A little bit about PC security

There are literally thousands of free or nearly free programs that claim to help keep your machine clean of "baddies". Apart from a good router setup right..and a decent firewall/antivirus...I use the following five programs..and have done for a number of years. I would recommend these 5 to everyone as would IT professionals/fixers. A couple of these programs actually give you reports that can be posted in specialist forums, where pro's can analyse your machine then start to tell you what to do..to sanitise your machine if you become infected with some sort of "new baddie" thats just hit the net.

These are all free to use, but some will need to be updated manually rather than on automatic. You have to do a little work in return for getting it for free.

Spyware Blaster - http://www.javacoolsoftware.com/spywareblaster.html
SUPERAntiSpyware - http://www.superantispyware.com/index.html
Malwarebytes antimalware - http://www.malwarebytes.org/mbam.php
Hijack this - http://free.antivirus.com/hijackthis/
Spybot search and destroy - http://www.safer-networking.org/en/spybotsd/index.html

I dont have email on my machine, and have not for about 5-6 years...too great a risk of infection to risk it. All my mail is done online, attachments only opened if I know that person well.

There has been a spate in the last couple of years of "Antivirus warnings" on the net, what happens is things just suddenly appear telling you your antivirus is out of date and click here to fix it..it might show a picture of your hard drive looking busy and constant nags to update now...Do everything you can to get away from that page if you see it. It wants you to click on it and if you do..you'll be infected. Click the "X's" to close those windows asap or "Ctrl, Alt + Delete" to close your browser, failing that...remove your phone line or power down your PC by pressing and holding your PC's power button.

A great forum for expert help is http://www.windowsbbs.com/. If you do get infected, you can get help here...and the programs I listed above will help with the cleaning and analysing of your computer, so they can best help you.

If all that fails...hit it with a hammer...it wont help fix it, but its satisfying none the less!

Steve...

A note about Hijack this
I posted this on another topic (now closed) and should have included that "Hijack this" should not just be used unless asked to by a pro on a help forum somewhere online. Its safe to have on your PC ready to use if its needed, but very handy to have if you have trouble with a virus or malware.

 

Thanks Steve - thats very helpful. I have used a number of such programs - and they can be a hobby in their own right, trying to track down and remove unwanted programs. Unfortunately things can get very complicated.

So I have two seperate computers. On my main one I have my internet banking, online purchases from reputable companies like Amazon.com, Gardeners Corner and very little else. I won't knowingly download anything on that machine.

I have a second machine that I use to surf the internet and download goodies (and perhaps some baddies). The basic rule being that I do nothing and have nothing of any consequence on the second machine. So I don't mind if it gets infected. As I use Windows 98 on it I can reformat it and any other hard disks as many times as I like.

But I think the key is to decide what information you can't afford to lose and to back it up regularly.

 

In that situation, it may be worth looking at Ubuntu linux. ( www.ubuntu.com ). It is rock solid in terms of security and is perfectly capable when it comes to browsing the net and other typical uses.

Some companies use Linux (not necessarily Ubuntu, Red Hat is popular in industry, with the free equivalent being Fedora) for machines that need unrestricted access to the internet. A typical setup has a virus scanner running on the Linux box checking everything coming in, before deciding if it is safe to release to the wider network. As so far there are no current virus that can bust the stronger Linux versions, and even if they could they can't do much without you knowingly granting them superuser rights, you can work safely on a Linux box and have your virus scanner catch anything before it even gets as far as your Windows box. Kind of like an extra robust firewall.

Most routers double as firewalls too. The default settings are often a bit weak. Typically you can reach their configuration page from your local machine by pointing your browser at http://192.168.0.1 where a user friendly page should come up that lets you configure your router. That IP address will be different if you've manually overridden your network settings, but I reckon if you know how to do that then there's no need for me to explain how to get to your router configuration.

The configuration page is different for every router, but generally you would find a Firewall Settings page in there. If you're internet use is nothing more than browsing, picking up emails and downloading the occassional file, then you can set it to allow the appropriate protocols (http, https, ftp, sftp, pop3, smtp and imap4) while blocking all others. You will also typically find a very valuable setting that will say something like 'Ignore ping requests'. Its worth telling it to do so. One of the first stages in a remote attack is to 'ping' a sequence of IP addresses. This involves setting a tiny piece of data to the address and seeing if it comes back. If it does (ie ping replied) then your IP address goes in a big database of machines to be looked at more closely. The next step would be a port scan, where your IP address is ping'ed on a sequence of port numbers to see which ports are replying, and therefore which ports may be a route into your machine from outside.

 

I heartily endorse clueless1's statement. Since changing over to Ubuntu (now using the October 2009 edition) I have had no problems with virus, spam I prefer to sort myself and I don't get these silly Windows error messages popping up.

P.S. I do not use "POP" for email, I always use "IMAP" which keeps the emails on the server.

 

Just to add to Clueless's advice a little about port scanning. A fair majority of "scanners" now range scan so will pick say for example 146.x.x.x to 147.x.x.x to scan for a known vulnerability ie port so maybe port 128 on all ip addresses 146.x.x.x These are specialists, and will be scanning for a vulnerabilty where they have coded the exploit themselves or have an exploit thats not out in the public domain..therefore not known or protected by the top AV corps.

But it all depends on the type of hacker, if its a top level warez hacker, they will go for known high speed ranges or ip addresses such as Universities and corporations (then they can network hack, and gain many boxes) or script kiddies who will hack anything generally on unprotected boxes so they can "0wn joo" (Own you!-lol) by writing things on your website etc etc.

Steve...