click on OK. Trusted sites get a Low-level security rating, which allows downloading content such as ActiveX controls and plug-ins, cookies, and all scripting. IE will still block unsigned ActiveX controls.

Why am I still getting alerts? If you've set scripting and ActiveX control downloads to Prompt, you may still get warnings on trusted sites. This is usually because the site supports banners or ads that are hosted by nontrusted domains.

Web-Browsing Security

Be Different

Switch browsers. Most virus, worm, and spyware writers go after the largest targets. That's the primary reason they tend to attack Windows and Internet Explorer. An easy step to reduce your risk is to switch to the free browser Firefox, or to Opera (which is now ad-free, too). Moving to a lower-profile browser isn't a magic bullet, though, so keep your security settings on the alert.

Switch OSs. A more radical step, but worth consideration, is to move off the PC platform entirely and buy a Mac, or use Linux, which runs on most existing hardware. It's questionable whether these non-Microsoft products' code is any more secure, but simply because they move below the radar they're less susceptible to attack.


Web-Browsing Security

Change Your Layout

A fairly common technique used by phishing attacks changes the URL displayed in the Internet Explorer address bar by popping up a tiny window over it with the false address.

One of the reasons this works is that the address bar is usually in its default location. If you move the address bar, the window still pops up, but it's obvious that it's a false address, because it appears in the wrong place.

Move it. You can move any of the menu or button bars in Internet Explorer by clicking and dragging the vertical line of dots at the left end of the bar. If you have trouble moving these toolbars, they may be locked. Right-click on an empty toolbar area and uncheck Lock the Toolbars.

Web-Browsing Security

Don't Get Jacked

Browser hijacking is one of the most common ailments facing home and corporate users. You surf to a site, and all of a sudden, your browser defaults to a specific search engine and your home page is different. The scammers responsible even monitor the results of targeted advertising (usually in the form of pop-ups) in your browser.

Most of these annoying pages are just pushing a product or service, but some hijackers are accompanied by Trojan horses and backdoors that let vendors download updates and collect keystrokes and other data.

Be skeptical. Most hijacks come through user interaction. If you get a pop-up asking you to download a special viewer, free software, or, in its simplest form, change your home page, click No or close the window.

Stay updated. Make sure you've got all the Windows updates and that your antivirus program has the latest signatures. Most can stop these hijacking Trojans at the front door.

Clean up. If you fall victim to a hijack, use a spyware scanner (such as the free Micro-soft Antispyware beta, Spy-Catcher Express, Ad-Aware, or Spybot Search & Destroy) to root out the bad code.


Anti-Malware Security
11.02.05
Fakes A-Poppin'


Changing Antivirus Protection

Most antivirus products provide a year of updates once you open the box, with the option to buy extended update plans. But sometimes you may want to switch to a new product, either by the same or different vendor. Remember, antivirus products don't coexist well. Even if a product is out of date, if it is configured for on-access scanning, it is "watching" your file and Internet access. Many also use an e-mail proxy, which redirects incoming and outgoing mail through a scanner, all of which can either conflict with new antivirus products, or at best, hurt performance.

Out with the old. Uninstall and remove your old antivirus before installing the new product. If your old software is reasonably up to date, do one last scan before uninstalling to be sure to start clean. It's especially important that your software firewall (or at least the Windows Firewall) be active during that time period from when you uninstall one product to when you install the other.

In the meantime. If the old software is more than a week out of date, use an online scanner, such as Trend Micro's free HouseCall, McAfee's Stinger tool, or Panda Software's ActiveScan (see Web Resources for Getting Rid of Malware for more free apps). Before you uninstall, close all Web pages and your e-mail client to minimize exposure.

Disable first. You may get a warning to disable the antivirus before uninstalling, which you can do with most products by right-clicking on the icon in the system tray (next to the clock in the lower right of the screen). If the product asks whether you want to delete the quarantine or backed up files, say yes, as the new AV will probably find them when it installs.

In with the new. Install the new product and update its definition files immediately. Do a full drive scan. Finally, make sure that the on-access scanner is enabled.


Anti-Malware Security

Fakes A-Poppin'

What do you do when you get a pop-up warning out of the blue that you might have a security problem? The scammers behind what purports to be security software like to take advantage of nervous users. Clicking anywhere in this ad, whether on the phony "Yes" or "No" buttons or anywhere else, takes you to the vendor Web site, where you can download their product. Our advice is: Ignore these messages and close the windows immediately by pressing Alt-F4.

Unmask the impostor: These pop-ups look very much like Windows dialogs and even menus. How do you recognize that a window is really a pop-up ad?

First, even if a window presents a dire message, don't panic. If you look at the title bar and status bar, the top and bottom of the window, you can tell that it is an Internet Explorer window. This is a clue, but not conclusive proof that the window is not a security warning.

Full proof. If you're still curious, though, right-click on it and select Properties. You should be able to see the originating site. A real IE-based dialog box from Windows would have a nonstandard address starting with something like res:. A Web ad will have an ordinary URL.

Anti-Malware Security

Spyware-Fighting Tools
Spyware-Fighting Tools

Pop-ups be gone. Google, MSN, and Yahoo! all offer free pop-up blockers. Opera and Firefox have ones built in, and Windows XP Service Pack 2 adds one to Internet Explorer. Many good antivirus suites now also come with pop-up blockers, so there is no need to actually buy one. But use a blocker from a company that you trust.

Tougher threats. Rogue or suspect anti-spyware programs advertise through the very pop-ups that they claim to remove, and often badger a user with high-pressure tactics.

One of the hallmarks of these products is that they are free to download and scan, but if you want to clean your system, you must purchase a license. Some of these will produce false positives, claiming spyware infections to further convince you to buy. The most insidious of the lot, dubbed extortionware, uses malicious installations, blocks removal, and sometimes causes connectivity problems, unless you buy the product. A few of these rogue products will actually be spyware themselves, recording data and reporting back to their vendors' sites.

How do you tell the difference? As a general rule, if a vendor uses a pop-up ad to advertise that it rids your system of pop-ups and spyware, you should consider it suspect. Although some good commercial antispyware products offer free scans, legitimate ones will not state in an ad that they already detect an infection.

Get help. SpywareWarrior.com lists over 90 applications that have been tested or are suspected to be of unknown or dubious value as spyware protection. Also check out SpywareGuide (www.spywareguide.com), which offers information and tips.

Read the fine print. Keeping your system clear of spyware, adware, and malicious programs takes diligence and awareness. Pay attention to requests to download software to your machine. Don't agree to anything until you read the End Use License Agreement (EULA). If something sounds fishy, close the browser.

Anti-Malware Security

Here's Your Host
Here's Your Host

When you type in a Web address, such as www.pcmag.com, the browser contacts a central DNS (Domain Name Services) server, which looks up the site and translates it to a numeric IP address. But every copy of Windows has a mini-DNS called the hosts file, and the browser checks that first before reaching out to a DNS server somewhere on the Net.

This hosts file is a favorite target for viruses, spyware, and browser hijackers, which can, for example, use the hosts file to direct all requests for Yahoo! or Google to their own search page by listing the domains, but pointing them all to a single IP address. Some viruses and worms use the hosts file to block access to antivirus sites, too, pointing their domains to your own system, represented by the Localhost address of 127.0.0.1.

Fixing a hosts file is actually pretty easy�you just edit it in Notepad. You'll find it under the Windows folder. In Windows XP, it's in C:\Windows\System32\Drivers\Etc; in Windows 2000, it is C:\Winnt\System32\Drivers\Etc.

The lines in the file that begin with pound (#) are comments, so the only active line is the last one, which directs Local-host to the IP address 127.0.0.1.

Hosts that have been hijacked may look like this:

66.250.107.100 msn.com

66.250.107.100 www.msn.com

66.250.107.100 search.msn.com

66.250.107.100 auto.search.msn.com

Any attempt to access MSN would open up this alternate page.

It could also look like this:

127.0.0.1 localhost

127.0.0.1 liveupdate.symantec.com

127.0.0.1 update.symantec.com

127.0.0.1 download.mcafee.com

127.0.0.1 www.symantec.com

127.0.0.1 www.sophos.com

Now you'll get an error whenever you try to access these antivirus sites.

To fix the file, you can delete everything in it except the Localhost listing. If that line is missing, create a simple text file with only one line�127.0.0.1 localhost�and save it as the file name "hosts" (no file extension) to the same folder.

Note that you can also use the hosts file to block unwanted sites, by adding the site address to the list and redirecting it to Localhost.

Anti-Malware Security

Identify Nasties

Many malicious programs, and even some well-meaning ones, add junk to the start-up folder. Memory clutter is one of the main causes of slow booting, slow running, and general system instability. The more things load at start-up, the slower the boot process, and the less room later for other programs.

Run MSConfig. The System Configuration Utility lets you edit the programs that Windows loads at boot time. Click on Start | Run, type in msconfig, and hit Enter. Use the Startup tab to enable or disable all or individual files. Disabling all files can be used to narrow down a problem. In most cases, disabling all start-up items will allow Windows to boot cleanly, after which you can add back files, such as the user interface for antivirus and firewalls that run at boot time. Important note: If you're using MSConfig, be careful not to make any changes in the Services tab.

Use a Start-Up Manager. A start-up manager such as Absolute Startup (go.pcmag.com/absolutestartup) or our own Startup Cop Pro (go.pcmag.com/utilities) gives you much more control over which apps can run at start-up.

Identify bad files. How can you tell which start-up files are good and worth keeping? Many times you can get an idea of what a file is by looking at the Command or Location column in MSConfig. The command is the executable file and command line string used to start a file. The location shows where the command is executed from, usually a Registry key or the Windows Startup folder.

If that doesn't work, visit www.sysinfo.org and check its database to determine whether a file is required or associated with the system, with applications, or with malicious code.

You can also search for the filename on Google. The results often include a definition from AnswersThatWork.com or the WinTasks Process Library (www.liutilities.com/products/wintaskspro/processlibrary). WinTasks can also help you sort out processes in the Windows Task Manager. The PC Magazine Premium Utility TaskPower provides similar functionality.

Once you've ID'd a file, you can enable or disable it. When you're done, click OK (or Apply and OK). Windows will ask you to reboot, and then it'll display a warning box that tells you it's using selective start-up. Clicking OK launches MSConfig again. You can bypass this by clicking the Don't show this again option.


Anti-Malware Security

Picking Up the Pieces

Spyware removers don't always clean out all the fragments of everything they delete.
Web Resources for Getting Rid of Malware

Not to worry. The basic issue is whether there's anything left that can run, and most often, there isn't. But for those who like a system scrubbed really clean, a spyware removal tool can get you to the point where you can search manually for and remove the remainder. It's easier if the fragments are stored in well-named Registry keys and directories, but if the program hides in the Windows System directory, detection is harder.

Do another scan. Scan with another program. The second scan may flag fragments as proof that the malware isn't gone, but that will help you locate and remove them. As long as you are careful to run only one resident scanner at a time, you should see no conflicts.

Mobile Security
11.02.05
Kiosk Safety


Stay Cool at Hot Spots

Surfing the Web at your local coffeehouse is great, but the guy sitting a few seats away could be surfing your laptop, downloading personal or corporate data. Public wireless hot spots often let hackers store and retrieve data with relative ease. You need to do two things:

Disable file sharing. In Windows XP, open Control Panel and select Network Connections. Right-click on the wireless adapter and select Properties. On the General tab, scroll the list of items the adapter uses and uncheck File and Printer Sharing for Microsoft Networks.

Use a personal firewall. Use a product that supports security zones, such as Norton Personal Firewall or ZoneAlarm. The firewall will sense that you're on a new network and ask you whether you trust the network. You don't.

Mobile Security

Kiosk Safety

Public computers at Internet cafés, libraries, and airports are convenient, but they require heightened vigilance.

Look around. Make sure nobody's able to glance at your screen or keyboard.

Beware of keyloggers. Many public computers are locked down, so no additional software can be installed except by the administrator. But there's a chance a hacker could install a Trojan keylogger to capture keystrokes, and an industrious crook could use a hardware device�such as the KeyGhost Hardware KeyLogger�that connects between the keyboard and PC. The KeyGhost device can be mistaken for part of the normal keyboard cable. If you can, check where the keyboard plugs into the back of the machine to make sure there isn't an extra plug. If there is, find another PC.

Another clever workaround is to click Start | Accessories | Accessibility | On Screen Keyboard and type your password in using the mouse, or type your password with one or more strings of junk in the middle, then delete the junk using the mouse.

Don't tip your hand. We recommend that you avoid typing any sensitive data at public kiosks. Also, don't walk away from the computer while you're logged in. Many sites (such as eBay) set cookies for an online session so if you close the browser and reopen it, you don't have to log on again. If you close the browser and walk away, the next user could pick up where you left off. Microsoft Passport and Yahoo! accounts can also be persistent. If the kiosk has Windows XP, it could ask if you want to associate your Passport account to the Windows XP account. Be sure to say no!

Clean your tracks. Be sure to delete your electronic trail of temporary files, cookies, and surfing history. If you're using Internet Explorer, click on Tools | Internet Options. On the General tab, click on Delete Cookies, Delete Files (and be sure Offline content is checked), and Clear History.

Still in Internet Options, click the Content tab, then click the AutoComplete button. In the resulting dialog box, click the Clear Forms button and the Clear Passwords button.

If you downloaded any documents, delete them too. If you edited any documents, clear the "recently used documents" list. In Windows XP, right-click on the taskbar at the bottom of the screen and select Properties. Select the Start Menu tab; click on Customize | Advanced. Now click on the Clear List button for Recent Documents. Lastly, empty the trash to purge any deleted files.


Mobile Security

Security Is Key

To better protect yourself when using computers other than your own, especially public PCs, carry around a USB memory drive loaded with mobile security tools. We covered several in "The Ultimate USB Key" (go.pcmag.com/ultimateusb).

Use a password manager. Siber Systems' Pass2Go (www.pass2go.com), for example, lets you store all your passwords on the key and fills in log-on forms in IE and Firefox automatically, evading some types of keyloggers. All data can be encrypted with a master password; even if a keylogger captures this password, it's of little use without the physical key.

Scan before you surf. Antivirus and antispyware apps that run from the key can make sure that the system is clean before you use it. Just make sure to update these tools' definitions before scanning.

Keep your apps to yourself. Self-contained versions of apps like Firefox and Open-Office.org, ported by John Haller (www.johnhaller.com), let you surf the Internet and edit your documents without touching the host PC's browser or office suite.

P.I. Protector Mobility Suite 3.0 (go.pcmag.com/piprotector) lets you keep your e-mail on the USB key, and while the protector is running, all of your temporary files also reside on the key. When you shut it off and pull out, no trace is left. The new U3 Smart Drive keys make running apps like these even easier.

Bring your own OS. Note that some mobile apps do create temp files on the host system's hard drive. If the app crashes, there's a chance it may not have cleaned up properly. For even greater protection, there are versions of Linux that can run off a USB key, and the Knoppix distribution of Linux runs off a CD. If you can boot to the key, any threats that may be lurking on the host's hard drive will never see your data.

Powerful Passwords
11.02.05
Passwords


Most PCs and lots of personal data, such as bank records and Web mail access, are guarded only by a username and password. Usernames are fairly easy to guess and often pre-filled in, so you need to make sure your passwords are strong�not easily guessed or cracked by "dictionary" attacks that throw millions of letter combinations at the dialog. Many of the most widespread Internet worms have built-in dictionaries of common passwords, and once they are running on your system, they can attack your computer and others on your network.

* Don't use any part of your username, full name, address, birth date, and so on. This data is readily available to intruders.
* Don't use English or even foreign words.
* Make sure your password is at least six to eight characters long. In fact, the longer the password, the better.
* Use different kinds of characters in your password. At the very least, your password should contain uppercase letters, lowercase letters, and numbers. If you're comfortable with non-alphanumeric symbols (such as #@!&) or extended ASCII characters (which you can access by holding down Alt and typing on the number pad), use them.
* Change passwords every month to six weeks.
* Don't write your passwords on a sticky note and post it on your monitor.
* If you need to keep a repository of passwords, use a utility like RoboForm Pro (www.roboform.com) that keeps an encrypted list of all your passwords under a single master password. These programs can also generate strong passwords to your specifications.
* Don't recycle old passwords or use the same one for several different applications.
* Use a word you know, but substitute punctuation and numbers for letters. For example, coffee could become C0FF33 and Indiana_Jones could become 1nd1@n@_j0n3s.
* Use a passphrase�a group of words, as opposed to a single word. If you're a Beach Boys fan, "It's not a big motorcycle, just a groovy little motorbike" might be a good passphrase.

Note that not every security system lets you use passwords this long, or even ones that have embedded spaces. Some e-commerce sites, for example, will allow you only 8- to 12-character alphanumeric passwords. But since Windows 2000, Windows has allowed passphrases with up to 127 characters.

Web Resources for Getting Rid of Malware
11.02.05


The Internet is teeming with threats, but it's also home to hundreds of helpful sites, free software, and real-life volunteers who will help you scan, identify, and get rid of malicious code.

Helpful Sites:

* HijackThis (www.merijn.org) is a free spyware scanner; you can post its logs to www.spywarewarrior.com or SpywareInfo (spywareinfo.com). The friendly experts there will review them and provide detailed, individualized instructions for cleaning your system.
* Scumware.com is a friendly and plain-English site with instructions on how to detect and remove various adware and malware programs.
* MajorGeeks.com has malware information for the more advanced user.

If you're not sure whether a file is malicious, you can upload it to sites such as VirusTotal (www.virustotal.com) and virusscan.jotti.org, each of which uses over a dozen scanning engines to determine the nature of the file. You can also attach a file to an e-mail message and send it to scan @ virustotal.com with the word SCAN as the subject line. You will receive an e-mail report of the scan.

Discussion Forums and Download Resources:

* Wilders Security Forums (www.wilderssecurity.com)
* ComputerCops forums (castlecops.com/forums.html)
* cexx.org Message Boards (boards.cexx.org)

Free Virus Scanners:

* Trend Micro Housecall (housecall.trendmicro.com)
* McAfee Free Scan (us.mcafee.com, registration required)
* Symantec Security Check (security.symantec.com)
* RAV AntiVirus (www.ravantivirus.com/scan)
* Panda ActiveScan (www.pandasoftware.com/activescan, registration required)
* Computer Associates (www3.ca.com/securityadvisor/virusinfo/scan.aspx, download required)
* Avast! (www.avast.com, registration required)
* Kaspersky Antivirus (www.kaspersky.com/scanforvirus, upload required)
* GrisSoft AVG (www.grisoft.com/doc/40/lng/ww)
* Norman Antivirus (www.norman.com , 30-day trial)



There you have it! Hope you learned something... Wink

Back to top
View user's profile Visit poster's website Photo Gallery
Uhu_Fledermaus
Aircraft Demolition Expert

Offline Offline
Joined: Nov 28, 2004
Posts: 4369
Location: Blaricum, The Netherlands ~GMT+1
PostPosted: Wed Nov 16, 2005 11:07 am
Post subject: Re: Maximum Security: 94 Essential Tips for Staying Safe

Cool

Great stuff bushy !!

Thankx for the pointers, I've pasted into a word document and will print it out for beter readability Wink


fled
Back to top
View user's profile ICQ Number MSN Messenger Photo Gallery
Display posts from previous:   
Post new topic    Revive this topic    Printer Friendly Page    Forum Index ›  Hardware
Page 1 of 1
All times are GMT - 6 Hours

Archive Revive
Username:
This is an archived topic - your reply will not be appended here.
Instead, a new topic will be generated in the active forum.
The new topic will provide a reference link to this archived topic.