20 Tips to Secure your Box

We've all seen the geek squad commercials on TV where some woman calls BestBuy, and within 5 minutes this friendly 18 year-old kid pulls up in a VW bug and works "miracles" by cleaning and securing her virus infested computer all within about 10 minutes.

For those of you that have tried to hire help to clean the malware out of your PC, however, you've likely found out what the commercial never mentions, that within a month you're right back where you started, with an infested and almost unusable computer.

With over 140,000 known computer viruses and 85,000,000 spam emails sent out each day, the likelihood of your PC coming into contact with malware such as viruses, worms, and spyware is almost guaranteed. And once your computer becomes infected with malware, simple tasks such as browsing the web can be very frustrating as your computer's speed is drastically decreased -- that is if you can still connect to the internet at all. Given the prevalence of malware, the only real long-term solution is preventing it from infecting your computer altogether, but how?

In this article we cover 20 of the most basic PC security steps, from installing essential safeguards to tailoring your own Internet behavior, which will together help you dramatically reduce the odds of your computer being infected by malware. Thus, by implementing these 20 simple and straightforward steps you can dramatically decrease the chance you'll ever have to call up your local PC repair shop for a cleaning ever again.

The Basics: Spotting and Eliminating Threats

As the saying goes, before you can run, you must learn how to walk. And you can consider your first baby step into computer security installing the basic software needed to detect and eliminate threats.

1. Use a firewall
   You can think of a firewall as a sort of shell around your computer that identifies and filters out threats, while letting secure information pass through it and reach your computer. Because a firewall serves this all-important filtering role between your computer and the internet, using a firewall is the very first step on the path to computer security.
   
   Suggestions:
   • If you're using Windows XP, thankfully you already have a firewall installed. So the only thing you need to check to make sure that you have it activated. To enable the firewall, navigate to the Control Panel, and select "Network Connections". From there right click your active internet connection, and select the "Properties" menu. Finally choose the "Advanced" tab and check the "Internet Connection Firewall" box.
   • If you don't have Windows XP or you simply want to upgrade beyond the standard protection it provides, there are a host of third-party software firewall options out on the market, among the best of which is Norton Personal Firewall. Or for those of you who want to save some money, a good free third-party firewall option is PC Tools Firewall Plus 1.0.
   
   
2. Install and update anti-virus software
   A good firewall will filter out many of the threats facing your computer, however, some malware is always going to find its way onto your PC. For example, viruses, worms, Trojan horses and other forms of malware can find their way onto your computer by various means a firewall cannot detect, including downloading malicious email attachments and files from the internet. So to protect your PC you'll also need strong regularly updated anti-virus software. While a firewall protects your computer from the outside, an anti-virus program will work from the inside of your computer, hunting down hidden viruses and deleting them, while also scanning attachments and downloads before they can infect your computer.
   
   Suggestions:
   • For those of you that don't mind spending a few dollars on security, CA, offers one of the best products in the personal anti-virus market. They also offer a free 30-day trial for their anti-virus software, so you may want to give it a try even if you don't plan on ordering, just so that you can clean your computer out and start fresh.
   • If you're looking for a highly regarded free anti-virus alternative, try PC Tools Anti-Virus Free Edition.
   
   
3. Install and run anti-spyware software
   Even though firewalls and anti-virus programs are more well-known when it comes to basic security steps than installing anti-spyware software, it may actually be your anti-spyware program that provides your computer with the most significant increase in security.
   
   Today, the most common form of malware that internet users encounter is spyware. In fact, a recent study estimated that 9 out of 10 computers connected to the Internet are currently infected with some form of spyware. Spyware can take a variety of forms, however, some of the most common effects are that it causes unsolicited pop-ups to appear, steals personal information, monitors internet activity for marketing purposes, or routes your website requests to other spammy advertising sites.
   
   Suggestions:
   • Perhaps the most popular spyware removal program is Lavasoft's Ad-Aware. Ad-Aware comes in a variety of packages including the Professional edition, available for purchase on the Lavasoft website, and the Personal edition,which is free of charge. Because running an anti-spyware program can tend to slow your computer down and use up computing resources, try running the spyware scan in the background of your computer.
   • Another popular anti-spyware tool is Spy Sweeper. Spy Sweeper is offered as shareware and comes equipped with both anti-spyware and anti-virus features, which means that you can get more complete protection even faster.
   
   
4. Install additional basic threat counter-measures
   In addition to the three universally needed security software programs discussed above, there are a couple of other software installations which can be basic necessities for you, depending upon your particular computer usage.
   
   Suggestions:
   • If you do a lot of surfing on gaming, gambling, or pornographic sites, you are particularly vulnerable a type of malware called Rootkits. If this is the case, it is absolutely essential that you install anti-rootkit software to secure your PC, and even if you don't fall into one of those vulnerable categories it is still a good idea. A well-reputed option is Sysinternal's Rootkit Revealer to help you identify and remove rootkits from your PC.
   • Parental Control: For parents, installing parental control software isn't just about determining what sites your child has access to, it is also an important step in keeping your computer malware free. Often children spend lots of time surfing on gaming sites, or enjoy making downloads of free software or screensavers. Unfortunately, however, these are all very dangerous activities when it comes to picking up malware. One of the strongest parental controls comes as a part of the ZoneAlarm Internet Security Suite which also includes several types of firewalls, as well as virus and spyware protection.

Tweaking Settings and Making Usage Adjustments

Now that you have installed the most basic PC security software, there are a number of more specific weak points in your computer's armor that need to be shored up either by making some personal behavior adjustments to compensate for the particular security weakness or by making the necessary upgrades to minimize its vulnerability.

1. Strengthen your web browser security
   You connect to the internet through your internet browser. And whether you use Firefox, Internet Explorer, Opera or anything else, this is a point of major weakness in any computer's defenses. Hackers often target their attacks on your computer by focusing on flaws in browsers or their plug-ins and using drive-by downloads, to get your computer to download malware through the browser without you even knowing that something was downloaded. Because of this threat, web browser security upgrades are an important early step in your PC security overhaul.
   
   Suggestions:
   • The easiest browser security upgrade is simply to switch internet browsers. Microsoft's Internet Explorer is subjected to the largest number of security threats, so switching to a popular safer alternative such as Mozilla's Firefox or Opera will dramatically improve your PC security right away.
   • For those dead set on using Internet Explorer, you should raise the security level from the default to high setting and specify which websites are trusted enough to bypass the browser's security filter. You can do this by opening up a new browser window, selecting the "Tools" menu, followed by "Internet Options." From there choose the "Security" tab and finally drag the bar to the "High" level.
   
   
2. Install the latest OS service pack
   Hackers are constantly developing new types of malware, some of which try to exploit weaknesses in an operating system to get into your computer. Therefore, it is important to always install the latest Windows OS Service Pack (SP) updates in order to keep your computer secure. Microsoft releases patches and updates for their Windows operating systems once a month on "Patch Tuesday."
   
   Suggestions:
   • Currently the safest Windows XP operating system uses Service Pack 2 (SP2). How do you know you have SP2? Open up your PC's control panel and look for the icon called "Security Center." If you see it, you have SP2. If not, make sure to download it right away.
   • Download patches only directly from the official Windows site and never from anywhere else, no matter how official the site looks. Spammers often cleverly create fake infected patches and post them on their own or other people's websites in order to trick people into infecting their own computers by downloading them. Thus, by downloading your patches exclusively from the official Windows site, you can minimize the chances of ever encountering a fake patch in the first place.
   
   
3. Select secure software and update it regularly
   You've probably seen those funny Mac and PC commercials on TV where the PC talks about the huge number of viruses and exploits Windows is exposed to relative to Macs. Unfortunately, it is true that the operating system and software that you select plays a big part in how many threats your computer faces. Though the number of threats that affect Mac OS X programs is expected to grow in 2007, for now at least, viruses are concentrated on Microsoft's programs. Consequently, if you are running a Windows OS, or another Microsoft application, it is extremely important that you frequently update your application with all the new patches that Microsoft puts out. Stated simply, the longer a critical internet-dependent application goes without an update, the higher the probability your computer will have a security threat. So to avoid unnecessary breaches in security, keep your important software up to date.
   
   Suggestions:
   • Run automatic updates for Windows XP patches and your web browsers. While using automatic updates is not the safest solution for a lot of applications, when it comes to fighting new viruses that threaten your operating system and key programs, the risk of using automatic updates is far outweighed by the benefits of quickly updating.
   • Educate yourself on the differences in the levels of threats facing different operating systems and applications. While it probably doesn't make sense for you to select an entirely different operating system on the basis of increased threats, it might make sense for you to choose an alternative program where a similar product is offered by a competitor that faces far fewer security attacks.
   
   
4. Disable file sharing on your hard drives
   While securing your wifi router will help keep hackers from getting access to your network, what about the potential for harm from people who already have legitimate access to your network? Having a firewall will certainly help, but it may not be enough.
   
   One of the best ways to limit your exposure to intra-network harms is by prohibiting file sharing access from foreign machines. This is especially important if you are on a large scale or open wifi network, such as at a college library or in an office building, where you do not know who could be potentially browsing through your PC.
   
   Suggestions:
   • Use the AllPeers plugin for Firefox web browser to enable secure sharing over the internet.
   • Use secure sharing via one of the VoIP (Skype) or VoIM (Google Talk, Yahoo Messenger, Windows Live Messenger) clients as an alternative option.
   
   
5. Be cautious when downloading
   While not all freeware is bad, the old saying that nothing worthwhile in life is free is generally true when it comes to free internet downloads. Spammers often hide dangerous malware in computer programs that they then offer for free on the internet. When you choose to download these free programs, not knowing they are infected, you circumvent your firewall and anti-virus protection, and as a result often open yourself up a serious malware infestation.
   
   Suggestions:
   • If possible, find a trusted Web site such as ZDNet or VNUNet to download your desired files from.
   • If you download via torrent or peer-to-peer programs, make sure to scan the files you receive for viruses and other malware, as many file servers do not check the integrity of the documents they host.

Safely Emailing

Email was originally designed to enable academics and scientists to communicate with one another. And because it was created with the thought that only trusted individuals would send files back and forth, email's security weaknesses were never a concern while the technology was being developed. Unfortunately, spammers and hackers came along with the popularity of email, but by then the technology was far too popular to redesign. As a result of its inherent security weaknesses, it is very important to take the necessary steps to strengthen your email security through add-on protections and by tailoring the way you use your email.

1. Use a first-rate email client
   Just because all email clients deliver your email, does not mean they are equally effective when it comes to PC security. An effective email client should provide your computer with another layer of protection by effectively filtering out all the unwanted email messages bound for your inbox, as well as providing some basic email attachment virus scanning.
   
   Suggestions:
   • Google Mail (GMail) is one of the best web-based email clients, providing you with top of the line spam filtering that will keep your inbox free of almost all unwanted messages. Unfortunately, however, its virus scanning capabilities leave a lot to be desired, so you'll want to manually scan all email attachments using your personal virus scanner before you download.
   • Mozilla's Thunderbird is a highly regarded, award winning, spam-fighting standalone email client. Thunderbird has to be configured for a POP or IMAP based email server just like Microsoft Outlook. But once you setup Thunderbird, you'll be well on your way to keeping your inbox free of spam.
   
   
2. Handle email attachments carefully
   When you download an attachment, your computer presumes that you know what you're doing. Consequently, your firewall won't check the attachment to make sure that its safe, which leaves just a cursory scan by your email client as the only protection between an attachment and your computer. Given the low level of security surrounding attachments, it's no surprise that hackers often try to hide their harmful programs in spam email attachments. In fact, an estimated 90 percent of viruses enter computers this way. Given those stats, it is important to always follow best practices when handling all email attachments in your Inbox.
   
   Suggestions:
   • Do not open attachments from strangers, or even from well-known companies, no matter how official or familiar the email appears to be. Spammers often use very creative techniques to make their emails and their attachments look legitimate, and they are getting increasingly good at it. So simply closely examining emails with attachments before downloading is no longer a sufficient security strategy. Instead, you should adopt a strict no attachment policy from strangers or companies, and go to the company website directly to get the needed information instead.
   • If a friend's computer is infected, it's possible that you'll receive email with virus-infected attachments that appears to be (or actually is) from them. Thus, a familiar sender alone is not enough to ensure that an attachment is safe. If you're not expecting an attachment, call, IM or VoIP the person to verify that they intended to send it before you open the attachment.
   
   
3. Do not click on email links haphazardly
   A common phishing scam technique is to embed a link in an authentic-looking but fake email message which leads to a malicious website. These email messages usually try to trick people into clicking on the link and giving up personal information in order to supposedly "confirm their financial information" or even just to "unsubscribe" from a newsletter they never signed up for in the first place. Another variant on this same scheme simply installs a virus on your computer after you click on the link via a technique called drive-by downloading. But whatever the specific harm inflicted, the point is simply that embedded links in emails can pose an enormous PC security risk.
   
   Suggestions:
   • Do not click on links in questionable emails. Reputable companies might send an email saying there's a problem with your account, but they'll never include a link "for your convenience" proclaiming to have lost all of your data.
   • Even if you personally follow email best practices, family members using shared email accounts may still unwittingly click on malicious links and infect your computer. Consequently, you may want to disable "HTML email" so that embedded links in emails no longer function, as well as educate family members on some of the most common techniques scammers and hackers use.
   
   
4. Set up email filters
   Reputable Internet Service Providers (ISP's) are all currently developing effective spam filtering in order to minimize the amount of spam that reaches your email client. And just as that extra level of filtering helps to reduce the levels of spam that reach your inbox, so too you can add your own supplemental filtering level by setting up your own personal email filters. While your ISP filter and email client filter will together dramatically limit the amount of spam that gets through, it is only by adding a manual filtering component through custom filtering that you can achieve near zero spam levels.
   
   Suggestions:
   • Start with an effective email client and add custom filters. GMail allows you to create a number of email aliases that all connect to your existing email address, which will allow you to divide up incoming emails into folders dependent upon the particular variant the email was sent to. So, whenever you sign up for a new newsletter, you can use a new variant on the email. If a newsletter ends up selling your name to spammers, you can simply block that email variant and voila, you have stopped the flow of spam and identified which newsletter is secretly selling readers' contact information to the highest bidder.
   • If you don't have access to email aliases, you can accomplish exactly the same thing by setting up multiple free email accounts and designating one specifically for newsletter signups. If you don't want to keep up with all those email accounts, you can even use a self-destructing email account such as 10minutemail which will allow you to confirm your subscription to a newsletter or service, but which won't put your real email in danger of picking up spam.

Protecting Your Password

You would never consider setting the combination of your family safe to something as simple as, "1 … 2 … 3." But even though computer and Internet passwords provide access to far more money than your home safe, many people set themselves up to get hacked when they select passwords that are far too simple or that are changed too infrequently.

1. Keep hackers guessing
   Hackers use a variety of techniques to attempt to guess passwords. One of the most effective methods is known as "dictionary hacking" in which hackers simply run a computer program that attempts common words and number combinations. Knowing this, you should tailor your password so that it cannot be easily guessed by "dictionary hackers".
   
   Suggestions:
   • Use strong passwords of at least 7 characters long, with a mix lower and uppercase letters and digits. Example: AxV37TtP0.
   • Never use common words or names in your password. In fact, making up new words is an effective way to keep hackers from guessing your password.
   • Change your passwords regularly. No matter how closely you guard your password, it will eventually become compromised. By changing your password regularly, however, you can ensure that by the time a hacker gets a hold of your password you've already changed it.
   
   
2. Use a variety of different passwords
   It is human nature for people to feel comfortable with a particular username and password, and to keep using it over and over. Because hackers know this, they often target less secured sites in order to harvest usernames and passwords, with the knowledge that those same username and password combinations are likely to work at more secured (and more valuable) sites such as online banks.
   
   Suggestions:
   • Use different passwords and usernames for all web-based applications. If you are overwhelmed by the thought of having to remember a dozen different passwords, come up with a system for numerically organizing passwords so that even if you forget a password you'll be able to quickly guess it later by comparing it with those of your passwords that you do remember.
   • Be creative with your usernames. Almost everyone uses some combination of first initial/ last name, so a hacker can simply presume that in any database there is a JSmith, a JSmith1, and so on. Make sure that your username isn't something that can be easily guessed.
   
   
3. Password protect your computer login access
   While many people are willing to set up complex passwords for online services, they often resist doing so to protect physical access to their computer. The truth is, however, almost every computer is in danger of being accessed by individuals who don't have authorization to do so. From your own children, to the maid that cleans your house while you're at work, the person accessing your computer does not have to intend to harm you or your computer to accidentally do so, so everyone needs a strong password for physical computer access.
   
   Suggestions:
   • Not only add a password to your personal profile, but also to any guest accounts. Again, you aren't just concerned with someone maliciously attempting to harm your computer, often the biggest danger is from inexperienced internet users who are just curious.
   • Use a screen saver with password protection. It is all well and good to password protect your windows logins, but if you're like most people, your computer is often left idle rather than being shut down immediately after you're done using it. So eliminate this vulnerability by setting up a password protected screen saver to start up if your computer is left in idle mode for more than a few minutes.
   • Consider creating a desktop shortcut to lock down your computer if you're the type of person who will forget to secure things if it isn't simple and convenient to do so.

Wireless Protection

With the recent surge of wireless networks and the increased number hot spots around the globe, the focus of internet attacks has once again shifted to a new weak spot in a PC's security, wifi connections. Thankfully, in just a few short steps, you can keep your computer safe from wireless intruders.

1. Protect your wireless network
   If you have a wireless network, it is important to protect yourself from freeloaders, drive-by hackers, and other unwanted users of your wifi network. There are several options you can set to make your wireless network and PC safer.
   
   Suggestions:
   • When you encrypt your wifi network, your default setting is to encrypt your network with WEP, an encryption standard which is so easily hacked, that it is often regarded as little better than having no encryption at all. Instead, upgrade your wireless network to the much stronger WPA2 protection standard.
   • Many hackers simply drive around neighborhoods looking for wifi networks entitled "default" or "Linksys" in order to identify who has not taken even basic steps to protect their wireless network. Avoid sending this obvious beacon to hackers by taking one minute to change your wi-fi network's name.
   • Not letting hackers know that your wifi network exists at all by hiding your SSID broadcast and implementing MAC address filtering can dramatically limit outside access to your network. Remember that a hacker will almost always take the path of least resistance, so by stopping your SSID broadcasting you'll cause hackers to move on and look elsewhere for easier targets.
   
   
2. Do not use a neighbor's wifi connection
   Often hackers setup free, seemingly unprotected wifi connections in convenient locations such as apartment complexes and airports. While these unsecured connections might just be an individual who hasn't taken the time to protect his network, they might also be "honeypots", or traps set by hackers to snag your personal details.
   
   Suggestions:
   • If you absolutely must use "public" wifi, make sure to encrypt and protect the data that your computer sends out. You should also encrypt your instant messages if you plan on using the service from such a vulnerable access point.
   • Never sign into financial accounts (banking, Paypal, etc) while connected to a public network. In fact, try to type in as little private information as possible when accessing the internet via any unsecured wifi connection.
   • If you have a PDA or smartphone with a wireless data plan, you might be able to create your own wifi hotspot instead of having to connect to an unsecured public network.

Physical Protection

No matter how many steps you take to encrypt, password protect, and otherwise electronically secure your computer, none of it will mean anything if someone just physically steals your laptop. Consequently, an important part of any PC security overhaul is to take steps that minimize the risk and exposure of physical theft.

1. Disguise your laptop
   Look around: you've likely seen people carrying obvious laptop bags, though there's no rule that says you have to. Alternative carry bags reduce the chance that someone will try to grab your laptop at an airport or elsewhere. In the same way that you hide your CD case or iPod before you get out of your car, by disguising your laptop you reduce the total pool of potential thieves, and thus lower the chances of having your computer physically stolen.
   
   Suggestions:
   • Make sure the alternative bag is water-resistant and padded.
   • A convenient alternative to the laptop case is a messenger bag, but you might also try an army surplus bag, or if you're feeling really adventurous, a pizza box. If a lack of aesthetic appeal doesn't bother you, making your new bag look weathered and dirty (while the laptop is out of the bag of course!) further reduces the likelihood of theft.
   • If you've got the cash, Boblbee offers a great multi-purpose hard-shell backpack that will keep your computer safe without immediately signaling what you're carrying. One model, the Megalopolis, is specifically designed to hold and hide a laptop as well as protect it from the occasional fall.
   
   
2. Use anti-theft solutions
   Planning to use your laptop in a public place such as a library or bookstore cafe? Worried that it might get swiped if you leave it unattended for a moment? Good, you should be. Thankfully, there are a couple steps you can take to minimize the risk of this occurring, and to improve the chances of computer recovery if it does.
   
   Suggestions:
   • One technique that serves as both a deterrent and a recovery tool is to get STOP's Security Plate, which leaves a permanent tattoo on your laptop to indicate that the device is traceable by police in case of theft.
   • Another creative security measure is to install tracking software so that if stolen, your laptop will secretly transmit its location to a control center as soon as the thief accesses the internet.

Source : http://www.itsecurity.com/features/20-minute-guide-pc-security-021307/