PC Security

The essential security-protection methods

Software applications and operating systems are continually developing and are just as continually leaving gaping holes that hackers discover and exploit – and software developers are forced to patch. Therefore, it is essential to keep up to date with the latest ways and means of providing your PC or network with the most effective and cost-effective protection.

Free security analysis tools are available that can analyse the contents of a computer and determine security weaknesses. The Microsoft Baseline Security Analyzer (MBSA) is the best free product. It covers a variety of areas of importance in making a PC secure and provides solutions wherever weaknesses are discovered. It is simple enough for intermediate computer users to use, but is also sophisticated enough for professional use. If you are a novice to computer security, you can download and run it after you have read and understood the contents of this section of this site.

The installation of MBSA requires validation via Windows Genuine Advantage. MBSA can analyse a single computer or the computers on a network. It saves each scan as a report that can be printed or copied to the Windows Clipboard. Brightly coloured icons make it a simple matter to see safe (green), questionable (yellow,) or problem (red) areas. Additional information, indicated by a blue icon, is also provided. Each entry in the report links to help text that explains what was scanned and, in many cases, provides details on the results. If a problem is discovered, a “How to correct this” link is made available. The help files often link to additional files online, such as Microsoft Knowledge Base articles.

Microsoft Baseline Security Analyzer –

“Microsoft Baseline Security Analyzer (MBSA) is an easy-to-use tool designed for the IT professional that helps small- and medium-sized businesses determine their security state in accordance with Microsoft security recommendations and offers specific remediation guidance. Improve your security management process by using MBSA to detect common security misconfigurations and missing security updates on your computer systems.” –

http://technet.microsoft.com/en-us/security/cc184924.aspx

The 9 essential protection methods to employ are:

1. – Install the latest security updates/updates for the operating system, the web browser and software, such as Flash Player, Java, RealPlayer, Windows Media Player, etc. I have uninstalled Java in Windows and have never had any need for it. It is a major source of security vulnerabilities.

Keep your computer that is running Windows updated with the latest updates from Windows Update. If you use another operating system (e.g., Linux) or Internet browser (e.g., Mozilla Firefox), visit its site for updates or set it to install updates automatically. Microsoft makes security updates available once a month on “Patch Tuesday” – the first Tuesday of the month. Look under Windows Update in the Control Panel for the available settings – download automatically, notify of new updates but don’t download, turn off updates. Extended security support for Windows XP ended on April 8, 2014.

Many add-ons have been created for the Firefox browser, some of which enhance security, such as the following add-ons: 8 essential privacy extensions for Firefox – Protect your online life from prying eyes with these key Firefox privacy add-ons –

Firefox Privacy Add-Ons – Extensions – Complete Guide –

https://www.privacyend.com/firefox-privacy-add-ons/

A computer can have several old programs installed on it that require patches or updating in order not to be a security risk. The most common programs are Java, Flash Player, QuickTime, Adobe Reader, WinZip, RealPlayer, Yahoo! Messenger, and Winamp, etc. Sometimes when you install the latest version, the old version can be left installed. If that is the case it doesn’t present a security risk, because the latest version is being used. You can check if you have any unpatched software by downloading and using the free Secunia Personal Software Inspector.

Secunia Personal Software Inspector (PSI) –

“The Secunia PSI is available free of charge. Secure your PC. Patch your applications. Be proactive. Scan for Insecure and End-of-Life applications. Track your patch-performance week by week. Direct and easy access to security patches. Detect more than 300,000 unique application versions.” –

http://secunia.com/vulnerability_scanning/personal/

This is what WIndows Secrets said about Secunia PSI in its newsletter on October 13 2016: “Secunia Personal Software Inspector was for years a go-to application for keeping your software up to date. But Secunia was acquired by Flexeria last fall, and, ironically, the last PSI update appears to be Dec. 3, 2015. As a security product for individual Windows users, PSI seems to be dead.However, these days, most of our key applications — such as Chrome and Firefox — update automatically. And those that don’t will often alert you to new versions. So there’s probably no long a need for a product such as PSI.”

Secunia PSI might make a comeback so I will leave the information about it here until it is removed from the site of the outfit that purchased it.

You can also download and run the Filehippo Update Checker that finds updates.

filehippo.com Update Checker – “Welcome to the new filehippo.com Update Checker! We’re currently beta testing this exciting new addition to our website and have released it as a public beta for everyone to download. What is it? The Update Checker will scan your computer for installed software, check the versions and then send this information to filehippo.com to see if there are any newer releases. These are then neatly displayed in your browser for you to download.” – http://www.filehippo.com/updatechecker

2. – Use an alternative browser to Internet Explorer and an alternative e-mail program to Outlook Express

Instead of Internet Explorer (IE) use an alternative such as Mozilla’s Firefox. Every hacker and malware programmer on earth is constantly trying to find ways of exploiting Internet Explorer (currently up to version 11.0, which can only be run on Windows 7, 8.0 and 8.1 desktop and laptop PCs.

You can keep Internet Explorer installed in case you have to use it for certain sites that won’t work without it. As long as you have sufficient system resources, you can have as many browsers as you like installed and running at the same time, so if you can’t get a site to work with Firefox, open Internet Explorer and use it instead.

Firefox is highly resistant to malware infection. Every method of installing malware through Firefox requires the user to give permission to install it. The rule of thumb for any browser is if a message suddenly appears for no reason asking for permission to install software, or to run a script, always click No unless you know exactly why your permission is required to install a program or run a script that makes the browser take certain defined actions.

However, if you must use Internet Explorer, then make sure that you are using at least version 8 (Internet Explorer 8), which has improved security features, such as a Phishing Filter. It is the highest version that can be used with Windows XP, the extended security support for which ended on April 8, 2014.

You can use Web of Trust (WOT), a browser plugin, for extra protection. It can warn you if you’re visiting undesirable sites in your web browser itself, which could Internet Explorer, Firefox, Opera, Chrome or Safari. It shows its website ratings in search engine results as well. – http://www.mywot.com/

You should note that WOT uses user input to gauge a website’s safety levels, so, if enough users vote it unsafe in any safety category, it will be classified as unsafe in that category. This means that websites that are completely safe, such as those belonging to advertising companies, which many users don’t like or want to sabotage, even though they help keep web access free, can be voted unsafe when they are completely safe to use.

For the same reasons, for an e-mail program, instead of using Microsoft’s Outlook Express, use Mozilla’s Thunderbird or Windows Live Mail.

Windows Live Mail – http://en.wikipedia.org/wiki/Windows_Live_Mail

They won’t execute dodgy scripts or launch the malware (malicious software) programs that an unpatched installation of Outlook Express does. Even with all of the latest security updates installed, Outlook Express still draws images into e-mails that it can display in its preview window. The sender of the message can use an image only a screen pixel in size to find out if your e-mail address is active and then sell it so that you get flooded with spam. Thunderbird doesn’t do that. It can be a little problematic occasionally, but it makes up for that by having a superb spam filter.

All you have to do is configure its Junk Mail Controls under the Tools menu, and then highlight a spam message and hit its Junk button. The spam filter learns what sort of e-mail you would rather not see in your Inbox. After all of the e-mail messages have been downloaded, the spam is transferred to the Junk box from where it can be deleted or set to be deleted after a specific period. If it flags a valid message as spam, you can tell it that it has made a mistake and it shouldn’t repeat it.

3. – Use a good software and/or hardware firewall instead of the Windows Firewall 

Have a good software firewall – free or paid for – installed and properly set up to block illicit incoming and outgoing Internet traffic. That said, being security-savvy, I have been using on the Windows Firewall, accessed via the Control Panel, on my desktop and laptop computers that run Windows XP Professional, Windows 7 and Windows 8.1 without experiencing any security or other problems.

There are several to choose from, but ZoneAlarm Free Firewall 2013, made available from zonealarm.com is the free one held in the highest regard by most reviews. There are also several paid-for firewalls that come as stand-alone programs or as integrated into security suites.For example, the AVG Internet Security suite provides a firewall.

If you use a router to connect several computers to an Internet connection wirelessly or via Ethernet network cables, you should know that all routers have a feature called Network Address Translation (NAT). The router accesses the web with its own IP address, hides the IP addresses of the computers in the network, and sends the downloaded information to the internal IP addresses in the network. Most routers also have an inbuilt hardware firewall that can be enabled or disabled. You can run a software firewall on each computer in a network and make use of a router’s hardware-firewall features, of which NAT is one, that most router’s have enabled by default.

4. – Use a good virus scanner/anti-virus software

Install a good virus scanner and make sure that it is updated regularly with the latest virus definitions. The latest free version of the AVG Anti-Virus scanner is set to download updates by default as soon as the user goes online.

An excellent paid-for virus scanner is ESET Nod32 from: https://www.eset.com/uk/.

Note that you should not have two or more virus scanners actively monitoring the system at the same time (e.g. when you’re online), because doing that can cause system lock-ups. You should only have one virus scanner monitoring the system in real time. However, you can have several virus scanners installed as long as only one of them is actively monitoring the system. You can update all of them and use each of them (one at a time) to run virus scans. The free Malwarebytes malware scanner is worth running manually. It asks you if you want it updated online if a lengthy period has elapsed since it was last updated. The paid-for version actively monitors the computer’s system.

5. – Create secure passwords to websites with which that you have accounts

To access password-protected websites such as online banking sites, PayPal, eBay, your email account(s), etc., make sure that you use passwords that are difficult to guess or crack with the special password-cracking software that hackers use to obtain passwords. That kind of software can be loaded with dictionaries and algorithms so that it can try using words, combinations of words, and the methods people use to create passwords until it succeeds in gaining access to an account.

Make your password to email accounts such as hotmail and gmail very strong because if hackers get into them they can cause you all kinds of security problems on other sites by using the “Forgot your password?” option to email it to you or send you a new password, which they can access. There is plenty of advice on the web on how to create secure passwords. Research has found that millions of people are using same password for every website, which is utter madness.

Secure Password Guide – http://www.strangecode.com/support/passwords

Secure Password Generator – http://www.andrewscompanies.com/tools/passwords.asp

Note well: most websites that hold sensitive information that can be accessed by logging in by entering a user name or e-mail address and a password don’t allow more than a certain number of attempts (usually three) before the attempts are stopped. Any password-cracking software would have to log on, try three attempts, log off, and then log on again and try another three attempts, etc. The only reason password-cracking software can crack passwords is because it can make many millions of guesses in a minute. The cap on the number of logons allowed from a single IP address is why the thieves have resorted to using e-mail messages made to look as if they came from eBay, banks, and PayPal, etc., in order to trick clients into providing their login information.

Here is the reply I received from PayPal when I asked how secure a user’s website account is if a user’s e-mail address can be discovered just by running it on the user’s website, and then only a password is required to gain access to that account:

“Thank you for contacting PayPal. We apologize for the delay in responding to your service request. I can assure you that PayPal goes above and beyond when it comes to the safety of your account and personal information. PayPal has several barriers for hackers to go through. Even if someone attempted to figure out your password an account will be locked after a certain number of failed attempts just as one example.”

6. – Set a password for Windows

If you are using any version of Windows, make sure that you set a password that you have to enter in order to logon at start-up. When you set a password, you can create a prompt that reminds you what the password is without revealing it. If you happen to forget the password, just click the question mark beside the logon box on the Welcome screen to make the reminder appear. Different users of a computer running Windows can each be given their own User Account that they log into. Passwords should be set for each User Account. Administrator accounts should also be password-protected. Using an Administrator Account can vary from one version of Windows to another. There is plenty of information on the web on how to use one.

If you need more information on setting a password for a particular version of Windows, use the following search query and add that version to it: How to set a password for Windows (XP, Vista, 7, 8.0, 8.1, etc.). You can refine the search query further by adding the word user or administrator before the word password.

7. – Never respond to e-mail messages that ask for your log-in and account details

Never respond to e-mail messages that seem to come from banks, PayPal, eBay, etc., that ask you to verify your account details, or e-mails saying that you have received an e-card greeting, because they are all methods of obtaining your user names and passwords, or of installing Trojan backdoor software that can send your personal information back to its originator from your computer.

If you receive a message that says you have received an e-card, which doesn’t use your name and provides a link to click, if you click it, you’ll be taken to what looks like a genuine e-card site. You’ll have to enter the code that was provided in the e-mail message in order to gain access to a non-existent e-card, but when you enter the code a message saying something such as, “Your browser doesn’t have a Flash player for e-cards”. Your browser will then produce a message asking if you want to download and install a file. Refuse permission, because that file isn’t a Flash player, it’s a Trojan backdoor program that will compromise the security of your computer.

8. – Make restorable backups

Make sure that you use some kind of backup system regularly that enables you to recover from a system failure that makes Windows unable to start up. There are many ways to create all kinds of backups, with many different programs, tools/utilities. You can create a restorable master image of the entire system and burn it to recordable CD/DVDs, or, preferably to a high-capacity external hard disk drive, which are inexpensive. You would keep the external drive disconnected from the computers that it has system images of, preferably in a fireproof storage facility.

9. – Actions to take if your computer is infected by a virus or any other malware

No security precautions are foolproof. Any computer can get infected with malware ranging from Trojan viruses that allow a hacker to take over the system to a an unwanted toolbar, with others in between such as phony virus scans that fake a virus infection and ask you to buy fake antivirus software to get rid of the problem.

The first step to take is to update and run your anti-malware scanner(s), preferably from Safe Mode that is accessed by pressing the F8 key repeatedly to bring up the boot menu of which Safe Mode is an option. Safe Mode with Networking allows the user to get online. Online malware scanners are available, such as HouseCall made available from the Trend Micro website. There are several others, such as the fast and free Kaspersky Security Scan.

In Safe Mode, malware can’t function and is therefore much easier to detect and remove. I would also run System Restore and restore a restore point that predates the infection.It must predate the infection otherwise the malware will be restored. The best way of getting rid of an infection completely is to restore a recently created system image, which all computer users who value their data should be creating regularly.