The second of my three-part update of the 10-Step Security story I wrote three years ago shows that some tech advice stands the test of time. (A post earlier this week freshened up tips one, two, and three from that story, which focus on Windows updates and security features.)
Step 4: Ensure that you can see file extensions and all Windows system files in Windows Explorer and folder windows.
These days, you're less likely to encounter a dangerous executable file masquerading as a harmless type of file, but viewing file extensions and hidden files remains a good idea. The steps in the original article for making this change in XP are the same in Vista's version of Windows Explorer, though you may have to press the Alt key to show the Tools menu.
Step 5: Set the security level of Internet Explorer's Internet zone to High.
There's nothing stale about this advice. Of course, you should now be using IE 7 rather than IE 6, which is much less secure than its successor. The steps to reset your Internet zone security level are a bit different in IE 7: click Tools > Internet Options > Security, choose Internet in the box of zones at the top of the dialog box, move the security-level slider to High, and click Apply or OK.
Set Internet Explorer 7's Internet zone security level to High.
(Credit: Microsoft)As the original article stated, this security level will generate pop-ups whenever you try to open a site that's not on your approved list. To add sites to this list in IE 7, choose the "Trusted sites" icon in the zone box at the top of the Security dialog box, click the Sites button, type the site URLs in the top box one at a time, and click Add. Keep the option on the bottom to require server verification unchecked.
Add the sites you trust to Internet Explorer 7's whitelist.
(Credit: Microsoft)Step 6: Use the NoScript add-on to block scripts in Firefox on a page-by-page and element-by-element basis.
Of course, the simplest way to improve your chances of staying safe on the Web is to use a browser other than IE. I'm not saying Firefox, Opera, and other browsers don't have flaws of their own. It's just that those programs aren't targeted by the bad guys as often as IE is.
Giorgio Maone's NoScript add-on for Firefox lets you decide which scripts are allowed to run before the page loads. NoScript was relatively new back in 2005 when that article was written, but the program has stood the test of time. Note that the program's author accepts donations to offset the cost of maintaining and updating the application.
Another option for blocking Flash content in Firefox is by using Nicolas Martin's Flash Killer add-on. Apart from ensuring that no malware finds its way onto your PC via a Flash file embedded on a Web page, the program speeds up your browsing by blocking Flash ads from loading along with the regular content of the page.
In my next post, I'll revisit the last four tips in 10-Step Security, which deal with e-mail safety.
Modern browsers are much better than their predecessors at keeping your Web activity private and your data safe. Still, you may not have your browser configured to provide optimum security. Take a few minutes to give Internet Explorer 7 and Firefox 2 a safety check.
Batten down IE7's hatches
The version of IE7 for Vista adds the Protected Mode, which allows Web sites to access only the Temporary Internet Files folder on your PC. According to Microsoft, this feature is on by default for the Internet, Intranet, and Restricted zones, but disabled for the Trusted Sites and Local Machine zones. On my machine it was enabled for all zones. You'll see "Protected Mode: On" in the status bar when it's active, or click Tools > Internet Options > Security, and make sure "Enable Protected Mode (requires restarting Internet Explorer)" is checked at the bottom of each zone.
Maximize security in IE7 for Vista by making sure Protected Mode is enabled.
(Credit: Microsoft)There have been some reports of Protected Mode causing problems, so if a particular page won't load or run correctly, disabling this feature may solve the glitch, though I don't recommend keeping Protected Mode off. The Web's not getting any safer, and you need all the protection you can get.
Another great new feature in IE7--for XP and Vista alike--is the Phishing Filter. Why the filter is off by default I'll never know. To activate it, click Tools > Phishing Filter > Turn On Automatic Website Checking > OK. Unfortunately, choosing Tools > Phishing Filter > Phishing Filter Settings merely opens the Advanced Internet Options dialog box, where you can scroll down to the Phishing Filter section under Security, only to find that your only two options are to disable the filter, and to "turn off automatic website checking." But while you're in the Advanced Options settings, make sure "Automatically check for Internet Explorer updates" is checked in the Browsing section. Click OK when you're done.
Get into the habit of covering your browsing tracks on a regular basis. In IE7 you can wipe out your browser history, Temporary Internet Files, cookies, saved form data, and saved passwords at one time by clicking Tools > Delete Browsing History > Delete All. Or erase each category separately by clicking the appropriate button in the Delete Browsing History dialog box.
Wipe your browser's history clean by clicking Delete All in IE7's Delete Browsing History dialog, or clear each category separately.
(Credit: Microsoft)
Stay safe while browsing with Firefox
Just because Mozilla's open-source browser has a reputation for security doesn't mean you can use it to visit any site on the Web without a care in the world. Last month I described NoScript, a free Firefox add-on (donationware, actually) that lets you decide which scripts can run on which Web pages on a case-by-case basis. If you use Firefox regularly and you haven't added NoScript, download and install it, and in no time you'll wonder how you ever browsed without it.
There's another simple step you can take to improve Firefox's security: Make sure you have the browser set to update automatically. The current version is 2.0.0.12; to check your copy's version, click Help > About Mozilla Firefox, and look for the version number under the product's name. To verify that the program updates automatically, click Tools > Options > Advanced > Updates, and make sure Firefox is checked under "Automatically check for updates to." You may also want to check "Automatically download and install the update" under "When updates to Firefox are found." I also check "Installed Add-ons" under the former, and "Warn me if this will disable any of my add-ons" under the latter.
Set Firefox to check for updates automatically via the Advanced Options dialog box.
(Credit: Mozilla Foundation)Not long ago an attempt was made to spoof Firefox's address bar to fool people into thinking they were on a site other than the one they were actually visiting when a link opened in a new window. The simplest way to avoid this is by setting Firefox to open links in a new tab rather than a new window: Click Tools > Options > Tabs, and make sure "A new tab" is selected under "New pages should be opened in." You can also disable this feature by typing about:config in the address bar, pressing Enter, navigating to dom.disable_window_open_feature.location, and double-clicking it to change it to "true".
Web sites often know the page you were on before you opened one of their pages. To block this referrer header, type about:config in the address bar, press Enter, navigate to network.http.sendRefererHeader, double-click it, and set the integer value to 0.
Tomorrow: Get your Office docs online with Office Live Workspace.
What am I, nuts?
Removing the antivirus software from your PC goes against conventional wisdom, but a lot of conventional wisdom is bunk, especially when it comes to technology.
Two of the five PCs on my home network have been without AV software for six months, ever since I made the mistake of loading the beta of Windows Live OneCare 2 on my home network. This stellar example of the programming art brought my entire network to its knees in a matter of minutes. After three days of repairs, my network was working again, but I realized that two of the systems no longer had any antivirus software installed. I could've downloaded and installed one of the many free AV programs (Avast is my favorite, although it's free only for home and non-commercial use), but it was late, so I decided to take care of it "tomorrow".
In this case, tomorrow never came. Funny thing, I've been using the PCs as I always did, and they remain virus-free. I know because I just checked them both using Trend Micro's free Housecall online virus scanner.
Yesterday one of my PCs that still has AV software popped up a message that it was time for an update. Of course, I was in the middle of something that needed to get done right away, but like most PC users, I've grown accustomed to these interruptions, so I stopped what I was doing to let the AV program play through.
Wouldn't you know that this was one of those updates that required a restart? "Hey," I wanted to say, "I'm workin' here!" I had to fight the temptation to jump right to Add/Remove Programs (which Vista euphemistically calls "Programs and Features") and bounce the app once and for all. I didn't, but I have a feeling the program's days are numbered.
Be Careful Out There
The first thing you need if you fly AV-free is a bidirectional firewall. You can do better than Microsoft's free Windows Defender. Checkpoint Software's ZoneAlarm gets the lion's share of the press; it's free for individuals and not-for-profit organizations, excluding schools and government agencies. Another option is Sunbelt Personal Firewall, formerly Kerio Personal Firewall. The 30-day free trial of the $10 version reverts to the free release, minus a few features, if you choose not to pay.
Next, mind your downloads. "Free" music and video files available for download from the Internet are often loaded with some nasty viruses. The best advice is to pay for your entertainment, and avoid any site outside the mainstream. An alternative is to convert an old PC into your dicey system, the one you use when you want to visit a site whose content you're not sure about. Make sure that PC has antivirus software, a firewall, an updated copy of Windows (or better yet, a less-vulnerable OS), a bullet-proof case, and a hazmat suit. (Okay, you can skip those last two.)
Mind Your Mail
Another common source of malware is e-mail. One of the best ways to avoid mail-borne infections is to switch from HTML to plain text. In Outlook 2003, click Tools*Options*Preferences*E-mail Options. Under Message handling, check Read all standard mail as plain text. In Outlook 2007, choose Tool*Trust Center*E-mail Security. Click Read all standard mail in plain text under Read as Plain Text in the right pane. If you use Mozilla Thunderbird, simply click View*Message Body As*Plain Text.
Prevent e-mail-borne malware attacks by reading your Outlook 2007 mail as plain text.
Also, don't click links in e-mail messages, even if you know the person who sent it. Some viruses hijack address books and send messages to every entry, so they appear to be from someone you're acquainted with. Instead, either copy the link and paste it into your browser's address bar, or go to the home page of the site (by removing everything in the URL to the right of the ".com", ".org", or other top-level domain), and then search the site for the page in question. If you're the least bit wary of the link, just let it be, or at least reply to the person beforehand to confirm that the link is valid.
Tomorrow: Centralize your e-mail.
- prev
- 1
- next
