(This Page Was Last Modified Sunday, 01-Jul-2012 21:07:33 MDT.)
Having seen some posts on the various Rootsweb Mailing Lists lately about virus threats, I feel that some users don't really understand all they need to know about computer security problems and how to protect against them.
Therefore, I'm going to give a short tutorial on the subject and hope that the information may keep more of you from becoming infected. There are several things I need to talk about here, so I will just list them in categories. Actual information on Anti-Virus (AV) programs will be last. (I will recommend programs in each of the categories. Keep in mind that I'm only going to talk about the programs I use -- there are others, some not as good, and some as good. I endorse no product; I'm just going to tell you about the ones I use or have used in the past.)
1. FIREWALLS: A firewall is a computer program that blocks objectionable content while shielding the system from hackers, worms, and other threats. A good firewall will prevent individuals, other computers, and servers from entering your system via the Internet; it will also prevent your computer from sending out information to others, from programs or utilities on your computer, such as "Call-Home" programs or other "SpyWare". (More on spyware, and how to find and delete it, below.)
Without a firewall, your system is open to others who can gain access via Internet connections, regardless of the type of connection. Without a good firewall, people can enter your system and steal files, plant trojans or worms, and even corrupt or erase your files. YOU ARE NOT PROTECTED AGAINST UNWANTED ACCESS TO YOUR COMPUTER VIA INTERNET CONNECTIONS BY ANY ANTI-VIRUS (AV) PROGRAM !!!!! You must have a firewall!
If you have a cable connection, you are online 24/7; your computer is directly connected to the Internet at ALL times! Those who use a good firewall can attest to the dozens (sometimes hundreds) of intrusion attempts daily. I didn't count them, but, looking at the log files of ZoneAlarm Pro, the firewall I use, in one 12 hour period, I saw that my system has been queried (attempted entries) several HUNDRED times!!!!! Most were rated "Medium" risks, but there were several dozen rated "High". All were stopped!
If you use DSL or ordinary dialup connections, don't think you aren't at risk, or do not need a firewall. There are hackers out there who have set up automated programs on their servers to roam the Internet looking for open connections. These auto-bots can find your dialup connections in a matter of micro-seconds; and it doesn't take very long for them to do whatever they were programmed to do.
EVERYONE NEEDS A GOOD FIREWALL !!!!!
I use ZoneAlarm Extreme Security. It is rated by many security experts as the best firewall protection you can get. There are other programs that some claim are just as good, and you can find them on the Web by doing a search for "Firewall". The regular ZoneAlarm (ZA) is free. The Pro version is not free, but gives added protection for email, attachments, etc. It's up to you how much protection you want. Either program can be downloaded at: www.zonelabs.com.
2. SPYWARE FINDERS AND REMOVERS: It has been estimated that 75-80% of all home computer users have one or more "SpyWare" programs on their computers. Many users, running spyware finder programs, find literally HUNDREDS of spyware gremlins on their systems. Most of this spyware is not damaging to your SYSTEM, but can be very harmful to YOU by sending personal information to others, such as Social Security Numbers, email addresses, user IDs, usernames, passwords, your Web browsing habits, information on the files and programs you have on your system, etc. If you have spyware on your system, and don't use a firewall, you have no control over what is sent out from your system. Spyware will send out information without you knowing about it. So, the safest way to avoid spyware problems, even if you're using a firewall, is to find the programs that have spyware and eliminate them. To find spyware finders and removers, do a search on the Web for "Spyware Program".
I use several such detection programs, "Ad-Aware Plus", "Spybot Search & Destroy", "MalwareBytes", etc. They do similar things, but you really need as many of them as are available to totally secure your system. Each will catch some spyware the other misses. Between them all, you can remove most of the spyware/malware from your system.
Ad-Aware comes in a free, basic version. The Plus version costs $26.95. Either can be found at: www.lavasoft.de. Just because it's named "Ad-Aware" don't think it finds only Ad programs; it finds ANY spyware on your system.
Spybot Search & Destroy is free. There are no paid-for versions. It can be found at: safer-networking.org. It will also find malware, hijackers, dialers, keyloggers, trojans, etc.
MalwareBytes is not free. It can be downloaded at www.malwarebytes.com.
3. AD & COOKIE BLOCKING PROGRAMS: There are dozens and dozens of these programs available. To find them all do a Web search for "Ad Blocker" or "Cookie Blocker". MS Internet Explorer and other web browsers have their own internal ad and cookie blockers, but they don't do as complete a job as good stand-alone programs.
I use AdSubtract Pro, which will block all online ads & cookies. It blocks banner ads, Pop-Up and Pop-Under ads, text ads, and multimedia ads. It also silences Web site sounds and other bothersome multimedia animation. You can use "intelligent blocking" to enable InterMute's SmartPOP technology or "aggressive blocking" to prevent any Pop-Ups from appearing. The Pro version costs $29.95. There is a trial version which you can use free for 30 days, but it doesn't have all the blocking abilities that the Pro version has. You can find both versions at: www.intermute.com. (The previous major version of AdSubtract had a free version. It is no longer available at the website, but I'm sure it can be found on the web. Lots of people probably still have the installation files for it sitting on their hard drives. Ask around.)
4. ANTI-VIRUS (AV) PROGRAMS: AV programs are the only programs that give you FULL protection against infections such as viruses, worms, trojans, etc., and block infected email and email attachments. Other security programs such as Firewalls, AdBlockers, and CookieBlockers help, but can't do all that AV programs can do. There are some things you must know about AV programs that are essential if you really want protection against viruses, worms, trojans, etc.
First, you must have an AV program installed;
The program itself must be kept updated with the latest engines;
It must be kept updated with the latest Virus Definition files;
It should be configured to automatically check every email and file you download;
It need NOT be configured to automatically check every file the computer uses, since that eats up computer resources and really slows down the system; but, if you don't let it do this automatically, you MUST run scans on your system regularly, whether automated or manual;
It need NOT be configured to automatically scan your system at selected intervals; but, you MUST run manual scans at regular intervals, preferably 2 or 3 times a week;
Even if you have your AV program configured to check all incoming email and file downloads, you STILL need to run scans on your system regularly; infections DO slip through; further, you might download a virus/worm/trojan that was just released, and one for which the AV programers haven't released updated virus definition files; running regular scans ensures that your AV program will catch any infections that were missed.
Even if you have an AV program installed, if you omit b) or c) above, you might as well use chicken bones and garlic or voodoo to ward off infections of your computer system. Most all good AV programs allow automatic updating. I suggest you USE automatic updating, especially now that these new infections are sometimes coming out almost daily, and some times more than one a day. And, even if using automatic updating, you should manually check a couple of times a day. Finally, on this subject, if you don't let the AV program automatically scan at selected intervals, you MUST run manual scans.
I use AVG Pro as my AV program. I had it set to automatically update every day at noon. A while back, from 1:30 AM one day, until 12:00 Noon the following day, AVG released 5 virus updates !!!!! Only two of the updates were downloaded and installed automatically, since I had AVG set for auto-update only once a day. The other three were acquired by my manual checking. I have since added five more daily automatic checks throughout each 24 hour period!
Folks, there is a reason the AV companies release virus definition updates so often! New viruses/worms/trojans, or new variants of them, are being released almost every day, and sometimes every few hours!!!!! I would suggest you configure your AV program to check for updates every 4 hours. I hope it doesn't get so bad that we have to check every hour, or every half-hour.
There is a free AVG program and an AVG Pro that costs $33.30. Both can be found at: www.grisoft.com.
5. CHECKING THE SECURITY OF YOUR SYSTEM: In addition to all the above, there is one more thing you can do to check the security of your system. Steve Gibson, of Gibson Research Corporation (GRC), has a website where you can check your system security. And, it's FREE. Go to: www.grc.com/default.html to read about the latest vulnerabilities of computer systems and to download some small (free) utilities to check your system.
But, while you're at Steve's website, be sure to run the online tests he has available. At the main page, scroll down and click on "Shields Up", then follow the directions. At each page be sure to continue to the bottom and read all Steve has to say. There are some valuable tips there.
First click on "File Sharing"; many (most?) of you will find that your system is NOT protected; Steve's "file-sharing" test attempts to contact the Hidden Internet Server within your PC. It is likely that no one has told you that your own personal computer may now be functioning as an Internet Server with neither your knowledge nor your permission. And that it may be serving up all or many of your personal files for reading, writing, modification, and even deletion by anyone, anywhere, on the Internet! If you fail this test, Steve will recommend actions you can take to fix this security problem.
Next, click on "Common Ports". This Internet Common Ports Probe attempts to establish standard TCP Internet connections with a collection of standard, well-known, and often vulnerable or troublesome Internet ports on your computer. Since this is being done from the GRC server, successful connections demonstrate which of your ports are "open", or visible, and soliciting connections from passing Internet port scanners. If your system is properly protected, the probe should find NO ports vulnerable to Internet hackers or scanners.
Next, click on "All Service Ports". This probe does the same thing as b) above, but checks an additional 1056 ports. It should find NO vulnerable ports.
Next, click on "Messenger Spam". This will test whether your system is protected from unsolicited messages when you are using Microsoft Messenger. You have to have Messenger running when you do this test. If you are NOT protected, you will see the unsolicited messages pop up on your screen.
Next, click "Browser Headers". Read all the instructions and then run the test.
There are a number of free utilities you can download from the GRC site and run to finish checking out your system's security:
- "UnPlug n' Pray"
- "Shoot The Messenger"
"ID Serve" (great for finding out the numerical value of a web server, e.g., www.rootsweb.ancestry.com = 18.104.22.168.)
- "Wizmo" (lots of little free gadgets)
- "Leak Test" (Personal firewall leakage tester.)
- "XPdite" (Crucial Windows XP Vulnerability Fixer.)
- "SocketLock" (Disable WinXP and 2000 raw sockets.)
- "SocketToMe" (Check your Windows OS for raw sockets.)
"FIX-CIH Virus Recovery" (Total recovery from CIH virus damage. Every April, the CIH virus resurfaces and wipes out thousands of hard disk drives by deliberately zeroing their partition, boot, and FAT tables. The first time this happened Steve wrote this complete post-CIH hard drive recovery utility.)
"NoShare" (Quick and simple NetBIOS disabler. When the ShieldsUP! system was first created, Steve had not discovered how to safely "rebind" network transports as a means for closing the NetBIOS TCP/IP vulnerabilities. So he wrote the LetShare & NoShare utilities to do this quickly and easily (although in a non-standard fashion). Today, the manual rebinding described on the ShieldsUP! pages is the preferred method. LetShare & NoShare still work and can be useful for allowing quick NetBIOS on/off testing.
"Trouble In Paradise (TIP)" (Check Iomega drive operation.)
I hope all this information will help you keep your Windows system secure. If you have any questions, you may email me at email@example.com.
Anyone may copy and post this tutorial on any Mailing List or Message Board, provided due credit is given. If you wish to make a link on your website to this page, please do so; just don't copy this page and place it on your own website, even if you give credit.
(Copyright © 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 George W. DURMAN.)