±Recent Visitors

Recent Visitors to Com-Central!

±User Info-big


Welcome Anonymous

Nickname
Password

Membership:
Latest: HighestAce
New Today: 0
New Yesterday: 0
Overall: 6648

People Online:
Members: 0
Visitors: 803
Total: 803
Who Is Where:
 Visitors:
01: Home
02: Tell a Friend
03: Member Screenshots
04: Member Screenshots
05: Your Account
06: News Archive
07: Community Forums
08: Home
09: Home
10: Downloads
11: Member Screenshots
12: Home
13: Downloads
14: Community Forums
15: Downloads
16: Supporters
17: Home
18: News Archive
19: Community Forums
20: Community Forums
21: Home
22: Member Screenshots
23: Community Forums
24: Home
25: Community Forums
26: Search
27: Member Screenshots
28: Community Forums
29: Community Forums
30: Treasury
31: Downloads
32: Home
33: Community Forums
34: Member Screenshots
35: Home
36: Community Forums
37: LinkToUs
38: Community Forums
39: Community Forums
40: Photo Gallery
41: Community Forums
42: Home
43: Community Forums
44: Member Screenshots
45: Community Forums
46: Home
47: Home
48: Community Forums
49: Community Forums
50: Statistics
51: Downloads
52: Community Forums
53: Community Forums
54: Home
55: Community Forums
56: Contact
57: Community Forums
58: Member Screenshots
59: Downloads
60: Member Screenshots
61: Community Forums
62: Community Forums
63: News
64: Home
65: Home
66: Home
67: Community Forums
68: Home
69: Community Forums
70: Your Account
71: Downloads
72: Community Forums
73: Downloads
74: Community Forums
75: Downloads
76: Community Forums
77: Community Forums
78: Downloads
79: Community Forums
80: Community Forums
81: Community Forums
82: Community Forums
83: Community Forums
84: Community Forums
85: Community Forums
86: Community Forums
87: News Archive
88: Community Forums
89: Community Forums
90: Home
91: Photo Gallery
92: Community Forums
93: Member Screenshots
94: Community Forums
95: Home
96: Photo Gallery
97: Home
98: Community Forums
99: Community Forums
100: Community Forums
101: Home
102: Community Forums
103: Your Account
104: Community Forums
105: News Archive
106: Community Forums
107: Home
108: Home
109: Community Forums
110: Home
111: News
112: Home
113: Downloads
114: Community Forums
115: News Archive
116: Member Screenshots
117: Your Account
118: Member Screenshots
119: Home
120: Home
121: News Archive
122: Community Forums
123: News Archive
124: Community Forums
125: Member Screenshots
126: Community Forums
127: Community Forums
128: Community Forums
129: Community Forums
130: Home
131: Community Forums
132: Statistics
133: Downloads
134: Community Forums
135: Downloads
136: Community Forums
137: Member Screenshots
138: Member Screenshots
139: Downloads
140: Member Screenshots
141: Home
142: Photo Gallery
143: Community Forums
144: Your Account
145: Home
146: Community Forums
147: Home
148: Home
149: Tell a Friend
150: Home
151: News Archive
152: Member Screenshots
153: Community Forums
154: Downloads
155: Home
156: News Archive
157: Community Forums
158: News Archive
159: Community Forums
160: News Archive
161: Photo Gallery
162: Community Forums
163: Home
164: Community Forums
165: Home
166: Home
167: Community Forums
168: Home
169: Community Forums
170: News Archive
171: Downloads
172: Community Forums
173: Community Forums
174: Community Forums
175: Community Forums
176: Home
177: Your Account
178: Member Screenshots
179: Member Screenshots
180: Community Forums
181: Photo Gallery
182: Photo Gallery
183: Community Forums
184: Home
185: Community Forums
186: Supporters
187: Community Forums
188: Photo Gallery
189: Member Screenshots
190: Community Forums
191: Community Forums
192: Statistics
193: Member Screenshots
194: Member Screenshots
195: Home
196: Community Forums
197: Member Screenshots
198: Community Forums
199: Member Screenshots
200: Community Forums
201: Community Forums
202: Home
203: Your Account
204: Community Forums
205: Home
206: Community Forums
207: Community Forums
208: Community Forums
209: Home
210: Community Forums
211: Home
212: Your Account
213: Home
214: Downloads
215: Home
216: Community Forums
217: Downloads
218: Home
219: Community Forums
220: News Archive
221: News Archive
222: Your Account
223: Home
224: Downloads
225: Community Forums
226: Home
227: Community Forums
228: Community Forums
229: Home
230: Community Forums
231: Photo Gallery
232: Community Forums
233: Community Forums
234: Community Forums
235: Community Forums
236: Community Forums
237: Home
238: Home
239: Member Screenshots
240: Treasury
241: Home
242: Downloads
243: Member Screenshots
244: Downloads
245: Community Forums
246: Member Screenshots
247: Community Forums
248: Home
249: Home
250: Member Screenshots
251: Home
252: Member Screenshots
253: Community Forums
254: Home
255: Home
256: Home
257: Community Forums
258: Community Forums
259: Community Forums
260: Your Account
261: Community Forums
262: Community Forums
263: Community Forums
264: Community Forums
265: Community Forums
266: Community Forums
267: Photo Gallery
268: Community Forums
269: News Archive
270: Home
271: Community Forums
272: Member Screenshots
273: Community Forums
274: Search
275: Photo Gallery
276: Member Screenshots
277: Photo Gallery
278: Community Forums
279: Community Forums
280: Home
281: Home
282: Community Forums
283: Your Account
284: Photo Gallery
285: Home
286: Downloads
287: Community Forums
288: Home
289: News Archive
290: Member Screenshots
291: Member Screenshots
292: Home
293: Community Forums
294: Community Forums
295: Member Screenshots
296: Home
297: Downloads
298: Community Forums
299: Home
300: Community Forums
301: Community Forums
302: Member Screenshots
303: Photo Gallery
304: Community Forums
305: Member Screenshots
306: Home
307: Downloads
308: Home
309: Downloads
310: Home
311: Member Screenshots
312: Community Forums
313: Home
314: Community Forums
315: Community Forums
316: Home
317: Member Screenshots
318: Community Forums
319: Community Forums
320: Your Account
321: Downloads
322: Home
323: Community Forums
324: Supporters
325: Community Forums
326: Member Screenshots
327: Downloads
328: Community Forums
329: Member Screenshots
330: Community Forums
331: Community Forums
332: Member Screenshots
333: Home
334: Home
335: Member Screenshots
336: Community Forums
337: Home
338: Community Forums
339: Photo Gallery
340: Your Account
341: Community Forums
342: Home
343: Home
344: Community Forums
345: Member Screenshots
346: Home
347: Home
348: Community Forums
349: News Archive
350: Home
351: Member Screenshots
352: Community Forums
353: Downloads
354: Downloads
355: Community Forums
356: Community Forums
357: Community Forums
358: News Archive
359: Community Forums
360: Community Forums
361: Community Forums
362: Member Screenshots
363: Downloads
364: News
365: Community Forums
366: Community Forums
367: News Archive
368: Your Account
369: Member Screenshots
370: Photo Gallery
371: Community Forums
372: Downloads
373: Home
374: News Archive
375: Community Forums
376: Home
377: News Archive
378: Home
379: Member Screenshots
380: Community Forums
381: Home
382: Home
383: Community Forums
384: Community Forums
385: Home
386: Community Forums
387: News Archive
388: Home
389: Community Forums
390: Home
391: Downloads
392: Home
393: Community Forums
394: Photo Gallery
395: Community Forums
396: Home
397: Member Screenshots
398: Downloads
399: Community Forums
400: Community Forums
401: Community Forums
402: Community Forums
403: Photo Gallery
404: Community Forums
405: Home
406: Community Forums
407: Photo Gallery
408: Home
409: Community Forums
410: Home
411: Community Forums
412: Photo Gallery
413: News Archive
414: Community Forums
415: Member Screenshots
416: News Archive
417: Your Account
418: Member Screenshots
419: Home
420: Home
421: Community Forums
422: Community Forums
423: Community Forums
424: Home
425: Community Forums
426: Home
427: Community Forums
428: Member Screenshots
429: Home
430: Home
431: Community Forums
432: Downloads
433: Downloads
434: Community Forums
435: Photo Gallery
436: Your Account
437: Community Forums
438: Home
439: Photo Gallery
440: Member Screenshots
441: Community Forums
442: Home
443: Home
444: Downloads
445: Photo Gallery
446: Member Screenshots
447: Community Forums
448: Community Forums
449: Downloads
450: Member Screenshots
451: Community Forums
452: Community Forums
453: Community Forums
454: Home
455: Community Forums
456: Community Forums
457: Community Forums
458: News Archive
459: Home
460: Member Screenshots
461: News Archive
462: Home
463: Member Screenshots
464: Community Forums
465: Home
466: Your Account
467: Home
468: Statistics
469: Your Account
470: Community Forums
471: Community Forums
472: Community Forums
473: Community Forums
474: Community Forums
475: Home
476: Home
477: Members List
478: Home
479: News Archive
480: Home
481: Home
482: Community Forums
483: Photo Gallery
484: Community Forums
485: Community Forums
486: Home
487: Home
488: Community Forums
489: Home
490: News Archive
491: News Archive
492: Photo Gallery
493: Home
494: Home
495: Member Screenshots
496: Photo Gallery
497: Community Forums
498: Member Screenshots
499: Your Account
500: Community Forums
501: Member Screenshots
502: Community Forums
503: LinkToUs
504: Home
505: Photo Gallery
506: News Archive
507: Home
508: Community Forums
509: News Archive
510: Downloads
511: Community Forums
512: Community Forums
513: Downloads
514: Member Screenshots
515: Home
516: News Archive
517: Photo Gallery
518: Photo Gallery
519: Treasury
520: Treasury
521: Community Forums
522: Search
523: Community Forums
524: Community Forums
525: Community Forums
526: Community Forums
527: Community Forums
528: Community Forums
529: Your Account
530: Community Forums
531: Community Forums
532: Member Screenshots
533: Community Forums
534: Member Screenshots
535: Home
536: Community Forums
537: Member Screenshots
538: Member Screenshots
539: Home
540: Home
541: Community Forums
542: Community Forums
543: Community Forums
544: Home
545: Community Forums
546: Community Forums
547: Member Screenshots
548: Home
549: Community Forums
550: Downloads
551: Member Screenshots
552: Community Forums
553: Member Screenshots
554: Community Forums
555: Community Forums
556: Community Forums
557: Community Forums
558: Community Forums
559: Member Screenshots
560: Home
561: Community Forums
562: Home
563: Member Screenshots
564: LinkToUs
565: Community Forums
566: Statistics
567: Community Forums
568: Your Account
569: Home
570: Community Forums
571: Home
572: News Archive
573: Community Forums
574: Your Account
575: Member Screenshots
576: News Archive
577: Community Forums
578: Downloads
579: Home
580: Community Forums
581: Community Forums
582: Member Screenshots
583: Community Forums
584: News
585: Home
586: Community Forums
587: News Archive
588: Community Forums
589: Community Forums
590: News Archive
591: Community Forums
592: Home
593: Home
594: Downloads
595: Home
596: Member Screenshots
597: Community Forums
598: Home
599: Home
600: Community Forums
601: Downloads
602: News Archive
603: Your Account
604: Community Forums
605: Community Forums
606: News
607: Your Account
608: Community Forums
609: Your Account
610: Home
611: Photo Gallery
612: Member Screenshots
613: Community Forums
614: Home
615: Home
616: Community Forums
617: Community Forums
618: Community Forums
619: Photo Gallery
620: News Archive
621: News Archive
622: Photo Gallery
623: Downloads
624: News
625: Community Forums
626: Home
627: Member Screenshots
628: Downloads
629: Community Forums
630: Home
631: Home
632: Photo Gallery
633: Downloads
634: Community Forums
635: Downloads
636: Community Forums
637: Home
638: Community Forums
639: Home
640: Community Forums
641: Downloads
642: Community Forums
643: Community Forums
644: Community Forums
645: Community Forums
646: Community Forums
647: Home
648: Home
649: Home
650: Community Forums
651: Downloads
652: Community Forums
653: Photo Gallery
654: Community Forums
655: Photo Gallery
656: Photo Gallery
657: Community Forums
658: Photo Gallery
659: Photo Gallery
660: Community Forums
661: Community Forums
662: Community Forums
663: Home
664: Community Forums
665: Member Screenshots
666: Home
667: Home
668: Home
669: News Archive
670: Member Screenshots
671: Community Forums
672: Member Screenshots
673: Home
674: Home
675: Community Forums
676: Photo Gallery
677: Community Forums
678: Community Forums
679: Downloads
680: Community Forums
681: Photo Gallery
682: Home
683: Community Forums
684: Home
685: Home
686: Home
687: Downloads
688: Home
689: Community Forums
690: Community Forums
691: Home
692: Community Forums
693: Treasury
694: Home
695: Community Forums
696: Photo Gallery
697: Home
698: Home
699: Community Forums
700: Home
701: Member Screenshots
702: Photo Gallery
703: News Archive
704: Home
705: Home
706: Community Forums
707: Contact
708: Home
709: Community Forums
710: Home
711: Home
712: Community Forums
713: Member Screenshots
714: Home
715: Home
716: Home
717: Home
718: Community Forums
719: Photo Gallery
720: Home
721: Community Forums
722: Home
723: Community Forums
724: Home
725: Community Forums
726: Community Forums
727: Member Screenshots
728: Member Screenshots
729: Community Forums
730: Home
731: Community Forums
732: Member Screenshots
733: Home
734: Community Forums
735: Home
736: Community Forums
737: Member Screenshots
738: Community Forums
739: Community Forums
740: Home
741: Your Account
742: Community Forums
743: Downloads
744: Community Forums
745: Home
746: News
747: Member Screenshots
748: Home
749: Photo Gallery
750: Photo Gallery
751: Community Forums
752: Member Screenshots
753: Member Screenshots
754: Community Forums
755: Your Account
756: Community Forums
757: Home
758: Community Forums
759: Home
760: Home
761: Community Forums
762: Home
763: Community Forums
764: Community Forums
765: Home
766: Downloads
767: Downloads
768: Community Forums
769: Photo Gallery
770: Search
771: News
772: Downloads
773: Community Forums
774: News Archive
775: Community Forums
776: Member Screenshots
777: Community Forums
778: Home
779: Home
780: Home
781: Home
782: Downloads
783: Photo Gallery
784: Member Screenshots
785: Member Screenshots
786: Community Forums
787: Home
788: Member Screenshots
789: Community Forums
790: Home
791: Community Forums
792: Home
793: Community Forums
794: Community Forums
795: News
796: Home
797: Community Forums
798: News Archive
799: Community Forums
800: News Archive
801: Home
802: Community Forums
803: Member Screenshots

Staff Online:

No staff members are online!
Maximum Security: 94 Essential Tips for Staying Safe :: Archived
Resolve issues with your computer problems here or read about the latest computer parts and information.
Post new topic    Revive this topic    Printer Friendly Page     Forum Index ›  Hardware

Topic Archived View previous topic :: View next topic  
Author Message
Shadow_Bshwackr
Janitor

Offline Offline
Joined: Jan 21, 2005
Posts: 7019
Location: Central Illinois, USA
PostPosted: Wed Nov 16, 2005 10:06 am
Post subject: Maximum Security: 94 Essential Tips for Staying Safe

This is a rather good article PC Mag and Michael J. Steinhart in particular Wink

While this is a long article and takes some time to read, it's my recommendation that all do read it to the end even if it's over several visits. IMO this is quite good and Kudos to Mike Steinhart and his efforts.

Maximum Security: 94 Essential Tips for Staying Safe
11.02.05


By Michael J. Steinhart

How security-savvy are you? Many users simply aren't. Your machine may have come with an antivirus program preinstalled, but is the subscription up to date? Are you running a firewall of any kind? Are you conducting regular spyware and adware scans?

Or do you not mind hackers and unscrupulous marketers mining your PC for personal data?

We're always telling you about the latest and greatest security products, but at the core of any strategy must be common sense, healthy skepticism, and a willingness to learn. If money's tight, there are plenty of free resources that can help you protect your system or systems. It doesn't hurt to have some experts on your side, either, and that's where we come in.

We've collected dozens of our best security tips and pointers, broken down by category: system, networking and wireless, e-mail, Web surfing, malware, and mobile. Whether you're a novice or a seasoned user, you'll find plenty of valuable advice for shoring up your defenses and maximizing your security.

System Security
11.02.05
Get in the Zone


Safe Out of the Box

New computers are often the most vulnerable to Internet and e-mail–borne attacks. Before you connect a new machine to the Internet, make sure that it is protected by a firewall and patched to the greatest extent possible. And if you're giving a PC or laptop as a gift this year, secure the machine before you give it to a novice user.

Put up a hardware firewall. Ideally, the PC is on a network with a hardware firewall. This will ensure that the devices behind it are protected against most attacks. If the PC is not on a network, purchase a firewall device. Any of today's home wireless and wired routers provide some firewall functionality.

Put up a software firewall. You'll also want a software firewall on each PC, to further block hack attacks and protect against misbehaving applications. Windows XP comes with a partial solution; you should make sure it's enabled until you get a better one. Prior to Windows XP Service Pack 2, it was called the Internet Connection Firewall (ICF), and it's pretty bare-bones. The firewall in Service Pack 2 (called the Windows Firewall) is much better, but it still prevents only inbound unwanted traffic. You really want a two-way firewall, such as ZoneAlarm Pro or Norton Personal Firewall, to stop unwanted outbound traffic�for example, attempts by spyware to send personal data to its creators.

Install SP2. Windows XP Service Pack 2 fixed many security holes in XP and improved the operating system's patching tool. The safest way to update a system to SP2 is to order a CD from Microsoft or download a complete copy of the service pack from downloads.microsoft.com to an already updated system, then burn it to a CD and put it on the new computer. If you have enabled the ICF, you can feel safe enough to go to the Windows Update site (www.windowsupdate.com) and install SP2 on the new computer.

Watch out for malware. Even with a firewall in place, you need to be wary of virus-infected e-mails, Web pages that exploit browser holes, and adware you could install unwittingly off the Web. Install an antivirus program and update it before surfing the Web casually or setting up e-mail. Set the antivirus program and Windows to retrieve and install security updates automatically. When your update subscription runs out, resubscribe. If a newer version of the antivirus software is available, upgrade. Out-of-date antivirus protection is no protection at all!

You've got adware. It's possible your new machine may come preloaded with adware, so you may want to install a good antispyware product, such as Spyware Doctor from PC Tools or Webroot Spy Sweeper, and scan the system before going online.

How suite it is. The easiest way to protect yourself and ensure the apps doing the job don't conflict with one another is to get a package, such as ZoneAlarm Security Suite, that includes antivirus, antispyware, antispam, and firewall.

Protection on the cheap. There are several good, free antivirus filters and software firewalls available, such as avast! 4 Home Edition and ZoneAlarm 6 free. Generally they're only for personal use, and they aren't quite as easy to configure as the commercial products. (Check out "Web Resources" by visiting go.pcmag.com/freeware.)

System Security

Restrict Access

Windows XP's User Accounts applet offers two levels of user security: administrator and limited. An admin account lets you do anything on the system, which leaves you at risk for any malicious program installing code at will. The limited account does not allow program installation or changes in system settings.
Restrict Access

Limit yourself. By default, XP asks for a user name on installation, assigns it administrator privileges, and boots directly into that user from then on. But you can set up a limited account by clicking on Start | Control Panel | User Accounts. Select Create a new account, and name the user. Click Next and select Limited user on the Account Type screen, then click Create Account. Use the limited account for day-to-day activities.

Set a password. For increased security, assign a password to every account with administrator privileges. From the User Accounts screen, click on the user and select Create a Password. Follow the wizard and add a password to the account. Don't use an obvious password such as "password," "admin," or your username.

Doors are locked. Some people don't want to set a password because it slows down the log-on process. But password protection is absolutely essential. If you're sure your system is in a safe location, however, you can use Microsoft's TweakUI PowerToy (www.microsoft.com/windowsxp/downloads) to log on to a specified account automatically. Click the plus sign next to Logon, select Autologon, choose Logon automatically at system startup, and specify a username and password. Note that an office is not a safe place. We recommend this only if you trust all your housemates and visitors, and if your PC is always in a secure location.

Quick fix. Unfortunately, the limited user account makes some applications, such as games, difficult or impossible to run. But you can log on as a limited user and still use incompatible programs by using the Run with different credentials option. First install the app. Windows may balk if you try to install from the limited account, in which case you have to log out and log back on as the administrator, or it may just ask for an admin's username and password. Once it's up and running, log off and log on to the limited user account. The app should run properly, but if it doesn't, right-click on its shortcut or menu item, select Properties, and click the Advanced button on the Shortcut tab. Now check the Run with different credentials box and click OK.

Note that Windows won't let a Limited user change a shortcut that's shared by all users. If an "Access denied" error message pops up when you click OK, cancel your changes and right-drag the shortcut to the desktop, choosing Copy. Now edit the resulting local shortcut as described above. When you double-click on the icon, you'll get a log-on dialog telling you to enter a username/password that has administrator rights.

System Security

Get in the Zone

Even if Internet Explorer isn't your default browser, its rendering engine is used for everything from the Windows Explorer file manager to the Active Desktop. So you're still exposed to any threat that exploits IE security holes. We recommend using security zones to manage the Internet, but by default the local machine, or "My Computer," is not available from the zone settings. You can, however, set a value in the Registry to make it available.

Close all browsers and instances of My Computer or Windows Explorer, then open RegEdit (Start | Run, type in regedit and press Enter). Navigate to the Registry key: HKEY CURRENT USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0. (Right-click this key and choose Export to create a REG file that you can launch to undo your changes if necessary.)

Find the value Flags and double-click on it. In the editing window, change the value to 1. Click OK and exit RegEdit.

Once you've made the change, go to Control Panel, open Internet Options and choose the Security tab. Select the My Computer content zone (you may have to scroll to the right) and then click on Custom Level to make changes. Be careful; security changes may affect the way some programs work. When in doubt, set IE to alert you rather than block questionable events.

System Security

Rolling Back Time

Use System Restore. Windows System Restore (in Windows Me and XP) lets you roll back the system settings and critical files if installing or uninstalling a program causes problems. The tool sets restore points on a regular basis and creates additional points before apps and drivers are installed. When your security tools can't clean an infection, try restoring your system to an earlier time before the malicious app arrived.
Rolling Back Time

To verify that System Restore is running, go to Control Panel | System and choose the System Restore tab.

System Restore for Windows 2000: Win 2000 doesn't include System Restore. You can, however, replicate much of its functionality. The Windows 2000 Backup program (Start | Programs | Accessories | System Tools | Backup) has a System State option under the Backup tab. On a normal Windows 2000 system, this backs up the boot file, the COM+ class registration database, and the Registry.

Disable System Restore temporarily (XP). Unfortunately, antivirus and antispyware tools cannot clean infections from restore points, so even if you've cleaned out some malware, a rollback may bring reinfection. We've also seen infected restore points cause the security software's alarms to go off at each scan. To stop this from happening, you'll need to disable System Restore.

From the System Restore tab (Control Panel | System) check Turn off System Restore on all drives. This will delete all restore points. After the cleanup, turn System Restore back on. Just repeat these steps and uncheck the box.

System Security

Using Safe Mode
Using Safe Mode

Starting your computer in Safe Mode is often one of the only ways to regain control after a crash or a virus or spyware attack. Windows usually blocks you from deleting any files that are currently running (including malicious software), and malware often makes sure it loads at start-up. Safe Mode bypasses many drivers and start-up programs; by going into this mode you may be able to remove the offending apps. (We've also found that simply booting into Safe Mode and then rebooting back into Normal Mode may make an unstable system more reliable.)
Getting to Safe Mode

To enter Safe Mode, you need to coax Windows into displaying the Startup menu. Depending on the version, this menu offers Normal or Safe Mode, and sometimes Safe Mode with networking, command prompt, and other options.

Getting to Safe with F8. You can get to the Startup menu by pressing a hot key during boot time, or using the System Configuration Utility (MSConfig, not available in Win 2000).

Typically, you enter Safe Mode by pressing F8 after powering up. Some systems may prompt you to start tapping the button at a specific time in the boot sequence with a signal, such as a small line or square in the upper left corner of the screen, or with a beep. Whatever the signal, when you receive it, press F8. If your BIOS is set for quiet mode, though, you probably won't see the signal.

Safe Mode the MSConfig way (XP). If you're using Windows XP, choose Run from the Start menu, type msconfig and press Enter. Select the BOOT.INI tab, enable the /SAFEBOOT option and click the OK button. If you're going to need network or Internet connectivity, check NETWORK here, too. When the system asks you to restart, click Restart and Windows will boot into Safe Mode. To restart in normal mode, reopen MSConfig, select the BOOT.INI tab, and uncheck /SAFEBOOT, then select the General tab and check Normal Startup.

System Security

Extend Your View

Malware files often use double extensions. By default, Windows hides file extensions; this feature may help a malware file trick you into thinking it's safe to open. A virus named prettywoman.jpg.exe, for instance, would appear as prettywoman.jpg. Change your settings to see the real extensions.

In Windows XP/2000, open My Computer, then click on Tools | Folder Options. Select the View tab, look for the heading Hide extensions for known file types, and uncheck the box.

Network & Wireless Security
11.02.05
How Secure Are You?


How Secure are You?

Get a checkup. Vulnerability scanners probe computers on the network for potential security holes, and some even give you instructions on fixing them. There are many excellent commercial scanners, such as Retina from eEye ( www.eeye.com ), the ISS Internet Scanner ( www.iss.net ), and AppDetective by Application Security ( www.appsecinc.com ), which scan for a large number of known problems and are updated as new issues are discovered. You can specify a particular system to scan or, if you give the tools an address range, they will find all systems and scan them for you.
How Secure Are You?

These are probably overkill for a home network. Instead, you could try the NeWT security scanner, a free tool from Tenable Network Security ( www.tenablesecurity.com ). Microsoft also offers a free tool, the Microsoft Baseline Security Analyzer ( www.microsoft.com/tech...ahome.mspx ), which scans single systems or systems across a network for common misconfigurations and missing security updates. If you administer a business network, you should use these free tools in addition to a commercial scanner.

Scan from within and without. Scans run inside the network probe for vulnerabilities from the perspective of a user already logged on. If you have a firewall in place, your internal environment is protected from many outside threats. Run the scanner from outside your network and tell it to scan your outside IP address. Look for open ports and make sure they're all being used for the applications you want.

Be cautious. Vulnerability scanners can generate a flood of warning messages, many of them doing nothing more than telling you that you did something (like open port 80 on your Web server) that you plainly intended to do. So don't assume the scanner knows more than you, especially when it gives the warning a low priority. Take advice from these programs as suggestions, not orders.


Network & Wireless Security

Wireless? Go WPA

Even the people who designed WEP (Wired Equivalency Privacy, the first-generation wireless security protocol), admit that it's a weak protocol that's easily outwitted. The next generation, WPA (Wi-Fi Protected Access), is a much better solution, but it's not necessarily available for your old Wi-Fi equipment. Linksys, for example, includes WPA support in all its 802.11g equipment, but added it to only a few of the older, 802.11b devices. See "Wireless Security: WPA Step by Step" at go.pcmag.com/WPA to learn how to upgrade your equipment to WPA.

WPA provides enterprise mode, in which users enter individual usernames and passwords that are checked by a special server, and personal mode, where everyone uses the same shared password. That password is used as a key for encrypting all the data on the network. In our experience, we've found that all home users and almost all small businesses will get along fine with the shared password mode.

A relatively new WPA2 that implements even stronger encryption than WPA is beginning to appear in products. The improvements are benign overkill for home users, but WPA2 is backward-compatible with WPA, so there's no reason not to buy it.

For the best protection, use a passphrase of at least 20 characters and write it down somewhere safe.

Network & Wireless Security

Avoid Windows Messenger Spam

If you're using Windows XP or Windows 2000 and connect directly to the Internet, you can fall victim to Windows Messenger Service pop-ups. This is not related to any instant messaging app, but to an arcane network utility called Net Send.

The Net Send message service was used by network administrators to send pop-up messages to all users (like "The server's going down in 5 minutes, so save your work and shut down"), and to let users send notes to one another.
Avoid Windows Messenger Spam

By default, Windows XP and 2000 both have this service running when you start your computer, with the result that when you are connected to the Internet, anyone who knows your IP address can send you a pop-up message that looks like a Windows alert, not an ad. Some spammers scan through a series of Internet addresses and find computers that have this service turned on. When they find one, they send it a message.

Turn off Net Send. In Windows 2000 and XP, you can turn off the Messenger Service by clicking on the Start button, then selecting Run and typing Services.msc. Press Enter. In the Services window, scroll down to the Messenger entry. Double-click on it to bring up the Messenger Properties window. First click the Stop button to end the Messenger Service. Once the Service status is tagged Stopped, click on the Startup type drop-down box and select Disabled. Now click on OK. You will be brought back to the Services window, and the Messenger Properties window will now say Disabled under Startup type. Close the window and you're done.

Or keep it on. The fix above can eliminate the problem, though it can sometimes get in the way of legitimate application alert functions from antivirus programs, print spoolers, or a UPS device.

If you find that you must keep the Net Send Messenger Service running, you can block external messages using a firewall. When using a hardware or software firewall, block inbound NetBIOS and UDP protocol broadcast traffic. When setting up a personal firewall, such as ZoneAlarm, you may need to create exceptions for your own subnet, or for individual machines with which you want to share data.

Network & Wireless Security

Working on the Chain

Some browser hijackers insert themselves into the Windows Winsock (Windows Sockets) component�the mechanism that applications use to make Internet connections�and when they're removed they leave the component broken and unable to connect.
Working on the Chain

The new Winsock 2, installed by upgraded versions of Internet Explorer and native to Windows XP, incorporates a feature called Layered Service Provider (LSP), which allows third-party vendors to insert their own code�for monitoring or content filtering�into the Winsock data stream. The feature is also used by spyware companies to facilitate their own monitoring. When a legitimate program (such as Net Nanny or Cybersitter) is uninstalled, it patches up the Winsock. Spyware products don't always extend the same courtesy.

When the Winsock is broken, you may be able to use IM but not e-mail and Web browsing. This odd behavior makes troubleshooting difficult, because you're connected to the Internet and you have an IP address, but the browser still won't work.

The easiest way to fix the broken chain is to use a freeware utility called LSP-Fix. This utility is primarily for Windows 98, though it works on Windows Me, 2000, and XP. It is available from Counterexploitation, a Web site dedicated to identifying and removing spyware, adware, and other malicious programs, at www.cexx.org/lspfix.htm. LSP-Fix works by "reconnecting" the disconnected layers in the Winsock stack. In most cases it can repair the damage without further problems.


E-mail Security
11.02.05
Don't Get Attached


Don't Preview

We all know we shouldn't open unknown attachments, but having the message preview pane enabled in Outlook or Outlook Express can automatically open messages that may infect your system. Note that if you have Service Pack 2 installed (as we recommended in the first section), Outlook and OE do prevent many problematic items from displaying in the preview pane, but it's safer to disable it entirely.

In Outlook Express, select View | Profiles | Preview Pane and turn it off.

In Outlook 2000, select View | Preview Pane (it's a toggle, click on, click off).

In Outlook 2003, select View, then Reading Pane, and click Off.

E-mail Security

Don't Get Attached

Block attachments in Outlook. Not opening attachments is probably the best way to prevent infection. Outlook 2003, Outlook 2002, and Outlook Express 6 come configured to block dangerous attachments automatically; in Outlook Express you can turn the blocking off, but in Outlook 2003, it's always on. You can also update Outlook 98 or Outlook 2000 to include attachment blocking.

Block attachments in OE6. If you're using Outlook Express 6 and extension blocking is off, click on Tools, then select Options. Select the Security tab, and click the check box for Do not allow attachments to be saved or opened that could potentially be a virus.

Early warning. In Outlook Express, check the box marked Warn me when other applications try to send mail as me for a little extra protection.

Add to the block list. What about ZIP, PIF, and other file formats that could hide malware? These aren't stopped by default, but the Microsoft Knowledge Base article at support.microsoft.com/kb/837388 describes how to add extensions to Outlook's block list; unfortunately, it doesn't work with Outlook Express. The technique requires editing the Registry, but it is basically the same for Outlook 2000, 2002, and 2003.

Here are the steps for home users (non-Exchange environments) using Outlook 2003. For Outlook 2000, substitute a 9.0 for the 11.0 in the HKEY. For Outlook 2002, substitute 10.0. We recommend backing up this Registry key before using the editor.

Click Start | Run, type regedit, and then click OK. Locate and then click the following key: HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\Security. On the Edit menu, point to New | String Value. Type Level1Add, and then press Enter. On the Edit menu, click Modify. Type <, then a list of the attachment file extensions (separated by semicolons, not spaces), then >. For example, you would type .zip;.pif if you wanted to block both formats from appearing in the e-mail message as an attachment. The value string would look like this: <.zip;.pif>

Unblocking files. If you need to open up access to a blocked attachment, you can use the Level1Remove key. Surf over to Slipstick Systems (www.slipstick.com) for instructions and a full list of the blocked extensions, as well as a list of tools that let you add or remove attachment blocking without editing the Registry.

E-mail Security

Return to Sender

Clever spoofs. An unwelcome side effect of the latest worms is the barrage of undeliverable mail. Many viruses use "undeliverable" or similar messages in the subject line so users will be duped into opening the message and infecting their machines. Also, e-mail viruses deliberately spoof the return address when sending themselves to a harvested list. This prevents legitimate nondelivery messages from alerting the victim to the virus's presence�and dumps irrelevant nondelivery messages on the owner of the spoofed address. In either case, delete the message without opening it.

Check the header. If you think that it might be from a legitimate address, right-click on the message line in the Outlook Inbox and select Options to view the header (do not double-click, or you'll open the message). In Outlook Express, right-click, select Properties, and choose the Details tab.

Even though the header seems indecipherable, you can use it to find out whether a real correspondent bounced back the message. Check the To: area for a legitimate e-mail address; if you find one, this is a real undeliverable response for the server where that e-mail was sent.

E-mail Security

Certified Mail

How do you know that e-mail from your mom is really from her? You don't. E-mail doesn't have any built-in authentication. There are efforts under way to add authentication between e-mail servers, but personal authentication options have been around for years. Your mom just needs her own digital certificate.
Certified Mail

Buy a certificate. When you receive a message that is digitally signed, it comes with a seal icon. Double-click on it, start exploring, and you'll find information about the sender, and, potentially, a certificate authority. This is a company that issues certificates (typically for a fee) and vouches for the information in them. To get a certificate in Outlook, click Tools | Options and go to the Security tab. Click the Get a Digital ID… button near the bottom. This will open the browser to a Microsoft page with information on digital certificate vendors.

Or get one free. There are tools you can get for free to generate unique certificates, but if they are not held by a public authority, all they can prove is that the message wasn't tampered with. A better idea is to visit thawte (www.thawte.com), a subsidiary of VeriSign that offers personal certificates for free.

Certification pays. Digital certificates let you encrypt message contents and prove that they have not been tampered with, and AOL Instant Messenger (among other apps) can use your certificate to authenticate your ID.

Use Outlook for encryption. S/MIME (or Secure Multipurpose Internet Mail Extensions) is the standard for encrypted and "signed" e-mail. All recent versions of Microsoft Outlook and Outlook Express, Eudora, and Netscape Messenger support it, but no product makes working with certificates easier than Outlook.

E-mail Security

Something's Phishy
Clever Spoofs

When searching for bargains on the Internet, be very skeptical of sites with which you don't have a relationship and which you don't know from reputation. Scammers put a lot of work into search-engine placement to attract deal-hunters. Links to these shady stores lead to a checkout screen asking for the card name, number, expiration date, and CVV (card verification value). After you provide the information, you're brought to a page that says an error has occurred and you should pay by postal money order. This means some victims could actually lose their credit card information and the value of the money order.

E-mail Security

Don't Be a Spam Magnet

Spammers make money not just by spreading advertisements, but by reselling their lists, and the more live people on the list, the more valuable it is.

Don't buy it. The worst thing you can do is buy something from a spammer. It puts you on a list of "real live ones."

Don't unsubscribe. Don't click the Unsubscribe or Click here to be removed from our list links at the bottom of spam messages. Doing so lets spammers know your address is valid. Note that many legitimate sites�such as e-tailers�also provide an unsubscribe link with their e-mail messages, and those are honored.

Don't open or preview. Spammers can confirm your existence when you open an HTML spam message. Through images on the page, or "Web bugs," the spammer's server gets alerted that you opened the e-mail. The latest versions of Outlook and Outlook Express address this by not downloading images unless you tell the program to do so. If you don't know the sender, don't get the pictures.

Web-Browsing Security
11.02.05
Get Inside


Internet Explorer's default settings, while allowing you to enjoy all the Web has to offer, can sometimes be too open. Here are some ways to tighten up IE's security.

Web-Browsing Security

Get Inside

Open Control Panel | Internet Options to access Internet Explorer's settings. In the Internet Properties dialog, select the Security tab, then click on the Custom Level button. You can scroll through all the available settings. In each instance, you have the option of Enabling, Prompting, or Disabling the function.

Disable by default. In most cases, it's best to disable something questionable. If you choose to be prompted, you may end up with many more annoying alerts than you've encountered in the past.

Prevent pop-ups. Completely preventing active scripts from running is a drastic move, as many sites use scripting for legitimate purposes. However, if you frequent sites that pop up dozens of extra windows, try this: Scroll down the Security Settings list to Scripting and disable all settings (in IE 6, it's three settings). You may also want to disable ActiveX controls; certainly don't automatically enable them. You can also block signed controls (which have a valid certificate) or unsigned ones. In Medium security mode, unsigned controls are disabled, signed ones are allowed.
Get Inside

Establish trust. What if you want to disable scripting for most pages, but want to look at PCMag.com or eBay without a flurry of alerts? IE has settings that let you manage these "trusted" sites without compromising general security. To add often-visited Web sites to the Trusted category, choose Tools | Internet Options from the menu and click the Security tab. You will see icons for several "Web content zones." Click on the "Trusted sites" zone icon, and then click on Sites. Type in the domain of the trusted site, such as ebay.com, and click Add. You may need to uncheck the box titled Require server verification (https:) for all sites in this zone. IE will prefix the domain with the "*" wildcard character, though you won't see it until you exit and reenter. When you're done, click on OK. Trusted sites get a Low-level security rating, which allows downloading content such as ActiveX controls and plug-ins, cookies, and all scripting. IE will still block unsigned ActiveX controls.

Why am I still getting alerts? If you've set scripting and ActiveX control downloads to Prompt, you may still get warnings on trusted sites. This is usually because the site supports banners or ads that are hosted by nontrusted domains.

Web-Browsing Security

Be Different

Switch browsers. Most virus, worm, and spyware writers go after the largest targets. That's the primary reason they tend to attack Windows and Internet Explorer. An easy step to reduce your risk is to switch to the free browser Firefox, or to Opera (which is now ad-free, too). Moving to a lower-profile browser isn't a magic bullet, though, so keep your security settings on the alert.

Switch OSs. A more radical step, but worth consideration, is to move off the PC platform entirely and buy a Mac, or use Linux, which runs on most existing hardware. It's questionable whether these non-Microsoft products' code is any more secure, but simply because they move below the radar they're less susceptible to attack.


Web-Browsing Security

Change Your Layout

A fairly common technique used by phishing attacks changes the URL displayed in the Internet Explorer address bar by popping up a tiny window over it with the false address.

One of the reasons this works is that the address bar is usually in its default location. If you move the address bar, the window still pops up, but it's obvious that it's a false address, because it appears in the wrong place.

Move it. You can move any of the menu or button bars in Internet Explorer by clicking and dragging the vertical line of dots at the left end of the bar. If you have trouble moving these toolbars, they may be locked. Right-click on an empty toolbar area and uncheck Lock the Toolbars.

Web-Browsing Security

Don't Get Jacked

Browser hijacking is one of the most common ailments facing home and corporate users. You surf to a site, and all of a sudden, your browser defaults to a specific search engine and your home page is different. The scammers responsible even monitor the results of targeted advertising (usually in the form of pop-ups) in your browser.

Most of these annoying pages are just pushing a product or service, but some hijackers are accompanied by Trojan horses and backdoors that let vendors download updates and collect keystrokes and other data.

Be skeptical. Most hijacks come through user interaction. If you get a pop-up asking you to download a special viewer, free software, or, in its simplest form, change your home page, click No or close the window.

Stay updated. Make sure you've got all the Windows updates and that your antivirus program has the latest signatures. Most can stop these hijacking Trojans at the front door.

Clean up. If you fall victim to a hijack, use a spyware scanner (such as the free Micro-soft Antispyware beta, Spy-Catcher Express, Ad-Aware, or Spybot Search & Destroy) to root out the bad code.


Anti-Malware Security
11.02.05
Fakes A-Poppin'


Changing Antivirus Protection

Most antivirus products provide a year of updates once you open the box, with the option to buy extended update plans. But sometimes you may want to switch to a new product, either by the same or different vendor. Remember, antivirus products don't coexist well. Even if a product is out of date, if it is configured for on-access scanning, it is "watching" your file and Internet access. Many also use an e-mail proxy, which redirects incoming and outgoing mail through a scanner, all of which can either conflict with new antivirus products, or at best, hurt performance.

Out with the old. Uninstall and remove your old antivirus before installing the new product. If your old software is reasonably up to date, do one last scan before uninstalling to be sure to start clean. It's especially important that your software firewall (or at least the Windows Firewall) be active during that time period from when you uninstall one product to when you install the other.

In the meantime. If the old software is more than a week out of date, use an online scanner, such as Trend Micro's free HouseCall, McAfee's Stinger tool, or Panda Software's ActiveScan (see Web Resources for Getting Rid of Malware for more free apps). Before you uninstall, close all Web pages and your e-mail client to minimize exposure.

Disable first. You may get a warning to disable the antivirus before uninstalling, which you can do with most products by right-clicking on the icon in the system tray (next to the clock in the lower right of the screen). If the product asks whether you want to delete the quarantine or backed up files, say yes, as the new AV will probably find them when it installs.

In with the new. Install the new product and update its definition files immediately. Do a full drive scan. Finally, make sure that the on-access scanner is enabled.


Anti-Malware Security

Fakes A-Poppin'

What do you do when you get a pop-up warning out of the blue that you might have a security problem? The scammers behind what purports to be security software like to take advantage of nervous users. Clicking anywhere in this ad, whether on the phony "Yes" or "No" buttons or anywhere else, takes you to the vendor Web site, where you can download their product. Our advice is: Ignore these messages and close the windows immediately by pressing Alt-F4.

Unmask the impostor: These pop-ups look very much like Windows dialogs and even menus. How do you recognize that a window is really a pop-up ad?

First, even if a window presents a dire message, don't panic. If you look at the title bar and status bar, the top and bottom of the window, you can tell that it is an Internet Explorer window. This is a clue, but not conclusive proof that the window is not a security warning.

Full proof. If you're still curious, though, right-click on it and select Properties. You should be able to see the originating site. A real IE-based dialog box from Windows would have a nonstandard address starting with something like res:. A Web ad will have an ordinary URL.

Anti-Malware Security

Spyware-Fighting Tools
Spyware-Fighting Tools

Pop-ups be gone. Google, MSN, and Yahoo! all offer free pop-up blockers. Opera and Firefox have ones built in, and Windows XP Service Pack 2 adds one to Internet Explorer. Many good antivirus suites now also come with pop-up blockers, so there is no need to actually buy one. But use a blocker from a company that you trust.

Tougher threats. Rogue or suspect anti-spyware programs advertise through the very pop-ups that they claim to remove, and often badger a user with high-pressure tactics.

One of the hallmarks of these products is that they are free to download and scan, but if you want to clean your system, you must purchase a license. Some of these will produce false positives, claiming spyware infections to further convince you to buy. The most insidious of the lot, dubbed extortionware, uses malicious installations, blocks removal, and sometimes causes connectivity problems, unless you buy the product. A few of these rogue products will actually be spyware themselves, recording data and reporting back to their vendors' sites.

How do you tell the difference? As a general rule, if a vendor uses a pop-up ad to advertise that it rids your system of pop-ups and spyware, you should consider it suspect. Although some good commercial antispyware products offer free scans, legitimate ones will not state in an ad that they already detect an infection.

Get help. SpywareWarrior.com lists over 90 applications that have been tested or are suspected to be of unknown or dubious value as spyware protection. Also check out SpywareGuide (www.spywareguide.com), which offers information and tips.

Read the fine print. Keeping your system clear of spyware, adware, and malicious programs takes diligence and awareness. Pay attention to requests to download software to your machine. Don't agree to anything until you read the End Use License Agreement (EULA). If something sounds fishy, close the browser.

Anti-Malware Security

Here's Your Host
Here's Your Host

When you type in a Web address, such as www.pcmag.com, the browser contacts a central DNS (Domain Name Services) server, which looks up the site and translates it to a numeric IP address. But every copy of Windows has a mini-DNS called the hosts file, and the browser checks that first before reaching out to a DNS server somewhere on the Net.

This hosts file is a favorite target for viruses, spyware, and browser hijackers, which can, for example, use the hosts file to direct all requests for Yahoo! or Google to their own search page by listing the domains, but pointing them all to a single IP address. Some viruses and worms use the hosts file to block access to antivirus sites, too, pointing their domains to your own system, represented by the Localhost address of 127.0.0.1.

Fixing a hosts file is actually pretty easy�you just edit it in Notepad. You'll find it under the Windows folder. In Windows XP, it's in C:\Windows\System32\Drivers\Etc; in Windows 2000, it is C:\Winnt\System32\Drivers\Etc.

The lines in the file that begin with pound (#) are comments, so the only active line is the last one, which directs Local-host to the IP address 127.0.0.1.

Hosts that have been hijacked may look like this:

66.250.107.100 msn.com

66.250.107.100 www.msn.com

66.250.107.100 search.msn.com

66.250.107.100 auto.search.msn.com

Any attempt to access MSN would open up this alternate page.

It could also look like this:

127.0.0.1 localhost

127.0.0.1 liveupdate.symantec.com

127.0.0.1 update.symantec.com

127.0.0.1 download.mcafee.com

127.0.0.1 www.symantec.com

127.0.0.1 www.sophos.com

Now you'll get an error whenever you try to access these antivirus sites.

To fix the file, you can delete everything in it except the Localhost listing. If that line is missing, create a simple text file with only one line�127.0.0.1 localhost�and save it as the file name "hosts" (no file extension) to the same folder.

Note that you can also use the hosts file to block unwanted sites, by adding the site address to the list and redirecting it to Localhost.

Anti-Malware Security

Identify Nasties

Many malicious programs, and even some well-meaning ones, add junk to the start-up folder. Memory clutter is one of the main causes of slow booting, slow running, and general system instability. The more things load at start-up, the slower the boot process, and the less room later for other programs.

Run MSConfig. The System Configuration Utility lets you edit the programs that Windows loads at boot time. Click on Start | Run, type in msconfig, and hit Enter. Use the Startup tab to enable or disable all or individual files. Disabling all files can be used to narrow down a problem. In most cases, disabling all start-up items will allow Windows to boot cleanly, after which you can add back files, such as the user interface for antivirus and firewalls that run at boot time. Important note: If you're using MSConfig, be careful not to make any changes in the Services tab.

Use a Start-Up Manager. A start-up manager such as Absolute Startup (go.pcmag.com/absolutestartup) or our own Startup Cop Pro (go.pcmag.com/utilities) gives you much more control over which apps can run at start-up.

Identify bad files. How can you tell which start-up files are good and worth keeping? Many times you can get an idea of what a file is by looking at the Command or Location column in MSConfig. The command is the executable file and command line string used to start a file. The location shows where the command is executed from, usually a Registry key or the Windows Startup folder.

If that doesn't work, visit www.sysinfo.org and check its database to determine whether a file is required or associated with the system, with applications, or with malicious code.

You can also search for the filename on Google. The results often include a definition from AnswersThatWork.com or the WinTasks Process Library (www.liutilities.com/products/wintaskspro/processlibrary). WinTasks can also help you sort out processes in the Windows Task Manager. The PC Magazine Premium Utility TaskPower provides similar functionality.

Once you've ID'd a file, you can enable or disable it. When you're done, click OK (or Apply and OK). Windows will ask you to reboot, and then it'll display a warning box that tells you it's using selective start-up. Clicking OK launches MSConfig again. You can bypass this by clicking the Don't show this again option.


Anti-Malware Security

Picking Up the Pieces

Spyware removers don't always clean out all the fragments of everything they delete.
Web Resources for Getting Rid of Malware

Not to worry. The basic issue is whether there's anything left that can run, and most often, there isn't. But for those who like a system scrubbed really clean, a spyware removal tool can get you to the point where you can search manually for and remove the remainder. It's easier if the fragments are stored in well-named Registry keys and directories, but if the program hides in the Windows System directory, detection is harder.

Do another scan. Scan with another program. The second scan may flag fragments as proof that the malware isn't gone, but that will help you locate and remove them. As long as you are careful to run only one resident scanner at a time, you should see no conflicts.

Mobile Security
11.02.05
Kiosk Safety


Stay Cool at Hot Spots

Surfing the Web at your local coffeehouse is great, but the guy sitting a few seats away could be surfing your laptop, downloading personal or corporate data. Public wireless hot spots often let hackers store and retrieve data with relative ease. You need to do two things:

Disable file sharing. In Windows XP, open Control Panel and select Network Connections. Right-click on the wireless adapter and select Properties. On the General tab, scroll the list of items the adapter uses and uncheck File and Printer Sharing for Microsoft Networks.

Use a personal firewall. Use a product that supports security zones, such as Norton Personal Firewall or ZoneAlarm. The firewall will sense that you're on a new network and ask you whether you trust the network. You don't.

Mobile Security

Kiosk Safety

Public computers at Internet cafés, libraries, and airports are convenient, but they require heightened vigilance.

Look around. Make sure nobody's able to glance at your screen or keyboard.

Beware of keyloggers. Many public computers are locked down, so no additional software can be installed except by the administrator. But there's a chance a hacker could install a Trojan keylogger to capture keystrokes, and an industrious crook could use a hardware device�such as the KeyGhost Hardware KeyLogger�that connects between the keyboard and PC. The KeyGhost device can be mistaken for part of the normal keyboard cable. If you can, check where the keyboard plugs into the back of the machine to make sure there isn't an extra plug. If there is, find another PC.

Another clever workaround is to click Start | Accessories | Accessibility | On Screen Keyboard and type your password in using the mouse, or type your password with one or more strings of junk in the middle, then delete the junk using the mouse.

Don't tip your hand. We recommend that you avoid typing any sensitive data at public kiosks. Also, don't walk away from the computer while you're logged in. Many sites (such as eBay) set cookies for an online session so if you close the browser and reopen it, you don't have to log on again. If you close the browser and walk away, the next user could pick up where you left off. Microsoft Passport and Yahoo! accounts can also be persistent. If the kiosk has Windows XP, it could ask if you want to associate your Passport account to the Windows XP account. Be sure to say no!

Clean your tracks. Be sure to delete your electronic trail of temporary files, cookies, and surfing history. If you're using Internet Explorer, click on Tools | Internet Options. On the General tab, click on Delete Cookies, Delete Files (and be sure Offline content is checked), and Clear History.

Still in Internet Options, click the Content tab, then click the AutoComplete button. In the resulting dialog box, click the Clear Forms button and the Clear Passwords button.

If you downloaded any documents, delete them too. If you edited any documents, clear the "recently used documents" list. In Windows XP, right-click on the taskbar at the bottom of the screen and select Properties. Select the Start Menu tab; click on Customize | Advanced. Now click on the Clear List button for Recent Documents. Lastly, empty the trash to purge any deleted files.


Mobile Security

Security Is Key

To better protect yourself when using computers other than your own, especially public PCs, carry around a USB memory drive loaded with mobile security tools. We covered several in "The Ultimate USB Key" (go.pcmag.com/ultimateusb).

Use a password manager. Siber Systems' Pass2Go (www.pass2go.com), for example, lets you store all your passwords on the key and fills in log-on forms in IE and Firefox automatically, evading some types of keyloggers. All data can be encrypted with a master password; even if a keylogger captures this password, it's of little use without the physical key.

Scan before you surf. Antivirus and antispyware apps that run from the key can make sure that the system is clean before you use it. Just make sure to update these tools' definitions before scanning.

Keep your apps to yourself. Self-contained versions of apps like Firefox and Open-Office.org, ported by John Haller (www.johnhaller.com), let you surf the Internet and edit your documents without touching the host PC's browser or office suite.

P.I. Protector Mobility Suite 3.0 (go.pcmag.com/piprotector) lets you keep your e-mail on the USB key, and while the protector is running, all of your temporary files also reside on the key. When you shut it off and pull out, no trace is left. The new U3 Smart Drive keys make running apps like these even easier.

Bring your own OS. Note that some mobile apps do create temp files on the host system's hard drive. If the app crashes, there's a chance it may not have cleaned up properly. For even greater protection, there are versions of Linux that can run off a USB key, and the Knoppix distribution of Linux runs off a CD. If you can boot to the key, any threats that may be lurking on the host's hard drive will never see your data.

Powerful Passwords
11.02.05
Passwords


Most PCs and lots of personal data, such as bank records and Web mail access, are guarded only by a username and password. Usernames are fairly easy to guess and often pre-filled in, so you need to make sure your passwords are strong�not easily guessed or cracked by "dictionary" attacks that throw millions of letter combinations at the dialog. Many of the most widespread Internet worms have built-in dictionaries of common passwords, and once they are running on your system, they can attack your computer and others on your network.

* Don't use any part of your username, full name, address, birth date, and so on. This data is readily available to intruders.
* Don't use English or even foreign words.
* Make sure your password is at least six to eight characters long. In fact, the longer the password, the better.
* Use different kinds of characters in your password. At the very least, your password should contain uppercase letters, lowercase letters, and numbers. If you're comfortable with non-alphanumeric symbols (such as #@!&) or extended ASCII characters (which you can access by holding down Alt and typing on the number pad), use them.
* Change passwords every month to six weeks.
* Don't write your passwords on a sticky note and post it on your monitor.
* If you need to keep a repository of passwords, use a utility like RoboForm Pro (www.roboform.com) that keeps an encrypted list of all your passwords under a single master password. These programs can also generate strong passwords to your specifications.
* Don't recycle old passwords or use the same one for several different applications.
* Use a word you know, but substitute punctuation and numbers for letters. For example, coffee could become C0FF33 and Indiana_Jones could become 1nd1@n@_j0n3s.
* Use a passphrase�a group of words, as opposed to a single word. If you're a Beach Boys fan, "It's not a big motorcycle, just a groovy little motorbike" might be a good passphrase.

Note that not every security system lets you use passwords this long, or even ones that have embedded spaces. Some e-commerce sites, for example, will allow you only 8- to 12-character alphanumeric passwords. But since Windows 2000, Windows has allowed passphrases with up to 127 characters.

Web Resources for Getting Rid of Malware
11.02.05


The Internet is teeming with threats, but it's also home to hundreds of helpful sites, free software, and real-life volunteers who will help you scan, identify, and get rid of malicious code.

Helpful Sites:

* HijackThis (www.merijn.org) is a free spyware scanner; you can post its logs to www.spywarewarrior.com or SpywareInfo (spywareinfo.com). The friendly experts there will review them and provide detailed, individualized instructions for cleaning your system.
* Scumware.com is a friendly and plain-English site with instructions on how to detect and remove various adware and malware programs.
* MajorGeeks.com has malware information for the more advanced user.

If you're not sure whether a file is malicious, you can upload it to sites such as VirusTotal (www.virustotal.com) and virusscan.jotti.org, each of which uses over a dozen scanning engines to determine the nature of the file. You can also attach a file to an e-mail message and send it to scan @ virustotal.com with the word SCAN as the subject line. You will receive an e-mail report of the scan.

Discussion Forums and Download Resources:

* Wilders Security Forums (www.wilderssecurity.com)
* ComputerCops forums (castlecops.com/forums.html)
* cexx.org Message Boards (boards.cexx.org)

Free Virus Scanners:

* Trend Micro Housecall (housecall.trendmicro.com)
* McAfee Free Scan (us.mcafee.com, registration required)
* Symantec Security Check (security.symantec.com)
* RAV AntiVirus (www.ravantivirus.com/scan)
* Panda ActiveScan (www.pandasoftware.com/activescan, registration required)
* Computer Associates (www3.ca.com/securityadvisor/virusinfo/scan.aspx, download required)
* Avast! (www.avast.com, registration required)
* Kaspersky Antivirus (www.kaspersky.com/scanforvirus, upload required)
* GrisSoft AVG (www.grisoft.com/doc/40/lng/ww)
* Norman Antivirus (www.norman.com , 30-day trial)



There you have it! Hope you learned something... Wink

Back to top
View user's profile Visit poster's website Photo Gallery
Uhu_Fledermaus
Aircraft Demolition Expert

Offline Offline
Joined: Nov 28, 2004
Posts: 4369
Location: Blaricum, The Netherlands ~GMT+1
PostPosted: Wed Nov 16, 2005 11:07 am
Post subject: Re: Maximum Security: 94 Essential Tips for Staying Safe

Cool

Great stuff bushy !!

Thankx for the pointers, I've pasted into a word document and will print it out for beter readability Wink


fled
Back to top
View user's profile ICQ Number MSN Messenger Photo Gallery
Display posts from previous:   
Post new topic    Revive this topic    Printer Friendly Page    Forum Index ›  Hardware
Page 1 of 1
All times are GMT - 6 Hours

Archive Revive
Username:
This is an archived topic - your reply will not be appended here.
Instead, a new topic will be generated in the active forum.
The new topic will provide a reference link to this archived topic.