The list of PC security products never ends. For every name that drops off, two more jump on. In fact, determining the best security hardware and software is a full-time job. Sometimes, you just want to throw up your hands and take your chances.
Maybe I'm just a cockeyed optimist, but I think you can stay safe without spending all your spare time doing research, installing updates, and generally becoming a PC-security expert. Here are five relatively easy ways to improve your security.
Use the firewall that's closest at hand
In the computer industry, the reputation of a product, service, or Web site is just about worthless. Yesterday's best firewall, ad blocker, spam buster, virus spotter, or spyware cleaner is today's bust.
Maybe the product got bought and the new owners aren't as conscientious about updates as the previous ones. Or the service's management team decides to go for profits and skimp on support, updates, and enhancements. There are lots of reasons why a good product goes sour, and the computer industry has seen nearly all of them.
So if you can't go by reputation, how do you choose a security product? One way is to go with the tools you've already got. Windows' security is roundly criticized, but the fact is, it's better than it used to be, and third-party security products have their own shortcomings.
Last February, I recommended that you use a third-party firewall rather than the one built into Windows. Six months earlier, I suggested that you pass on the third-party tools and stick with the Windows Firewall despite its shortcomings.
So which side of the fence am I on now? The simple side. The fact is, any third-party security tool complicates your setup. It's not difficult to find weaknesses in the Windows Firewall, but it's safe enough for most PC users, and it's much better than using no software firewall at all.
My previous post included links to information on Microsoft's TechNet site providing technical details of the Windows Firewall, tips for customizing the Windows Firewall, and help troubleshooting the firewall in XP and Vista.
Don't hesitate to try another free antivirus program
Just last week, I switched antivirus programs on my XP test system--for the umpteenth time. Something was slowing the system down, and after defragging the hard drive and doing other standard maintenance tasks, the machine's performance didn't improve as I expected it to.
Rather than go through a bunch of diagnostic tests, I simply uninstalled the system's antivirus tool and downloaded a competing package. The old and new programs were both free, and the switch didn't take much time to complete. The topper? The XP machine's performance perked up immediately.
Two antivirus programs that are free for home use and that are currently highly rated are Avast Home Edition and Avira AntiVir. You'll find a list of dozens of antivirus programs for Windows on this Download.com page.
Change your password...again
I hate those "your password will expire in x days" warnings as much as you do, but one of the simplest ways to protect yourself is by keeping your passwords fresh. Last year, I described the Ten Password Commandments, one of which was to devise a password-creation strategy that's all your own.
Just two months ago, I complained about the shortcomings of passwords as our primary security option, though I concluded that there's nothing better, for now. Lots of people swear by password managers such as RoboForm, but then you have yet another third-party app complicating matters.
For me, it's simpler just to devise a new password based on my unique, inimitable password-creation system, which I share with no one. No need to write it down, enter it in an online form, or encrypt it in a master-password file. Temporary amnesia, well, that's another matter.
For secure e-mail, use encryption
You would think that encrypting e-mail would be a breeze, but doing so is anything but. You and the recipient have to deal with digital certificates, public and private keys, and any number of other time-eating preparations and precautions.
The simplest way I know of to encrypt your e-mail is by using the Mozilla Foundation's Thunderbird with the Enigmail extension. Jason Thomas provides step-by-step instructions in this tutorial on the Lifehacker site.
Gmail users can secure their e-mail communications by enabling the service's built-in encryption. To do so, click the Settings button at the top-right of the main Gmail screen, scroll to the bottom of the General tab, select "Always use https," and click Save Changes.
Select "Always use https" under the General tab in Gmail's Settings to encrypt your messages.
(Credit: Google)
Keep your browser up-to-date
Most people will tell you that the Mozilla Foundation's Firefox browser is the safest way to surf, but a recent report from Google Switzerland and the Swiss Federal Institute of Technology found that "(u)sing the most recent version of a browser will lower the risk associated with drive-by-downloads and other Web-based attacks, which start by targeting the browser."
The report cites Google Chrome's silent updates as the best way to ensure that your browser is protected. The researchers also laud Chrome's lack of a way for users to disable its silent-update feature. Some people will object to software being downloaded to and installed on their system without their knowledge, but the fact is, these behind-the-scenes updates are the best way to keep you safe from the Internet bad guys.
Personally, I'm starting to rethink my choice of default browser. But as I mentioned earlier, you can't put any faith in a computer security product's reputation. And you can't be afraid to switch.
My previous post on free alternatives to Windows' built-in utilities confused the Windows Firewall with Windows Defender, which protects against viruses. (My thanks to the folks who pointed out the error.)
The fact is, I stopped paying attention to both programs a long time ago. First, I decided security is too important to leave up to Microsoft. Second, I can do without the hassle of managing separate applications for various security tasks. To me, the time I recover repays the cost of a security suite many times over.
So what's wrong with the Windows Firewall? It doesn't monitor outbound connections by default, and not at all in Windows XP. You can change some Windows Firewall settings in the Security Center (click Windows Firewall in the left pane and then choose "Change settings"). However, the majority of firewall settings are accessed via the Administrative Tools Control Panel applet, which you can open in Vista by pressing the Windows key, typing wf.msc, and pressing Enter.
The Windows Firewall with Advanced Security applet lets you customize the security program's rules.
(Credit: Microsoft)The best reason to use a third-party firewall is because they're clearly better than the Windows Firewall, and several are free. Top Windows Tutorials compares the XP and Vista versions of the Windows Firewall to the ZoneAlarm and Outpost firewalls. (Note that the free version of the Outpost Firewall is no longer supported.)
The top-rated firewall in Matousec Security's most recent shootout is the free Online Armor Personal Firewall, which was the only product to merit a rating of "excellent." Seven other software firewalls were rated "very good," two of which are also free.
You'll find technical details about the Windows Firewall in this Microsoft TechNet article and information on customizing the program in this article on the same site.
Microsoft offers a troubleshooting tool for the Windows Firewall in XP. If you're having problems with Vista's built-in firewall, check out this troubleshooting guide on Microsoft's TechNet site.
I wouldn't give you a nickel for all the system tools that come with Windows. That's because I can replace them with programs that do the job better without spending even that much.
Start with the firewall, which most people would consider an indispensable piece of software. Windows Defender's firewall is better than none at all, but not by much. Of the free alternatives, my favorite is the Comodo Firewall Pro. I described why and how I switched from ZoneAlarm to Comodo in a post from last February.
Since that time, I replaced the Comodo firewall and all my other free security apps with a commercial security suite. For me, the convenience of a single security program is worth paying for.
However, I recognize that many people will gladly put up with maintaining several individual apps if they can save a few dollars. For them, Comodo's a good firewall choice. Popular antivirus programs that are free for home use are AVG, Avira AntiVir, Malwarebytes Anti-Malware, ESET NOD32, and Avast.
Top-rated spyware blockers include Ad-Aware, Spybot Search and Destroy, and Spyware Blaster.
Plenty of better browsers
Internet Explorer 7 has been a big improvement over IE 6, and early reports are that IE 8 will be a big step up from the current release. But Internet Explorer isn't even my fifth favorite browser, trailing (in no particular order) Firefox, Opera, SeaMonkey, Chrome, and Safari.
I acknowledge that some people have to use Internet Explorer--maybe their organization requires it--but the rest of us have no excuse for limiting ourselves to a single browser. The NoScript add-on (donationware) that lets you block scripts in Firefox is reason enough to use that browser. IE has nothing to compare with it.
One-step cleanup tool is the multitasking champ
I'm surprised that so many PC users don't know about Piriform's CCleaner (donationware), which does the job of about a half-dozen Windows applets. Along with a disk cleaner, you get a program uninstaller, a start-up manager, and a Registry checker.
CCleaner clears the clutter from your drive and performs other system tasks with aplomb.
(Credit: Piriform)You have to exercise a little restraint the first few times you run CCleaner, which empties your Recycle Bin, clears your Internet history, and performs other irreversible system chores. Still, I've been using CCleaner for several years and haven't had any problems with the program yet.
A new alternative for shoring up your drive's sectors
In a post from last March, I described the free Disk Defrag utility from Auslogics. My new favorite free disk defragger is another Piriform product, Defraggler (donationware). The program recovered 20GB of lost space on my laptop's 200GB hard drive, though in my unscientific tests it seemed to take longer to complete the defragmentation than it does when using Disk Defrag. This might indicate that Defraggler's doing a more thorough job, but maybe not.
The Defraggler disk defragger provides more info than Windows' built-in defragger.
(Credit: Piriform)You can also defrag from a command prompt. To open a command prompt in Vista, press the Windows key, type cmd, and press enter. In XP, click Start > Run, type cmd, and press Enter. The Vista Forums provide a detailed explanation of the many options you have when you defrag the DOS way.
Some people claim defragging does nothing to speed up your system. Even though my notebook wasn't necessarily low on disk space, I'll take that recovered 20GB any day.
Freebies for inveterate system tweakers only
Sysinternals, which is now part of Microsoft, offers a solid lineup of utilities for digging deep into Windows' darkest corners. Two of my favorites are Process Explorer and its cousin, Process Monitor. Once you get a handle on the information they present, the programs give you as complete a glimpse inside Windows--in real time--as you'll find anywhere.
Sometimes you just can't win. That's the way it is with the Windows Firewall. The one in XP can't monitor connections from your PC to the outside world--which is how botnets, Trojans, and other malware operate. The firewall in Vista can block outbound connections, but this feature is off by default, and it's practically impossible to create filters to block selective outbound links.
On the one hand, Microsoft claims that you don't need outbound filtering if you use the Windows Defender anti-spyware app to keep the snoops off your PC in the first place. On the other, it sells the $50-per-year Windows Live OneCare service that does let you filter outbound connections selectively. Go figure.
If you make the safe assumption that outbound monitoring is a requirement of your software firewall, your only option is to replace the firewall built into Windows. Several free firewalls offer outbound filtering, but using a third-party firewall can slow your PC's performance, especially as the firewall learns what to allow and block without having to prompt you.
Quite often a problem connecting to the Internet or your ISP's e-mail server can be traced to a conflict with a third-party firewall. Disable the firewall, and the connection returns. Adding the destination to the firewall's allowed list usually takes care of the problem, but that doesn't lessen the aggravation level much.
And there's another risk entailed in using a third-party firewall, as some people who use ZoneAlarm found out last month when a Windows patch caused them to lose their Internet link.
Most Windows users will simply bite the bullet and run a third-party firewall, but I can't think of any other product that requires some second product to use safely. (Okay, maybe an outboard motor, but that's about it.) Relying on the Windows Firewall is like buying a car without seatbelts or with airbags that inflate only halfway.
I could tell you how to reset Vista's firewall to block outbound connections (press the Windows key, type wf.msc, press Enter, click Windows Firewall Properties, and change each profile's "Outbound connections" setting to Block), but there's no guarantee this will protect you, and doing so may cause some applications not to work properly.
Change the "Outbound connections" settings in the Vista firewall to Block.
(Credit: Microsoft)After reading through Microsoft's TechNet article on the Windows Firewall with Advanced Security (the version in Vista and Windows Server 2008), I figure the only profile I need to block outbound connections from is the Public Profile, which is the one Windows defaults to when you're not on a Windows domain or private network. (You designate a network as private in the dialog box that Windows pops up the first time you try to connect to it.)
I may pay a price, one way or another, for sticking with the firewall built into Vista, but I just can't bring myself to download software to provide a security measure that should be built into the OS. (Don't get me started on antivirus and spam blockers.)
About five years ago I installed the family version of Symantec's Norton Internet Security software on one of my PCs, rendering the machine unusable. Not only couldn't I get any access to the Internet, it was impossible to uninstall the program. I ended up having to reinstall the operating system and all my applications--except Norton Internet Security. At the time I said I would never again install a Symantec security program on any PC, but about a year ago I bought a PC that came with 90 days of Norton 360, and the program won me over. When the free trial period was over I even coughed up $80 for a year's subscription. Apart from the frequent nags about my need to back up (I prefer to use my own manual backup strategy), I'm happy with the Norton 360.
Now the other side of the coin: I've used CheckPoint's ZoneAlarm firewall--both the free and pro versions--for many years, and on many different PCs. The program would occasionally prevent a legitimate program from performing some operation, but on those rare instances I merely shut the firewall down long enough to complete the task, and then turned it back on. No problem.
Until this morning, that is. I spent four hours trying to update a Web site via ftp, only to be told that access to my ISP's ftp server was denied. I tried using the WS_FTP Pro ftp program, Windows Explorer, Firefox, and even a WYSIWYG Web editor, but nothing could get through to the server. I could access the remote system on another PC on my network, but I wanted to avoid having to move the files in question to that PC to complete the transfer. Just last week I had ftp'ed some files without a problem.
After several calls to my blameless ISP, a tech suggested that I uninstall ZoneAlarm. Not just shut it down (which I had already tried), but completely uninstall the app. This struck me as somewhat extreme, but after spending so much time trying to figure out the glitch, I thought it was worth a try. And what do you know: as soon as ZoneAlarm was off the system, I could access the ftp server without a hitch.
Customize your firewall's ftp access using these settings in the free Comodo Firewall Pro.
I suppose I could try to figure out why ZoneAlarm all of a sudden threw a monkey wrench into my server access, but it's quicker and simpler to rely on another free firewall. My ISP's tech guy said he trusted the firewall built into XP, which he claims Microsoft has improved tremendously. But its protection is one way: it doesn't monitor traffic from the PC to the Internet, just stuff inbound. Instead, I loaded the free Comodo Firewall Pro, which also scans your system for viruses, spyware, and other threats. Since I use a remote-access service to log into this PC while on the road, I chose to review requests for incoming connections rather than to block them automatically, which means I'll have to click through a few more pop-ups. But for me this is a small price to pay for the added convenience of remote access.
After you install the Comodo firewall it starts to train itself.
After you install the program and reboot, Comodo "learns" your system, running through the standard processes and services. It also learns as you open your browser and other network-connecting applications for the first time. Once its training is complete, you can click the Comodo icon in the system tray to view your blocked and allowed connections, as well as other traffic data. You also get a snapshot of your running applications, and your choice of five security and alert-frequency settings.
Get a snapshot of your system security on the Comodo Firewall Pro's summary page.
So what did my morning in tech-support hell teach me? First, that my ISP's tech support staff is worth their weight in gold (even if I did assume at first that it was all their fault). Second, that I'm glad there's a myriad of free options when it comes to PC security software. Third, that things change quickly in the computer world, and it doesn't pay to be glued to your assumptions. And fourth, if a program encounters a problem accessing the Internet, check for a conflict with your security software before you get on the horn to your ISP's tech support.
Tomorrow: tweak Windows XP for optimum performance.
What am I, nuts?
Removing the antivirus software from your PC goes against conventional wisdom, but a lot of conventional wisdom is bunk, especially when it comes to technology.
Two of the five PCs on my home network have been without AV software for six months, ever since I made the mistake of loading the beta of Windows Live OneCare 2 on my home network. This stellar example of the programming art brought my entire network to its knees in a matter of minutes. After three days of repairs, my network was working again, but I realized that two of the systems no longer had any antivirus software installed. I could've downloaded and installed one of the many free AV programs (Avast is my favorite, although it's free only for home and non-commercial use), but it was late, so I decided to take care of it "tomorrow".
In this case, tomorrow never came. Funny thing, I've been using the PCs as I always did, and they remain virus-free. I know because I just checked them both using Trend Micro's free Housecall online virus scanner.
Yesterday one of my PCs that still has AV software popped up a message that it was time for an update. Of course, I was in the middle of something that needed to get done right away, but like most PC users, I've grown accustomed to these interruptions, so I stopped what I was doing to let the AV program play through.
Wouldn't you know that this was one of those updates that required a restart? "Hey," I wanted to say, "I'm workin' here!" I had to fight the temptation to jump right to Add/Remove Programs (which Vista euphemistically calls "Programs and Features") and bounce the app once and for all. I didn't, but I have a feeling the program's days are numbered.
Be Careful Out There
The first thing you need if you fly AV-free is a bidirectional firewall. You can do better than Microsoft's free Windows Defender. Checkpoint Software's ZoneAlarm gets the lion's share of the press; it's free for individuals and not-for-profit organizations, excluding schools and government agencies. Another option is Sunbelt Personal Firewall, formerly Kerio Personal Firewall. The 30-day free trial of the $10 version reverts to the free release, minus a few features, if you choose not to pay.
Next, mind your downloads. "Free" music and video files available for download from the Internet are often loaded with some nasty viruses. The best advice is to pay for your entertainment, and avoid any site outside the mainstream. An alternative is to convert an old PC into your dicey system, the one you use when you want to visit a site whose content you're not sure about. Make sure that PC has antivirus software, a firewall, an updated copy of Windows (or better yet, a less-vulnerable OS), a bullet-proof case, and a hazmat suit. (Okay, you can skip those last two.)
Mind Your Mail
Another common source of malware is e-mail. One of the best ways to avoid mail-borne infections is to switch from HTML to plain text. In Outlook 2003, click Tools*Options*Preferences*E-mail Options. Under Message handling, check Read all standard mail as plain text. In Outlook 2007, choose Tool*Trust Center*E-mail Security. Click Read all standard mail in plain text under Read as Plain Text in the right pane. If you use Mozilla Thunderbird, simply click View*Message Body As*Plain Text.
Prevent e-mail-borne malware attacks by reading your Outlook 2007 mail as plain text.
Also, don't click links in e-mail messages, even if you know the person who sent it. Some viruses hijack address books and send messages to every entry, so they appear to be from someone you're acquainted with. Instead, either copy the link and paste it into your browser's address bar, or go to the home page of the site (by removing everything in the URL to the right of the ".com", ".org", or other top-level domain), and then search the site for the page in question. If you're the least bit wary of the link, just let it be, or at least reply to the person beforehand to confirm that the link is valid.
Tomorrow: Centralize your e-mail.
- prev
- 1
- next
