Langa Letter: 5 Essential Steps To PC Security

As the new year begins, <B>Fred Langa</B> says keep these items in mind to help prevent data theft, identity theft, and private information falling into the wrong hands. These steps will give you 365 days of safe computing.

By Fred Langa,  InformationWeek
Jan. 15, 2006
URL:
http://www.informationweek.com/story/showArticle.jhtml?articleID=177100010

You see it in the news again and again: Identity theft, corporate data stolen, private information falling into the wrong hands...

But these kinds of problems are almost all preventable. With the five simple steps outlined here, you can make just about any PC -- in the corporate world or at home -- secure from online attacks and data theft. Some of these steps may seem familiar; and that's a good thing if they do, because it means you're up to speed on the essentials. But even experts sometimes miss a step, so having a checklist or guide like this can be handy.

Plus, we've assembled dozens of live links for you, giving you nearly instant access to the many tools and informational resources we discuss.

Let's get started!

Close The Holes
All software -- bar none -- contains bugs, errors, omissions, and security holes. No brand or vendor or source is immune. Therefore, obtaining and applying security patches as they become available must be a top priority in keeping your PC safe and secure. Most vendors offer automated or semi-automated tools to help stay current. The most obvious and popular are Microsoft's
WindowsUpdate and Office Update. Most vendor Web sites also offer index pages or catalogs of all to-date updates, letting you zero in on any you may have missed previously. For example, Microsoft's "Security Updates" meta page is here. Whatever software you use, start the year off right by ensuring you're 100% up to date with all essential patches, updates, and bug fixes.

Block Intruders
Just about everyone now realizes the necessity of some kind of firewall to block malicious attacks or connections from external sources. And just about everyone has access to at least a basic desktop firewall, such as the simple one built into XP. (More info: See
this or this.)

But there's still confusion and misinformation about the necessity of a desktop firewall if a given PC is already protected by a hardware firewall or the actions of a router, NAT, or similar devices. While those separate devices are excellent against external intrusion, most are all but useless against "phone home" exploits and similar "attack from within" used by some malicious software ("malware"): These malicious outbound connections appear to originate inside a given PC, and so are automatically allowed by most external defenses.

In sharp contrast, the better desktop firewalls block or flag all outbound connections at first activation, letting you prevent "phone home" and similar covert outbound connections before they start. So: Use a desktop firewall, even if your PC is also protected by a separate external firewall.

You can see which firewalls are rated most highly by your fellow users in "Readers Rate Desktop Firewalls". And there's lots more information available in "How Much Protection Is Enough?" ; "Norton Antivirus And The Single-Layer Defense Fallacy"; and "Four Myths of Online Security."

Stop Infections
While "closing the holes" and "blocking intruders" will go a long way to securing a PC, there still are several vectors by which hostile software can make it into your PC; especially through infection from trusted sources, such as from co-workers' PCs or other PCs on your LAN. For this reasons, and as part of good basic digital hygiene, every PC needs effective, current antivirus protection.

There are many options, but my current top pick is NOD32; a relatively lightweight (non-resource-hogging) utility with an innovative way of securing E-mail without the clumsiness of proxy-based approaches; and with outstanding heuristics that make the tool unusually resistant even to new and as-yet unidentified viral threats.

There are also many free antivirus tools and services available; so there's really no reason for any PC to run unprotected. Prevent Subversion
Even the best antivirus tools can't protect against all the many classes and types of malware that can take over your PC or compromise your data security. But there are many additional tools -- free or low-cost -- that can tie up the remaining loose ends and close off all the most common remaining trouble spots.

Tools like Microsoft's free (and excellent) Antispyware and Javacool's SpywareBlaster can either prevent spyware and other malware from being installed on your PC in the first place; or can help find and eliminate it after the fact.

Tools like StartUpMonitor or WinPatrol can help monitor and prevent attempts by malware to insert itself into your PC's startup sequence.

And tools like Spybot S&D and Ad-Aware can provide focused searches for many kinds of malware.

Some of these tools can even perform multiple functions, combining several kinds of protection into a single tool, and giving you overlapping levels of protection, helping to ensure that anything that might slip by one tool can be caught by another.

Lock It Down
At the simplest level, a good password can help prevent access to your system login or to Administrator-level functions. Or, more securely, you can also encrypt and password-protect your files, folders, or even entire drives on your PC, making them all but immune to snoops and data thieves.

The information in "How To Build Better Passwords", plus the many password-related discussions here can help ensure that your passwords are as hard-to-crack as they need to be. "Easy Encryption" will help you find and choose the best encryption tools for your needs. And Microsoft's "Test the strength of your passwords" tool offers a simple way to check your password-generation techniques.

Relatedly, a new, free tool from Microsoft will help you build password-protected limited-access accounts so others may use your PC without undue risk to the privacy or security of your own (or Admin-level) files and privileges. Full information, and the free download, is available here.

With good passwords to limit access to your PC, its accounts, and to your important files and folders, you can achieve the final measure of security, making your system and the information it contains virtually immune to the normal forms of attack.

But Don't Trust: Test
Once your PC is set up with a solid array of protections, take the time to ensure that everything's working as it should. For example, you can test your firewall's ability to prevent common "phone home" attacks with the free
"Leaktest". Other free tools also are useful at identifying, testing, and closing some other common attack vectors.

BroadbandReport's fast, free Port Scan tools can help exercise your online defenses in a controlled way, probing for weaknesses.

And there are many, many other testing sites available, too. You'll find quite a list in "The Best PC Help, Reference, And Test Sites". That article is now a few years old, but most of the information and links are still fine. A somewhat newer newsletter item, "How Do You Know If Protections Are Really Working?" also covers the same subject area. Beyond The Tools
Equipping your PC with known-good, known-working defenses is the necessary first step to getting secure and staying that way, but how you use your PC also matters.

For example, articles such as "Secure Your PC Online" and "A Complete PC Maintenance Checklist" will help you keep things running the way they should.

Many other sites can assist with specific concerns or problems. For example, the Federal Trade Commission has a Web site that offers information for victims (or potential victims) of identity theft; and for businesses which experience (or which may potentially experience) a data breach. Public institutions also offer similar resources, such as the Credit and Identity Protection Resources site from the University of Texas. A Google search will turn up myriad other sites in any specific areas of concern.

It will be a surprise to many, but Microsoft has assembled perhaps the most extensive free, online library of security articles and how-tos, including:

The Microsoft security meta-site offers easy access to all the above, and to related pages.

Combined, the five major tools listed earlier with the operational techniques described in pages like those above will make you about as safe and secure online as you can possibly be. No matter what the new year brings, you -- and your data -- will be secure!