Our family PC gets quite a workout. It's a five-year-old machine that runs Windows XP and is used primarily by my daughter and teenage grandson for instant messaging, e-mail, social networking, and downloading audio and video files. Since I rarely use the system, I didn't notice that its antivirus subscription had expired.
Which explains why I was a bit surprised when my grandson called when I was out of town to tell me that the PC was acting strangely. Ads appeared on the desktop as soon as Windows started and Firefox and other programs would occasionally close without warning or fail to open at all.
I immediately suspected a virus and instructed my grandson to perform a virus scan. Unfortunately, the machine's antivirus app had gone AWOL. I talked him through the process of using System Restore to revert the PC to an earlier time. This improved matters somewhat, but the system continued to act flaky.
When I returned from the trip, I started the troublesome machine and attempted to open the Microsoft Update site to make sure its copy of XP was up-to-date. But the malware had managed to disable several Windows services intermittently, including Services.msc, so Internet Explorer would shut down repeatedly.
At this point, I was seriously considering a hard-disk reformat and XP reinstall. I even had the XP installation CD in the drive and was ready to begin the process. But even though my daughter and grandson assured me that they had backup copies of all their personal files, I decided to try one more time to salvage the existing setup.
I'm very glad I did, because it turns out there were lots of vacation and holiday images and videos on the machine that hadn't been backed up. First, I installed a free copy of Malwarebytes' Anti-Malware antivirus program on the infected PC, updated the app's virus definitions, and ran a complete scan.
The initial Malwarebytes Anti-Malware scan detected 104 separate infected files and folders.
(Credit: Malwarebytes)That first scan turned up a mere 104 infected files and folders. Here's a list of the nasties the machine had picked up:
• Trojan.Vundo
• Troja.Vundo.H
• Trojan.FakeAlert
• Rogue.Installer
• Trojan.Downloader
• Trojan. Dropper
• Trojan.Agent
• Worm.KoobFace
• Rogue.AdvancedVirusRemover
• Rogue.SystemSecurity
• Adware.BHO
• Rootkit.Agent
• Spyware.Agent
• Trojan.BHO
• Hijack.LSP
• Rogue.Multiple
• Disabled.Security
After viewing the report, I rebooted the PC and ran another malware scan. This time, Malwarebytes' app found only nine infected files.
The second Malwarebytes Anti-Malware scan detected only nine infected items.
(Credit: Malwarebytes)I rebooted once more and ran yet another scan, which indicated that the PC came up clean.
The third Malwarebytes Anti-Malware scan indicated that all viruses and other malware had been removed from the infected PC.
(Credit: Malwarebytes)Once I was assured that the PC was malware-free, I revisited the Microsoft Update site to download and install all the XP security patches the machine required. Then I sprang for the $25 version of Anti-Malware to get the program's real-time virus scanning and automatic updates.
I knew all attempts to alter the user behavior that led to the infections would be futile, so instead, I instructed my daughter and grandson to run Malwarebyte's scanner each time they start the system and just before each shutdown. That was a little over two weeks ago, and so far, the PC remains free of infection. Still, you can bet I'll be paying much closer attention to that machine from now on.
The list of PC security products never ends. For every name that drops off, two more jump on. In fact, determining the best security hardware and software is a full-time job. Sometimes, you just want to throw up your hands and take your chances.
Maybe I'm just a cockeyed optimist, but I think you can stay safe without spending all your spare time doing research, installing updates, and generally becoming a PC-security expert. Here are five relatively easy ways to improve your security.
Use the firewall that's closest at hand
In the computer industry, the reputation of a product, service, or Web site is just about worthless. Yesterday's best firewall, ad blocker, spam buster, virus spotter, or spyware cleaner is today's bust.
Maybe the product got bought and the new owners aren't as conscientious about updates as the previous ones. Or the service's management team decides to go for profits and skimp on support, updates, and enhancements. There are lots of reasons why a good product goes sour, and the computer industry has seen nearly all of them.
So if you can't go by reputation, how do you choose a security product? One way is to go with the tools you've already got. Windows' security is roundly criticized, but the fact is, it's better than it used to be, and third-party security products have their own shortcomings.
Last February, I recommended that you use a third-party firewall rather than the one built into Windows. Six months earlier, I suggested that you pass on the third-party tools and stick with the Windows Firewall despite its shortcomings.
So which side of the fence am I on now? The simple side. The fact is, any third-party security tool complicates your setup. It's not difficult to find weaknesses in the Windows Firewall, but it's safe enough for most PC users, and it's much better than using no software firewall at all.
My previous post included links to information on Microsoft's TechNet site providing technical details of the Windows Firewall, tips for customizing the Windows Firewall, and help troubleshooting the firewall in XP and Vista.
Don't hesitate to try another free antivirus program
Just last week, I switched antivirus programs on my XP test system--for the umpteenth time. Something was slowing the system down, and after defragging the hard drive and doing other standard maintenance tasks, the machine's performance didn't improve as I expected it to.
Rather than go through a bunch of diagnostic tests, I simply uninstalled the system's antivirus tool and downloaded a competing package. The old and new programs were both free, and the switch didn't take much time to complete. The topper? The XP machine's performance perked up immediately.
Two antivirus programs that are free for home use and that are currently highly rated are Avast Home Edition and Avira AntiVir. You'll find a list of dozens of antivirus programs for Windows on this Download.com page.
Change your password...again
I hate those "your password will expire in x days" warnings as much as you do, but one of the simplest ways to protect yourself is by keeping your passwords fresh. Last year, I described the Ten Password Commandments, one of which was to devise a password-creation strategy that's all your own.
Just two months ago, I complained about the shortcomings of passwords as our primary security option, though I concluded that there's nothing better, for now. Lots of people swear by password managers such as RoboForm, but then you have yet another third-party app complicating matters.
For me, it's simpler just to devise a new password based on my unique, inimitable password-creation system, which I share with no one. No need to write it down, enter it in an online form, or encrypt it in a master-password file. Temporary amnesia, well, that's another matter.
For secure e-mail, use encryption
You would think that encrypting e-mail would be a breeze, but doing so is anything but. You and the recipient have to deal with digital certificates, public and private keys, and any number of other time-eating preparations and precautions.
The simplest way I know of to encrypt your e-mail is by using the Mozilla Foundation's Thunderbird with the Enigmail extension. Jason Thomas provides step-by-step instructions in this tutorial on the Lifehacker site.
Gmail users can secure their e-mail communications by enabling the service's built-in encryption. To do so, click the Settings button at the top-right of the main Gmail screen, scroll to the bottom of the General tab, select "Always use https," and click Save Changes.
Select "Always use https" under the General tab in Gmail's Settings to encrypt your messages.
(Credit: Google)
Keep your browser up-to-date
Most people will tell you that the Mozilla Foundation's Firefox browser is the safest way to surf, but a recent report from Google Switzerland and the Swiss Federal Institute of Technology found that "(u)sing the most recent version of a browser will lower the risk associated with drive-by-downloads and other Web-based attacks, which start by targeting the browser."
The report cites Google Chrome's silent updates as the best way to ensure that your browser is protected. The researchers also laud Chrome's lack of a way for users to disable its silent-update feature. Some people will object to software being downloaded to and installed on their system without their knowledge, but the fact is, these behind-the-scenes updates are the best way to keep you safe from the Internet bad guys.
Personally, I'm starting to rethink my choice of default browser. But as I mentioned earlier, you can't put any faith in a computer security product's reputation. And you can't be afraid to switch.
The malware assault on our PCs escalated in 2008, according to antivirus vendor F-Secure. The company's threat summary for the second half of 2008 reports that F-Secure added 1 million virus definitions to its database this year, a threefold increase from the number of viruses the Finnish security vendor detected in 2007.
Today's malware authors aren't just looking to cause trouble; they're after your money and personal information, which these days are synonymous. Attacks are only going to increase in number and sophistication. If you thought you could avoid an infection by staying away from questionable sites, downloads, and e-mail links, you're mistaken.
The only way to play it safe is to assume the worst. That's why I spent several hours last week disinfecting a notebook computer that probably wasn't infected in the first place.
It all started when I decided to run a free online virus scan on my notebook. I use a top-rated security suite that's set to update its virus definitions and other settings automatically, so I was confident that the scan would come up empty. (I'm not going to name either product because I don't want this post to be construed as a recommendation one way or the other.)
Unfortunately, after a complete system check, the online virus service told me it found two suspicious files on my notebook. The scanner's option to remove the files was grayed out, and the option to "skip" them was recommended.
It appears that the files were flagged as potential problems because they included the word "trojan" in their names. I acknowledge the "hide in plain sight" approach, but I doubt that many malware authors would be so kind as to identify their creation in the file name itself.
Still, the scan had introduced the possibility of an infection, so I immediately closed the notebook's Internet connection, updated the virus definition database of the antivirus software installed on the machine itself, and performed a full system scan using that program.
I wasn't surprised when the scan came up clean--several hours later--but I was relieved that I didn't have to go into full wipe-out mode, doing a complete system scrub and changing all my passwords. (Come to think of it, I should probably sanitize the system and refresh my passwords, anyway.)
Three years ago, I wrote a story called 10-Step Security that promised to lock down your PC in only an hour. The tips in that article are beginning to show their age, so this week, I'll be updating them here to reflect the new reality of computing in dangerous times.
When the free trial of the security software that shipped with my Vista PC expired, I decided to uninstall it and give the free versions of competing antivirus and firewall programs a try. For some reason, this caused my Internet connection to drop intermittently.
When I uninstalled the new programs and ponied up for the full version of the security suite, the network outages ceased. I never did figure out why my system didn't take to the new security apps, but the hassles I avoided by taking the suite approach to security justified the cost of the program.
The experience got me thinking about whether I need any antivirus software at all. I've got a near-real-time backup service that saves my data files regularly, and I don't usually frequent the Internet's dicier locations.
Ultimately, I decided that security software is really PC insurance. Even careful, cautious, tech-savvy people can fall prey to a malware attack. It would take only one thwarted infection for the program to prove its worth. And sticking with a single security vendor whose products are proven effective is the best way I know to reduce the chances of compatibility problems.
In PC World's most recent review of security suites, Symantec's $70 Norton Internet Security finished a couple of notches above the $80 Kaspersky Internet Security and $70 McAfee Internet Security Suite.
Sometimes it's okay to put down your defenses
Most security programs have some components that are always active. This robs your system some processing power and memory. Just how much processing power and memory depends on the program and how it's configured.
When you're running an application that requires all the system resources your PC can muster, you can reclaim a few by temporarily closing your antivirus program. The fastest way to do this may be to right-click its icon in the system tray and choose Exit or Close. It's a good idea to keep your firewall running at all times, but if none of your open apps have an Internet link active, you can do without virus protection.
If your browser fails to open certain sites or your network link starts acting up in some other way, a short-term solution may be to shut down your security program temporarily. (You can also try clearing your browser's cache.) If closing the security app restores the network connection, add the balky sites to the program's white list of safe Web destinations.
Wikipedia's antivirus page provides loads of background on the programs. Of particular interest are the page's "Issues of concern" and "Effectiveness" sections (scroll down to find them).
About five years ago I installed the family version of Symantec's Norton Internet Security software on one of my PCs, rendering the machine unusable. Not only couldn't I get any access to the Internet, it was impossible to uninstall the program. I ended up having to reinstall the operating system and all my applications--except Norton Internet Security. At the time I said I would never again install a Symantec security program on any PC, but about a year ago I bought a PC that came with 90 days of Norton 360, and the program won me over. When the free trial period was over I even coughed up $80 for a year's subscription. Apart from the frequent nags about my need to back up (I prefer to use my own manual backup strategy), I'm happy with the Norton 360.
Now the other side of the coin: I've used CheckPoint's ZoneAlarm firewall--both the free and pro versions--for many years, and on many different PCs. The program would occasionally prevent a legitimate program from performing some operation, but on those rare instances I merely shut the firewall down long enough to complete the task, and then turned it back on. No problem.
Until this morning, that is. I spent four hours trying to update a Web site via ftp, only to be told that access to my ISP's ftp server was denied. I tried using the WS_FTP Pro ftp program, Windows Explorer, Firefox, and even a WYSIWYG Web editor, but nothing could get through to the server. I could access the remote system on another PC on my network, but I wanted to avoid having to move the files in question to that PC to complete the transfer. Just last week I had ftp'ed some files without a problem.
After several calls to my blameless ISP, a tech suggested that I uninstall ZoneAlarm. Not just shut it down (which I had already tried), but completely uninstall the app. This struck me as somewhat extreme, but after spending so much time trying to figure out the glitch, I thought it was worth a try. And what do you know: as soon as ZoneAlarm was off the system, I could access the ftp server without a hitch.
Customize your firewall's ftp access using these settings in the free Comodo Firewall Pro.
I suppose I could try to figure out why ZoneAlarm all of a sudden threw a monkey wrench into my server access, but it's quicker and simpler to rely on another free firewall. My ISP's tech guy said he trusted the firewall built into XP, which he claims Microsoft has improved tremendously. But its protection is one way: it doesn't monitor traffic from the PC to the Internet, just stuff inbound. Instead, I loaded the free Comodo Firewall Pro, which also scans your system for viruses, spyware, and other threats. Since I use a remote-access service to log into this PC while on the road, I chose to review requests for incoming connections rather than to block them automatically, which means I'll have to click through a few more pop-ups. But for me this is a small price to pay for the added convenience of remote access.
After you install the Comodo firewall it starts to train itself.
After you install the program and reboot, Comodo "learns" your system, running through the standard processes and services. It also learns as you open your browser and other network-connecting applications for the first time. Once its training is complete, you can click the Comodo icon in the system tray to view your blocked and allowed connections, as well as other traffic data. You also get a snapshot of your running applications, and your choice of five security and alert-frequency settings.
Get a snapshot of your system security on the Comodo Firewall Pro's summary page.
So what did my morning in tech-support hell teach me? First, that my ISP's tech support staff is worth their weight in gold (even if I did assume at first that it was all their fault). Second, that I'm glad there's a myriad of free options when it comes to PC security software. Third, that things change quickly in the computer world, and it doesn't pay to be glued to your assumptions. And fourth, if a program encounters a problem accessing the Internet, check for a conflict with your security software before you get on the horn to your ISP's tech support.
Tomorrow: tweak Windows XP for optimum performance.
What am I, nuts?
Removing the antivirus software from your PC goes against conventional wisdom, but a lot of conventional wisdom is bunk, especially when it comes to technology.
Two of the five PCs on my home network have been without AV software for six months, ever since I made the mistake of loading the beta of Windows Live OneCare 2 on my home network. This stellar example of the programming art brought my entire network to its knees in a matter of minutes. After three days of repairs, my network was working again, but I realized that two of the systems no longer had any antivirus software installed. I could've downloaded and installed one of the many free AV programs (Avast is my favorite, although it's free only for home and non-commercial use), but it was late, so I decided to take care of it "tomorrow".
In this case, tomorrow never came. Funny thing, I've been using the PCs as I always did, and they remain virus-free. I know because I just checked them both using Trend Micro's free Housecall online virus scanner.
Yesterday one of my PCs that still has AV software popped up a message that it was time for an update. Of course, I was in the middle of something that needed to get done right away, but like most PC users, I've grown accustomed to these interruptions, so I stopped what I was doing to let the AV program play through.
Wouldn't you know that this was one of those updates that required a restart? "Hey," I wanted to say, "I'm workin' here!" I had to fight the temptation to jump right to Add/Remove Programs (which Vista euphemistically calls "Programs and Features") and bounce the app once and for all. I didn't, but I have a feeling the program's days are numbered.
Be Careful Out There
The first thing you need if you fly AV-free is a bidirectional firewall. You can do better than Microsoft's free Windows Defender. Checkpoint Software's ZoneAlarm gets the lion's share of the press; it's free for individuals and not-for-profit organizations, excluding schools and government agencies. Another option is Sunbelt Personal Firewall, formerly Kerio Personal Firewall. The 30-day free trial of the $10 version reverts to the free release, minus a few features, if you choose not to pay.
Next, mind your downloads. "Free" music and video files available for download from the Internet are often loaded with some nasty viruses. The best advice is to pay for your entertainment, and avoid any site outside the mainstream. An alternative is to convert an old PC into your dicey system, the one you use when you want to visit a site whose content you're not sure about. Make sure that PC has antivirus software, a firewall, an updated copy of Windows (or better yet, a less-vulnerable OS), a bullet-proof case, and a hazmat suit. (Okay, you can skip those last two.)
Mind Your Mail
Another common source of malware is e-mail. One of the best ways to avoid mail-borne infections is to switch from HTML to plain text. In Outlook 2003, click Tools*Options*Preferences*E-mail Options. Under Message handling, check Read all standard mail as plain text. In Outlook 2007, choose Tool*Trust Center*E-mail Security. Click Read all standard mail in plain text under Read as Plain Text in the right pane. If you use Mozilla Thunderbird, simply click View*Message Body As*Plain Text.
Prevent e-mail-borne malware attacks by reading your Outlook 2007 mail as plain text.
Also, don't click links in e-mail messages, even if you know the person who sent it. Some viruses hijack address books and send messages to every entry, so they appear to be from someone you're acquainted with. Instead, either copy the link and paste it into your browser's address bar, or go to the home page of the site (by removing everything in the URL to the right of the ".com", ".org", or other top-level domain), and then search the site for the page in question. If you're the least bit wary of the link, just let it be, or at least reply to the person beforehand to confirm that the link is valid.
Tomorrow: Centralize your e-mail.
- prev
- 1
- next
