home computer security basics

Desktop Security 101

Updated March 2007
Richard Lewis

I've had a lot of people ask me over the years what they should be doing about security. Many have heard about all the good and some of the bad stuff that can happen online but are not sure what to do to avoid problems. Since there is no simple answer and its not exactly cool party conversation, I've put this stuff online as a guide. Assuming you are now fully ensconced in front of your computer and are connected to the Internet; you are in a position to do something about it. Here's my list for those that need to know...by the way, that's everyone.

To avoid confusion, I'll discuss each component separately:

Operating System
Browser
Firewall Hardware
Firewall Software
Anti-Virus Software
Spyware Detector
Safe Computing

1. Hardware and Operating System

The Operating System. You know, Windows or OS X or Linux or whatever takes your fancy. First of all, this recommendation cannot advocate one single operating system since there are so many factors are involved in this decision. Suffice to say that if you are a home user and have no real preference you will likely find it cheaper in the long run (albeit more complex) to run a Linux variation than Microsoft Windows. For the undecided, buy a Macintosh and stop worrying about it. For the financially challenged and technically confident choose Linux and its open source derivatives and for the sheep - Windows is the cheap grey suit you can wear everyday.

If you insist on running Windows then I can only recommend Windows XP with Service Pack 2 installed before you connect to the Internet.

Getting the latest version of all operating system components is important for every operating system to ensure maximum safety. Unfortunately you need to get familiar with how to do this. In the early days of car technology, you had to be a mechanic to drive a car...personal computers are like that...you'll need a few mechanic skills or you need a "tame" mechanic to help you.

2. Browser Software

After installing your operating system of choice (or having it installed for you via new hardware purchase or technically inclined friend) then you will need to connect using the most secure method possible. Download a standards compliant and secure browser. For Windows users this means downloading and installing Firefox or Opera. Do not use the default browser otherwise known as Microsoft Internet Explorer for anything other than Windows Update or Microsoft Update.

Ideally you would remove Internet Explorer from your machine but Microsoft have made this a non-trivial task that should be left to experts only. Many exploits rely on weaknessesin Internet Explorer so please heed this warning. Mac users already know about Safari or Camino and Linux dudes have clicked onto Mozilla, Konquerer, Firefox and others already.

There are many other bebenfits to running a "proper" browser, including faster browsing, compatibility with web standards and security, all things that Microsoft Internet Explorer is lacking.

3. Firewall Hardware

If you are connected to the Internet via dial-up it is tempting to think that "it will never happen to me". For those using broadband connections, the documented attack time for an unprotected machine on the Internet is 12 minutes. For this reason you really should consider a hardware firewall to exclude two main threats, the bad guys who are actively trying to access you machine and other machines already remote controlled by the bad guys that are trying to remote control your machine.

It is probably best to consult a friend or pay for an engineer to install a device like those from Linksys and others. This is especially important if you have a wireless Internet connection since there are even more pitfalls to connecting that way versus a wired connection.

4. Firewall Software

Once your physical Internet connection has been made safer you must also install personal firewall software to prevent the next level of attack from the Internet. This is not optional! For Windows users at home, download Zonelabs ZoneAlarm (free for non-commercial user). Zonealarm can keep it self up to date if you are Internet connected. The configuration of this software is a little confusing so please read the tutorial that starts when the software is installed. Accepting the defaults will be OK for most users.

5. Anti-Virus Software

This is required to protect your machine from files and email carrying malicious code. Download Symantec anti-virus or try their free online checker for a quick fix. Other highly recommended options are Trend Micro or AVGFree but whatever, please choose one! You will need to keep this up to date so spend some time to learn how to ensure that your machine is protected and kept up to date. Refer to the documentation on this or RTFM is geek-speak. Microsoft have just purchased an anti-virus company but I can't recommend that option yet :-)

6. Spyware

Spyware detection software is required to monitor your machine for software that is designed to bypass all the other components you have installed! Download Ad-AwareSE Personal Edition and Spybot Search & Destroy. Update and use them regularly, rinse and repeat until all infection is removed. Some of the criminal malware out there is getting tricky so you may find even these tools do not help. The adventurous should also try Hijack This to see if their browser has been hijacked! Microsoft has recently purchased an anti-spyware company (Giant) and you can get a freebee online. Click the link and when the page opens click the "Check my PC for infection" button.

7. Phishing

Phishing web sites or bogus email messages temp you into revealing personal details about yourself in order to provide the phisher with a means of attack. Recent versions of internet browsers detect many common phishing sites. If you are unsure whether an email is fake, try scanomatic.

8. Safe Computing

This section was intended to describe some of the things you should and should not do if you want to remain free of virus, trojans, spyware, adware and various other types of malware that can infect your machine. Patching and keeping things up to date is essential...check out the secunia and look for the Scan Online link on the left hand side of their home page. This is safe to run, unlike many software providers promising to "fix" your machine.