Friday, May 1, 2009

2. How Windows Tracks Your Behavior

Are you aware that Windows tracks your behavior? It records all the web sites you ever visit, keeps track of all the documents you've worked on recently, embeds personal information into every document you create, and keeps Outlook email even if you tell Outlook to delete it. These are just a few examples of many. This section first tells how to securely delete your files, folders, and email so that no one can ever retrieve them. Then it describes the many ways in which Windows tracks your behavior. In some cases you can turn off this tracking. In most, your only option is to eliminate the tracking information after it has been collected.

2.1 How to Securely Delete Data

Let's start with how to permanently delete data from your computer.

How to Securely Delete Files -- When you delete a file in Windows, Windows only removes the reference it uses to locate that file on disk. Even after you empty the Recycle Bin, the file still resides on the disk. It remains on the disk until some random time in the future when Windows re-uses this "unused" disk space. This means that someone might be able to read some of your "deleted" files. (You can use free programs like Undelete+ and Free Undelete to recover deleted files that are still on your disk.)

To securely delete files, you need to over-write them with zeroes or random data. Free programs that do this include Eraser, BCWipe, and many others. After installing Eraser or BCWipe, you highlight a File or Folder, right-click the mouse, then select Delete with Wiping or Erase from the drop-down menu. This over-writes or securely deletes the data and so that it can never be read again.

Programs like Eraser and BCWipe also offer an option to over-write "all unused space" on a disk. This securely deletes any files you previously deleted using Windows Delete.

How to Securely Delete Email and Address Books --Even after you delete your Outlook or Outlook Express emails and empty the email Waste Basket, files containing your emails remain to be read by someone later. What if you want to permanently delete all your emails so no one could ever read them?

Whether this is possible depends on whether your computer is stand-alone or part of an organizational network. In an organizational setting, emails may be stored on central servers in addition to -- or instead of -- your personal computer. Many organizations store all the emails you ever send or receive on their servers so that you can never delete them. Here is a good discussion about whether you can really delete old emails in organizational settings.

If you have a stand-alone PC, emails are stored on your computer's hard disk. To securely erase emails residing on your computer, locate the Outlook or Outlook Express files that contain your emails. Then use a secure-erase tool like Eraser or BCWipe to permanently destroy them. You can do the same with your Windows address book.

The files you need to securely erase may be marked as hidden files within Windows. To work with hidden files, you first need to make them visible. Checkmark Show Hidden Files and Folders under Start | Settings | Control Panel | Folder Options | View.

Now, search for file names having these extensions (ending characters) by using Windows' Search or Find facility

.pst
Outlook emails, contacts, appointments, tasks, notes, and journal entries
.dbx or .mbx
Outlook Express emails
.wab
Windows address book file

Note that Outlook stores much other information in the same file along with your obsolete emails. You can either erase all that data along with your emails by securely deleting the file, or, follow this procedure to securely delete the email while retaining the other information. For Outlook Express emails and Windows address books, just securely delete the files with the given extensions and you're done.

How to Securely Delete All Personal Data on Your Computer --How can you securely delete all your personal information on an old computer before giving it away or disposing of it? This is difficult to achieve if you wish to preserve Windows and its installed programs. It takes a lot of time and there is no single tool that performs this function. The easiest solution is to overwrite the entire hard disk. This destroys all your personal information, wherever Windows hides it. Unfortunately it also destroys Windows itself and all its installed programs.

Be sure to copy whatever data you want to keep to another computer or storage medium first!

Several free programs securely overwrite your entire disk, such as Darik's Boot and Nuke. The only possible way to recover data after running such programs is expensive physical analysis of the disk media, which may not be successful. Over-writing a disk is secure deletion for normal computer use.

2.2 The Registry Contains Personal Data

Windows keeps a central database of information crucial to its operations called the Registry. Our interest in the Registry is that it stores your personal information. Examples include the information you enter when you register Windows and Office products like Word and Excel, lists of web sites you have visited, login profiles required for using various applications, and much more. Upcoming sections discuss your personal information in the Registry how you can remove it. For now, let's just introduce a few useful Registry facts --

  • The Registry is a large, complicated database (about which you can find tons of material on the web).
  • The Registry consists of thousands of individual entries. Each entry consists of two parts, a key and a value. Each value is the setting for its associated key.
  • The Registry organizes the entries into hierarchies.
  • This guide tells how to change or remove your personal information in the Registry by running free programs, but it doesn't cover how to edit the Registry yourself --a technical topic beyond the scope of this paper.
  • Making a mistake while editing the Registry could damage Windows, so you should only edit it if you feel well qualified to do so. Always make a backup before editing the Registry.

2.3 Windows Tracks All the Web Sites You've Ever Visited

Windows keeps a list of all the web sites you've ever visited. You can tell Internet Explorer to eliminate this list through the IE selection Tools | Internet Options | Clear History. But Windows still retains it!

To view the web site history Windows retains, download and run a free program like Index.dat Spy. Windows records your web surfing history in a file named index.dat. (There are actually several index.dat files on your computer . . . I'll describe what the others track later.) The index.dat files are special --you can not delete them or Windows will not start. Since Windows prevents you from changing or deleting these files, you need to run a free program to erase your web site history.

If you use Internet Explorer and have the default Auto-Complete feature turned on, your web surfing history is also kept in a second location -- in the Windows Registry. (You'll see web sites you've visited listed under the Registry key TypedURLs.) If you turn off Auto-Complete, Internet Explorer no longer saves your web history in the Registry. To turn off Auto-complete, go into Internet Explorer, then select Tools | Internet Options | Content | AutoComplete and un-check the box for auto-complete of Web addresses. Turning off Auto-Complete does not stop Windows from tracking your web site history in its index.dat files.

Several free programs securely erase your web site history from both the Registry and the index.dat files. Among them are CCleaner, Free Internet Windows Washer, CleanUp!, and ScrubXP, The shareware programs PurgeIE and PurgeFox are also popular. I've found CCleaner to be both thorough and easy-to-use.

2.4 Windows Leaves Your Personal Information in its Temporary Files

Windows, web browsers, and other programs leave a ton of temporary files on your computer. Some hold web pages you've recently viewed, so that if you go back to that web page, you'll be able to view it quickly from disk instead of downloading it again from the web. Other files are used by Windows and its applications as temporary work areas. Still others are used to log program actions or store debugging information. These temporary files sometimes contain personal information. For example, web page caches contain copies of web forms into which you've entered passwords or your credit card number. You may not wish to disclose the web pages, videos, images, audio files, and downloaded programs you've viewed lately. The trouble is that these temporary files are not erased after use. Some remain until the system needs that disk space for another purpose. Others hang around forever, unless you know to clean them.

The free programs above that erase your web history also erase these temporary files and cache areas. Find more free programs here and a review of the best commercial programs here.

2.5 Your "Most Recently Used" Lists Show What You're Working On

Windows tracks the documents you've recently worked with through its Most Recently Used or "MRU" lists. MRU lists are kept by Microsoft Office products like Word and Excel, as well as applications from other vendors. Window's Start | Documents list also shows documents you have recently worked with. Products keep MRU lists for your convenience. They help you recall and quickly open documents you're currently working on. These lists also offer the perfect tracking tool for anyone who wants to find out what you've been doing on your computer. They provide a ready-made behavioral profile. Windows and its applications keep many more MRU items than you might expect --thousands of them, if you have never cleared the lists. Free program MRU Blaster cleans out these lists. Other free programs like Ad-Aware 2007 Free, CCleaner, and Free Internet Windows Washer erase many of the lists. Run an MRU cleaner whenever you like. Remember that after you clean the lists, the "quick picks" of your recent documents will not appear in Word, Excel, or other products.

2.6 Product Registration Information May Be Hard to Change

When you register Windows, Microsoft Office, or other products, that information is stored in the Windows Registry. It can be read from there by any program or person who reads the Registry. Registering a software product shows your legal ownership of the product and may be required to receive product support and updates. However, changing or eliminating the personal registration information later might be difficult. Some products have an Options or User Information panel in the program where you can easily change the product registration. But most require you to either directly edit the Windows Registry or even de-install the product to change or remove the personal registration data. Consider carefully what you enter into any product's registration panel when installing it. You may not be able to change it later. If you know you won't need vendor support or updates and the product license permits it, you could enter blank registration information.

2.7 File "Properties" Expose Personal Data

Right-click on any Microsoft Word, Excel, or Powerpoint file, and select Properties from the pop-up menu. You'll see a tabbed set of panels that keep information about the file. (For some versions of Microsoft Office, you need to click the Advanced button to expose all the information.) You'll see that Microsoft Office saves information about the file such as: Who created it

  • The company at which it was created
  • The name of the computer on which it was created
  • A list of all who have edited it
  • When it was created and when it was last saved
  • The number of times it has been edited
  • Total editing time
  • Comments
  • A hidden revision log
  • Recent links used in the file
  • Various statistics about the size of the file, the word count, etc
The information varies according to the type of file you view (Word, Excel, or Powerpoint) and the version of Microsoft Office that was used to create and edit the file. You can't see everything Office saves in the Properties panel --some of it remains hidden from your view.

You can change some of the Properties information by right-clicking on the file name, then editing it. Or alter it while editing the document by selecting Edit | Properties.

Other data is collected for you whether you want it or not, and you can not change it. Should you care? It depends on whether it matters if anyone sees this information. In most cases it doesn't. But sometimes this data is private and its exposure matters. Just ask former U.K. Prime Minister Tony Blair. He took Britain to war against Iraq in 2003 based on the contents of what he presented as his government's authoritative Iraq Dossier. But this Word file's properties exposed the high-powered dossier as the work of an American graduate student, not a team of British government experts. A political firestorm ensued.

Microsoft offers manual procedures that minimize Office files' hidden information. But these are too cumbersome to be useful. Microsoft eventually developed a free tool to cleanse Office documents created with Office 2002 SP2 or later. But restrictions limit its value. The free tool Doc Scrubber is an alternative for cleansing the Properties metadata from Word files.

Whichever tool you use, you must run it as your last action before you distribute your finished Office document. Cleansing Microsoft Office files is inconvenient and it's difficult to remember to do it. Those who require "clean" office documents are advised to use the free office suite that competes with Office, called OpenOffice.org. The OpenOffice suite does not require personally-identifying Registration information and it gives you control over the Properties information. It reads and writes Microsoft Office file formats. (I edited this document interchangeably with OpenOffice and several different versions of Microsoft Word, then created the final PDF file using OpenOffice.) Read reviews of OpenOffice here.

2.8 Microsoft Embeds Secret Identifiers in Your Documents

Windows, Windows Media Player, Internet Explorer, and other Microsoft applications contain a number that identifies the software called the Globally Unique Identifier or GUID. Microsoft Office embeds the GUID in every document you create. The GUID could be used to trace the documents you create back to your computer and copy of Microsoft Office. It could even theoretically be used to identify you when you surf the web. The free program ID-Blaster Plus can randomize (change) the GUIDs embedded in Windows, Internet Explorer, and Windows Media player. The free program Doc Scrubber erases GUIDs contained in a single Word document or all the Word documents in a Folder.

If you're concerned about secret identifiers embedded in your Office documents, use the OpenOffice suite instead. This compatible alternative to Microsoft Office doesn't embed GUIDs in your documents nor does it require personal registration and Properties information.

2.9 Chart of Tracking Technologies I've discussed the major areas in which Windows and other Microsoft products track your computer use. In most cases you can not turn off this tracking. But the free programs I've described will delete the tracking information. The chart below summarizes where and how Windows and other Microsoft products track your behavior. Many items apply only to specific software versions. A few functions report your behavior back to Microsoft. Examples include when Windows Media Player sent your personal audio and video play lists to Microsoft and the company's attempts to use the Internet to remotely cripple Windows installs it considers illegal.

--- Where Windows Tracks Your Behavior ---
Application Logs
Records on how often you run various programs
Clipboard Data
Data you've copied/pasted is in this memory area
Common Dialog History
Lists Windows "dialogs" with which you've interacted
Empty Directory Entries
File pointers unused by Windows but still usable by those with special software
Error Reporting Services
Reports Windows or Microsoft Office errors back to Microsoft
File Slack Space
"Unused" parts of file clusters on disk that may contain old data
File Properties
Office document Properties contain your personal editing information and more
Find/Search History
Lists all your Find or Search queries (used by Windows auto-complete)
GUIDs
Embedded secret codes that link Office documents back to your computer
Hotfix Unistallers
Temporary files left for un-doing Windows updates
IIS Log files
Logged actions for Microsoft's IIS web server
Index.dat Files
Secret files that list all web sites you visit and other data
Infection reporting
Microsoft's Malicious Software Removal Tool reports infections to Microsoft
Last user login
Tracks the last user login to Windows
Microsoft Office History
MRU lists for Office products like Word, Excel, Powerpoint, Access, and Photo Editor
Open/Save History
List of documents or files for these actions
Recently Opened Doc. List
MRU list accessible off Start | Documents
Recycle Bin
Deleted files remain accessible here
Registration of MS Office
Registration information is kept in the product Options, Splash panels, and Registry
Registration for Windows
Registration information is kept in the Registry
Registry Backups
Registry backups may contain personal data you may have edited out of the Registry
Registry Fragment Files
Deleted or obsolete data in the Registry that remains there
Registry Streams
History of Explorer settings
Remote Help
Allows remote access to your computer for Help
Run History
Lists all programs you have run through Windows Run box
Scan Disk Files
Files output from SCANDISK (may contain valid data in *.chk files)
Start-Menu Click History
Dates and Times of all mouse clicks you make for the Start Menu
Start-Menu Order History
Records historical ordering of Start Menu items
Swap File
Parts of memory written to disk
Temporary Files
Temporary files used during program installation or execution
Time synchronization service
Synchronizes your computer clock by remote Internet verification
User Assist History
Most used programs on the Start Menu
Windows Authentication
Identifies Windows license validity to Microsoft
Windows log files
Trace results of Windows actions and installs
Windows Media Player content
Automatically downloads content-licenses through the Internet
Windows Media Player History
Lists the Most Recently Used (MRU) files for Windows Media Player
Windows Media Player metadata
Automatically retrieves metadata for audio CDs through the Internet
Windows Media Player Playlist
Your Windows Media Player play lists
Windows Media Player statistics
Sends your Windows Media Player usage statistics to Microsoft

--- Where Internet Explorer Tracks Your Behavior ---

Auto-complete form history
Everything you type into web site forms (inc. passwords & personal information)
Auto-complete for passwords
Convenient but less secure
Cookies
Data web sites store on your computer (sometimes used to track your surfing habits)
Downloaded files
Files you download while using the Internet
Favorites
Web sites you list as "favorites" in your browser
Plug-ins
Information saved or cached by third-party software that "plugs into" Internet Explorer
Searches
Searches are retained by both IE and search engines
Temporary files (cache)
Web pages the browser stores on disk
Web site error logs
Errors encountered during web site retrieval
Web sites visited
All the web sites you have ever visited are stored in the Registry and index.dat files
Posted by at 3 comments:

1. How to Defend Against Penetration Attempts

There are many reasons someone or some organization out in the Internet might want to penetrate your Windows computer. Here are a few examples:

  • To secretly install software that steals your passwords or financial information
  • To enroll your computer as a bot that secretly sends out junk email or spam
  • To implant software that tracks your personal web surfing habits
  • To destroy programs or data on your PC
Your goals are to�
  • Prevent installation of malicious software or malware
  • Identify and eliminate any malware that does get installed
  • Prevent malware from sending information from your computer out into the web
  • Prevent any other secret penetration of your computer
1.1 Act Safely Online

Let's start with the basics. Your use of your computer -- your online behavior --significantly affects how easy it is to penetrate your PC. Practice safe web surfing. Handle your email safely. Follow these tips to reduce the chances that outsiders can penetrate your computer:

  • Don't download free screensavers, wallpaper, games, or toolbars unless you know they're safe. These often come with embedded malware. If you just can't pass up freebies, download them to a directory where you scan them with your anti-virus and anti-malware programs before using them.
  • Don't visit questionable web sites. Hacker sites, sexually explicit sites, and sites that engage in illegal activity like piracy of music, videos, or software are well known for malware. You could get hit by a drive-by -- a malicious program that runs just by virtue of your viewing a web page.
  • Don't open email or email attachments from questionable sources. These might install malware on your system. Dangerous email attachments often present themselves as games, interesting pictures, electronic greeting cards, or invoices so that you will open them. (If you get too much junk email, reduce it with these free programs .)
  • Don't click on links provided in emails. These could direct you to a legitimate-looking but bogus web site designed to steal your personal information. Companies that protect their customers don't conduct business through embedded links in emails!
  • Before you enter your online account name and password into any web site, be sure the web page is secure. The web page's address should start with the letters https (rather than http ). Most browsers display a closed lock icon at the bottom of the browser panel to indicate a secure web site form.
  • Don't give out your full name, address, phone number, or other personal information in chat rooms, forums, on web forms, or in social networks. (Section 3 on "How to Protect Your Privacy When Using the Internet" has more on this topic.)

1.2 Install Self-Defense Software

To defend Windows, you need to install software that protects against several kinds of threats. This section describes the threats and the software that defends against each. Some programs provide protection against multiple threats. but no single program protects you from all kinds of threats! Compare any protective software you already have installed to what I describe here. To cover any gaps, this section recommends free software you can download and install. It provides download links for these free programs.

Firewall -- Firewalls are programs that prevent data from coming into or leaving from your computer without your permission. Unsolicited data coming into your computer could be an attempt to compromise it; unauthorized data leaving your computer may be an attempt to secretly steal your data or spy on your activities.

Every Windows computer should run a firewall at all times when it is connected to the Internet.

I recommend downloading and installing a free firewall, such as ZoneAlarm, Comodo Firewall, Sygate Personal Firewall, or Jetico Personal Firewall. ZoneAlarm is especially easy to set up, since it is self- configuring. Find these and other free firewalls along with a quick comparative review here.

Windows ME, 98, and 95 did not come with a firewall. XP and Vista do. However, the XP and Vista firewalls have shortcomings. The XP firewalls (there are actually two versions) do not stop unauthorized outgoing data. This is unacceptable because if malware somehow got installed on your computer, it could send data out without you realizing it. Vista's built-in firewall can stop unauthorized outbound data. But it does not do so by default. This how- to article shows that enabling this critical feature is not easy. I recommend installing a free firewall whether or not you have a Microsoft firewall. (It doesn't hurt to run two firewalls.)

Anti-Virus -- Viruses are programs that are installed on your computer without your knowledge or permission. The damage they do ranges from acting as a nuisance and wasting your computer's resources, all the way up to destroying your data or Windows itself. Anti-virus programs help identify and eliminate viruses that get into your computer. Free anti-virus programs include AVG Anti-Virus, avast! Anti-Virus Home Edition, and PC Tools Anti-Virus Free Edition. If you don't already have an anti-virus scanner, download and install one of these, then run it regularly to scan your disk for any viruses. You can schedule the program to run automatically either through its own built-in scheduling facility or through the Windows Scheduler. Good anti-virus programs like these automatically scan data as it downloads into your computer. This includes emails you receive and any files you download.

Anti-Malware -- In addition to viruses, there are many other kinds of programs that try to secretly install themselves on your computer. Generically, they're called malware. They include:

Spyware It spies on your behavior and sends this data to a remote computer

Adware It targets you for advertisements

Trojans These scam their way into your computer

Rootkits These take over administrator rights and can do anything to your PC

Dialers These secretly use your communication facilities

Keyloggers These record your keystrokes (including passwords) and send this data to a remote computer

Botware This turns your computer into a bot or zombie, ready to silently carry out instructions sent from a remote server
Since no one program identifies and removes all kinds of malware, you need a couple in addition to your anti-virus scanner. Free programs for this purpose include AVG Anti-Spyware, Ad-Aware 2007 Free, Spybot Search and Destroy, and a-Squared Free Anti-Malware. I recommend running two anti-malware programs on a regularly-scheduled basis.

Anti-Rootkit -- Rootkits are a particularly vicious form of malware. They take over the master or Administrator user rights on your PC and therefore are very effective at hiding themselves. Many of the anti-malware programs above provide some protection against rootkits. But sometimes a specialized detection program is useful. Rootkit detectors often require technical expertise but I can recommend two as easy-to-use, AVG Anti-Rootkit Free and Sophos Anti-Rootkit. Both require Windows XP or 2000 or newer.

Intrusion Prevention --Intrusion detection programs alert you if some outside program tries to secretly enter Windows by replacing a program on your computer. For example, an outside program might try to replace part of Windows or alter a program such as Internet Explorer. Free intrusion detection programs include WinPatrol, SpywareGuard, ThreatFire Free Edition, and ProcessGuard Free. Install one of them and it will run constantly in the background on your computer, detecting and preventing intrusions.

1.3 Keep Your Programs Up-to-Date!

All anti-malware programs require frequent updating. This enables them to recognize new kinds of malware as they are developed. The programs listed above automatically check for updates and download and install them as needed. (Each has a panel where you can verify this feature.) You must also keep Windows up-to-date. In Vista, the automatic feature for this purpose is called Windows Update. It is on by default. You can manage it through the Control Panel | Security | Windows Update option.

As Microsoft explains, they have broadened Windows Update into a facility they call Microsoft Update. The latter auto-updates a broader range of Microsoft products than does Windows Update. For example, it updates Microsoft Office. You can sign up for Microsoft Update at the Microsoft Update web site. In XP and Windows 2000, the auto-update feature was usually referred to as Automatic Updates. Manage it through Control Panel | Automatic Updates.

Beyond Windows, you must also keep the major applications on your computer up-to-date. Examples are Adobe's Flash Player, Firefox, and RealPlayer. Most default to automatic updating. It's a good practice to verify the auto-update setting right after you install any new program. Then you never need check it again. If you don't know whether your system has all the required updates for your programs, run the free Secunia Software Inspector. It detects and reports on out-of-date programs and ensures all "bug fixes" are applied. If you need to download software updates for many programs, The Software Patch allows you to download them all through one web site.

1.4 Test Your Computer's Defenses

You can test how well your computer resists penetration attempts by running the free ShieldsUp! program. ShieldsUp! tells you about any security flaws it finds. It also displays the system information your computer gives out to every web site you visit. Section 3 on "How to Protect Your Privacy When Using the Internet" addresses this privacy concern. Test whether your computer's firewall stops unauthorized outgoing data by downloading the free program called LeakTest.

1.5 Peer-to-Peer Programs Can Be Risky

Peer-to-peer programs share music, videos and software. Popular examples include BitTorrent, Morpheus, Kazaa, Napster, and Gnutella. Peer-to-peer (or P2P) networking makes it possible for you to easily download files from any of the thousands of other personal computers in the network. The problem is that by using peer-to-peer programs, you agree to allow others to read files from your computer. Be sure that only a single Folder on your computer is shared to the Internet, not your entire disk! Then, be very careful about what you place into that shared Folder. Some peer-to-peer programs use the lure of the free to implant adware or spyware on your computer. Other P2P systems engage in theft because they "share" files illegally. The popular PC Pitstop web site tested major P2P programs for bundled malware in July 2005 and here's what they found:

P2P Program: Adware or Spyware Installed:
Kazaa Brilliant Digital, Gator, Joltid, TopSearch
Ares NavExcel Toolbar
Bearshare WhenU SaveNow, WhenU Weather
Morpheus PIB Toolbar, Huntbar Toolbar, NEO Toolbar
Imesh Ezula, Gator
Shareaza, WinMX, Emule, LimeWire, BitTorrent, BitTornade None
The SpywareInfo web site offers another good list of P2P infections here. If you decide to install any peer-to-peer program, determine if the P2P program comes with malware before you install it. You greatly increase your personal security by not getting involved in the illegal sharing of music, videos, and software.

1.6 Don't Let Another User Compromise Your Computer

Got kids in the house? A teen or younger child might violate the "safe surfing" rules above and you wouldn't know it . . . until you get blindsided by malware the next time you use your computer. This article tells about a couple whose tax returns and banking data ended up on the web after their kids used P2P networking software the parents didn't even know was installed. A spouse or friend could cause you the same grief.

If you are not the sole user of your computer -- or if you do not feel completely confident that your computer is secure -- consider what personal information you store. Do you really want to manage your credit cards, bank accounts or mutual funds from your PC? Only if you know it's secure! (Read the agreements for online financial services and you'll see that you are responsible for security breaches that compromise your accounts.) Some families use two computers: one for the kids and a secure one for the adults. They use the less secure computer for games and web surfing, and carefully restrict the use of the more secure machine. This two-computer strategy is appealing because today you can buy a used computer for only a hundred dollars. An alternative is to share one computer among everyone but set up separate user ids with different access rights (explained below). Ensure that only a single user id has the authority to make changes to Windows and restrict its use.

Never use a public computer at a computer cafe or the library for online finances or other activities you must keep secure.

1.7 Use Administrator Rights Sparingly

To install programs or perform security-sensitive activities on a Windows computer requires administrator rights. When you use administrator rights, any malware program you accidentally or unknowingly run has these rights -- and can do anything on your system. In systems like Windows XP and Windows 2000, the built-in Administrator user id inherently has administrator rights. You can also create other user ids to which you assign administrator rights. Working full-time with a user id that has administrator rights makes you vulnerable!

In contrast, using an account that does not have administrator rights gives you a great deal of protection. So create a new user id without administrator rights and use it. Then use the Administrator id only when necessary. Windows Vista introduces a new feature called user account control that helps you avoid using administrator rights except when required. This feature prompts you to enter a password when you want to perform any action that requires administrator rights. While entering passwords may seem like a hassle, UAC is a big step towards a more secure Windows. Here is Microsoft's introductory guide on this feature.

Early Windows versions --ME, 98, and 95 -- don't have a system of access rights. Whatever user id you use has the administrator powers. To keep these systems secure, all you can do is follow the other recommendations in this guide very carefully.

1.8 Use Strong Passwords

Passwords are the front door into your computer --and any online accounts you have on the web. You need to:

  • Create strong passwords
  • Change them regularly
  • Use different passwords for different accounts
Strong passwords are random mixes of letters, numbers, and punctuation (if allowed) that contain eight or more characters:
AlbqP_1793, pp30-Mow9, PPw9a3mc84
Weak passwords are composed of personal names or words you can find in the dictionary:
Polly28, Bigdog, alphahouse, wisewoman2, PhoebeJane
If keeping track of different passwords for many different accounts strikes you as impractical (or drives you nuts!) you might try a "password management" tool from any of the dozen free products listed here. If you set up a home wireless network, be sure to assign the router a password!

1.9 Always Back Up Your Data

One day you turn on your computer and it won't start. Yikes! What now? If you backed up your data, you won't lose it no matter what the problem is. Backing up data is simple. For example, keep all your Word documents in a single Folder, then write that Folder to a plug-in USB memory stick after you update the documents. Or, write out all your data Folders once a week to a writeable CD. You can also try an automatic online backup service like Mozy.

For the few minutes it takes to make a backup, you'll insure your data against a system meltdown. This also protects you if malware corrupts or destroys what's on your disk drive. If you didn't back up your data and you have a system problem, you can still recover your data as long as the disk drive still works and the data files are not corrupted. You could, for example, take the disk drive out of the computer and place it into another Windows machine as its second drive. Then read your data -- and back it up!

If the problem is that Windows won't start up, the web offers tons of advice on how to fix and start Windows. Another option is to start the machine using a Linux operating system Live CD and use Linux to read and save data from your Windows disk. If the problem is that the disk drive itself fails, you'll need your data backup. If you didn't make one, your only option is to remove the drive and send it to a service that uses forensics to recover data. This is expensive and may or may not be able to restore your data. Learn the lesson from this guide rather than from experience --back up your data!

1.10 Encrypt Your Data

Even if you have locked your Windows system with a good password, anyone with physical access to your computer can still read the data! One easy way to do this is simply to boot up the Linux operating system using a Live CD, then read the Windows files with Linux. This circumvents the Windows password that otherwise protects the files.

Modern versions of Windows like Vista and XP include built-in encryption. Right-click on either a Folder or File to see its Properties. The Properties' Advanced button allows you to specify that all the files in the Folder or the single File will be automatically encrypted and decrypted for you. This protects that data from being read even if someone circumvents your Windows password. It is sufficient protection for most situations.

Alternatively, you might install free encryption software like TrueCrypt, BestCrypt or many others.

If you encrypt your data, be sure you will always be able to decrypt it! If the encryption is based on a key you enter, you must remember the key. If the encryption is based on an encryption certificate, be sure to back up or "export" the certificates, as described here. You might wish to keep unencrypted backups of your data on CD or USB memory stick.

Laptop and notebook computers are most at risk to physical access by an outsider because they are most frequently lost or stolen -- keep all data files your portable computer encrypted.

1.11 Reduce Browser Vulnerabilities

As the program you run to access the Internet, your web browser is either your first line of defense or a key vulnerability in protecting your computer from Internet malware.

Will Your Browser Run Anybody's Program? - From a security standpoint, the worldwide web has a basic design flaw --many web sites expect to be able to run any program they want on your personal computer. You are expected to accept the risk of running their code! The risk stems from both accidental program defects and purposefully malicious code. Some web sites require that you allow their programs to run their code to get full value from the web site. Others do not. You can find whether the web sites you visit require programmability simply by turning it off and visiting the site to see if it still works properly. Here are the keywords to look for in web browsers to turn off their programmability:
  • ActiveX
  • Active Scripting (or Scripting)
  • .NET components (or .NET Framework components)
  • Java (or Java VM)
  • JavaScript
Turn off the programmability of your browser by un-checking those keywords at these menu options:
Browser: How to Set Programmability:
Internet Explorer Tools | Internet Options | Security | Internet Custom Level
Firefox * Tools | Options | Content
Opera Tools | Preferences | Advanced | Content
K-Meleon Edit | Advanced Preferences | JavaScript
SeaMonkey Edit | Preferences | Advanced (Java) | Scripts and Plugins (JavaScript)
* Version 2 on
Internet Explorer Vulnerabilities -- The Internet Explorer browser has historically been vulnerable to malware. Free programs like SpywareBlaster, SpywareGuard, HijackThis, BHODemon, and others help prevent and fix these problems.

Tracking Internet Explorer's vulnerabilities is time-consuming because criminals continually devise new "IE attacks." If you use Internet Explorer, be sure you're using the latest version and that Windows' automatic update feature is enabled so that downloads will quickly fix any newly-discovered bug. Some feel that IE versions 7 and 8 adequately address the security issues of earlier versions. I believe that competing free browsers are safer. Firefox is popular with those who want a safe browser that competes feature-for-feature with IE. K-Meleon couples safety with top performance if you don't need all the bells and whistles of resource-consuming browsers like IE or Firefox. It runs very fast even on older computers.

1.12 Wireless Risks

Wireless communication allows you to use the Internet from your computer without connecting it to a modem by a wire or cable. Sometimes called Wi-Fi, wireless technology is very convenient because you can use your laptop from anywhere there is a invisible Internet connection or hotspot. For example, you could use your laptop and the Internet from a cafe, hotel, restaurant, or library hotspot.

But wireless presents security concerns. Most public hotspots are un-secured. All your wireless transmissions at the hotspot are sent in unencrypted "clear text" (except for information on web pages whose addresses begin with https). Someone with a computer and the right software could scan and read what passes between your computer and the Internet.

Don't use public hotspots for Internet communications you need to keep secure (like your online banking).

Many people set up a wireless home network. You create your own local hotspot so that you can use your laptop anywhere in the house without a physical connection. Be sure the wireless equipment you use supports either the 802.11 G or 802.11 N standards. These secure wireless transmissions through WPA (Wi-Fi Protected Access) or WPA2 encryption. Do not base a wireless home network on equipment that only supports the older 802.11 A or 802.11 B standards. These use an encryption technology, called WEP (Wired Equivalent Privacy), that is not secure. You might inadvertently create a public hotspot! Freeloaders on your home network could reduce the Internet performance you're paying for. Activities like illegal song downloads would likely be traced to you, not to the guilty party you've unknowingly allowed to use your network.

When you set up your wireless home network, assign your system a unique name, tell it not to broadcast that name, give it a tough new password, and turn on encryption. Specify that only certain computers can remotely use the network through MAC address filtering. Turn off your router and modem when you're not using them.

Posted by at No comments:

How to Secure Your Windows Computer and Protect Your Privacy

Do you know that --

  • Windows secretly records all the web sites you've ever visited?
  • After you delete your Outlook emails and empty the Waste Basket, someone could still read your email?
  • After you delete a file and empty the Recycle Bin, the file still exists?
  • Your computer might run software that spies on you?
  • Your computer might be a bot , a slave computer waiting to perform tasks assigned by a remote master?
  • The web sites you visit might be able to compile a complete dossier of your online activities?
  • Microsoft Word and Excel documents contain secret keys that uniquely identify you? They also collect statistics telling anyone how long you spent working on them and when.
This guide explains these -- and many other -- threats to your security and privacy when you use Windows computers. It describes these concerns in simple, non-technical terms. The goal is to provide information anyone can understand. This guide also offers solutions: safe practices you can follow, and free programs you can install. Download links appear for the free programs as they are cited. No one can guarantee the security and privacy of your Windows computer. Achieving foolproof security and privacy with Windows is difficult. Even most computer professionals don't have this expertise. Instead, this guide addresses the security and privacy needs of most Windows users, most of the time. Follow its recommendations and your chances of a security or privacy problem will be minimal. Since this guide leaves out technical details and obscure threats, it includes a detailed Appendix. Look there first for deeper explanations and links to more information.

Why Security and Privacy Matter

Why should you care about making Windows secure and private? Once young "hackers" tried to breach Windows security for thrills. But today penetrating Windows computers yields big money. So professional criminals have moved in, including overseas gangs and organized crime. All intend to make money off you -- or anyone else who does not know how to secure Windows. Security threats are increasing exponentially. This guide tells you how to defend yourself against those trying to steal your passwords, personal data, and financial information. It helps you secure your Windows system from outside manipulation or even destruction. It also helps you deal with corporations and governments that breach Windows security and your privacy for their own ends. You have privacy if only you determine when, how, and to whom your personal information is communicated. Organizations try to gain advantage by eliminating your privacy. This guide helps you defend it.

The Threats

Windows security and privacy concerns fall into three categories --

  1. How to defend your computer against outside penetration attempts
  2. How Windows tracks your behavior --and how to stop it
  3. How to protect your privacy when using the Internet
The first two threats are specific to Windows computers. The last one applies to the use of any kind of computer. These three points comprise the outline to this guide.
Posted by at No comments:

Thursday, April 30, 2009

Six (6) steps to secure your computer

Six (6) steps to secure your computer

There's nothing like cracking open the box of a brand new computer. But don't be so quick to just connect it all up and hop right on the Internet.
According to the software security company Symantec, it takes only 20 minutes for an un-patched and unprotected computer to be attacked once connected to the Internet.

In that time, your pristine computer could be turned into a zombie. Zombies are machines that have been secretly taken over by hackers. The zombie networks are leased to criminals who use them to send spam or attack Web sites.

Some criminals want to put keyloggers on your computer, to steal passwords, credit card numbers and other sensitive data. There are plenty of vandals out there, too, who want to destroy your data for fun. And advertising outfits, many shady, hope to put spyware on your computer. With that, they will track your surfing and bury you with ads.

Compromised computers are found in homes, businesses and government offices. To make sure you aren't victimized, here are six steps you must take to secure your computer and the network on which it runs.

1. Install a firewall.
If you are running a network and sharing a broadband connection, you probably have a firewall built into the router. But that's not enough. Most routers used in small businesses utilize a Network Address Translation (NAT) firewall. Basically, it hides all of the computers in the network. It protects you from outsiders trying to get in. Windows XP's firewall works in a similar fashion. It's able to block incoming traffic but not outgoing data. To turn it on click Start > Control Panel > Windows Firewall. Click the circle next to "On" and click OK. Note that if you have updated your operating system to Windows XP Service Pack 2, the firewall already is enabled. The most secure method is to have a third-party software firewall in addition to the firewall on your router. It provides an extra layer of protection by alerting you to outbound traffic. Anytime a program tries to access the Internet, the user will be alerted. If it's a valid application, such as Internet Explorer, Outlook, and so on, the user grants it access to the Internet. If it's an unknown application, such as a worm, you can block it. My favorite third-party firewall is ZoneAlarm (www.zonelabs.com), which is free. You’re not ready to go onto the Internet just yet, so download the firewall onto another computer, save it on disk and install. Even if you're not using a broadband connection, you still should install a software firewall. Hackers are greedy. They will infect or take over any computer — even ones with a slow Internet connection.

2. Disable file sharing.
Before you go onto the Internet, disable file sharing. It's one thing to share your sales presentation with others in your office. It's another to share it with the entire Web community. In Windows XP Professional, file sharing is turned on by default. To disable it, click Start > My Computer. Click Tools > Folder Options. Click the View tab. Under Advanced Settings, scroll to the bottom and uncheck the box next to Use simple file sharing (recommended). Click Apply > OK. If your new computer came with Windows XP Service Pack 2 installed, click Start > Control Panel. Click Security Center > Windows Firewall. Click the Exceptions tab. Under Programs and Services, uncheck the box next to File and Printer Sharing. Click OK.

3. Install antivirus software.
This may seem as obvious as the others, but it's oh, so important. Many new computers have a trial version of an antivirus program already installed on the computer. That doesn't mean it's ready to go. You still need to update the definition files. To update the definition files, you'll need to access the Internet. Since you've turn off file sharing and installed a firewall, you should be safe. Remember that trial versions of antivirus software are only good for a short time, usually 30 to 90 days. The trial version will then continue to run on your computer, but its antivirus definitions will be out-of-date. Outdated definitions offer nothing but a false sense of security.

4. Modify your HOSTS file.
Setting up your HOSTS file will prevent spyware and any kind of "malware" (short for malicious software) from communicating outside your computer. This allows you to surf the Net anonymously. Countless numbers of hackers, vandals or unscrupulous marketers would love to hijack your Web browser or give your computer some nasty worm. Sometimes malware is bundled with shareware and freeware. Other times it can get on your computer by opening an infected file."Tracking cookies" get on your computer from Web sites and even online ads. They track your Web surfing habits and report back. This helps the ad servers know which ads to place on your computer. Fortunately, there is a list of known malware and ad servers that want to communicate with your computer. Enter the domain name for the known offenders and your computer's address (127.0.0.1) in the HOSTS file. All attempts to contact the mother computers on the Internet will lead back to your local computer. The requests will die. You don't have to enter the possible offenders manually. Such files are available on the Internet. You can find an updated one with installation instructions at this URL: www.mvps.org/winhelp2002/h
osts.htm.It's important to check often for updates to the HOSTS file, because the list of offenders is growing fast.

5. Keep your Windows system updated.
Even if your computer comes with Windows XP Service Pack 2 (SP2) already installed, you still need to update Windows. Although SP2 contains a multitude of critical updates, more have become available since its release. Update Windows by clicking Start > All Programs > Windows Update. You may have to restart your computer after some updates. Keep going to Microsoft Update until there are no more updates to be installed. If your computer did not come with SP2 installed, you can download it. Or you can order SP2 on CD for free. The same CD can be used on multiple computers. Visit this page to order the CD from Microsoft.

6. Stop spyware before it takes root on your PC.
Spyware collects information about your interests and then uses that information to display advertising. Take preventive measures by downloading and installing SpywareBlaster (www.javacoolsoftware.com/spywareblaster.html). It's a free program and prevents most spyware from being installed on your computer. Another program, Spybot Search & Destroy (www.safer-networking.org/en/spybotsd/index.html) prevents spyware and adware from being installed on your computer by immunizing it. It also has the ability to remove adware already installed on your computer. Spybot Search & Destroy also has a tool called TeaTimer. TeaTimer monitors changes to specific keys in your registry. Whenever a change is detected, a pop-up will alert you and ask if you want to allow or deny the change. To enable it click Mode > Advanced. Then click Tools > Resident. Check the box next to Resident "TeaTimer" (Protection of over-all system settings) active. Also, make sure the box is checked next to Resident "SDHelper" as well. The makers of Spybot Search & Destroy recommend that you run SpywareBlaster in tandem with Spybot Search & Destroy.

Now that your computer is as locked down as much as possible, you should be safe to set up your e-mail account for the computer and surf the Net. Take this time to check the other computers in the office. Make sure your Windows and Microsoft Office software are updated. Make sure antivirus programs are up-to-date. And check for spyware.

This may sound alarmist. But these security steps are very important. By setting up your computer properly, you can feel confident that your computers and network are as safe as possible.
Posted by at 5 comments:
Subscribe to: Posts (Atom)