|
| |||||||||||||||||
|
Scroll down the 30+ pages on the A-to-Z menu: To support this site: |
Forewarned is forearmed... | ||||||||||||||||
|
PC Security: How to Make Computers Secure from Hackers, Viruses, Trojans, Spyware, Adware, and Phishing Scams - Page 1Last updated on 15 May 2008
INDEX Click the relevant link to go to that information on This Page or Page 2: An introduction to computer security Additional ways of improving your PC's security [ELSEWHERE ON THIS SITE] The tricks used by phishing sites, hackers, and web tricksters Microsoft Knowledge Base: Security articles Security and Internet products: Reviews "Rootkits" are posing a new security threat to Windows systems Computer Gripes: Software security issues Using the HijackThis and CWShredder removal tools Security Q&A problems dealt with on this site Computer security: Relevant links to other sites
An introduction to computer security
The great dangers presented by identity theftSince identity theft is a tremendous growth industry, it is imperative that you should know how to protect yourself from having your identity stolen, because if someone steals your identity, the thief can sign up to Internet Service Providers (ISPs) in your name and get you into trouble with the law for online theft or for accessing illegal websites. The following article is written by Frank Abagnake, one of the most notorious forgers and impersonators in history. The movie Catch Me If You Can, starring Leonardo Di Caprio as Abagnake, is based on his notorious life of crime as a teenager. He is now a world-renowned consultant on security matters. 14 tips to avoid identity theft - http://www.bankrate.com/brm/news/advice/20030124b.asp The information on that page is aimed at US citizens, but provides some good advice to anyone. Apparently, in the US, if someone knows a person's social-security number, he or she can gain access to all of that person's account numbers. Note well that gaining access to that kind of personal information is not possible in the UK if someone knows a person's National Insurance number. In 2002, Abagnale wrote a general, all-purpose book called The Art of the Steal. In the book, he lists and explains common confidence tricks and ways of preventing oneself from being defrauded. Identity theft and Internet scams are also covered. In 2004, he released a book called, Real U Identity Theft, in which he provides information on how to prevent identity theft in the first place. Both books are widely available. Here is a useful quote from an interview with him: ..." you have to alert consumers today, you have to be a very smart consumer. The police can’t protect you, the government can’t protect you, your bank can’t protect you, only you can protect yourself. So you have to ask yourself when you go on something like the Internet, what information am I putting out there, and how could someone use that information? The crime of the future will be identity theft, and we’re already starting to see where people assume other people’s identity because they’re able to get bits and pieces of information about that individual, their bank account, their social security or health card number, and then assume that person’s identity. And that’s an awful crime, because in that crime, the criminal who’s committing the crime is innocent until they’re proven guilty, but the person who’s the victim is guilty until they prove themselves innocent. So they’re the ones that have to go out and convince the bank, the credit bureau, that they’re not the person who made those charges or got that mortgage." If you enter "frank abagnale" in the Google search box at the top of this page, with its Web radio button enabled, you will be presented with plenty of useful links to information on him and his books.
The Security Center in Windows XPYou should know that Windows XP has a Security Center that is opened by clicking Start => All Programs => Accessories => System Tools => Security Center. It informs you of the security status of the system's firewall and virus protection, and allows you to set options for the way in which Automatic Updates (in Windows XP) or Windows Update (in Windows Vista) operates. If you have insufficient firewall and/or virus protection, you will be informed by pop-up messages. Depending on the setting you have enabled, you can also be informed of what Automatic Updates requires of you. A badge-shaped icon appears in the bottom left System Tray (Notification Area). If you position the mouse pointer over the icon, you will be told what to do. For example, if you have chosen the setting that makes Automatic Updates let you know when updates are available, the message will tell you that updates are available and to click the icon to begin the download. If you need to investigate a security issue, the following guide provides you with a good way to go about it. Fundamental Computer Investigation Guide for Windows [XP and Vista] - "This guide discusses processes and tools for use in internal computer investigations. It also presents an applied scenario example of an internal investigation that uses Windows Sysinternals tools (advanced utilities that can be used to examine Windows-based computers) as well as commonly available Windows commands and tools." - http://go.microsoft.com/?linkid=6500778 The Security Center in Windows Vista Microsoft is touting Windows Vista as the most secure operating system yet devised. True or not, the devil is always in the detail. The Security Center in Windows Vista is accessed via the Control Panel, which is accessed from the Start (button's) menu. Click on Security to open it. Windows Security Center - "Windows Security Center [in Windows Vista] helps make your PC more secure by alerting you when your security software is out of date or when your security settings should be strengthened. The Security Center displays your firewall settings and tells you whether your PC is set up to receive automatic software updates from Microsoft. Other improvements over the version of Windows Security Center that debuted in Microsoft Windows XP SP2 include showing the status of software designed to protect against antispyware, your Internet Explorer 7 security settings, and User Account Control. In addition, Windows Security Center can monitor security products from multiple companies and show you which are enabled and up to date." - http://www.microsoft.com/windows/products/windowsvista/.../securitycenter.mspx Windows Vista Security and Data Protection Improvements - http://technet.microsoft.com/en-us/windowsvista/aa905073.aspx Windows Vista Security Guide - Interview with the Authors - "Listen to this half-hour interview with the authors of the Windows Vista Security Guide to find out how to use the guide's recommendations to further harden Windows Vista against real-world security threats like malware and information theft. You'll also hear how to use the guide's automated tools to deploy security configurations in minutes instead of hours." http://go.microsoft.com/?linkid=6324365 The Devil's Guide to Windows Vista Security - http://www.computerworld.com/action/...Basic&articleId=9005492 Windows Vista Security Guide [technical guide for IT professionals] - http://www.microsoft.com/technet/windowsvista/security/guide.mspx How To Create a Windows Vista Password Reset Disk - "Creating a Windows Vista password reset disk can really come in handy if you forget your account password. With it, you can easily reset your password and get right in to Windows Vista. While there are ways to recover lost passwords without a password reset disk, they are often complicated and time consuming..." http://pcsupport.about.com/od/windowsvista/ht/vistapwdisk.htm Windows Vista Security Guide 1.2 - http://www.download.com/Windows-Vista-Security-Guide/... Windows Vista Step-by-Step Guides for IT Professionals - "These step-by-step guides provide instructions for deploying or migrating to Windows Vista, and various management tasks, including configuring security, monitoring performance, and managing printers." - http://www.microsoft.com/downloads/details.aspx?... Microsoft has extended support for Windows XP Home and Media Center EditionsFebruary 23, 2007. - Microsoft has extended its support for Windows XP Home and Windows XP Media Center Editions to match the support it has always intended to give Windows XP Professional Edition. Support for those two versions was supposed to end five years after their introduction, but Windows XP Home Edition was released in October 2001, and Windows Vista was only officially made available on January 30, 2007, so, although Microsoft had to extend its support for them, it has done so very generously. Windows XP Home and Windows XP Media Center Editions are to receive free mainstream support until April 2009. Mainstream support includes feature requests, security updates, hotfixes, and support. After mainstream support ends, five years of extended support begins. Extended support provides free security updates and paid-for support. Official support for all three versions of Windows XP (including Windows XP Professional Edition) will end in 2014. Visit http://support.microsoft.com/lifecycle/ for the latest information on the lifecycles of Microsoft's products. Microsoft ends support for Windows 98/98 SE/MeJune 24, 2006. - On July 11, 2006, Microsoft ended support for both Windows 98, Windows 98 Second Edition (SE) and Windows Millennium Edition (Me). This means that Microsoft will no longer provide security updates for these operating systems, and will no longer provide (paid) incident support. Only self-help support will be available until at least July 10, 2007. You can still use those versions of Windows, but, unless Microsoft changes its mind, they will not be updated after that date. The safest way to upgrade RAM: Use the UK and US Crucial Memory AdvisorsPaul Mullen, the highly-respected computer guru of the Helpfile at ComputerShopper.co.uk - "I have recently been buying my memory only from Crucial Technology. I would rather pay the extra cost than waste time trying to track down the obscure program faults that bad memory can cause." The memory requirements of the versions of Windows VistaMost of the versions of Windows Vista require more RAM memory to run optimally on a computer that doesn't use memory-hungry applications than Windows XP. A video-editing application is an example of memory-intensive software. Only Windows Vista Home Basic has a recommended minimum amount of memory of 512MB, which is the same amount recommended for Windows XP. Windows Vista Home Premium, the most popular version, and Windows Vista Ultimate require a recommended minimum of 1GB (1024MB) of memory, which is twice the amount of minimum memory recommended to run Windows XP. For more information on computer memory, read the RAM pages of this site.
For example, if your computer has an Asus motherboard, open the menu, scroll down to ASUS, and click GO. If, say, you have a Dell computer, scroll down to DELL, and do likewise. You will be taken to the relevant information on Crucial's website. If you don't know the make and model of the motherboard installed in your computer, here is a good free utility - Belarc Advisor - that creates an analysis of the hardware and software on a personal computer. Look under FREE DOWNLOAD - http://www.belarc.com/. Another utility that also provides detailed information on the memory itself is CPU-Z. Windows Vista: User Account Control (UAC)If you are a user of Windows XP, when using Windows Vista you'll soon notice that Vista requires permission to install software, and, if you have a utility such as the free CCleaner installed and set to clean the system at startup, Vista asks your permission to allow it to perform its cleanup during startup. Vista's User Account Control is responsible for those security measures. User Account Control (UAC) improves the security of the system it is running on by limiting software to standard user privileges until an increase in privilege level is authorised by a user with administrator privileges. In this way, only applications that the user trusts receive higher privileges, and spyware and viruses are prevented from installing themselves. In short, a user account can have administrator privileges assigned to it, but software that the user runs do not also have those privileges unless they are approved beforehand, or the user authorises it to have those higher privileges. Application software that has been installed will run without interference, but if it attempts to make unauthorised changes to the system, Vista asks the user for permission. If you are logged into a Vista computer as administrator, and you wish to make a configuration change, a message pops up from the UAC asking 'If you started this action, continue'. You must click on that 'Continue' button before Vista completes the configuration. You can turn UAC off if you find its nagging annoying, but it is advisable to tolerate it and to learn how to distinguish between what is safe and what is potentially dangerous. What you should never do is just click the Continue button without finding out which application brought the UAC into action, because that is how viruses and spyware can be installed. Here are some webpages that provide additional information on UAC, including how to turn it off: User Account Control - http://en.wikipedia.org/wiki/User_Account_Control Understanding Windows Vista's User Account Control - http://www.windowsdevcenter.com/pub/a/windows/2007/02/06/... User Account Control Overview - http://technet.microsoft.com/en-us/windowsvista/aa906021.aspx You can find many others by entering vista user account control in the Google search box at the top of this page (with its Web radio button enabled). How to wipe the data on a PC before you get rid of itRetire that computer more safely - "If you're ready to replace, sell, or retire your old computer, it's very important to eradicate personal data stored on its hard drive before unplugging it for the last time. You should always remember that even though you manually delete computer files, an identity thief might still be able to recover them, possibly putting you or your family at risk." - http://www.microsoft.com/athome/security/update/donatecomputer.mspx The essential protection methodsSoftware applications and operating systems are continually developing and are just as continually leaving gaping holes that hackers discover and exploit - and software developers are forced to patch. Therefore, it is essential to keep up to date with the latest ways and means of providing your PC or network with the most effective and cost-effective protection. Free security analysis tools are available that can analyse the contents of a computer and determine security weaknesses. The Microsoft Baseline Security Analyzer (MBSA) is the best free product. It covers a variety of areas of importance in making a PC secure, and provides solutions wherever weaknesses are discovered. It is simple enough for intermediate computer users to use, but is also sophisticated enough for professional use. If you are a novice to computer security, you can download and run it after you have read and understood the contents of this section of this site. The installation of MBSA requires validation via Windows Genuine Advantage. MBSA can analyse a single computer or the computers on a network. It saves each scan as a report that can be printed or copied to the Windows Clipboard. Brightly colored icons make it a simple matter to see safe (green), questionable (yellow,) or problem (red) areas. Additional information, indicated by a blue icon, is also provided. Each entry in the report links to help text that explains what was scanned and, in many cases, provides details on the results. If a problem is discovered, a "How to correct this" link is made available. The help files often link to additional files online, such as Microsoft Knowledge Base articles. Microsoft Baseline Security Analyzer - "Microsoft Baseline Security Analyzer (MBSA) is an easy-to-use tool designed for the IT professional that helps small- and medium-sized businesses determine their security state in accordance with Microsoft security recommendations and offers specific remediation guidance. Improve your security management process by using MBSA to detect common security misconfigurations and missing security updates on your computer systems." - http://www.microsoft.com/technet/security/tools/mbsahome.mspx The ten essential protection methods to employ are: 1. - Install the latest security updates/updates for the operating system, the web browser, and software such as Flash Player, Java, RealPlayer, WMP, etc.Keep your computer that is running Windows XP/Windows Vista and Internet Explorer updated with the latest updates from Microsoft Update. If you use another operating system (e.g., Linux) or Internet browser (e.g., Mozilla Firefox), visit its site for updates. Microsoft makes security updates available once a month. Amazingly, in September 2005, there were no updates. But this month, (October, 2005) there were nine, three of which are rated as Critical. You can find out how your Windows XP computer downloads and installs updates by opening Automatic Updates in the Control Panel. In Windows Vista it is called Windows Update and it can be found under the Security and the System and Maintenance sections of the Control Panel. Windows Update [in Windows Vista]- http://www.microsoft.com/windows/.../features/details/windowsupdate.mspx Click here! to go to the Security updates page on Microsoft's site. A computer can have several old programs installed on it that require patches or updating in order not to be a security risk. The most common programs are Java, Flash Player, QuickTime, Adobe Reader, WinZip 8.x, RealPlayer, Yahoo! Messenger 8.x, and Winamp 5.x. Sometimes when you install the latest version, the old version can be left installed. If that is the case it doesn't present a security risk, because the latest version is being used. You can check if you have any unpatched software by downloading and using the free Secunia Personal Software Inspector. Secunia Personal Software Inspector (PSI) - "The Secunia PSI is available free of charge. Secure your PC. Patch your applications. Be proactive. Scan for Insecure and End-of-Life applications. Track your patch-performance week by week. Direct and easy access to security patches. Detect more than 300,000 unique application versions." - https://psi.secunia.com/ You can also download and run the filehippo Update Checker that finds updates. filehippo.com Update Checker - "Welcome to the new filehippo.com Update Checker! We're currently beta testing this exciting new addition to our website and have released it as a public beta for everyone to download. What is it? The Update Checker will scan your computer for installed software, check the versions and then send this information to filehippo.com to see if there are any newer releases. These are then neatly displayed in your browser for you to download." - http://www.filehippo.com/updatechecker The following article provides information on this subject: Unpatched software abounds on user systems - http://windowssecrets.com/comp/070906/ 2. - Use an alternative browser to Internet Explorer and an alternative e-mail program to Outlook ExpressInstead of Internet Explorer use an alternative such as Mozilla's Firefox. Every hacker and malware programmer on earth is constantly trying to find ways of expoiting Internet Explorer. You can keep Internet Explorer installed in case you have to use it for certain sites that won't work without it. As long as you have sufficient system resources, you can have as many browsers as you like installed and running at the same time, so if you can't get a site to work with Firefox, open Internet Explorer and use it instead. Firefox is highly resistant to malware infection. Every method of installing malware through Firefox requires the user to give permission to install it. The rule of thumb for any browser is if a message suddenly appears for no reason asking for permission to install software, or to run a script, always click No unless you know exactly why your permission is required to install a program or run a script that makes the browser take certain defined actions. However, if you must use Internet Explorer, then make sure that you are using version 7 (Internet Explorer 7), which has improved security features, such as a Phishing Filter. Read all about that and other features here: Internet Explorer 7 support - http://www.microsoft.com/windows/ie/support/default.mspx You can use McAfee's SiteAdvisor for extra protection. It can warn you if you're visiting undesirable sites. SiteAdvisor - "We test the Web to help keep you safe from spyware, spam, viruses and online scams...The basic version of our software is free of charge. SiteAdvisor Plus is a paid version with additional premium features." - http://www.siteadvisor.com/
For the same reasons, for an e-mail program, instead of using Microsoft's Outlook Express, use Mozilla's Thunderbird. It won't execute dodgy scripts or launch the malware programs that an unpatched installation of Outlook Express does. Even with all of the latest security updates installed, Outlook Express still draws images into e-mails that it can display in its preview window. The sender of the message can use an image only a screen pixel in size to find out if your e-mail address is active and then sell it so that you get flooded with spam. Thunderbird doesn't do that. It can be a little problematic occassionally, but it makes up for that by having a superb spam filter. All you have to do is configure its Junk Mail Controls under the Tools menu, and then highlight a spam message and hit its Junk button. The spam filter learns what sort of e-mail you would rather not see in your Inbox. After all of the e-mail messages have been downloaded, the spam is transferred to the Junk box from where it can be deleted or set to be deleted after a specific period. If it flags a valid message as spam, you can tell it that it has made a mistake and it shouldn't repeat it. 3. - Use a good software and/or hardware firewall instead of the Windows Firewall provided by Windows XP and Windows VistaHave a good software firewall installed and properly set up to block illicit incoming and outgoing Internet traffic. There are many good free firewalls listed in the security links section further down this page. My personal preference is for the free Comodo firewall. It is easy to install and configure, and it will provide excelent protection when used it in conjunction with a virus scanner, such as the free version of AVG AntiVirus, and the Windows Defender and Spybot Search & Destroy spyware scanners. Comodo now also provide free Anti-Malware, AntiVirus, and Website Authentication software. Scot Finnie has written about the Comodo, Jetico, Kerio, and Look 'n' Stop firewalls, which he recommends, in this April 2007 newsletter: http://www.scotsnewsletter.com/90.htm. He goes into more detail in this article: Review roundup: Slim is in for Windows desktop firewalls - "You don't need a bloated security suite to get the best protection from a firewall -- in fact, many of the biggest names offer less protection than simpler, lesser-known firewalls..." - http://www.computerworld.com/action/...articleId=9024319&intsrc=hm_ts_head Also covered in the April 2007 newsletter is "The Vista Firewall Situation", which discusses the current situation regarding the Windows Firewall provided by Windows Vista. Very few of the popular software firewalls currently support Vista. A situation that will definitely be changing rapidly as the software firewall developers rush to get their acts together. In the meantime, Vista users will have to make do with the Windows Firewall. The newsletter has this to say about the situation: "In case you think you don't need a firewall, be advised that while Vista's Windows Firewall is mildly improved, the added outbound protection isn't turned on by default, and you may find it difficult to configure. Windows Firewall still does not offer full firewall support. It's better than nothing if you don't have a third-party software firewall, but that's about it." Comodo Firewall Pro - "It's Free. Forever. No Catch. No Kidding - The Award-Winning Comodo Firewall Pro - PC Magazine Online's Editor's Choice - Secures against internal and external attacks - Blocks internet access to malicious Trojan programs - Safeguards your Personal data against theft - Delivers total end-point security for Personal Computers and Networks - Install now for out-of-the-box protection against identity theft hackers, Trojans, scripts and other unknown threats." - http://www.personalfirewall.comodo.com/download_firewall.html Comodo now also provide free Anti-Malware, AntiVirus, and Website Authentication software. Windows XP and Windows Vista have the Windows Firewall that can be accessed from the Control Panel. However, even the improved version that comes as part of Windows Vista, which, unlike the version in Windows XP, provides protection against illicit outgoing Internet traffic if configured correctly, is only better than not having any firewall protection. Under normal circumstances, you should not be using two or more complex security products of the same kind, such as virus scanners and firewalls to monitor a system at the same time, because doing so can cause problems. However, I have been using the free version of ZoneAlarm in conjunction with the Windows Firewall in Windows XP and in Windows Vista without any problems. Just make sure that the following setting in ZoneAlarm is disabled otherwise it disables the Windows Firewall: Firewall => Main tab => Advanced button => Disable Windows Firewall. Note that other security products, such as Norton AntiVirus, also have a setting that disables the Windows Firewall that is enabled by default. You can check if it is turned on or off under Start => Control Panel => Windows Firewall.
If you use a router to connect several computers to an Internet connection wirelessly, you should know that all routers have a feature called Network Address Translation (NAT). The router accesses the web with its own IP address, hides the IP addresses of the computers in the network, and sends the downloaded information to the internal IP addresses in the network. Many routers also have an inbuilt hardware firewall that can be enabled or disabled. You can run a software firewall on each computer in a network and make use a hardware firewall. The ABC's of Firewalls: http://www.zonelabs.com/store/content/catalog/firewallABC.jsp 4. -Use a good virus scanner/anti-virus software Install a good virus scanner and make sure that it is updated regularly with the latest virus definitions. The latest free version of the AVG Anti-Virus scanner is set to download updates by default as soon as the user goes online. A message come up asking for permission to do so. Obtain it from this page: http://free.grisoft.com/doc/2/lng/us/tpl/v5. Steganos AntiVirus 2007 - Anti-virus software - Five stars - Best Buy award by Computer Shopper in February 2007. "In our recent Labs test, it beat every other anti-virus application hands down." - £20 in June 2007 An excellent paid-for virus scanner is Nod32 from: http://www.nod32.com/. There are many free good virus scanners listed in the Links to security sites section on Page 2 of this article. Note that you should not have two or more virus scanners actively monitoring the system at the same time (e.g. when you're online), because doing that can cause system lock-ups. You should only have one virus scanner monitoring the system in real time. However, you can have several virus scanners installed as long as only one of them is actively monitoring the system. You can update all of them and use each of them (one at a time) to run virus scans. 5. - Use several spyware/adware removal toolsDownload and install at least one reputable spyware and adware removal tool, and make sure that it is also regularly updated, because the creators of spyware and adware are constantly trying their utmost to defeat the removal tools. The three best free removal tools are probably Microsoft's Windows Defender, Spybot Search & Destroy, Ad-Aware. There is more information about them in the Links to security sites section further down this page. You can pay for some excellent spyware scanners, some of which provide a free trial period in which you can test the scanner's effectiveness. Note well that there are rogue spyware scanners that are ineffective and charge for 'removing' spyware. Spyware Blaster is a good scanner, but check that it is created by Javacool Software, because there is a rogue program with the same name that is being made available. Sunbelt CounterSpy is an excellent product that can find spyware and backdoor Trojans that can make an infected computer send information to a remote location on the web, or download and install more software that compromises the computer's security. "This is a great anti-spyware program..." An excellent spyware detection rate and exceptional value made CounterSpy Computer Shopper Magazine's Best Buy Award winner for fall 2006!" - Download the Free 15-Day Trial - http://www.sunbelt-software.com/CounterSpy.cfm Spyware Warrior - http://spywarewarrior.com/ - has been exposing fraudulent and misleading antispyware products for several years. If you see an enticing advertisement for an antispyware, which can be delivered by reputable sites such as Google, Live.com, and Yahoo, you should check its reputation on the Spyware Warrior site before making a purchase, because the advertisements for products that generate false positives in order to fool users into purchasing their 'cure', and/or which use aggressive or misleading advertising can appear before the product is discredited with the advertisers, who then withdraw the advertisements. XsoftSpy used to be considered a rogue scanner by spyware experts, but the Spyware Warrior site says that its problems have been sorted out, and it is therefore no longer considered a rogue product. It can also find spyware and Trojans not detected by other spyware scanners. XoftSpy - http://www.xsoftspy.com/ Anti-Spyware Testing - http://spywarewarrior.com/asw-test-guide.htm The Spyware Warrior site contains plenty of first-rate research on and insight into spyware threats and anti-spyware tools/utilities. It has a forum section that is well worth visiting. It stands out among all of the many other similar sites. The Spyware Warrior Guide to Anti-Spyware Programs - Feature Comparison: http://spywarewarrior.com/asw-features.htm Spywareinfo.com/ is an excellent spyware/adware information site that has its own security-related forums. 6. - Create secure passwords to websites with which that you have accountsTo access password-protected websites such as online banking sites, PayPal, eBay, etc., make sure that you use passwords that are difficult to guess or crack with the special password-cracking software that hackers use to obtain passwords. That kind of software can be loaded with dictionaries and algorithms so that it can try using words, combinations of words, and the methods people use to create passwords until it succeeds in gaining access to an account. There is plenty of advice on the web on how to create secure passwords. If you enter the search term such as passwords + guide in the Google search box at the top of this page, you'll find links such as these two that I found myself: Secure Password Guide - http://www.strangecode.com/support/passwords.php Secure Password Generator - http://www.andrewscompanies.com/tools/passwords.asp Note well: most websites that hold sensitive information that can be accessed by logging in by entering a user name or e-mail address and a password don't allow more than a certain number of attempts (usually three) before the attempts are stopped. Any password-cracking software would have to log on, try three attempts, log off, and then log on again and try another three attempts, etc. The only reason password-cracking software can crack passwords is because it can make many millions of guesses in a minute. The cap on the number of logons allowed from a single IP adress is why the thieves have resorted to using e-mail messages made to look as if they came from eBay, banks, and PayPal, etc., in order to trick clients into providing their login information. Here is the reply I received from PayPal when I asked how secure a user's website account is if a user's e-mail address can be discovered just by running it on the user's website, and then only a password is required to gain access to that account: "Thank you for contacting PayPal. We apologize for the delay in responding to your service request. I can assure you that PayPal goes above and beyond when it comes to the safety of your account and personal information. PayPal has several barriers for hackers to go through. Even if someone attempted to figure out your password an account will be locked after a certain number of failed attempts just as one example." 7. - Set a password for Windows XP/Windows VistaIf you are using Windows XP Home Edition, make sure that you set a password that you have to enter in order to logon at start-up. When you set a password, you can create a prompt that reminds you what the password is without revealing it. If you happen to forget the password, just click the question mark beside the logon box on the Welcome screen to make the reminder appear. In Windows Vista, passwords are set for each User Account. To access the User Accounts, click on the Start button, open the Control Panel and click on User Accounts and Family Safety. If you're using the Control Panel 's Classic View, which makes the Control Panel look as it does in Windows XP, you won't see User Accounts and Family Safety, so just double-click on the User Accounts icon. The following article shows you how to set passwords for User Accounts. Securing Your Windows Vista Computer - http://www.cmu.edu/computing/documentation/secure_win/secure_vista.html How To Create a Windows Vista Password Reset Disk - "Creating a Windows Vista password reset disk can really come in handy if you forget your account password. With it, you can easily reset your password and get right in to Windows Vista. While there are ways to recover lost passwords without a password reset disk, they are often complicated and time consuming..." http://pcsupport.about.com/od/windowsvista/ht/vistapwdisk.htm Note that the logon passwords that you can set for Windows 95, Windows 98, and Windows Me are a waste of time, because anyone just has to click the Cancel button to get past them. Only the passwords used by the Windows NT family of operating systems (Windows NT, Windows 2000, and Windows XP) cannot be bypassed. You, the computer's owner, are the Administrator. You don't have to set a password when The Home Edition of XP is installed as you do have to with the Professional Edition. This means that anyone who can turn the computer on can access the system and make any changes to it that you are able to, including changing the password. If you have a brand-name PC with the Home Edition pre-installed, it probably won't have a password set. Note well that an Administrator account without a password makes it more vulnerable to potential hackers. In the Home Edition of XP, you use User Accounts in the Control Panel to set a password for the Administrator account. **** I Forgot My Administrator Password! - Can't Log On to Windows XP?Visit the Recovering Windows XP page on this site for information on how to recover a forgotten Administrator login password. How to keep your data private in Windows XPNeither Windows XP Home Edition, nor XP Professional Edition can protect a specific folder or file with a password. You can only password-protect an Administrator or a Limited User Account. Moreover, Windows XP has to be using its native NTFS file system, not FAT32. Keep data Private - http://www3.telus.net/dandemar/private.htm 8. - Never respond to e-mail messages that ask for your log-in and account detailsNever respond to e-mail messages that seem to come from banks, PayPal, eBay, etc., that ask you to verify your account details, or e-mails saying that you have received an e-card greeting, because they are all methods of obtaining your user names and passwords, or of installing Trojan backdoor software that can send your personal information back to its originator from your computer. If you receive a message that says you have received an e-card, which doesn't use your name and provides a link to click, if you click it, you'll be taken to what looks like a genuine e-card site. You'll have to enter the code that was provided in the e-mail message in order to gain access to a non-existent e-card, but when you enter the code a message saying something such as, "Your browser doesn't have a Flash player for e-cards". Your browser will then produce a message asking if you want to download and install a file. Refuse permission, because that file isn't a Flash player, it's a Trojan backdoor program that will compromise the security of your computer. 9. - Make restorable backupsMake sure that you use some kind of backup system regularly that enables you to recover from a system failure that makes Windows unable to start up. There are many ways to creat all kinds of backups, with many different programs, tools / utilities. You can create a restoarble master image of the entire system and burn it to recordable CD/DVDs, or, if you have a Windows CD and the CDs/DVDs of your application software, you can just make backups of the data files and settings. In the event of an irrecovable system crash, you can reinstall Windows and all of your applications and then restore your data files and settings. Visit this page on this site for more information: Software: Data Recovery - Back-ups - Programs and Methods Used to Create Backups. 10. Actions to take if your computer is infected by a virus or spywareNo security precautions are foolproof. The actions to be taken should you computer be infected by a virus or spyware are listed very well on this page: A step-by-step guide to dancing The Security Tango! - http://securitytango.com/tango.php
Intrusion Detection Software (IDS)Consider using some Intrusion Detection Software (IDS), which can often catch intrusions that virus and spyware scanners and tools (IPS - Intrusion Prevention Software) miss, but which all too often uses up plenty of system resources. Therefore choosing the right product can be difficult, involving trading off the degree of protection that is provided against the system resources used. IDS programs detect malware trying to get into a computer by judging its behaviour instead of matching a signature. It's analogous to a detective catching a thief by looking for his methods of operation instead of finding his fingerprints. Anyone who uses WinPatrol or SpyBot's TeaTimer are using a form of IDS. Many IPS programs, such as Spybot S&D, also contain an IDS program, such as the Spybot TeaTimer. An IDS guide is available free from: http://www.techsupportalert.com/intrusion-detection.htm Several of the reviewed IDS products are freeware. Mike Lin's Start-up Monitor informs you if a program or Trojan wants to make itself a start-up program that loads at boot-up. This is a valuable line of defence that is well worth installing. You can obtain the program free of charge. If you find it useful you can give Mike a donation from his site - http://www.mlin.net/.
PC Buyer Beware! Copyright © Eric Legge 2004-2008. All right reserved. | |||||||||||||||||
 | | | | ||||||||||||||
