How to Secure Your Computer Using Free Tools and Smart Strategies
Transcription
How to Secure Your Computer Using Free Tools and Smart Strategies
How to Secure Your Computer Using Free Tools and Smart Strategies: An Internet Self-Defense Course Version 1.08 -1- © 2004 Douglas Partridge & Kevin Ryan — All Rights Reserved. www.SecureYourComputer.Net Unauthorized duplication or distribution is strictly prohibited. How to Secure Your Computer Using Free Tools and Smart Strategies: An Internet Self-Defense Course This is NOT a free eook and does not come with resell rights. If you’re interested in making money with this book see page 74. Disclaimer of Warranty / Limit of Liability Disclaimer of Warranty: The authors of this material used their best efforts in preparing this material. The authors of this book make no representation or warranties with respect to the accuracy, applicability, completeness or the contents of the book. The authors disclaim any warranties (expressed or implied) for any particular purpose, or any consequences arising from the use of this material. The authors shall in no event be held liable for any loss or damages. You are advised to seek the opinion of a legal professional when dealing with business matters. The content of this ebook and bonus materials are protected by International copyright laws and may not be reproduced, redistributed, resold without the prior permission of the original authors. The authors of this material did not develop any of the software programs mentioned within this book and bonus materials. Should you have an issue with a business or product, your only recourse is to contact the company or developer directly. Trademarks: All trademarks and product names used in this book and bonus materials are properties of their respective owners. Windows and Windows XP © Microsoft Corporation. Regarding Internet Links: An active web connection is needed to view links recommended in this book and bonus materials. While every effort has been made to keep the links updated at the point of writing, the authors cannot be responsible for any outdated or broken links. All links are for informational purposes only and are not warranted for content, accuracy or any implied or explicit purpose. We strongly recommend that you make a full computer backup before changing any system settings and installing programs. -2- © 2004 Douglas Partridge & Kevin Ryan — All Rights Reserved. www.SecureYourComputer.Net Unauthorized duplication or distribution is strictly prohibited. How to Secure Your Computer Using Free Tools and Smart Strategies: An Internet Self-Defense Course About the Authors Doug Partridge Doug Partridge has been in the Information Technology field since 1990 and has worked in employee and consulting capacities from startups (during the infamous "dot bomb" era) to global, multi-national companies. He received his MCSE certified (Microsoft Certified System Engineer) in 1997, and has spent the past four years working in Information Security and as an Email Administrator for Nestle. Kevin Ryan Kevin Ryan has a decade of experience in the Information Technology industry. Holding the premiere Information Security certification (CISSP), Kevin has worked in Information Security at a leading global 100 company for the past seven years. -3- © 2004 Douglas Partridge & Kevin Ryan — All Rights Reserved. www.SecureYourComputer.Net Unauthorized duplication or distribution is strictly prohibited. How to Secure Your Computer Using Free Tools and Smart Strategies: An Internet Self-Defense Course Special Message to the Reader The Internet today is comprised of some unquestionably great minds, and what’s their mission? For some it’s simple: to figure out every possible way to exploit the average computer user. These shadowy figures exploit people’s trusting nature, and in most cases, lack of adequate computer security to gain unauthorized access and infect computers with Spyware and other malicious threats. The environment on the Internet today requires paying very close attention to what information comes in and out of your computer. You can have every security tool imaginable protecting your machine, but without a basic knowledge of the current threats, to some extent you’re still vulnerable. Why We Wrote This Book It was these thoughts that prompted me to call my long-time associate in the Information Security field, Kevin Ryan. It turned out that Kevin shared many of the same thoughts about the poor state of Internet security. While the average IT professional knows exactly how to protect his computer and practice “safe computing,” recent Internet studies show that general security awareness is desperately lacking. This is truly unnecessary; with just a little bit of information and the right tools, anyone’s computer can be just as secure as those of computer professionals. With the number of people using “always on” broadband Internet connections on the rise, this information is especially vital. With this goal in mind, we sat down and outlined all of the information that became this ebook. Our objectives were simple: -4- © 2004 Douglas Partridge & Kevin Ryan — All Rights Reserved. www.SecureYourComputer.Net Unauthorized duplication or distribution is strictly prohibited. How to Secure Your Computer Using Free Tools and Smart Strategies: An Internet Self-Defense Course With high-speed Internet users in mind, write an easy to understand, step-by-step “how to” security book (note: for reasons explained later in the book, dial-up users would do well to follow the same steps). Highlight effective free security tools and services, and show how to use them. More than simply mention tools – explain not only why you need them, but how and why they work. Share “smart strategies” to protect your private data – and reduce the risk of threats like online Identity Theft. If you follow these steps, after reading this book and bonus materials, you will have a secure computer now, and you’ll know how to remain protected against future threats. You will have a keen eye for “Phishing” (email-based scams designed for identity theft) and other email-based scams. When making an online purchase, you’ll know if you’re in a “safe” environment or not. Most importantly, you’ll be armed with knowledge and that is a vital component of security. We sincerely hope you enjoy this holistic Internet self-defense course. Sincerely, Doug & Kevin P.S. A little bit about “I,” “we” and “ours.” As you know this book was written by two people. When we split up the chapters, we chose to write in the first person. At the same time, you’ll see phrases like “our eBook” and “we hope,” usually this is when referring to this work as a whole. Hopefully you don’t find this distracting. -5- © 2004 Douglas Partridge & Kevin Ryan — All Rights Reserved. www.SecureYourComputer.Net Unauthorized duplication or distribution is strictly prohibited. How to Secure Your Computer Using Free Tools and Smart Strategies: An Internet Self-Defense Course Table of Contents About the Authors....................................................................................3 Doug Partridge.....................................................................................3 Kevin Ryan ..........................................................................................3 Special Message to the Reader ..............................................................4 Table of Contents ....................................................................................6 Introduction – The “Perfect Storm” of Modern Day Computing..............8 Another “Perfect Storm”.......................................................................9 Remainder of this Book .....................................................................14 Punch #1 – Personal Firewall................................................................16 What is a Firewall, and Why Do You Need One?..............................16 Your Firewall is “Muscle” on Your Side .............................................17 The Truth Exposed Through Security Scans.....................................18 Sygate’s Personal Firewall ................................................................23 My Security Scans After Installing a Firewall.....................................26 Zone Alarm ........................................................................................28 Doesn’t Windows XP Have a Built-in Firewall? .................................30 Punch #2 – Anti-Virus............................................................................31 Malware – What is it? ........................................................................31 Anti-Virus Programs...........................................................................36 AntiVir Anti-Virus Software ................................................................38 AntiVir Configuration Tips ..................................................................38 Virus Hoaxes .....................................................................................42 Punch #3 – Adware & Spyware Removal .............................................44 Spyware.............................................................................................45 How Spyware Gets on Your Computer .............................................47 Signs That You’re Infected ................................................................49 Spyware Removal Tools....................................................................50 -6- © 2004 Douglas Partridge & Kevin Ryan — All Rights Reserved. www.SecureYourComputer.Net Unauthorized duplication or distribution is strictly prohibited. How to Secure Your Computer Using Free Tools and Smart Strategies: An Internet Self-Defense Course The Benefits of “Real-Time” Protection .............................................53 A Moment for Security Reflection … .....................................................55 Punch #4 – Windows Security Settings ................................................56 Creating A Password-Protected Log-on ............................................56 Creating A Password-Protected Screensaver ...................................59 Creating Private Folders ....................................................................60 Disable Unused Services...................................................................61 Stop File and Print .............................................................................62 Stop the Messenger Service..............................................................64 Windows Patches and Updates.........................................................66 Windows Web Updates .....................................................................67 Download Summary ..............................................................................71 Bonus #1 – Online Identity Theft: Self-Defense 101 .........................72 Bonus #2 – Email Security & Smart Strategies .................................73 Bonus #3 – Smart Strategies for Reducing Spam.............................73 Parting Thoughts ...................................................................................74 Recommended Reading........................................................................75 -7- © 2004 Douglas Partridge & Kevin Ryan — All Rights Reserved. www.SecureYourComputer.Net Unauthorized duplication or distribution is strictly prohibited. How to Secure Your Computer Using Free Tools and Smart Strategies: An Internet Self-Defense Course Introduction – The “Perfect Storm” of Modern Day Computing Note: this chapter provides background information and general commentary on the current state of security on the Internet. Reading it will provide a good foundation for the rest of the book, however, if you’re eager begin securing your computer – jump to the next chapter. The condition of modern day computing is well illustrated by the George Clooney and Mark Wahlberg tour de force, “The Perfect Storm.” For the benefit of those who missed this movie, it’s a riveting tale based on real events that took place in October 1991. The factors responsible for this perfect storm are so rare they are said to occur, maybe, once every hundred years. In October 1991, three significantly powerful storm systems came together creating one apocalyptic force. This storm caused winds in excess of 125 miles an hour, and created ocean waves over 10 stories high. Few people on earth had ever witnessed such a cataclysm. Tragically the six members of the commercial fishing boat, “The Andrea Gail” never got the warning and went straight into the center of this tempest. Now how could George Clooney, Mark Wahlberg and a fiercely powerful storm back in 1991 possibly relate in any way to modern computer security? Well, it illustrates how powerful forces can come together to create a threat much greater than the individual parts. I’ll resist the temptation to go further with this illustration: imagine you and your computer are like the Andrea Gail, out on the open and angry sea, danger lurking ‘round every corner! That would just be too much. ☺ -8- © 2004 Douglas Partridge & Kevin Ryan — All Rights Reserved. www.SecureYourComputer.Net Unauthorized duplication or distribution is strictly prohibited. How to Secure Your Computer Using Free Tools and Smart Strategies: An Internet Self-Defense Course Another “Perfect Storm” Here are the four factors creating our “Perfect Storm” on the Internet today: Factor One – the Open Nature of TCP/IP TCP/IP is the protocol your computer uses while on the Internet. What is a protocol? Sometimes protocols are likened to languages, but they’re really more like “rules” computers must follow when attempting to “speak” to each other. This idea can be illustrated by a common every day task – making a phone call. You want to talk to your friend; you initiate the process by dialing their number. When your friend answers with “hello” or “what’s up?” or “who this!?” – then you would normally reply with your name. The connection is successfully established on both ends, and you and your friend go with the conversation. This simple exchange is similar in concept to how computers using TCP/IP start conversations with each other. These “connection conversations” are going on behind the scenes every time you do something ordinary like view a web page or send email. The “open nature” of TCP/IP dates back to its origins in the mid-to-late 1960s. The whole purpose of TCP/IP was open communication – not only between different computers, but also between different types of computers. In this way, TCP/IP has been, and continues to be a huge -9- © 2004 Douglas Partridge & Kevin Ryan — All Rights Reserved. www.SecureYourComputer.Net Unauthorized duplication or distribution is strictly prohibited. How to Secure Your Computer Using Free Tools and Smart Strategies: An Internet Self-Defense Course success. Right now, people using Windows, Macintosh, Unix, Linux, and other systems, are all on the Internet using this one protocol – pretty amazing when you think about it. You’re forgiven if you’re wondering how any of this creates a “security threat.” The important thing to know about TCP/IP, and the reason why it contributes to our perfect storm, is this: it doesn’t have a native, or we could say, “built-in” concept of security. What exactly does this mean? TCP/IP was designed for the purpose of sharing and exchanging information between groups that basically trusted each other. Going back to our phone call analogy, TCP/IP has no built-in method for evaluating the call or even the caller to determine if this is someone you want to communicate with. TCP/IP merely facilitates the request. To sum up our first contributing factor – everyone on the Internet is using a communication protocol with no built-in concept of security. Factor Two – Many “Ain’t it Cool” Windows Features Around the time of Windows 95 with the introduction of their new user desktop (does anyone remember Windows 3.x?), Microsoft (MS) put a strong emphasis on being more “user friendly” (and by extension dominating the desktop market). MS developed many new features into Windows, and they were so sure everyone would want them that “out of the box,” they were enabled. What some people call features others call security holes. Whatever you want to call them – these “features” have been exploited to no end by viruses and worms over the years. - 10 - © 2004 Douglas Partridge & Kevin Ryan — All Rights Reserved. www.SecureYourComputer.Net Unauthorized duplication or distribution is strictly prohibited. How to Secure Your Computer Using Free Tools and Smart Strategies: An Internet Self-Defense Course One good example of this in action is the security vulnerabilities in Microsoft’s web server software called “Internet Information Services” (IIS). Two well-publicized worms, Code Red and Nimda, easily took advantage of security holes in IIS and spread with ease across the Internet. ISPs and web admins had a stressful few days as they attempted to get their servers under control. However, the real awakening here is the large number of home users running IIS (web server software) on their computers. Even though most people had no need for it, many were running Microsoft’s web server software on their home Internet-connected computers. Non-secured home users running IIS played a big part in spreading these worms. Factor Three – The Rise of “Always On” Internet Connections Broadband or “high-speed Internet access” falls into two major categories: DSL & Cable Modem. Just how many people use broadband connections? As of September 2004, the number is estimated to be over 48 million according to the FCC. Now we all love broadband, and if you’ve switched over from dial-up, you probably couldn’t imagine going back. However, there’s one key element introduced by broadband that makes exploiting your system much easier. It’s your IP address. An IP address is the unique address assigned to your computer by your Internet Service Provider. Having an IP address is mandatory for you to use the Internet. It’s how you’re able to send and receive information. So, you must have one – there’s no getting around it. - 11 - © 2004 Douglas Partridge & Kevin Ryan — All Rights Reserved. www.SecureYourComputer.Net Unauthorized duplication or distribution is strictly prohibited. How to Secure Your Computer Using Free Tools and Smart Strategies: An Internet Self-Defense Course Back in the dial-up world, you would receive a different IP address every time you connected (or dialed-up). When you’re using a broadband connection, you’re likely to have the same IP address for long periods of time. If you leave your computer turned on, you now have a computer with a “live” Internet connection and a non-changing IP address. This makes your computer an accessible and “stationary” target for everything from self-spreading worms, to hackers attempting to break into your system. With a broadband connection, a determined hacker may have several days or even weeks to work on getting into your computer. One other note, even if your IP address changes, once your system has been compromised, hackers can install notification programs on your computer to contact them with your new IP address. Nice, isn’t it?! The point I’m emphasizing is this: broadband users are especially at risk. However, I want to address one myth right now – it’s the idea that you’re not at risk if you use a dial-up Internet connection – WRONG. The SANS Institute (a security research group) published a report stating that an unprotected Windows XP system can be discovered and compromised in as little as 20 minutes (update: the current figure is 16 minutes). The bottom line, if you ever connect to the Internet – you need to be concerned about security, and take steps to secure your system. Let’s add one more factor to our “Perfect Storm” contributors. - 12 - © 2004 Douglas Partridge & Kevin Ryan — All Rights Reserved. www.SecureYourComputer.Net Unauthorized duplication or distribution is strictly prohibited. How to Secure Your Computer Using Free Tools and Smart Strategies: An Internet Self-Defense Course Factor Four – People Looking for Vulnerable Systems Yes, we need one more element to tie this all together – to create a true ominous threat. This is one area where I’ve noticed a shift in attack methods over the years. A few years back the thinking was, unless you’re the government or a large corporation (especially one viewed as “world dominating” or “evil” by hackers at large), no one would be interested in breaking into your computer. Hackers are still interested in going after high profile targets; they’ve just invented new and creative methods to accomplish this task. A common attack launched against a targeted company involves flooding their website with more traffic than the site can handle, which will ultimately take it “off the air.” This is usually done by what’s called a “distributed attack.” This means that the attack is coming from thousands, maybe even millions of computers simultaneously. If you’re someone like Amazon or Ebay, downtime caused by such an attack is especially devastating and costly. Now, you’re probably reading this wondering why a “distributed attack” should of interest to you? Without your knowledge, your computer may have participated in the last big distributed attack! The key here is that the instigators of such attacks realized that instead of using their own computers to launch attacks, it’s better to find and infect an army of “zombie” home computers to do their biding. Not only is this extremely effective, it makes tracing the true source of the attack much more difficult. Who’s interested in getting on your computer? - 13 - © 2004 Douglas Partridge & Kevin Ryan — All Rights Reserved. www.SecureYourComputer.Net Unauthorized duplication or distribution is strictly prohibited. How to Secure Your Computer Using Free Tools and Smart Strategies: An Internet Self-Defense Course You’re looking at everyone from criminals actively seeking account information to commit fraud – to people looking for available systems to use in distributed attacks, as mentioned above – to beginning hackers who don’t intend any damage, they just want to see if they can get on your system. Whatever the motivation, you don’t want any of them on your system! Examining these “Perfect Storm” factors individually as we have should really impress upon you the urgency of taking proactive security measures immediately. Remainder of this Book The remainder of this book is organized by priority. We are assuming that you have not taken any steps to secure your computer. The next 4 chapters are referred to as the Mandatory 1-2-3-4 Punch. These steps are more than merely a “good idea,” they are mandatory steps you must do to secure your computer. Why? Without doing these steps, you’re practically guaranteed to be hosting everything from viruses and worms, to other malicious programs designed to exploit Windows security holes. If you already have one or more of these in place, wonderful. You may still want to skim through the chapters to see if there are any pointers you can use. Along with mentioning “real world” examples, where we can, we’ll highlight well-regarded and effective tools available for your use. - 14 - © 2004 Douglas Partridge & Kevin Ryan — All Rights Reserved. www.SecureYourComputer.Net Unauthorized duplication or distribution is strictly prohibited. How to Secure Your Computer Using Free Tools and Smart Strategies: An Internet Self-Defense Course Enough discussion, it’s time to fight back. - 15 - © 2004 Douglas Partridge & Kevin Ryan — All Rights Reserved. www.SecureYourComputer.Net Unauthorized duplication or distribution is strictly prohibited. How to Secure Your Computer Using Free Tools and Smart Strategies: An Internet Self-Defense Course Punch #1 – Personal Firewall What is a Firewall, and Why Do You Need One? Let’s start with “why you need one” first. Once you know this, you’ll absolutely want one now. In order to understand why you need a firewall, we need to talk just a little bit more about the inner-workings of TCP/IP. You already know what an IP address is; it’s the unique number identifying every computer on the Internet (they look something like this “192.168.2.124”). In addition to IP addresses, TCP/IP uses something called “ports” as a communication mechanism. We won’t delve too deeply here – but having some background knowledge will prove useful. A port is what it sounds like: a portal – a potential entry point for data in and out of your computer. Every program uses a port when communicating with another computer. For instance, your email program uses one port to send, and a different port to receive. A web server “listens” for web requests on a port, and your web browser uses the same port to request a web page. When a program is using or “listening” on a port – that port is said to be “open.” This means that if a request is directed to that port, your computer responds to the request. The important thing to know about ports is that every open port on your computer is a possible entry point for an attack. How many ports are there? Only 65,535! Hackers use programs called “port scanners” to scan entire blocks of IP addresses to see: 1.) how many computers they can find and; 2.) how many have open ports? - 16 - © 2004 Douglas Partridge & Kevin Ryan — All Rights Reserved. www.SecureYourComputer.Net Unauthorized duplication or distribution is strictly prohibited. How to Secure Your Computer Using Free Tools and Smart Strategies: An Internet Self-Defense Course Port scanners are extremely effective at discovering this information. To relate this to the real world, imagine if a burglar, from the privacy of his home, had the ability to scan entire city blocks to see not only who is home, but also which doors and windows are unlocked! Makes you goose-pimply just thinking about it …. What if a port scanner detects an open port? Usually one of two things, either an attack is launched immediately, or this information is logged for later use. Remember, with a broadband connection, you’re likely to be at the same IP address for quite some time. Aside from being extremely effective, port scanners are readily available on the Internet and don’t require much technical experience to operate. This is a good place to mention that it’s not necessary to understand all of the inner workings of TCP/IP, ports, and port scanners. For now, what you should take away from this introduction is that exposed ports on your computer present a security exposure. This brings us to the remedy, a personal firewall. Your Firewall is “Muscle” on Your Side A firewall acts as a powerful security checkpoint or boundary between all data coming in and out of your computer (note: we’ll also talk about why you want to know about data leaving your computer). To put it another way, it examines all data coming in and out of your computer, and compares this against its “firewall rules” (we’ll also explain rules a little later), and then decides if the traffic can proceed or should be blocked. Remember, the “open nature” of TCP/IP provides no such functionality. Without a firewall, your computer will respond to connection requests without a second thought. Make sense? - 17 - © 2004 Douglas Partridge & Kevin Ryan — All Rights Reserved. www.SecureYourComputer.Net Unauthorized duplication or distribution is strictly prohibited. How to Secure Your Computer Using Free Tools and Smart Strategies: An Internet Self-Defense Course That’s basically how a firewall works – but we should really focus for a minute on what this actually means for you. Because a firewall intervenes before your computer can acknowledge a request for information, your computer will appear invisible to port scanners. People searching for computers to exploit will not even know your computer exists. We’ll see this demonstrated later in this chapter. Another benefit is that now you must grant programs permission to use your Internet connection. The truth is, without a firewall in place, programs both legitimate and otherwise could be making outbound connections using your Internet connection at their will, and you would never know about it! The Truth Exposed Through Security Scans Illustrations usually help drive home a point. So think of your computer as an expert and shameless flasher – always ready to expose information – information about you. OK, that illustration was over the top.☺ Naturally, by this time you’re probably curious about your own computer’s security – and how many open ports you’re exposing right now. Fortunately this information is easily obtained using free security scanning websites. How do they work? The website will record your IP address and launch a port scan of your computer and display the results. A note of caution: since security information about your computer could be valuable information in the wrong hands, I would - 18 - © 2004 Douglas Partridge & Kevin Ryan — All Rights Reserved. www.SecureYourComputer.Net Unauthorized duplication or distribution is strictly prohibited. How to Secure Your Computer Using Free Tools and Smart Strategies: An Internet Self-Defense Course only use a reputable website for such a scan. The two sites I use in this chapter are both highly regarded. In order to demonstrate the virtues of a firewall, I thought it would be interesting to load a new installation of Windows XP, and then run a scan before and after installing a firewall. Sygate Security Scan For the first scan, I’ll use Sygate Security Scan. In case, you’re unfamiliar with Sygate, in addition to security scans, they make an excellent personal and corporate firewall. Sygate’s site offers several free scans ranging in duration from 30 seconds to 45 minutes. I usually run the “Quick Scan” and the “Stealth Scan.” Both scans take about 30 seconds and provide a good overview of your security level. - 19 - © 2004 Douglas Partridge & Kevin Ryan — All Rights Reserved. www.SecureYourComputer.Net Unauthorized duplication or distribution is strictly prohibited. How to Secure Your Computer Using Free Tools and Smart Strategies: An Internet Self-Defense Course Sygate security scan before installing firewall. As I expected, without a firewall in place, I’m exposing several open ports (much more than can be seen on the screenshot). As the last box shows, in addition to open ports, my computer responds to ICMP or “Ping” requests. What’s Ping, and why should you care? The first thing that may come to mind when you read “Ping,” might be the sonar device used by submarines. One submarine will send out a - 20 - © 2004 Douglas Partridge & Kevin Ryan — All Rights Reserved. www.SecureYourComputer.Net Unauthorized duplication or distribution is strictly prohibited. How to Secure Your Computer Using Free Tools and Smart Strategies: An Internet Self-Defense Course sonar signal, and based on the response (or lack of) they know if there’s another object in the water, and how far away it is. The Ping command works similarly in concept, except its sending out data and not a sound signal. Ping is a useful TCP/IP command used to test connectivity between computers. However, Ping reveals useful information to a hacker. If fact, usually the first thing a port scanner does is Ping an IP address to see if a computer responds. Not only does a successful Ping response confirm there’s a computer at the IP address, it usually reveals what operating system you’re running: Windows, Macintosh, etc. This is extremely useful information to someone planning to launch an attack against you. GRC Scan I like to confirm my scan results using another scanner. Gibson Research Corporation provides several free scans. You can’t link directly to the page running the scan. Just keep clicking on “Sheilds Up” and you’ll get there. From GRC.com, I usually run the “Common Ports” scan. The results from this scan are below. - 21 - © 2004 Douglas Partridge & Kevin Ryan — All Rights Reserved. www.SecureYourComputer.Net Unauthorized duplication or distribution is strictly prohibited. How to Secure Your Computer Using Free Tools and Smart Strategies: An Internet Self-Defense Course GRC security scan before installing firewall. This does not look good at all. Both of these scans reveal that my computer is exposing information – namely open ports to the Internet. As we’ve already discussed, open ports present a huge security exposure. You may be surprised to learn that closed ports are less than desirable as well. Say what? If open ports are horrible and closed ports are bad too – what else is there? I hinted at it earlier in the chapter, but I’ll explain it in detail a little later in this chapter. For now, let’s get our firewall installed. - 22 - © 2004 Douglas Partridge & Kevin Ryan — All Rights Reserved. www.SecureYourComputer.Net Unauthorized duplication or distribution is strictly prohibited. How to Secure Your Computer Using Free Tools and Smart Strategies: An Internet Self-Defense Course Sygate’s Personal Firewall I’ll mention another great firewall at the end of the chapter – for this exercise I’ll use Sygate’s Free Personal Firewall. This is a top-notch firewall that also checks your system for malicious software programs! Not only is this a great product, it’s easy to install and use. In fact, during installation, you can accept all default options. Creating Your Firewall Rules (a.k.a. “Program Control”) Once your firewall is installed – you will begin creating your firewall rules – i.e. which programs will be allowed to use your Internet connection. You’ll need to do this for every program before it will be allowed to make an outbound connection. As your firewall detects programs attempting to make outbound connections – you’ll be prompted with a message like the one shown below when I started Internet Explorer for the first time. Program control is absolutely essential for security. Sygate alerts you when a program attempts to use your Internet connection. Notice that the message clearly tells you the name of the program – and the destination of the connection (in this case, my.yahoo.com). You have the option of answering Yes or No; clicking the checkbox makes - 23 - © 2004 Douglas Partridge & Kevin Ryan — All Rights Reserved. www.SecureYourComputer.Net Unauthorized duplication or distribution is strictly prohibited. How to Secure Your Computer Using Free Tools and Smart Strategies: An Internet Self-Defense Course your choice permanent (meaning that you will not receive this prompt again for the same program). There’s a common group of programs that you’ll probably immediately OK, and make the choice permanent – e.g. web browser, email, and instant messaging programs. All of those programs obviously need to use your Internet connection. Invariably, you will see programs attempting to use your Internet connection, and it will surprise you. Be very careful when allowing programs “free reign” to your Internet connection – especially if it doesn’t make sense to you that this program wants to make an outbound connection. At the same time, you don’t want to be too strict here – for instance, your Anti-Virus program will need to connect to the Internet to download updated virus definitions (this is discussed in the more detail in the AntiVirus chapter). Not allowing this action to occur will mean your AntiVirus program will quickly become outdated in a short amount of time, and significantly weaken its usefulness. Similarly, programs may be configured to automatically check for updated versions. This is usually a good thing to allow. If in doubt, you may want to allow the program to make a one-time outbound connection – i.e., do not check the box to make your choice permanent. In addition to protecting your Internet connection through program control, Sygate provides an additional benefit by verifying that the program you allowed has not been replaced by another version. - 24 - © 2004 Douglas Partridge & Kevin Ryan — All Rights Reserved. www.SecureYourComputer.Net Unauthorized duplication or distribution is strictly prohibited. How to Secure Your Computer Using Free Tools and Smart Strategies: An Internet Self-Defense Course Hackers in an attempt to gather information about your computer, or to make your computer unstable, may try to replace a trusted program on your system with a “hijacked” version. When Sygate detects a change in a program you accepted – you’ll see a notification like the one below. Sygate's alert of a change in a previously trusted program. In this case the change is legitimate; Yahoo Messenger was upgraded to a newer version. Be very concerned if you see a message like this for no apparent reason. Note: after running Windows updates, it’s not unusual to see messages like this for many Windows related components (we explain Windows updates in our Windows Security Settings chapter). As an extra security measure, you can password protect this program. The main reason for this step is to protect your settings from being changed by others (either mistakenly or maliciously). You even have the option of forcing the password to be entered before the program can be shut down. - 25 - © 2004 Douglas Partridge & Kevin Ryan — All Rights Reserved. www.SecureYourComputer.Net Unauthorized duplication or distribution is strictly prohibited. How to Secure Your Computer Using Free Tools and Smart Strategies: An Internet Self-Defense Course To enable this feature, go to Tools Options – look for the “Password Protection” area at the bottom. My Security Scans After Installing a Firewall Let’s see how our security scans look after loading Sygate Personal Firewall. Getting back to our earlier question about open and closed ports – we know open ports are horrible – closed ports while better, still aren’t what we want. What else is there? What we’re after is often illustrated in futuristic sci-fi movies. We’re all familiar with the “cloaking device” on spaceships. They allow a spaceship to appear invisible to the enemy’s scanners. In fact, a cloaked spaceship can fly right past an enemy ship, and it wouldn’t be detected. You have seen this before, right? Hope I didn’t lose you with that one. You don’t want any evidence that your computer is on the Internet. All it takes is one port, open or closed, for your computer to be discovered by a port scanner. What you’re after is what’s commonly called “stealth mode.” “Stealth mode” occurs when your firewall blocks all unauthorized connection requests to your computer. By virtue of this feature, it’s impossible for an outside party (e.g., someone running a port scanner) to determine the status of any of your ports (either open or closed). Even better with a properly configured firewall, outside parties will find no evidence that your computer is on the Internet. This “stealth mode” is only achieved by using a firewall. Now that we know what we’re after – I’ll run the same scans on my firewalled computer … - 26 - © 2004 Douglas Partridge & Kevin Ryan — All Rights Reserved. www.SecureYourComputer.Net Unauthorized duplication or distribution is strictly prohibited. How to Secure Your Computer Using Free Tools and Smart Strategies: An Internet Self-Defense Course Sygate security scan after installing firewall. - 27 - © 2004 Douglas Partridge & Kevin Ryan — All Rights Reserved. www.SecureYourComputer.Net Unauthorized duplication or distribution is strictly prohibited. How to Secure Your Computer Using Free Tools and Smart Strategies: An Internet Self-Defense Course GRC security scan after installing firewall. Both scans confirm that all port information is hidden, and I’m no longer responding to Ping requests … Ladies & Gentleman (and whomever else may be reading), we have a fully stealthed computer! The best defense against an attack is avoiding detection entirely. Zone Alarm Another good free firewall is Zone Alarm from Zone Labs. In fact, Zone Alarm is probably the most well known free firewall. Between the two free versions (Sygate & Zone Alarm), I think Sygate’s offers more. For - 28 - © 2004 Douglas Partridge & Kevin Ryan — All Rights Reserved. www.SecureYourComputer.Net Unauthorized duplication or distribution is strictly prohibited. How to Secure Your Computer Using Free Tools and Smart Strategies: An Internet Self-Defense Course instance, Sygate’s free firewall allows you to set a password to protect your settings – while the free version of Zone Alarm does not. It’s worth mentioning that Sygate and Zone Alarm are not the only free firewalls available. I recommend these two for the following reasons: they’re both highly regarded and well respected in the industry, and they’re un-expiring and truly free versions. Note: some claim to be “free” versions but are really free trial versions, and will make you buy the full version after the trial period expires. Zone Alarm Pro is an excellent full-featured firewall that also adds incoming/outgoing email protection. Zone Alarm Pro is not free, so why do I mention it? Throughout the book, where possible, we’ll use the free versions in our examples and screenshots, and we’ll also mention the full versions for a few reasons: 1. The free version is usually a “lite” or stripped down version of the full version. Additionally, the free versions are usually only free for personal use. Using the program in a business or commercial setting usually requires the purchase of a licensed or full version. 2. While the various software companies are kind enough to provide useful free versions, at the same time, they’re in business to make money and want you to buy their full version. To entice you, they often include useful features and benefits only available in the full version. Sometimes technical support is only available in the full versions. In some cases, the additional benefits make it - 29 - © 2004 Douglas Partridge & Kevin Ryan — All Rights Reserved. www.SecureYourComputer.Net Unauthorized duplication or distribution is strictly prohibited. How to Secure Your Computer Using Free Tools and Smart Strategies: An Internet Self-Defense Course worth buying the full version, even for personal use. Otherwise, the free version more than adequately does the job. 3. Finally, some people just can’t accept that a free program is useful. For those people, we’ll highlight some key benefits found in the full version. Doesn’t Windows XP Have a Built-in Firewall? Yes, and it’s turned off by default. If you don’t want to load another firewall – please enable this one. Alternately, if you have a brand new system, enable the Windows firewall until you can get Sygate or Zone Alarm. The Windows XP firewall is better than none at all, and it’s a welcome addition to Windows. However, security-wise it’s limited. For instance, Sygate and Zone Alarm monitor both incoming AND outgoing traffic. The Windows XP firewall only monitors incoming traffic – in other words, it doesn’t provide program control. As I mentioned earlier, you want to know exactly which programs are making outbound connections. Unauthorized programs using your Internet connection pose huge security risks. One other limitation: since it lacks “program control,” you will not be alerted if a trusted program is replaced with a hijacked version. TIP Never run multiple firewalls simultaneously. Doing so will not provide added security, and will likely cause system instability and/or crash your computer. Always disable or uninstall one firewall before loading another. - 30 - © 2004 Douglas Partridge & Kevin Ryan — All Rights Reserved. www.SecureYourComputer.Net Unauthorized duplication or distribution is strictly prohibited. How to Secure Your Computer Using Free Tools and Smart Strategies: An Internet Self-Defense Course Punch #2 – Anti-Virus Before I mention any Anti-Virus programs by name, I think it’s useful to talk about what they protect against and how Anti-Virus programs work and are kept up-to-date. Malware – What is it? Let’s begin by discussing what is referred to as “malicious code.” This destructive programming code comes in many forms and is transmitted in many ways. In fact, there are so many types of programs designed with malicious intent that a new term was required to describe them, “Malware.” Malware, meaning “malicious software,” is not any one thing but describes an intention. Any malicious program that secretly copies itself onto your computer can be called Malware. It can take many different forms and execute a wide variety of destructive tasks, from harmless but annoying taunting (e.g., playing sound files with a pornographic or rude message), to hard drive failure (loss of data), to the most serious, identity theft. Some of the most popular and widely publicized invaders are the Virus, Trojan Horse and Worm. Let’s examine each in more detail. Virus A computer virus is a program or programming code that replicates itself by copying to another program, computer boot sector (a small program that tells your computer how to load its operating system), or - 31 - © 2004 Douglas Partridge & Kevin Ryan — All Rights Reserved. www.SecureYourComputer.Net Unauthorized duplication or distribution is strictly prohibited. How to Secure Your Computer Using Free Tools and Smart Strategies: An Internet Self-Defense Course document. Viruses can be sent as an email attachment, or reside in a downloaded file. Once it’s downloaded to your computer, the malicious code can begin its destructive phase. Viruses have varying agendas and execution schedules. Some will begin the attack immediately, while some will wait for a trigger such as a time, date or running of a program. The destruction to your system can vary. Some viruses will erase all data on your system requiring you to reinstall Windows, while others may simply send irritating pop-up messages taunting the user. They can also attack specific programs such as Microsoft Word and Excel by scrambling words and numbers. By nature a virus will copy itself to files on your computer and/or programs. Some may self-propagate by using a worm (discussed below) to send itself as an attachment to other computers. Below are some of the more famous viruses and the destruction they caused. Notice how the recent viruses are taking less time to infect while causing greater destruction. - 32 - © 2004 Douglas Partridge & Kevin Ryan — All Rights Reserved. www.SecureYourComputer.Net Unauthorized duplication or distribution is strictly prohibited. How to Secure Your Computer Using Free Tools and Smart Strategies: An Internet Self-Defense Course Virus Year Type Time to become Estimated prevalent damages Jerusalem 1990 Boot Sector 3 Years $50 million Concept 1995 Word Macro 4 Months $60 million Melissa 1999 Email enabled 4 Days $93 million to word macro I Love You $385 million 5 hours 2000 Email enabled $700 million Visual Basic script/Word macro Clearly the new generations of viruses are getting more intelligent and destructive. They use worms to self-propagate and infect at incredible rates. Not only will they infect your computer but some can read your email address book and send themselves as an email attachment to all of your friends, family and business associates. This is an extremely devious and effective transmission method. Why? The recipients likely will not suspect a virus, and open the infected attachment because after all, they believe you sent it! Now they are infected, and the cycle begins again. It’s truly a “gift” that keeps on giving. I’m sure you see the potential for great destruction. What you also need to know is that new viruses are being created daily, which makes not only running an Anti-Virus program, but also keeping it updated and configured properly absolutely mandatory. Note: this is covered in more detail later in this chapter. - 33 - © 2004 Douglas Partridge & Kevin Ryan — All Rights Reserved. www.SecureYourComputer.Net Unauthorized duplication or distribution is strictly prohibited. How to Secure Your Computer Using Free Tools and Smart Strategies: An Internet Self-Defense Course Worm A worm is a self-replicating virus. However, unlike the virus, the primary job of a worm is to copy itself across the network to every available (unprotected) computer. The network can be a home office, large corporation or the Internet. The troubling fact is that a worm can carry a payload (virus) and distribute it to all of its targets. Once the worm has infected its victim – it will start looking for available network connections on the newly infected computer. To get other computers to respond, usually it will send out network broadcasts. This will reveal which computers are vulnerable. When the infected machine finds a vulnerable computer, the worm will make new connections, infect the remote computer and start the cycle all over again. You can imagine what this waste of network traffic (bandwidth) does to the speed of legitimate network traffic. In some cases the excess traffic is so extreme; it will practically bring the network to a grinding halt. This is called a “denial of service” (DOS) attack. Hackers have used this method to shut down government and large corporate websites. You may remember some of the more destructive worms such as Love Bug, Code Red, Nimda and Blaster. Code Red at its peak infected an estimated 2,000 computers per minute and eventually infected 359,000 machines. Once again, you can see the potential for infection. Remember the Sans Institute Statistics? An unprotected computer can be infected within 16 minutes. This very real threat is out there actively searching for vulnerable computers; let’s make sure you’re not one of them. - 34 - © 2004 Douglas Partridge & Kevin Ryan — All Rights Reserved. www.SecureYourComputer.Net Unauthorized duplication or distribution is strictly prohibited. How to Secure Your Computer Using Free Tools and Smart Strategies: An Internet Self-Defense Course Trojan Horse A Trojan horse (commonly abbreviated as “Trojan”) is a program that infects your computer and allows a hacker to run hidden tasks without your knowledge. Here’s a bit of trivia for you. Where does this odd name come from? The term comes from the Greek story of the Trojan War, in which the Greeks give a giant wooden horse to their foes, the Trojans, seemingly as a peace offering. After the Trojans bring the horse inside their city walls, Greek soldiers sneak out of the horse's hollow belly and open the city gates, allowing their compatriots to pour in and capture Troy. Trivia aside, this is the kind of Malware everyone should be most worried about. The program works behind the scenes and waits for instructions (either from a hacker or from other infected machines). Symptoms of a Trojan-infection include files or programs opening or closing automatically. Sometimes hackers will display obscene graphics that cannot be closed until the computer is shut down. In something reminiscent of the movie “Poltergeist,” people reported that their CD drive tray would open and close for no apparent reason. In some cases Trojans give hackers the ability to activate web cameras so they can watch you without you knowing it! I know it sounds like horror movie material, but it’s real. Because the Trojan horse is a virus, it can be spread in many different ways including the most popular method, email attachments. Another popular way is attaching it to a legitimate file, and placing it on the - 35 - © 2004 Douglas Partridge & Kevin Ryan — All Rights Reserved. www.SecureYourComputer.Net Unauthorized duplication or distribution is strictly prohibited. How to Secure Your Computer Using Free Tools and Smart Strategies: An Internet Self-Defense Course Internet for download as a shareware or freeware program. Usually, it’s disguised as something fun like a game or other free download. Once this file is downloaded, the Trojan is installed in the background and is sitting there waiting for a hacker to connect and take control of your computer such as the infamous “Sub Seven” Trojan. This point is repeated throughout this book – you should never open a mail attachment you’re not expecting – even if it’s from someone you know. The reason I went through these detailed explanations is this: complacency is a big problem when it comes to security on the Internet. I believe that once a person truly understands the risks they face; they’ll be diligent and take the necessary steps to protect their computer. Anti-Virus Programs Let’s talk for a bit about how Anti-Virus programs work. What are Virus Definitions? As mentioned before, merely running an Anti-Virus program on your computer is not enough. To truly be effective, your Anti-Virus program needs to be configured properly, and have a current set of virus definitions. What are virus definitions? Anti-Virus vendors analyze each new virus to find its programming code or “signature.” This new information, along with older virus signatures is packaged together in what’s called virus definitions. Simply put, virus definitions are a listing of known viruses. During a virus scan, your Anti-Virus program compares files on your computer against its virus definitions. Since new viruses practically come out daily, you can see why it’s critical to always have up-to-date - 36 - © 2004 Douglas Partridge & Kevin Ryan — All Rights Reserved. www.SecureYourComputer.Net Unauthorized duplication or distribution is strictly prohibited. How to Secure Your Computer Using Free Tools and Smart Strategies: An Internet Self-Defense Course virus definitions. In fact, not having up-to-date virus definitions, in time, will make your Anti-Virus program almost entirely useless. Studies show that many people do not update their definitions frequently enough – in some cases people’s definitions are many weeks, if not months old. In these cases, the security they may feel by running an Anti-Virus program is truly a false sense of security. There is absolutely no need for this to happen. How often should you update your definitions? Since new definitions are released almost daily, I would check for updates every 1 to 2 days, and at a minimum, once per week. Fortunately this process can be automated, so you don’t have to constantly remember to do this. The point to (over) emphasize again: always have up-to-date virus definitions. It’s absolutely critical for security. Understanding Virus Scans What happens when a virus is found? Anti-Virus programs will attempt to handle this in 1 of 3 ways. Repair (if it is able), delete, or quarantine. I recommend first attempting a repair. If the file can’t be repaired, delete it. How do Anti-Virus programs “repair” a virus? It just means your Anti-Virus program will remove all traces of virus code from the file. “Quarantining,” means moving the infected file to your Anti-Virus program’s quarantine folder. After each new virus definition update, your Anti-Virus program will try to repair the infected file. Most of the time, I find they are beyond repair and are better off deleted. Later in this chapter, I will show how to configure these - 37 - © 2004 Douglas Partridge & Kevin Ryan — All Rights Reserved. www.SecureYourComputer.Net Unauthorized duplication or distribution is strictly prohibited. How to Secure Your Computer Using Free Tools and Smart Strategies: An Internet Self-Defense Course program settings. How often should you run a full system scan? At least once a week. Personally, I run a full virus scan about three times a week (yeah, I’m a little on the paranoid side). AntiVir Anti-Virus Software There are very good personal Anti-Virus programs available. One I recommend is called AntiVir. This program is free for personal use and provides free updates and virus definitions. AntiVir is especially good at finding Trojans, and has been known to find things other scanners missed. Like all good Anti-Virus programs, AntiVir includes a background “agent” to provide real-time virus protection. Without such an agent, viruses would only be discovered during a virus scan. An agent can discover and remove a virus the moment it lands on your system. AntiVir Configuration Tips Below is the first window you will see after installing the program. You can see that you can simply check the box corresponding to the drive you want to scan. The screen shots following are recommendations of how you can configure the scan; handle viruses and schedule virus definition updates. All Anti-Virus programs have the functionality described below in case you already have one installed on your computer. - 38 - © 2004 Douglas Partridge & Kevin Ryan — All Rights Reserved. www.SecureYourComputer.Net Unauthorized duplication or distribution is strictly prohibited. How to Secure Your Computer Using Free Tools and Smart Strategies: An Internet Self-Defense Course Configuration 1 AntiVir main window. Configuration 2 What to scan. Select from the toolbar “Options” and click “Configuration”, make sure “Search” is highlighted. The default is to scan all “Program and macro files,” change this to “All files.” This will make your virus scans take longer, but it also provides the most thorough protection. This configuration is highly recommended. - 39 - © 2004 Douglas Partridge & Kevin Ryan — All Rights Reserved. www.SecureYourComputer.Net Unauthorized duplication or distribution is strictly prohibited. How to Secure Your Computer Using Free Tools and Smart Strategies: An Internet Self-Defense Course AntiVir Search Settings Configuration 3 Schedule the virus definition updates. From the toolbar, click on “Tools” and then “Scheduler”. From there choose “Insert” and select the “Internet Update” tab. From there you can choose the “Scheduler” button and set up the automatic updates. Note: when you select your frequency, you’re scheduling both the check for new virus definitions, program updates, and virus scans. If there’s one thing I don’t like about AntiVir, it’s that you’re required to download the entire program (program plus definitions) for an update. For broadband users this is not such a big deal, however, it’s more of a - 40 - © 2004 Douglas Partridge & Kevin Ryan — All Rights Reserved. www.SecureYourComputer.Net Unauthorized duplication or distribution is strictly prohibited. How to Secure Your Computer Using Free Tools and Smart Strategies: An Internet Self-Defense Course concern for dial-up users. Hopefully a future version will provide the ability to download virus definitions separately from the entire program. AntiVir Scheduler Keep in mind that if you already have an Anti-Virus program on your computer you can configure it the same way. It may look a little different but you can always check the help section or visit the website of the manufacturer. If for some reason, you don’t like AntiVir, or you need an Anti-Virus program for a business or commercial setting, VirusScan from McAfee is a stellar product. VirusScan also includes protection for email and Instant Messaging. TIP Wouldn’t it be great to test your Anti-Virus software without actually downloading a virus? If you’ve never seen your AntiVirus program react to a virus incident – it’s nice to verify it’s working correctly. Of course, “testing” with a real virus is crazy - 41 - © 2004 Douglas Partridge & Kevin Ryan — All Rights Reserved. www.SecureYourComputer.Net Unauthorized duplication or distribution is strictly prohibited. How to Secure Your Computer Using Free Tools and Smart Strategies: An Internet Self-Defense Course – not to mention if your Anti-Virus program failed the test – you now invited a virus onto your system. Doh! Fortunately there is a better way. Anti-Virus researchers worked together to develop the Eicar test virus string. Important note: Eicar is not a real virus, nor is it a “deactivated” virus. It poses no threat to your system. It’s just harmless text characters that Anti-Virus programs were told to recognize as a “virus.” If you would like to test your own Anti-Virus program, you can download the Eicar test string here. Virus Hoaxes I’ll wrap up this chapter by discussing virus hoaxes. The Internet is full of hoaxes, and hoaxes about viruses are no exception. Usually these hoaxes take the form of an email chain letter. They may falsely alarm you by asking you to search your computer for the presence of a valid system file; only the hoax will claim that this file is evidence of a virus. Of course hoaxes do not actually infect your system, but are worth mentioning because they cause a great deal of wasted time and energy (and sometimes panic) which is propagated each time someone forwards the warnings on. Below are several tip-offs that can help verify a virus hoax. - 42 - © 2004 Douglas Partridge & Kevin Ryan — All Rights Reserved. www.SecureYourComputer.Net Unauthorized duplication or distribution is strictly prohibited. How to Secure Your Computer Using Free Tools and Smart Strategies: An Internet Self-Defense Course • Does the warning urge you to forward it to everyone you know? Genuine virus alerts do not ask that you participate in a frantic distribution scheme. • Did a genuine security expert send you the alert? Did the alert come from your friend’s mechanic that knows a lady that works for a security guy at Microsoft? • Does the alert offer links to experts that will validate this threat? An alert should quickly summarize the threat and if it has a link, it should go to a well-known company or organization such as Microsoft, MacAfee, Symantec, etc. Finally, McAfee has a list of virus hoaxes which can be used to crossreference potential hoaxes. If you have a friend or family member who is constantly sending out phony virus alerts, let them know they are not only propagating misinformation, but also playing into some hoaxster’s agenda. Junk email wastes everyone’s time – note: we discuss this topic in more detail in our “Email Security & Smart Strategies” special report. Please do all Internet users a favor and ask them to stop. Be nice however, they mean well. It bears repeating again that having all of the proper tools loaded; your best defense is the knowledge of how hackers and Malware can infect your computer. This takes us to our related chapter on Adware & Spyware. - 43 - © 2004 Douglas Partridge & Kevin Ryan — All Rights Reserved. www.SecureYourComputer.Net Unauthorized duplication or distribution is strictly prohibited. How to Secure Your Computer Using Free Tools and Smart Strategies: An Internet Self-Defense Course Punch #3 – Adware & Spyware Removal If you just finished reading our Anti-Virus chapter, you’ll probably notice some cross-over information. Adware and Spyware are so prevalent, and potentially devastating that they rightfully deserve their own chapter. According to most security experts, Spyware is quickly becoming the most serious threat on the Internet. As evidence of just how widespread this menace is, a recent study sponsored by AOL and the National Security Alliance examined 329 computers. Notice these findings: • 77% of those surveyed thought their computers were safe, yet four out of five had Adware and Spyware on their computers. • Two-thirds of the group did not have a firewall installed. • While the majority of the group (85%) had Anti-Virus programs – most had not updated their virus definitions in over a week. • Imagine the shock one person must have felt when learning there were over 1,000 Spyware programs running wild on his computer! One more finding of this study, complacency played a contributing factor in these computers getting compromised. No one wants to believe that it could happen to them. Unfortunately, it can and it does. - 44 - © 2004 Douglas Partridge & Kevin Ryan — All Rights Reserved. www.SecureYourComputer.Net Unauthorized duplication or distribution is strictly prohibited. How to Secure Your Computer Using Free Tools and Smart Strategies: An Internet Self-Defense Course Spyware Spyware is a general term for any program that secretly monitors your actions. It’s very common to see the terms Spyware and Malware used interchangeably, so I thought it might help to breakdown these terms. Spyware with malicious intent is also known as “Malware.” Malware, literally “malicious software,” is a blanket-term for any such software – think viruses, Trojans, malicious Spyware, etc. Unfortunately, as the AOL study shows, getting infected with Spyware/Malware is much easier than one would imagine. Spyware comes in many forms; let’s examine a few of the more serious types. Adware Adware is usually bundled with “shareware” or “freeware” programs. It can also get loaded when you do things like click a button in a web popup ad, or even something as simple as visiting certain websites. Adware comes alive when it senses you’re on the Internet. Adware has two main objectives: 1. Deliver ads to your desktop usually in the form of pop-up windows and Spam. 2. Track and record information about your online activities and purchases for the purpose of selling this information to advertisers (which leads to more Spam and pop-ups than you ever imagined). To assist Adware in its efforts to “profile” you – programs called “dataminers” look for trends in your activities. For instance, if you were viewing real estate websites, you may soon be pelted with real estate or - 45 - © 2004 Douglas Partridge & Kevin Ryan — All Rights Reserved. www.SecureYourComputer.Net Unauthorized duplication or distribution is strictly prohibited. How to Secure Your Computer Using Free Tools and Smart Strategies: An Internet Self-Defense Course home loan related pop-up ads and/or Spam. Some data-miners may record your habits in a centralized advertising database. Keyboard Loggers (a.k.a “Keystroke” or “Key” Loggers) These have one single-minded purpose: Identity Theft. Keyboard loggers are secret or hidden programs that record everything you type. Some keyboard loggers can be programmed to recognize significant information like credit card numbers, and user account/password information. This is especially alarming when you consider how many people access financial information like online banking and shopping. What makes keyboard loggers so insidious is their stealth nature. In contrast to a virus, which usually does something to let you know it’s there, keyboard loggers don’t want to be discovered and quietly sit in the background recording information about you. Browser Hijacker This is one of the most annoying things you can get on your computer. Once it’s on your system, a Browser Hijacker can do everything from installing links on your desktop, to installing software without your permission. If you’ve ever had your start page repeatedly changed to another location – you’ve met a Browser Hijacker. I’ve worked on friends’ computers where they’ve lost all control when trying to navigate to a website. Yet another example, imagine my friend’s intrigue and then frustration as his My Yahoo start page changed repeatedly to a site called “Sex Patriot” – seriously. There is really no end to what Spyware can do once loaded onto a computer. It’s really a jungle out there! - 46 - © 2004 Douglas Partridge & Kevin Ryan — All Rights Reserved. www.SecureYourComputer.Net Unauthorized duplication or distribution is strictly prohibited. How to Secure Your Computer Using Free Tools and Smart Strategies: An Internet Self-Defense Course Modem Hijacker (a.k.a. “Dialers”) This is a potentially costly form of Spyware. It’s a small piece of software that uses your modem to make long-distance phone calls to numbers overseas, and adult chat-line numbers. Some victims have received monthly phone bills exceeding US $2,000! Modem Hijackers are commonly transferred through a virus, by using MP3 file-sharing networks, and by visiting porn sites. Cookies In general cookies are useful. They’re small text files placed on your computer by websites to store information like passwords, user accounts, and display preferences for a website. Without cookies a website doesn’t have a way to “remember” you. While technically not Spyware, cookies may be used by Spyware tools to build profile information on you. Marketing groups use this information to fine-tune their ads that are sent directly to your computer via pop-up or email Spam. Cookies are usually permanent and remain on your hard drive until removed through your browser settings or Spyware removal tool. How Spyware Gets on Your Computer Never click links in Spam email. While on the web, never click links for offers of free movies, prizes, contests, etc. If it looks suspicious – it probably is – get away from that site. Just when you think you’ve seen it all, Spyware creators find new and creative ways to exploit people. For instance, some of the most deceptive Spyware will mimic Windows dialog boxes, actually warning - 47 - © 2004 Douglas Partridge & Kevin Ryan — All Rights Reserved. www.SecureYourComputer.Net Unauthorized duplication or distribution is strictly prohibited. How to Secure Your Computer Using Free Tools and Smart Strategies: An Internet Self-Defense Course that your computer is infected with some sort of Malware. However, if you follow the directions and click the button to remove it, you could actually be loading more destructive program code on your system! Yes, you caught that correctly – Spyware warning you about potential Spyware loads Spyware on your computer! Notice the pop-up below. Beware of these types! By clicking Yes, (and sometimes even “No”) Spyware/Malware could be installed on your computer. Clever advertisement made to look like a Windows system message. TIP To reduce the risk of loading unwanted programs from pop-ups like those pictured above – either close the Window by clicking the “X” in the upper right-hand corner, or press ALT+F4 on your keyboard. While Spyware can certainly land on your computer through no fault of your own, this is not always the case. Many times it’s installed with your permission. Have you ever clicked the “I agree” box without reading the license agreements? Peer-to-Peer file sharing programs such as Kazaa & Bearshare are known to install loads of Spyware. If you read the fine print, some programs openly tell you they will install this kind of software. It’s important to point out that none of the truly malicious Spyware is loaded this way. - 48 - © 2004 Douglas Partridge & Kevin Ryan — All Rights Reserved. www.SecureYourComputer.Net Unauthorized duplication or distribution is strictly prohibited. How to Secure Your Computer Using Free Tools and Smart Strategies: An Internet Self-Defense Course If you take one thing from this section, take this: there are a lot of clever people trying to get inside your computer. They will deceive, cheat, and steal to do so. Be very weary of any unsolicited warnings or “freebies.” It’s a scary thing to click the “ok” button today on the Internet, do not take this action lightly. Signs That You’re Infected Sometimes it’s blatant like the Browser Hijacker example, and sometimes it’s subtle evidence. Have you experienced any of these symptoms? • Your computer runs progressively slower and it takes longer to start up. • Your home page is mysteriously changed to something else (usually something pornographic). • Starting your browser means spending several minutes trying to close pop-up windows. • Strange icons appear on your desktop. • You notice that new programs were installed on your computer. The likely culprit is Spyware running in the background consuming your computer’s resources like processor, memory, hard drive space and Internet bandwidth. Let’s talk about fixing this mess. - 49 - © 2004 Douglas Partridge & Kevin Ryan — All Rights Reserved. www.SecureYourComputer.Net Unauthorized duplication or distribution is strictly prohibited. How to Secure Your Computer Using Free Tools and Smart Strategies: An Internet Self-Defense Course Spyware Removal Tools Anti-Spyware programs (Ad-Aware) will scan your hard drive, memory and Windows registry (a database of program and Windows information) for Adware & Spyware. It also has the ability to remove cookies but that’s not its main focus. In most cases, cookies can be removed by clicking “Tools” on your browser’s toolbar, and then selecting “Internet Options”. There you will find a button labeled “Delete Cookies”. Internet Explorer is used in this example but similar steps can be taken with non-Microsoft browsers. Internet Explorer's Internet Options screen. - 50 - © 2004 Douglas Partridge & Kevin Ryan — All Rights Reserved. www.SecureYourComputer.Net Unauthorized duplication or distribution is strictly prohibited. How to Secure Your Computer Using Free Tools and Smart Strategies: An Internet Self-Defense Course Keep in mind that there is a difference between Anti-Spyware and AntiVirus programs. They are designed for two different threats and both are needed in the quest for a secure computer. While your Anti-Virus program may discover some of the more serious forms of Spyware, you can’t rely on it to find everything. Anti-Spyware is necessary for the removal of Adware, Spybots (automated Spyware programs) and unwanted cookies. Ad-Aware Ad-Aware from LavaSoft was one of the first to introduce a removal tool. Below you see a list of processes and objects running in the background that were found after a scan, all are related to Spyware/Adware or cookies. Ad-Aware Scanning screen. - 51 - © 2004 Douglas Partridge & Kevin Ryan — All Rights Reserved. www.SecureYourComputer.Net Unauthorized duplication or distribution is strictly prohibited. How to Secure Your Computer Using Free Tools and Smart Strategies: An Internet Self-Defense Course At the end of a scan, Ad-Aware will display the results (shown below). It’s not uncommon for Ad-Aware to discover many objects – especially on a first scan. If you’re curious and would like to know more about the discovered objects, click on the “Category” tab – this will sort objects by category. To find out more information about a particular object – rightclick on it and select “Item Details.” This will tell you the actual severity of the object – it can be quite an eye-opening experience. When you’re ready to remove the found items, right-click anywhere in the results window and select “Select All Objects.” Next, click “Next” to process the objects. This will add all objects to a quarantine file. The reason these objects are not immediately deleted is just to make sure removing them does not break one of your applications. I’ve never seen this happen, but Ad-Aware takes a cautious approach. How often should you run an Ad-Aware scan? At least once a week, probably more often if you’re a heavy Internet user. Similar to an Anti-Virus program, Ad-Aware uses a definition file. Clicking “Check for updates now” on the main program window, as you would guess, checks for updates. To be prudent, do this every time you start the program. - 52 - © 2004 Douglas Partridge & Kevin Ryan — All Rights Reserved. www.SecureYourComputer.Net Unauthorized duplication or distribution is strictly prohibited. How to Secure Your Computer Using Free Tools and Smart Strategies: An Internet Self-Defense Course Ad-Aware Scan Results screen. Ad-Aware is free for personal use. Here’s a list of download sites. The Benefits of “Real-Time” Protection The free version of Ad-Aware does not provide “real-time” protection. This means that it will not prevent Adware/Spyware from getting on your system – it will only discover objects during a system scan. This is not so terrible as long as you run frequent scans. To entice you into a “set and forget it” mode – Ad-Aware Plus adds a real-time monitoring agent. The benefit, of course, is “always on” protection. If you’re interested in this approach, I would recommend using Spy Sweeper by Webroot. Not to discourage Ad-Aware in any way, in fact, I know several people who run both the free version of Ad-Aware and Spy Sweeper together for the most complete protection. This is a great strategy. Just one thing you should know, sometimes Spy Sweeper detects objects in Ad-Aware’s quarantine (and vice-versa), and this has - 53 - © 2004 Douglas Partridge & Kevin Ryan — All Rights Reserved. www.SecureYourComputer.Net Unauthorized duplication or distribution is strictly prohibited. How to Secure Your Computer Using Free Tools and Smart Strategies: An Internet Self-Defense Course lead some to mistakenly think that Ad-Aware itself is Spyware. Rest assured this is nonsense. - 54 - © 2004 Douglas Partridge & Kevin Ryan — All Rights Reserved. www.SecureYourComputer.Net Unauthorized duplication or distribution is strictly prohibited. How to Secure Your Computer Using Free Tools and Smart Strategies: An Internet Self-Defense Course A Moment for Security Reflection … We’ve covered a lot of material in these last few chapters, let’s just take a moment to reflect on everything you’ve accomplished. By installing a personal firewall, you now enjoy these benefits: “Stealth mode” on the Internet, much dreaded port scanners will not even know you’re there. “Program Control,” programs cannot make outbound connections without your permission. Through a combination of Anti-Virus and Anti-Spyware programs, you’re now protected from the following menaces: Viruses Worms Trojans Adware Spyware Please take a moment to congratulate yourself. If you didn’t have any of these tools in place prior to reading this book, your security level, and awareness have increased dramatically. Good job. This brings us to Punch #4, Windows Security Settings. - 55 - © 2004 Douglas Partridge & Kevin Ryan — All Rights Reserved. www.SecureYourComputer.Net Unauthorized duplication or distribution is strictly prohibited. How to Secure Your Computer Using Free Tools and Smart Strategies: An Internet Self-Defense Course Punch #4 – Windows Security Settings In addition to your personal firewall, the settings on your computer may very well be your first layer of security and therefore extremely important. This section on locking down Windows is targeted for Windows XP, but a lot of the principles described here can be applied to previous versions of Windows. Note: this is the most “hands on” chapter in this book. I know most people don’t like to get their hands dirty with configuration settings. Acknowledged. However, doing these simple steps will greatly increase your computer security. Creating A Password-Protected Log-on Windows XP out of the box does not set up password-protected user accounts and anyone walking by can log on to your computer. During the install, Windows asks for a user name and it creates a user icon that you click on, but a password is not configured at this point. On older operating systems such as Windows 98, user logon security was not available. Access to your computer only required a user to hit the power switch. Did you ever have a “friend” who would see your computer and assume it was OK to log on just because they knew how to operate it? Well I did, and it was irritating to say the least. Let’s take a look at the Windows XP users and passwords section in “Control Panel.” You can get there by selecting “Control Panel” from the “Start” menu. The layout of the “Start” menu may differ a little depending - 56 - © 2004 Douglas Partridge & Kevin Ryan — All Rights Reserved. www.SecureYourComputer.Net Unauthorized duplication or distribution is strictly prohibited. How to Secure Your Computer Using Free Tools and Smart Strategies: An Internet Self-Defense Course on whether you have Windows XP Home version or Windows XP Professional but they will include basically the same content. At this point you want to select “User Accounts” where you can view, create, edit or delete users. This is where you control how users log on to your computer and what rights they have once logged on. Windows XP Control Panel Once you select “User Accounts” you will have the option of changing an account, creating a new account, or changing the way users log on and off. For this example you will click “User Accounts” and then “change an account”, you have several options here, but for now we’re - 57 - © 2004 Douglas Partridge & Kevin Ryan — All Rights Reserved. www.SecureYourComputer.Net Unauthorized duplication or distribution is strictly prohibited. How to Secure Your Computer Using Free Tools and Smart Strategies: An Internet Self-Defense Course interested in “create password”. You will need to select a password and type it in twice to verify. Your account will now prompt you for this password every time you log in. Congratulations, you have just taken a major step toward a secure computer by eliminating access to anyone walking by. This process should be repeated for each person using this computer. A benefit to creating user accounts for everyone who logs on to your computer is that Windows will now keep track of user preferences such as favorite websites, default font size and type, desktop wallpaper, screensavers and more. A few password tips: • When selecting a password make sure it does not exist in the dictionary in any language. • Try to include numbers. • Include upper and lower case letters • Stay away from obvious passwords (your name, birthday, etc.). As an example, the password “MyCatsName334” is a lot more secure than “password.” TIP Instead of using an account with Administrator access as your general account, it’s highly recommended that you create a general user account for daily use. This serves as a protection against making inadvertent system changes (general users don’t have sufficient access to do this). Finally, if your user session is hijacked by someone, they’ll only be able to do limited damage. - 58 - © 2004 Douglas Partridge & Kevin Ryan — All Rights Reserved. www.SecureYourComputer.Net Unauthorized duplication or distribution is strictly prohibited. How to Secure Your Computer Using Free Tools and Smart Strategies: An Internet Self-Defense Course Creating A Password-Protected Screensaver Another great way to protect your computer is to set a “passwordprotected” screen saver. If you’re pulled away from your computer, the logon screen will automatically appear after a preset amount of time. To set this, right-click on your desktop, select “properties”, and select the “screen saver tab”. Once you choose the screen saver and time to wait, click the button, “On resume, display Welcome screen” and then “OK”. That’s it. Based on the example below, the screen saver will turn on after 10 minutes of inactivity. Once a key is pressed or the mouse is moved, the welcome screen will appear and ask the user for the account password. In order to use this function, users must be configured with passwords as described earlier in this section. - 59 - © 2004 Douglas Partridge & Kevin Ryan — All Rights Reserved. www.SecureYourComputer.Net Unauthorized duplication or distribution is strictly prohibited. How to Secure Your Computer Using Free Tools and Smart Strategies: An Internet Self-Defense Course Setting a password protected screen saver. TIP To lock your Windows XP computer manually, just press the Microsoft button (a.k.a. Windows key) and the letter “L” on your keyboard. Most keyboards come with this button. The Microsoft key is between Ctrl and Alt. For those running Windows 2000, do Ctrl + Alt + Delete to lock your workstation. Creating Private Folders If you have multiple users logging on to your computer or connecting to it over a network, you may want to protect files and/or folders by making them “private.” Note: this section requires that your user account(s) has/have been established with passwords, as described earlier in this section. When you make a folder “private,” you’re saying that only I (the person logged on) can open this folder. Anyone else that tries to access this folder will receive an “access denied” error message when trying to view the data. Let’s look at how to make a folder private. 1. Double-click on “My Computer”. 2. Double-click the drive on which Windows XP is installed. (Usually C:) 3. Double-click on the “Documents and Settings” folder. 4. Double-click on the folder labeled with your user name. Drill down until you get to the folder you want to make private. 5. Right-click on the folder to be made private and choose “Properties” from the menu. - 60 - © 2004 Douglas Partridge & Kevin Ryan — All Rights Reserved. www.SecureYourComputer.Net Unauthorized duplication or distribution is strictly prohibited. How to Secure Your Computer Using Free Tools and Smart Strategies: An Internet Self-Defense Course 6. Click on the “Sharing” tab and check the box next to “Make this folder private”. There you have it. Any other user that directly logs on to your computer or connects over a network will not be able to access this folder. Disable Unused Services Windows XP has several “services” enabled by default. This means that there are services running in the background ready to perform tasks. They’re active without you doing anything other than installing - 61 - © 2004 Douglas Partridge & Kevin Ryan — All Rights Reserved. www.SecureYourComputer.Net Unauthorized duplication or distribution is strictly prohibited. How to Secure Your Computer Using Free Tools and Smart Strategies: An Internet Self-Defense Course Windows. Hackers know about these services and are very good at exploiting them. As a rule of thumb, you should not run any services on your computer that you’re not using. A concept used in the security world states “start with no services\access and turn them on as needed.” This means that you start by turning everything off, and then you can turn on individual services, when you need them. This helps to ensure you don’t have anything running in the background that could be exploited. The other benefit is that you’re not wasting computer resources by running unused services. Stop File and Print The first service you should be concerned about is a Windows service called “file and print” sharing. By default, your computer is set to act like a server, which “serves” up files or other resources on your computer. This is a common service exploited by hackers and worms. Skip this section if you don’t connect your computer to a network, including the Internet. Everyone else read on. ☺ To turn off this service you can just right-click on “My network places” and select “Properties.” You will see the check box near the label “File and printer sharing for Microsoft networks”. Uncheck this box. - 62 - © 2004 Douglas Partridge & Kevin Ryan — All Rights Reserved. www.SecureYourComputer.Net Unauthorized duplication or distribution is strictly prohibited. How to Secure Your Computer Using Free Tools and Smart Strategies: An Internet Self-Defense Course Disable File and Print Sharing. Disable IIS (Windows XP/2000 Professional Only) The next unused service you should check for is IIS, which stands for “Internet Information Services.” This enables your computer to act as a web-server and once again creates an opportunity for someone to exploit your computer. To check if this service is enabled, select Start, Settings, Control Panel and click on “Add/Remove Programs.” - 63 - © 2004 Douglas Partridge & Kevin Ryan — All Rights Reserved. www.SecureYourComputer.Net Unauthorized duplication or distribution is strictly prohibited. How to Secure Your Computer Using Free Tools and Smart Strategies: An Internet Self-Defense Course Remove Internet Information Services If IIS is installed it will appear checked. Uncheck and click “Next” to remove IIS. Unless you’re learning HTML programming, there’s virtually no reason to run IIS on your home computer. As mentioned in the Introduction Chapter, highly destructive worms such as Code Red and Sasser exploited this service; you can see why this is an important step. If you fall into that category of requiring this service on your home computer – make sure you always run the latest Windows updates (I’ll show you how to do this below). Stop the Messenger Service The next service of concern is the “messenger service.” It’s a Windows service that receives network messages through the Alerter service. - 64 - © 2004 Douglas Partridge & Kevin Ryan — All Rights Reserved. www.SecureYourComputer.Net Unauthorized duplication or distribution is strictly prohibited. How to Secure Your Computer Using Free Tools and Smart Strategies: An Internet Self-Defense Course Network administrators use this service to send broadcast messages between computers such as “you will be disconnected,” or “get off the system!” Windows and other software can use this service. One example is the message you receive when finishing a print job. AntiVirus programs often use this service to send you notifications. Important note: even though it sounds like it, this service has nothing to do with MSN messenger chat. On a home computer, this service is not needed. And guess what – using what’s called “Messenger Spam,” hackers and Spammers found a way to exploit this service to send Windows pop-up messages. Yes, it’s turned on by default. Here's how to turn it off. 1. Click Start, Settings and then Control Panel. 2. Click “Performance and Maintenance”. (If you are in classic view you can just click Administrative tools here). 3. Click “Administrative Tools”. 4. Double-click “Services”. 5. Double-click “Messenger”. 6. Change the start up type to “Disabled” as shown below. This will prevent Windows from starting this service during your next reboot. 7. Click the “Stop” button to immediately stop the currently running service. - 65 - © 2004 Douglas Partridge & Kevin Ryan — All Rights Reserved. www.SecureYourComputer.Net Unauthorized duplication or distribution is strictly prohibited. How to Secure Your Computer Using Free Tools and Smart Strategies: An Internet Self-Defense Course Messenger Service Properties Window. Congratulations, your Messenger service is now disabled. Windows Patches and Updates When Microsoft releases a new version of Windows, all is good in the world … until the problems surface. The problems, usually security related, are normally discovered in one of two ways – Microsoft finds them, or “others” discover these problems. Sometimes these “others” notify Microsoft, and sometimes these “others” are people with malicious intentions, and go about creating the next big virus or worm to - 66 - © 2004 Douglas Partridge & Kevin Ryan — All Rights Reserved. www.SecureYourComputer.Net Unauthorized duplication or distribution is strictly prohibited. How to Secure Your Computer Using Free Tools and Smart Strategies: An Internet Self-Defense Course exploit their finding. In any case, when Microsoft knows of an issue in Windows – they’re usually quick to create a fix for it. Anytime Microsoft creates a fix, it’s available for download from their website. When Microsoft gets enough of these fixes, they combine them and roll them up into something called a “Service Pack.” Microsoft makes it easy to update your computer, which means connecting to the Microsoft website where it scans your system for patches or updates, and then downloads and installs the ones you’re missing. This procedure is really very easy, as a matter of fact, this can be automated so you don’t even have to think about it. Note: updating Windows is a mandatory step; many of the Windows security exploits over the past few years would have been avoided if more people had regularly updated their systems. Windows Web Updates If you are using Microsoft Internet Explorer as you browser, you can just open it, click on “tools” and select “Windows Update.” Alternately you can start Windows Web Update here. You will be connected to the Microsoft website where it will scan your system and create a list of patches and fixes. You will have the opportunity to read about and install them. I recommend you just install all of them. If you have never done this, or it’s been awhile since your last one, this would be a good time to do that. Note: on a dial-up connection, please be aware this could take some time to complete. - 67 - © 2004 Douglas Partridge & Kevin Ryan — All Rights Reserved. www.SecureYourComputer.Net Unauthorized duplication or distribution is strictly prohibited. How to Secure Your Computer Using Free Tools and Smart Strategies: An Internet Self-Defense Course Microsoft's Windows Web Update. Note: Internet Explorer (IE) must be used in order to run the Windows Web update. Running a web browser other than IE is a great idea, but you'll still need IE for this purpose. For the advanced user, Windows updates and patches can be downloaded individually from Microsoft's Download Center (even using non-Microsoft browsers). However, updating automatically through Windows Update is still the preferred method. Automating Windows Updates As I mentioned, you can have your computer automatically check and download updates by right-clicking on “My Computer” and select the “Automatic Updates” tab. From here, just check the box, “Keep my - 68 - © 2004 Douglas Partridge & Kevin Ryan — All Rights Reserved. www.SecureYourComputer.Net Unauthorized duplication or distribution is strictly prohibited. How to Secure Your Computer Using Free Tools and Smart Strategies: An Internet Self-Defense Course computer up to date”. You have the option of scheduling the updates. You also have a few options on how to download it. This is a great “set it and forget it” option, especially if you know you’re not going to be diligent about checking for updates. Enabling Automatic Windows Updates in Windows XP. One final, but very important point: Microsoft does not send out updates and patches through email attachments. Hackers will send an email or pop-up message supposedly from Microsoft claiming that there’s a new security patch that needs to be installed. Microsoft will never do this; in reality it’s a Trojan, virus or some other type of nasty Malware. The - 69 - © 2004 Douglas Partridge & Kevin Ryan — All Rights Reserved. www.SecureYourComputer.Net Unauthorized duplication or distribution is strictly prohibited. How to Secure Your Computer Using Free Tools and Smart Strategies: An Internet Self-Defense Course point is to realize that the bad guys are out there, constantly coming up with new and creative ways to break in to or exploit your computer. Impersonating trusted sources like Microsoft is a common method of attack for hackers. We examine this subject in more detail in our “Online Identity Theft: Self-Defense 101” special report. - 70 - © 2004 Douglas Partridge & Kevin Ryan — All Rights Reserved. www.SecureYourComputer.Net Unauthorized duplication or distribution is strictly prohibited. How to Secure Your Computer Using Free Tools and Smart Strategies: An Internet Self-Defense Course Download Summary For your convenience, here’s a list of all tools we mention in the main book and bonus materials. Ad-Aware Adware/Spyware scanning and removal tool. Free for personal use. AntiVir Free Anti-Virus program for personal use. Gibson Research Corporation Free security scans to check which TCP/IP ports your computer is exposing. Note: keep clicking on “Shields Up,” and you’ll get to the scanning page. Spy Sweeper Adware/Spyware scanning and removal tool, also adds “real-time” monitoring to prevent Spyware from getting on your computer. Sygate Free Personal Firewall Excellent free personal firewall. Sygate Personal Firewall Pro Full version of Sygate’s free firewall. Sygate Security Scan Free security scans to check which TCP ports your computer is exposing. Virus hoaxes McAffe’s list of known virus - 71 - © 2004 Douglas Partridge & Kevin Ryan — All Rights Reserved. www.SecureYourComputer.Net Unauthorized duplication or distribution is strictly prohibited. How to Secure Your Computer Using Free Tools and Smart Strategies: An Internet Self-Defense Course hoaxes. VirusScan McAffe’s Anti-Virus program which includes Email and Instant Messaging protection. Windows Web Update Microsoft’s website for downloading updates and fixes for Windows. Zone Alarm Free personal firewall. Zone Alarm Pro Full version of Zone Alarm’s free firewall. Bonus #1 – Online Identity Theft: Self-Defense 101 Browser check Check if your browser supports SSL encryption features. Earthlink Internet Service Provider with a strong commitment to security. Subscriber’s get the following free services: email virus scanning, Spyware and pop-up blockers. ScamBlocker Earthlink’s browser toolbar to help prevent Phishing scams, also includes pop-up blocker and Google search features. Currently only works with Internet Explorer. "Whois" lookup page “Whois” lookup used to check the register of an Internet domain. - 72 - © 2004 Douglas Partridge & Kevin Ryan — All Rights Reserved. www.SecureYourComputer.Net Unauthorized duplication or distribution is strictly prohibited. How to Secure Your Computer Using Free Tools and Smart Strategies: An Internet Self-Defense Course Bonus #2 – Email Security & Smart Strategies Encrypt Program to create secure encrypted email attachments. Encrypt can create attachments suitable for Windows, Macintosh and Unix computers. Secure Email Attachment (SEA) Free security tool to encrypt email attachments (between Windows users only). Bonus #3 – Smart Strategies for Reducing Spam Mailwasher Pro Excellent Spam filter that works with every mail program. Mailwasher Pro allows you to examine your email on the server before it’s downloaded to your computer. My Trash Mail Free service for creating temporary disposable email accounts. Qurb Excellent Spam filter that tightly integrates with Outlook and Outlook Express. Spam Gourmet Free service for creating temporary disposable email accounts. - 73 - © 2004 Douglas Partridge & Kevin Ryan — All Rights Reserved. www.SecureYourComputer.Net Unauthorized duplication or distribution is strictly prohibited. How to Secure Your Computer Using Free Tools and Smart Strategies: An Internet Self-Defense Course Parting Thoughts We worked very hard to make this Internet self-defense course not only informative, but also enjoyable to read (and maybe even a little bit entertaining). While obviously there’s a strong emphasis on tools and the underlying reasons you need them, it’s really your knowledge and security awareness that will serve you best. If you followed the recommendations in this book and the bonus material, we’re confident in saying that you’re very well armed against current threats both on and off the Internet. Here’s to practicing safe computing. All the best, Doug & Kevin P.S. We’re always trying to improve our product, and appreciate feedback. If you found areas that could use improvement, please let us know by sending an email to [email protected] P.P.S. If you enjoyed this book and want to recommend it to others, we’re cool with that. ☺ Please visit our Affiliate page to learn how you can earn generous commissions on each referral. P.P.P.S Any corrections or updates to our book will be posted here. - 74 - © 2004 Douglas Partridge & Kevin Ryan — All Rights Reserved. www.SecureYourComputer.Net Unauthorized duplication or distribution is strictly prohibited. How to Secure Your Computer Using Free Tools and Smart Strategies: An Internet Self-Defense Course Recommended Reading What’s the best kind of book? Thrillers? Mysteries? Biographies? Lust stories? In our opinion, the best are the ones that entertain as well as educate. All of these fall into that category. There are no sleepers here. Enjoy. "Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage" by Clifford Stoll. This is the book that started it all! It’s part thriller, part international intrigue – think Tom Clancy meets Michael Crichton. This is Cliff Stoll’s gripping personal account of detecting and chasing a hacker through cyberspace (before it was called that). "The Art of Deception : Controlling the Human Element of Security" by Kevin Mitnick. Kevin Mitnick is the world’s most famous hacker (he was the inspiration for Mathew Broderick’s character in the movie War Games. From the age of 17 Kevin’s spent nearly half of his adult life either in prison or as a fugitive. Read this fascinating examination of how he skillfully manipulated computer systems and people. "Secrets and Lies : Digital Security in a Networked World" by Bruce Schneier. Bruce Schneier is a true security visionary with a sense of humor to boot. Who would have thought that Star Wars and Raiders of the Lost Ark could be used as examples and metaphors for digital security? Bruce expertly explains that security is a not a product, it’s a process, and technology alone is not the answer. - 75 - © 2004 Douglas Partridge & Kevin Ryan — All Rights Reserved. www.SecureYourComputer.Net Unauthorized duplication or distribution is strictly prohibited.