What You Must Know About PC Security

Why do I need to worry about PC security?

It wasn’t that long ago that you could buy a PC, have fun on the Internet, and - if you had time - get an anti-virus program just in case. Those days are long gone!

Lurking out there waiting to infect your PC are viruses to be sure, but also worms, Trojan horses, spyware, adware, keyloggers, bots, and others. If you read the article All About Malware, you’ll be shocked.

Let’s make an analogy between your PC and your home. Most of us lock our doors and windows and monitor who comes in and out. Your PC has “doors and windows” to the outside world, the Internet - they’re called “ports.” Any ports you’re not using should be closed. And when you do have some ports open for emailing or browsing, you need to make them as secure as possible.

If you do not secure your PC and use the Internet and email wisely, it is only a matter of time before your PC will become contaiminated and you may lose valuable data. In addition, your personal information may be stolen, you may send virus-laden emails to your friends, and your PC may be used by hackers to send out millions of spam emails, or participate in bringing down legitimate websites. As a member of the cyberspace community, you have the responsibility not only to protect your own property, but that of friends and strangers alike.

Check Your PC Security

An excellent website exists where you can check how secure your PC is. Steve Gibson of the Gibson Research Corp. specializes in PC security. His program, called ShieldsUp!, will test your PC ports. Go to www.grc.com  (will open in a new window) - page down to the heading "Hot Spots" and click on ShieldsUp! Go to the bottom of the next page and click "Proceed." Run the 5 different tests and review the results.

What are the problems?

Let’s look at six different problems and then their solutions. When actual instructions are presented below, they have only been verified for Windows XP.

Problem 1: Vulnerabilities in Windows and Internet Explorer

The folks who create viruses and other malware target the Windows operating system and Internet Explorer because they are so widely used. They exploit vulnerabilities in these programs. These programs need to be kept up-to-date, and using an alternate browser is highly recommended.

Solution:

1. Keep your Windows operating system up-to-date. The easiest way is to let Windows do it automatically. To turn on Automatic Updates, click Start / Control Panel / Security Center (classic view). On this window you will see an option for turning on Automatic Updates. If you have chosen to update manually, then once a month click the yellow shield located in the lower right corner of your screen by the clock, and check off the updates you wish to download. Download high-priority updates and IE updates. After the updates have finished downloading, click the icon again to install the updates.
2. Use an alternate browser. Because the cyberspace crooks target Internet Explorer, you are much safer using an alternate browser for your everyday browsing and just use IE if absolutely necessary - which will be seldom to never. See my Favorite Downloads link for more information about Firefox and other free, alternative browsers.
3. Adjust security settings in Internet Explorer:
   
   • Launch IE and click Tools / Internet Options. Click the Security tab.
   • Click the globe icon at the top left labeled “Internet” and at the bottom click Default Level. Click OK.
   • Then click Custom Level and cursor down to the “ActiveX controls and plug-ins” section.
   • Find “Download signed ActiveX controls” and make sure Prompt is selected
   • Find “Download unsigned ActiveX controls” and make sure Disable is selected
   • Find “Initialize and script ActiveX controls not marked as safe” and make sure Disable is selected.
   • Exit out of Internet Explorer.

Problem 2: Shared Ports in Windows/XP

The Windows operating system has been designed to allow you to participate in a network and share resources like files and printers. The default setting in Windows is “share.” Now, you may not be on a “local area network” at your home, but when you are on the Internet you ARE on a network as far as Windows is concerned - a huge, world-wide network! Every day millions of Internet Scanners are running looking for PCs on the Internet with open, unguarded ports.  If you are not on a local area network, then you need to close these sharing ports.

Solution: Close Windows Shared Ports

• Click Start / Control Program / Network Connections.
• If you are connecting to the Internet via Dialup, right click on each Dial-Up you have create and click Properties. Click the Network tab. Uncheck “File and Printer Sharing for Microsoft Networks,” and uncheck “Client for Microsoft Network.”
• If you connect to the Internet via Broadband, right click your broadband connection and click on Properties. On the Networking tab, uncheck “File and Printer Sharing for Microsoft Networks,” and uncheck “Client for Microsoft Network.”
• Then, under LAN or High-Speed Internet, right-click on Local Area Connection and uncheck “File and Printer Sharing for Microsoft Networks,” and uncheck “Client for Microsoft Network.”

Problem 3: Vunerability While on the Internet

When you are on the Internet, some of your PC ports must be open so you can send and receive emails, and communicate with websites. But you need to control what other programs can come in and go out of your PC ports. A good software firewall keeps outside programs from coming into your PC. It also monitors the programs on your PC that want to go out to the Internet.

Solution: Use a Software Firewall. A firewall is like having a guards surrounding your home monitoring who comes in and who goes out. I highly recommend you purchase a firewall or use one of the free firewalls, such as Zonealarm. I don't recommend using the firewall that comes with Windows/XP because it only monitors programs wanting to come into your PC, not programs that want to go out to the Internet. Why is this important? Some malware needs to “phone home”. to bring back the really damaging programs. For example, several years ago, Zonealarm alerted me that a program wanted to access the Internet. The alert popped up out of the blue and the program name looked odd, so I denied it access and immediately searched the Internet with the program name. Lo and behold, it was a Trojan horse wanting to get out so it could bring back with it the programs that would take over my PC! I was able to delete the file and prevent any damage solely because I used my firewall properly.

There are many good articles on the Internet describing what a firewall does. I have used the free Zonealarm firewall for years and it works well. Though I make no guarantees regarding your PC, I have shared my experiences training Zonealarm in a separate article titled Using the Free Zonealarm Firewall

Problem #4: Viruses and Malware

Even if we are diligent, a virus or malware is bound to sneak in if we use the Internet a lot. When one does, the faster you eradicate it, the better your chances that it hasn’t caused any harm.

Solution: Using anti-virus and anti-malware software

You must have anti-virus and anti-malware software on your PC. You must ensure these programs are updated weekly and you must scan your PC weekly. You can rely solely on free products (like I do presently) or you can buy the paid versions and get a few more features and automatic updates.  Before you buy, do some research. You can also purchase a suite of software that includes a firewall, anti-virus, anti-malware, and other features, but these may be difficult to use for some folks due to their complexity. You can review software at many sites, but make sure the site is unbiased. These sites appear to be relatively objective (website will open in a new window):  www.download.com, www.pcworld.com, www.consumersearch.com, and http://reviews.cnet.com (though cnet.com seems to favor the large corporation software and often ignores the smaller company’s software - which is often better and more popular.)

Are the free programs really any good? Absolutely! Most of the companies that have a paid version of anti-virus or anti-malware software also provide a free version of excellent quality. Since they’re updating the paid version everyday, it doesn’t cost them much to offer a scaled-back version free to the public. Many folks can’t afford or just refuse to pay for all this security software. But many folks will install security software if it’s free. By providing a free version of their software, these companies are benefiting the cyberspace community by increasing the number of protected PCs, and decreasing the rate of infection. It’s good PR for them and they hope you’ll eventually upgrade to the paid version.  Think about it. If you decide someday to buy software to get the extra features, who are your going to buy from? Norton? Or the nice company whose free software has been nicely protecting your PC for the last 8 years? Please see the separate article Great Free Software.

Problem #5: The End User

I hate to say this, but the PC user is often the problem! Some folks naively view the Internet as a big candy store. They open email from strangers, open any email attachment, visit unscrupulous websites, download anything that looks fun, download anything they are told to, give their email address out to anybody and any website, register on any site that requests it, click on popup ads, and chat online. Whew! (And having a firewall is just too much trouble…!) These are the folks whose PCs are littered with viruses and malware, and who may unknowingly be aiding and abetting cyberspace crooks.

Solution: Use the Internet Wisely. Please see the separate document called Smart Rules for Using the Internet

Problem #6: Other Windows Vunerabilities

There are a few other services in Windows that Microsoft has enabled by default that make your PC vulnerable to hackers. Below are some changes you may want to consider:

Solution: Turning off unnecessary services under Administrative Tools

1. Disable Messenger service on Windows XP (has nothing to do with Instant Messaging):
   
   • Open the list of services running on your PC.  For XP, click Start / Control Panel / Administrative Tools (inside Performance and Maintenance if not using Classic View.  Switch to Classic View!). For 2000, find Administrative Tools under Settings
   • Double-click on Administrative Tools and click on double-click on Services.
   • Scroll down the list of services on the right until you find Messenger and double-click on Messenger. The properties window will open.
   • Select the General tab. If the service is running, click the Stop button under Service Status.
   • In the center of the window, there is a Startup Type drop-down menu. The selection is Automatic by default. Click the drop-down menu and select Disabled. Click OK. If you are running Windows 2000 or XP Pro (not Home), continue below.
2. Disable Remote Registry Service
   
   • While on the Services window, scroll down the list of services on the right until you find Remote Registry Service and double-click on Remote Registry Service. The properties window will open.
   • Select the General tab. If the service is running, click the Stop button under Service Status.
   • In the center of the window, there is a Startup Type drop-down menu. The selection is Automatic by default. Click the drop-down menu and select Disabled. Click OK.
   • Exit out of the open windows.

Back to Top