Thursday, April 30, 2009

Six (6) steps to secure your computer

Six (6) steps to secure your computer

There's nothing like cracking open the box of a brand new computer. But don't be so quick to just connect it all up and hop right on the Internet.
According to the software security company Symantec, it takes only 20 minutes for an un-patched and unprotected computer to be attacked once connected to the Internet.

In that time, your pristine computer could be turned into a zombie. Zombies are machines that have been secretly taken over by hackers. The zombie networks are leased to criminals who use them to send spam or attack Web sites.

Some criminals want to put keyloggers on your computer, to steal passwords, credit card numbers and other sensitive data. There are plenty of vandals out there, too, who want to destroy your data for fun. And advertising outfits, many shady, hope to put spyware on your computer. With that, they will track your surfing and bury you with ads.

Compromised computers are found in homes, businesses and government offices. To make sure you aren't victimized, here are six steps you must take to secure your computer and the network on which it runs.

1. Install a firewall.
If you are running a network and sharing a broadband connection, you probably have a firewall built into the router. But that's not enough. Most routers used in small businesses utilize a Network Address Translation (NAT) firewall. Basically, it hides all of the computers in the network. It protects you from outsiders trying to get in. Windows XP's firewall works in a similar fashion. It's able to block incoming traffic but not outgoing data. To turn it on click Start > Control Panel > Windows Firewall. Click the circle next to "On" and click OK. Note that if you have updated your operating system to Windows XP Service Pack 2, the firewall already is enabled. The most secure method is to have a third-party software firewall in addition to the firewall on your router. It provides an extra layer of protection by alerting you to outbound traffic. Anytime a program tries to access the Internet, the user will be alerted. If it's a valid application, such as Internet Explorer, Outlook, and so on, the user grants it access to the Internet. If it's an unknown application, such as a worm, you can block it. My favorite third-party firewall is ZoneAlarm (www.zonelabs.com), which is free. You’re not ready to go onto the Internet just yet, so download the firewall onto another computer, save it on disk and install. Even if you're not using a broadband connection, you still should install a software firewall. Hackers are greedy. They will infect or take over any computer — even ones with a slow Internet connection.

2. Disable file sharing.
Before you go onto the Internet, disable file sharing. It's one thing to share your sales presentation with others in your office. It's another to share it with the entire Web community. In Windows XP Professional, file sharing is turned on by default. To disable it, click Start > My Computer. Click Tools > Folder Options. Click the View tab. Under Advanced Settings, scroll to the bottom and uncheck the box next to Use simple file sharing (recommended). Click Apply > OK. If your new computer came with Windows XP Service Pack 2 installed, click Start > Control Panel. Click Security Center > Windows Firewall. Click the Exceptions tab. Under Programs and Services, uncheck the box next to File and Printer Sharing. Click OK.

3. Install antivirus software.
This may seem as obvious as the others, but it's oh, so important. Many new computers have a trial version of an antivirus program already installed on the computer. That doesn't mean it's ready to go. You still need to update the definition files. To update the definition files, you'll need to access the Internet. Since you've turn off file sharing and installed a firewall, you should be safe. Remember that trial versions of antivirus software are only good for a short time, usually 30 to 90 days. The trial version will then continue to run on your computer, but its antivirus definitions will be out-of-date. Outdated definitions offer nothing but a false sense of security.

4. Modify your HOSTS file.
Setting up your HOSTS file will prevent spyware and any kind of "malware" (short for malicious software) from communicating outside your computer. This allows you to surf the Net anonymously. Countless numbers of hackers, vandals or unscrupulous marketers would love to hijack your Web browser or give your computer some nasty worm. Sometimes malware is bundled with shareware and freeware. Other times it can get on your computer by opening an infected file."Tracking cookies" get on your computer from Web sites and even online ads. They track your Web surfing habits and report back. This helps the ad servers know which ads to place on your computer. Fortunately, there is a list of known malware and ad servers that want to communicate with your computer. Enter the domain name for the known offenders and your computer's address (127.0.0.1) in the HOSTS file. All attempts to contact the mother computers on the Internet will lead back to your local computer. The requests will die. You don't have to enter the possible offenders manually. Such files are available on the Internet. You can find an updated one with installation instructions at this URL: www.mvps.org/winhelp2002/h
osts.htm.It's important to check often for updates to the HOSTS file, because the list of offenders is growing fast.

5. Keep your Windows system updated.
Even if your computer comes with Windows XP Service Pack 2 (SP2) already installed, you still need to update Windows. Although SP2 contains a multitude of critical updates, more have become available since its release. Update Windows by clicking Start > All Programs > Windows Update. You may have to restart your computer after some updates. Keep going to Microsoft Update until there are no more updates to be installed. If your computer did not come with SP2 installed, you can download it. Or you can order SP2 on CD for free. The same CD can be used on multiple computers. Visit this page to order the CD from Microsoft.

6. Stop spyware before it takes root on your PC.
Spyware collects information about your interests and then uses that information to display advertising. Take preventive measures by downloading and installing SpywareBlaster (www.javacoolsoftware.com/spywareblaster.html). It's a free program and prevents most spyware from being installed on your computer. Another program, Spybot Search & Destroy (www.safer-networking.org/en/spybotsd/index.html) prevents spyware and adware from being installed on your computer by immunizing it. It also has the ability to remove adware already installed on your computer. Spybot Search & Destroy also has a tool called TeaTimer. TeaTimer monitors changes to specific keys in your registry. Whenever a change is detected, a pop-up will alert you and ask if you want to allow or deny the change. To enable it click Mode > Advanced. Then click Tools > Resident. Check the box next to Resident "TeaTimer" (Protection of over-all system settings) active. Also, make sure the box is checked next to Resident "SDHelper" as well. The makers of Spybot Search & Destroy recommend that you run SpywareBlaster in tandem with Spybot Search & Destroy.

Now that your computer is as locked down as much as possible, you should be safe to set up your e-mail account for the computer and surf the Net. Take this time to check the other computers in the office. Make sure your Windows and Microsoft Office software are updated. Make sure antivirus programs are up-to-date. And check for spyware.

This may sound alarmist. But these security steps are very important. By setting up your computer properly, you can feel confident that your computers and network are as safe as possible.