This guide is intended to give you a basic overview of what you need to keep yourself from getting hacked or infected while online. We’re going to take everything from the beginning basics, down to the more advanced topics, in easy fully explained steps. Our goal is to show you what you need to be safe, but also to help you understand each aspect of the process and technologies we will be looking at. The end result if you follow our advice will be a computer that never needs to worry about viruses or hackers.
The first step to securing your environment is to take a look at what you have, your computer environment, network equipment, etc. For our purposes, we are going to assume you are running a PC with a windows operating system of some sort, and have high speed internet rather than a dial up modem.
In the simplest high speed connections, you have a DSL or Cable modem sitting somewhere in your house, with a network cable running from that modem to your computer.
Your Internet Service Provider (or ISP) issues an IP address to your modem. This address is kind of like a house address, or a phone number. Anyone who knows or can guess that number can contact you, and you provide that number to others when you contact them.
The advantage to this connection over previous dial up types is the instant, always on internet. The primary disadvantage however, is that it is also an always on, instantly available pipeline directly from the internet to your computer. A nefarious individual with the right knowledge can, depending on several other factors, theoretically hijack your computer. If you think of it in terms of your home, the internet is the street, your cable modem is your driveway and the path to your house, and your computer is the interior of your house. What we need is a sturdy and secure door between the inside of your house and the outside world that we control.
Your passwords: Passwords are important. They are just like the keys to your house, or your car. You want to pick something that would not be easy for someone else to guess, and you never, ever want to share your password with anyone.
You will want to have several passwords. Even better, a different password for every site, but that gets difficult to remember, and then people start writing things down and that’s even worse because someone could find that list and then they don’t even have to guess. What works for me is several passwords. I keep a few really complex ones for things like game accounts and financial information, and a couple less secure ones for things I access frequently but would not impact me in the least if they were ever hacked, such as my junk e-mail account.
The Ideal password would be a random string of letters and numbers and symbols, something like “fkljWjol83^*&%*124” A string like that is difficult to remember, so a good compromise is to try and think of something important to you, that other people would not easily guess. Studies have shown that the following password components are most often used, so ideally you would want to avoid them:
- Mothers maiden name
- Birthdates of yourself or spouses / kids / anniversaries
- Names of pets, kids, spouse
- Character / server / game city / game race etc data
A good potential initial password would be something like the name of your favorite car with some numbers and letters added in, or the city your favorite landmark is in, with the vowels replaced by numbers, etc. You will also want to rotate through passwords every few months.
If you want to check the strength of a particular password you are contemplating using, make a second, similar password (not the actual one you intend to use!!!) and check the strength here: https://www.microsoft.com/security/pc-security/password-checker.aspx?WT.mc_id=Site_Link
Longer passwords are almost always better, since they take longer for a potential hacker to attack via a brute force “check every possible password” method. A 4 character password for example would take roughly an hour for any computer to crack. A 9 character password on the other hand would likely take several years.
A computer router is your first line of defense against the bad guys. There are many makes and models of routers, with many features, but the simplest types consist of a box with 1 incoming network port and 4 outgoing network ports, that sits between your cable/DSL modem and your computer. Inside this box there is a very simple computer whose sole purpose is to look at incoming and outgoing network traffic, and make sure that the only thing that gets to your computer are things that you invite. This is known as a Hardware Firewall, and it is the single most important piece of computer equipment you own. Many people only get them so they can plug more than one computer into a cable/DSL modem, but you should own one even if you have only a single computer.
For example, most routers assume that any link you click on in a website goes to content that you want to see. You click, and a data signal (or “packet”) is sent out requesting that information be sent from the server to your computer. The router sees the request and sees that the incoming data was provided in response to your request, so it happily allows it through.
But what about the bad guys? Maybe some hacker somewhere decides he wants to check your computer for credit card numbers. He sends a packet demanding access to your computer, but your trusty router sees that you didn’t request that incoming information, so it blocks the request entirely.
Those of course are vastly simplified examples of the functions of your typical router. Routers can also be configured to hide your computer or anything else behind the firewall of your router. Anyone who tries to access your IP address will only see your router. You can also use a router to redirect network traffic to different numerical channels, or “ports”, or block certain types of traffic entirely.
Many routers also include wireless network antennas. These an make it much easier to get internet throughout your house, but can also be a security problem. Always make sure you are using a wireless password with your router. We will cover wireless security and passwords more in depth later in this article though.
Choosing a router:
When choosing a router, you don’t necessarily need one with every bell and whistle under the sun, but you do want to try and get a newer model from a reputable company. I tend to prefer Linksys or Netgear. D-link is also a good choice. I have never personally had good luck with Belkin routers. Belkin makes great cables, but lousy electronics.
You want a newer router because the hardware and firmware are more likely to be up to date. An older WRT54G Linksys wireless router will still work, but some of the oldest lack features that offer additional protection, particularly for wireless connections. If possible, get a router with Gigabit Ethernet ports. It won’t make your internet any faster, but it will likely make transferring files between multiple computers much faster for you, and these days doesn’t cost much more than the standard.
If you want wireless features, ensure you get a router that supports wireless N. A wireless N router will also support wireless B and G for backwards compatibility and is a faster, stronger signal which is less likely to interfere with wireless phones, or to be knocked off the air by a poorly placed microwave oven.
So I have a router, what now:
Routers are great doorways, but the problem with them is they are very simple. There are methods of tricking even very secure routers into passing data. If an attacker knows enough about your computer, he can create a false packet that will look perfectly legitimate to a router, and it will send it on through. Of greater concern though is that a router doesn’t know if the content you requested is legitimate. If you specifically click on a link to a file containing a virus, it will believe you really wanted that file, and send you that file containing a virus. If your computer somehow gets infected with a virus, the router will send any traffic out that the virus requests. Routers are great at doing what they are designed to do, but they are not enough by themselves to keep your computer secure. We need to look at the computer itself.
The operating system:
The first line of defense on the computer side is keeping your computer operating system patched and up to date. If you are running windows XP, this means running Service Pack 3, with all the other patches. Vista is on Service Pack 2 now, and the new Windows 7 has service pack 1.
If you are running XP still, there are several fundamental security issues that XP doesn’t address, and you should really strongly consider upgrading to windows 7. The biggest of these issues is the “browser sandbox” Windows XP was designed to give internet browsers a high degree of connectivity with the computer. Unfortunately, the way this was implemented gave browsers of all types access to the core of the operating system. If something is able to bypass defenses, it can do some real damage to the system. Under windows Vista and Windows 7, browser activity still has the same level of connectivity, but all activity is contained inside a “sandbox” where the browser can play, but not do any real damage to system files. This sandbox is purged every time you close the browser. If something nasty gets through, closing the browser will usually eliminate it. For that reason alone, you should upgrade from XP.
The second you get a new computer, the first thing you do once you have it online should be to go to update.microsoft.com and download all the available critical and security updates for your computer. Security updates won’t block every attack vector, but they make 90% of the ones out there fail to work by themselves. An unpatched computer might as well not even bother with antivirus protection.
You have several choices in internet browser, and there are many different arguments. Many people prefer Firefox due to the security ad ins you can install. Some people prefer Google Chrome. Or Opera, or Safari. Others prefer Internet explorer.
The real truth is that the choice of browser you make doesn’t matter. They all have exploitable security holes, and new holes are discovered as soon as the old ones are patched. This isn’t due to bad coding or design, its just the nature of the software. You have to balance between connectivity and protection, and the Internet browser isn’t really equipped to be the main protection point of your system. So pick one you like and design your protection accordingly. Also remember to remove any toolbars or browser helpers that you aren’t using.
Java, flash and Quicktime:
Most computers on the planet have Java and Adobe Flash installed. Many also have apple Quicktime installed. These three programs are the most likely security hole vectors into your system if they are not patched. To patch adobe flash, go to Adobe.com and run the updater. You will want to grab the latest Adobe Acrobat Reader while you are there. Quicktime can be updated from quicktime.com
Java can be updated from java.com, but be aware that old versions of java software are not removed during the update. You need to remove them manually from the “add remove programs” or “programs and features” section of control panel.
Other programs to keep updated:
There are usually about half a dozen internet connected utilities on a computer. Many of them get installed in pieces with other programs. Keeping them installed can be a nightmare manually. So I recommend using the free Secunia Personal Security Inspector program http://secunia.com/vulnerability_scanning/personal/
It basically is windows update for all of your non-Microsoft software. After your windows patches, this is one of the most critical updates you can do for your computer. You can run it every so often, or leave it running all the time. It doesn’t take very many system resources, especially in this day of 4GB or more of ram being common.
So I have a Router, and my system is patched. Now what?:
The last thing you need to do to protect your computer is to look at virus and spyware protection and prevention. There are a variety of different programs and systems available out there. Some are free, some cost money. Some work best alone on a system, some work best in conjunction with several other utilities. You have to be careful to provide the most protection possible, while at the same time not bogging down your system, or even worse, having two competing antivirus systems that wrestle for dominance on your PC and end up rendering themselves both useless.
With our router we installed earlier, we have a hardware firewall, but that firewall has some limitations. A Software firewall in addition to a hardware firewall can be a potent solution. While the hardware firewall is just concerned with traffic, a software firewall can also detect which specific programs and processes on the computer are allowed to send and receive data. Windows comes with a built in software firewall which works fairly well. There are many others out there. But a firewall program isn’t enough by itself. The built in windows firewall is pretty good, but there are better alternatives out there.
After your router, your antivirus program is the most important piece of security software you own. I find that when it comes to antivirus software, you get what you pay for. There are free antivirus solutions, such as AVG (http://free.avg.com/us-en/homepage) or Microsoft Security Essentials (http://www.microsoft.com/security_essentials/) which are better than no protection, but the ones that consistently perform best and are most reputable are Symantec Antivirus or MacAfee antivirus. Those both require subscriptions, and are only a form of protection for as long as that security subscription is in place. An expired antivirus is worse than no antivirus.
I tend to prefer Symantec. Specifically Norton Internet Security which combines their antivirus, antispyware and firewall all into one package. At $70 a year, some people find the price a bit high.
Some people claim that antivirus software is a waste of system resources. You’ve heard them, “I never go to bad websites so I’ll never get a virus” or “antivirus software eats so much resources it isn’t worth it” etc. These people are idiots, and you should shun them. While 10 years ago both those statements might have been true, nowadays virus programs are more sophisticated than ever and more insidious. You don’t even have to load a browser to get infected anymore. There are literally massive armies of “zombie” computers in the world whose sole purpose of existence is to propagate themselves, and they do so by sending out copies of their infection code to random IP addresses that aren’t protected. Most antivirus software takes up less than 30 MB of ram space while running. That’s 30 MB of the 3,300 MB or more ram space commonly available on most computers.
An active virus on your computer takes up far more than 30 MB worth of ram.
Most antivirus programs classify spyware and adware as a separate type of problem. Macafee has an antispyware module separate from its antivirus module for additional cost. AVG covers some spyware but not all. Norton internet Security has a decent antispyware module, but all of them can do with a bit of help. The following antispyware programs are useful to have
Malwarebytes is a very useful antispyware scanner. It won’t prevent a spyware infection unless you pay for the full version, but the free version is very good at removing existing infections that might slip through.
Spybot Search and destroy:
Spybot is a spyware cleaner, but it also protects against infections. It has several features, such as a registry settings backup, a browser settings change preventer, and blocking rules that prevent several thousand known bad spyware detection files from even entering your system
Spywareblaster doesn’t actually remove any spyware, it simply acts as another firewall level to keep known bad websites and spywares blocked from ever interacting with your PC in the first place. The free version lacks auto update capability.
Hijackthis is a very powerful, and very dangerous program if you don’t know what you are doing with it. Often times people will ask for hijackthis log files to try and detect remnants of a virus or spyware. Don’t use this unless you are fairly computer savvy or are under the guidance of someone who is, as you could theoretically disable important pieces of your system with it, requiring an operating system reload.
If your computer is behaving oddly, but you can’t seem to find any viruses, there is a rare type of malicious program called a “rootkit” that basically exists to give viruses and other malware direct access to the secure root command structure of your computer. Chances are you don’t have a rootkit, but if you seem to have odd computer behaviors and all else fails, that’s a good scan.
There are plenty of others. Those, in conjunction should clean 99% of the malware out there.
You can also manually block ads, spyware, etc with the computers built in hosts file. For instructions, example files, and pre populated “block everything” hosts files, see here: http://www.mvps.org/winhelp2002/hosts.htm
Please note that overloading your hosts file can slow your browser down. If you try a large hosts file and things get too slow, revert back.
Cleaning an infected PC - The advanced class
So, by this point in the document, you have a clean, 100% fully patched system with no outdated software, no security holes, and no potential problems. But what do you do if you are starting from an already infected state? Or your friend / neighbor / cousins PC is infected? How do you deal with that?
The first question you need to ask yourself, is do you have enough computer knowledge to attempt this safely. If there is any doubt, get someone who does to at least walk you through the first couple.
There are several methods to cleaning an infected PC. The easiest, and most destructive is of course format the hard drive, nuke it from orbit, and reload the entire operating system. Chances are, if you have never cleaned a PC before, this is going to be your safest, and quickest option. The problem comes with any files that are already on that pc that are important to the owner. Even then, if there are just a few documents and pictures and whatnot, its still easier to manually clean those individual files and reload the computer. If you have your heart set on cleaning the PC, and not just formatting it though, here’s the quickest way to go.
Kaolian’s 12 step program to clean an infected computer.
1. Have a known good, fully patched fully protected 100% antivirus protected PC with all the antispyware tools listed above already loaded on it. If you do not have a second PC to try this with, do not attempt to clean the infected PC. Its not worth your time.
2. Buy a 4GB+ flash drive and back up any important documents, pictures, audio, movies, etc to that drive. Chances are they are infected, we will clean them later. Copy them, and set this aside with a label warning people that it is infected. Also purchase a decent antivirus program for your infected PC. No you cant just use what is already on there.
3. Remove the primary operating system drive from the infected PC, and install it in the known good computer as a secondary hard drive. Now boot into safe mode (by pressing F8 during startup and selecting “safe mode with networking)
4. Run every scan you have available on the known good computer. Malwarebytes, your antivirus, spybot, etc. Run them all and purge anything infected that they find.
5. Reboot into normal mode, and run all the scans again. If nothing else shows up, shut down that PC and insert the infected drive back into the infected computer. Now run a full system scan on the known good computer just to make sure nothing transferred.
6. Start the infected PC, and download and install the following free antivirus and antimalware software: Malwarebytes anti malware (http://www.malwarebytes.org/ ), Trendmicro hijackthis(http://download.cnet.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html ), microsoft security center (http://www.microsoft.com/security/default.aspx ) , Spybot search and destroy (http://www.safer-networking.org/en/index.html ), and Javacool spyware blaster (http://www.javacoolsoftware.com/spywareblaster.html )
7. Reboot the infected computer computer in safe mode with networking by pressing the “F8” key from startup. Run malwarebytes first to see if it can kill anything. Now, run Hijackthis and keep the log file. We may need it later. In the mean time, run secuity center and spybot, and let them clean anything they find., Next, run javacool spywareblaster, which doesn't really cure any spyware, it just hard blocks known bad sites. After all that, if you can, go to http://housecall.trendmicro.com and run the free online virus scanner. Reboot the computer and load windows normally
8. At this point, load internet explorer, go into tools, options and reset all settings to factory default if it will let you. Then try to go to update.microsoft.com and download any patches available for your operating system.
9. next, go download the free Secunia PSI program (http://secunia.com/vulnerability_scanning/personal/ ) , let it scan, and patch any security vulnerabilities it finds.
10. If the clean procedure to this point was successful, it should be safe to install your new antivirus program. If you are still getting virus indications, you have bigger problems and are going to need a specialist to resolve them, or a reformat. Install antivirus, patch, and let it run a full system scan.
11. If the scans come up clean on the antivirus program, rerun all the programs we installed above (except javacool spyware blaster) and see if they find any profile specific remnants.
12. If after all that it comes up clean, Celebrate! It’s fixed! You’ll also want to take this opportunity to ensure that all the drivers, bios, firmware, etc are updated.
Any questions? Post them here!