AVG Anti-Virus Free 2012 is, the name implies it already, the free basic version of the company’s security software line-up. The other two programs are AVG Anti-Virus 2012 and AVG Internet Security 2012. How do the programs differ from each other?

AVG Anti-Virus Free 2012 comes with anti-virus and anti-spyware components, e-mail protection, a link scanner and identity protection.

Users who need more protection or better support need to look at the other two products which offer that. The Internet Security 2012 version for example comes with a firewall, anti-spam, anti-rootkit an online shield and free technical support.

The AVG Software Installer offers a custom or automatic installation. It is usually better to select the custom install options, as it can be used to disable modules like the LinkScanner that may not be needed by all users.

The installer furthermore tries to make AVG Secure Search the default search provider and to install the AVG Security Toolbar.

The interface looks very streamlined in this updated version of the software. Users find the available modules lined up in the main interface. Next to those are options to scan the system and update the program right from the main screen. The only other prominent link or button in that interface is the My Apps link which apparently links to a list of AVG Apps that are installed on the user’s system.

Additional tools and information are available in the menu at the top.

A click on a module in the main interface opens a new page with settings and information. Here it is possible to make changes to the configuration, for instance by including tracking cookies in the scan, managing exceptions or running a root-kit scan on the system.

The free version of AVG Anti-Virus comes with a PC Analyzer component that scans the PC for Registry errors, junk files, fragmentation or broken shortcuts. It has been a trend in recent years to add system maintenance tools to top of the line products.

One interesting tool that has been added in the new version is a monitoring tool that notifies the user if a web browser is consuming to much memory. It then offers to restart the web browser which often resolves the high memory situation.

Other tools that have seen improvements are AVG’s Linkscanner browser extension which now uses heuristics to react to threats that are not known yet and AVG Accelerator which is a tool to speed up the streaming of files on YouTube and the downloading at Download.com.

Existing AVG users can use the Tools > Update menu to update their version to the latest. Those who do not want to use the internal updater can download the latest version of AVG Anti-Virus Free 2012 from the official AVG website.

Kaspersky removed the virus diligently enough, but it had left her with an annoying and recurring Windows Defender 0X80070006 error code whenever she started her PC.  This code, if you do a quick search on Google is “Application failed to initialise” though it was clear to me straight away what had happened and it’s so common I thought I’d write it up here.

Windows Defender has been a staple component of Windows since the famous XP Service pack 2 that introduced it.  It’s a basic anti malware app that runs automatically in the background on your PC and helps keep it free of nasties.  It’s no substitute for a commercial anti-malware app though, MalwareBytes being my all-time favourite, and as such many third-party anti-virus programs disable it when you install them.  Kaspersky is no exception to this but on this occasion, as also happens so many times, something went wrong and Windows Defender wasn’t disabled, or wasn’t disabled correctly.

This is a simple-enough problem to fix and can be done in just a few simple steps.  I thought I’d talk you through those steps here.

The first thing to do is to open the Servicespanel in Windows.  While Windows Defender is to all intents and purposes a program, it’s not installed as a normal program.  Instead it runs as a Windows service, much in the same way your print spooler or your firewall does.

The best way to find services is just to type the word services into the search box in the Start Menu.  You’ll see in figure 1 that the services panel has an icon that’s a couple of cogs, a large one and a small one (it’s highlighted here).  Click on this option to open the services panel.

Fig 1

When the services panel opens you’ll see a very long list of a great many Windows services as in Figure 2, they’ll by default all be listed in alphabetical order.  Scroll down the list until you find Windows Defender.

Once you have Windows Defender visible in the services panel, right-click on it and select Properties from the context menu that appears.

Fig 2

After you’ve selected the properties for Windows Defender, a small dialog window will appear showing all the options for that service.  You can see this in Figure 3.  In the centre of this window is an option to select the service’s Startup Type.  This is the option you’ll want to change as, most likely, your new anti-virus software has failed to disable Windows Defender and its service is still running.

Just changing this Startup Type behaviour to Disabled and pressing the OK button in the window is enough to fix the problem.  You can now close the services window and restart your PC.  Now you won’t get the error any more as Windows Defender will no longer be running and there won’t be any conflicts between it and your new anti-virus software.

Fig 3

It can be verytempting to look down the list in the Services panel to see what else you may or may not need.  By default Windows 7 is very good at only running services that are actually required.  You may find that the Tablet PC Input Service is running, and if you don’t have a touch-enabled computer you can safely disable this service too.  I would alwaysadvise against shutting down any other services however.  Some are required for Windows to start and operate, and others are required by third-party software (including your anti-virus software).

You should always be extremely careful disabling Windows services unless you know exactly what they are!  Doing so could cause your computer to become unstable or even unable to start.

In the tests performed by AVTest, BitDefender has leapt from ninth place since last year to 1st place in the chart.  Bullguard follows it closely having leapt even further all the way up from 13th place.

The top players from last time are now suddenly all doing very badly.  AVG, the former winner, drops to sixth place, G Data, in second place last time drops to seventh and Panda, which came third last time around now sits in 8th place.  Even those stalwarts of anti-virus Symantec have dropped a place from fourth to fifth.

Perhaps the biggest shockers though come from Microsoft Security Essentials, which has dropped ten places from 11th to 21st and McAffee (which has been experiencing other problems too) which is down even further from 7th place to 18th.

Clearly this demonstrates that the smaller companies have raised their game in the last year, but it could also indicate that the major players have become complacent. Let’s not forget that Microsoft’s scanning engine is the same one used in the award-winning Forefront anti-malware package for Windows Server and corporate systems.

How their product will now be viewed in the home and corporate marketplaces is in doubt, despite the company working very hard to shed the shackles of it’s awful OneCare anti-virus package for home users.  McAfee’s already battered reputation could take another hammering from these results too.

You can find the full results online here where you will be able to see where your own anti-virus package sits in the chart. It should be noted that this is only one test and there are other independent and recognised ranking systems that may rank anti-virus packages differently.

The company stayed deathly silent for eighteen months but have now finally announced that there have been 774,651 activations using the pirated key for their Avast Pro suite.

The key was originally issued to a small business in Arizona but has since been used right around the world including, according to an Avast spokesperson, “on two computers in Vatican City”.

The spokesperson went on to say “There is a paradox in computer users looking for ‘free’ antivirus programs at locations with a known reputation for spreading malware.”

Now the dodgy code is being used in over 200 countries and Avast have issued a pop-up warning on the relevant computers informing the user, who may be completely unsuspecting, of the situation and offering them the option to switch to a legitimate copy of either their free or paid-for anti-virus suites.

There’s no data yet on how many pirates have decided to go legit, but according to Avast “it’s going according to plan”.

Intel says it will utilise McAfee to help it build security features into it’s processors, which currently power the majority of all PCs and Apple Macs around the world.

Both companies have already been working together for the last 18 months and both parties hope that regulatory approval for the buy-out will be granted after both boards for directors agreed the deal unanimously.

News of the surprise move for Intel sent McAfee’s shares soaring y 58% for $47.17 while Intel’s shares fell slightly by 3.2%, though probably not on the basis of this news.

Tim Danton, editor of PC Pro magazine, said the announcement came out of the blue.

“Intel does buy a lot of companies and it does have a lot of more cash than anyone else out there. So it making a big acquisition isn’t a surprise, but you may have thought it more likely to buy another hardware firm,” he told the BBC.

“No doubt Intel is looking ahead and seeing that the laptop and desktop market are probably past their heyday and the big growth area is mobile.

“For a company like Intel, it’s nowhere near as strong in the mobile area as it is in the laptop and desktop areas, so it’s probably looking for new ways to get streams and revenues in the future.”

But he added: “Perhaps that is Intel’s point of view but not everybody else’s. The reaction from investors has been quite negative.”

McAffe was founded in 1987 and has revenues of $2bn a year.  Intel, founded in 1968 has annual revenues of $35bn.

The malware takes the form of a game that spies on the smartphone’s owner and was built using the standard software toolkits that are available  to everyone.  In a report on the experiment today, Experts says that this makes the malware much harder to spot.

There is evidence that criminals are now beginning to target smartphones with their complete lack of virus protection, in order to gain personal details that can be used for identity theft and other crimes.

Chris Wysopal, the co-founder and head of technology at security firm Veracode, who helped the BBC develop its malware, said that smartphones are not at the point PCs were at in 1999, at the birth of the popular internet.

“At that time malicious programs were a nuisance. A decade on and they are big business, he said, with gangs of criminals churning out malware that tries to steal saleable information.”  He said.  “Mobiles offered a potentially more tempting target to those criminals.”

Simeon Coney, of mobile security form Adaptive mobile said…

“In a mobile network the device is intrinsically linked to a payment plan, to a user’s credit,” he said. Nothing happens on a mobile network, no call is made or text is sent, without money changing hands.  Criminals have tapped into that revenue stream by getting phone owners to dial or contact premium rate numbers. Now they are turning their attention to applications and the lucrative information they scoop up.”

The Java application from the BBC was put together in only a few weeks and  gathered contacts, text messages and also gathered the phones’ location.  IT then sent this information to a specially set-up email address.

The malware was only 250 lines of code, with the entire program only 1500 lines of code.  The BBC say in their report that there can be benefits to the way some phone OS manufacturers vet programs.  Apple vets every program for the iPhone and iPad and Blackberry maker RIM and Google can easily switch off malicious applications through use of a code-signing system.  Microsoft’s Windows Phone 7 operating system will also see all programs vetted.

The last time the BBC conducted an experiment like this they took control of a botnet, but when the experiment was over left a message on the screens of the infected PCs worldwide and instructed the botnet to self-destruct.

For Linux, ClamAV is one of the best virus scanners. And not only is ClamAV one of the best, it also has a great front-end for users who prefer to not have to deal with command line tools. That front-end? ClamTk. In this article you will learn how to install and use ClamTk to keep your Linux box virus free. Your friends and co-workers might thank you in the end.

Installation

First and foremost, ClamAV is required (You can read more about ClamAV in my article “Add antivirus to Postfix with ClamAV“) so you will need to have that installed and updated (might even be wise to make sure ClamAV is the latest version and run the freshclam command to update your virus signatures before you begin the installation of ClamTk).

If you’re unsure how to update ClamAV you can do so fairly easily. Let me show you how to update ClamAV in Debian. Follow these steps:

1. Open up a terminal window.
2. Gain super-user access (either with the su command or using sudo – depending upon how you use/administer your system).
3. Open up the /etc/apt/sources.list file in your favorite editor.
4. Add the line deb http://volatile.debian.org/debian-volatile etch/volatile main contrib non-free to the bottom of the file.
5. Save and close the sources.list file.
6. Issue the command apt-get update.
7. Issue the command apt-get install clamav clamav-base clam-freshclam.

Your ClamAV should be up to date. Now let’s install ClamTk.

From the same terminal window, issue the command apt-get install clamtk which will install the latest version of ClamTk. You are ready to scan.

Using ClamTk

Figure 1

To open the ClamTk window (see Figure 1) you can either click Applications > System Tools > Virus Scanner or from either the run dialog (<Alt>F2) or a terminal window issue the command clamtk. One of the first things you should do is click Help > Update Signatures which effectively runs the freshclam command.

You can take care of scanning a few different ways:

• Click Home button (the Home icon) to do a quick scan of your ~/ directory.
• Click the Binoculars icon to scan a single file.
• Click the magnifying glass to scan a directory.
• Click Scan > Recursive Scan to scan a parent directory and it’s children.
• Click Scan > Home (thorough) to do a more thorough scan of your home directory.

Since I use Claws Mail, I would want to do a recursive scan on the ~/Mail directory. I will warn you, a thorough, recursive scan can be somewhat resource intensive. So if you need to do this type of scan, you might want to do it when you’re not busy, otherwise your machine might become a bit less responsive.

Final thoughts

I am happy to say that I have yet to come across an infected file on any of my Linux machines. Does that mean I will stop scanning? No. I get a ton of email, and I prefer to do my part to ensure that no email that might leave my inbox (especially forwards) contains a virus. You should do this as well, even when Linux is your main operating system.

One of the best anti-virus systems for a Postfix server is ClamAV. This anti-virus tool kit is open sourced and can be used on all UNIX-like operating systems. It’s easy to install and effective. In this article we will be following our series started way back in the Installing Ubuntu Server 9.04 article. Of course we will be installing ClamAV on a Ubuntu server running LAMP and Postfix. With that in mind, let’s get busy!

Installation

The first thing to take care of is the installation of ClamAV. There are a number of tools you will need to install. Open up a terminal window and issue the command:

sudo apt-get install clamav clamav-freshclam clamsmtp

The above command should also pick up all of the necessary dependencies. The installation will also start the clamav daemon. You will restart that momentarily

Configuration

Once installed you have some configurations to take care of. There are three files you are going to have to edit:

• /etc/clamsmtpd.conf
• /etc/postfix/main.cf
• /etc/postfix/master.cf

The first file to configure is the clamsmtpd.conf file. The configuration in this file is simple. Look for the lines:

OutAddress: 10025

127.0.0.1:10026

Change them to:

OutAddress: 10026

127.0.0.1:10025

That’s it for the clamsmtpd.conf file. Now let’s move on to the heavier configurations.

Open up the /etc/postfix/main.cf file. Scroll down to the bottom of this file and add the following:

content_filter = scan:127.0.0.1:10025

receive_override_options = no_address_mappings

Save that file and now move on over to the /etc/postfix/master.cf file. Again, scroll down to the bottom of this file and add the following:

# AV scan filter (used by content_filter)
scan unix - - n - 16 smtp
-o smtp_send_xforward_command=yes
# For injecting mail back into postfix from the filter
127.0.0.1:10026 inet n - n - 16 smtpd
-o content_filter=
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks_style=host
-o smtpd_authorized_xforward_hosts=127.0.0.0/8

Save that file.

Restarting

The first thing you need to do is restart Postfix with the command:

sudo /etc/init.d/postfix restart

Once that has restarted you need to restart clamsmtpd with the command:

sudo /etc/init.d/clamsmtpd restart

Now, if nothing has gone horribly wrong, you should have a virus protected Postfix mail server.

Updating signatures

You should never go without updating your virus signatures. This is critical for keeping your mail server virus-free as new viruses are created or old viruses mutate. Fortunately ClamAV has its own tool for this. You will need to go back to that terminal window and issue the command:

sudo freshclam

Which will update the signatures.

You might even add the freshclam command into the root users crontab for regular signature updates.

Final thoughts

Your Postfix mail server is getting better and stronger each day. Adding anti-virus is a critical step in the grand scheme of Postfix things. In our next addition to the Postfix series, we will add Spamassassin for anti-spam measures.

Unlike ClamAV, KlamAV is a GUI tool. So there’s no need for opening up a terminal window and learning commands in order to scan either KMail or Evolution for viruses. And KlamAV is full of user-friendly features. Let’s take a look at how this gui tool can give you and your users even more of a security edge than they already have thanks to the Linux operating system.

Getting and installing

More than likely KlamAV and its requisite ClamAV are in your distributions repositories. So if you open up your Add/Remove Applications tool you can install KlamAV using the following steps:

1. Do a search for “klamav” (no quotes).
2. Select the resulting KlamAV listing.
3. Click Apply.
4. OK the dependencies.
5. Sit back and watch the installation happen.

When the install completes, you are ready for your first KlamAV run.

First run

When you run KlamAV for the first time you have to walk through an easy-to-use setup wizard. This wizard will have you locate your signature database and quarantine locations (the defaults will work) and that’s it. When the wizard completes you will more than likely be told your installation (or signatures) is out of date.

Figure 1

As soon as KlamAV is running for the first time you will see the Update tab of the KlamAV window (see Figure 1). Automatically a new virus definition will begin downloading. Once that is finished you are ready to start scanning.

The first thing you want to do is go to the Email Protection tab and select your email client. As stated earlier, KlamAV can protect both Kmail and Evolution. If you use Kmail KlamAV can set it up automatically. If you use Evolution you have to set up a filter in Evolution to pipe incoming and outgoing mail through klammail. Once that filter is set up you have to create a second filter to send any email with “virus-found” in the header to a quarantine folder.

If you click on the Scan tab you will notice a directory tree. From here you can scan files with the help of the kernel module Dazuko. So you can manually scan your directories for viruses.

Auto update

You can also set KlamAV to automatically update your virus database (definitions).  To do this go to the Update tab and then click on the “Update Virus Database Automatically” and then select how often you want it to be automatically updated. You can also manually update the database by clicking the Update Now button.

But why?

You may be asking yourself “why employ a virus scanner on Linux when the vast majority of viruses can’t harm my machine?” That is true, but those viruses can harm all of those people you might forward an email to who use Windows. To protect them why not scan all of your outgoing email. Better safe than sorry in that regard.

Final thoughts

Even if you are running the Linux operating system, you would do well to employ some form of anti-virus, even if only to protect users you forward email to. And if you do look for a Linux anti-virus, KlamAV is one of the best.

So called anti virus removal tools have been created to effectively remove traces of anti virus software from the computer system. They usually run a series of processes that delete files, Registry settings and other parameters or options that have been installed by the antivirus software during installation.

Below is a collection of anti virus software removal tools that have been created by the developers of the programs to aid their users if they encounter difficulties uninstalling it.

• AntiVir Registry Cleaner
• Avast Removal Tool
• AVG Remover
• Bitdefender Uninstallation Tool
• F-Secure Uninstallation Tool
• Kaspersky Removal Tool
• McAfee Consumer Products Removal
• Microsoft One Care Uninstall Cleanup Tool
• Norton Removal Tool
• Panda Anti Virus 2008 Uninstaller
• Symantec Corporate Products Clean Up Tool

Did we miss antivirus software uninstallation tools in the list? Let us know in the comments.

The removal tool is compatible with Kaspersky Anti-Virus 6.0\7.0\2009, Kaspersky Internet Security 6.0\7.0\2009, Kaspersky Anti-Virus 6.0 for Windows Workstations and Kaspersky Anti-Virus 6.0 for Windows Servers. If the removal tool is run on a 64-bit operating system it can only remove Kaspersky Anti-Virus 2009 and Kaspersky Internet Security 2009.

KAVRemover can be executed right after the download has finished. It opens up a captcha that has to be identified correctly before the removal starts. A reboot of the computer is required after the removal process has ended.

The product check can be skipped at the command line in case there are traces left on the system of a Kaspersky product that the check did not discover automatically.

The syntax would be to run kavremover9.exe and add the product that should be removed as a parameter. Here is the parameter list:

• kav6
• kav7
• kav2009
• kav2009x64
• kis6
• kis7
• kis2009
• kis2009x64
• kav6fs
• kav6wks

The command kavremover9.exe kis2009 would remove all traces of Kaspersky Internet Security 2009 from the system.

The approach has a few advantages but also a disadvantage. The advantage is obviously that you can use it to remove known viruses, trojans, worms and other malicious software even if the computer cannot be booted into the operating system anymore. And since it is a standalone client it is not dependent on an installed anti-virus client but can be used on any computer that can be booted from CD. This also means that the program is independent from the installed operating system.

The disadvantage of the approach is that the virus definitions cannot be updated that easily and that it normally means that the full boot disk would have to be downloaded and burned to CD again meaning that this would have to be done regularly to stay up to date.

The good news is that you can download the Kaspersky Rescue Disk freely from an Kaspersky FTP and burn it to CD or DVD using a CD burning software like Nero.

The computer has to boot from the media and the boot sequence can be set in the computer BIOS. Make sure that the computer checks the DVD drive for a bootable device before it pulls the data from the hard drives.

The interface of the Rescue Disk is straightforward. It basically allows you to scan the computer for malicious software and offers ways to remove any that are found. This does not give a guarantee that the computer can be booted again after the cleanup though. A damaged file normally does not get repaired by anti-virus software.

The personal free edition of AntiVir 8 has two new features or improvements listed on that page. The first is a raised scan speed which is always nice obviously and the second a redesigned visual appearance. The other versions of AntiVir contain a new system to create Rescue-CDs and the Security Suite a new option to backup data.

Windows Vista Service Pack 1 is supported now as well and there is an option to choose between software updates and updates of the virus definition lists. The size of the download is roughly 22 Megabytes and it is still possible to perform a software update right after installation which I would recommend.

Kaspersky Anti-Virus sells for $39.95 regularly and is considered by many magazines to be one of the best antivirus solutions available. The key works with the English version of Kaspersky as well so don’t worry about that. The key will be send to your inbox after finishing the registration at the Chinese forum.

Raymond posted a nice registration walkthrough and I recommend that you check out his website and use it as a guide to make your way through the registration process. Once you got the serial number you can download Kaspersky Antivirus 7.0 and use the serial number that was send to you to activate the software.

The offers is only valid for non-commercial use and good for one PC at a time. I guess there is nothing wrong in downloading AVG 7.5 Pro for your computer and that of another user.

The download link is slow. I had a hard time downloading the file and the website seems to be going down / become unresponsive frequently and I strongly suggest that you use a Download Manager to download the file. Some mirrors have been posted at Cybernet news which is a respected site. The links point to Rapidshare and Megaupload however and I would not use them.

The size of the download is 37 Megabytes and I’m currently downloading it with a speed of 20 K in Orbit Downloader. I will install AVG 7.5 Pro after the download finishes and update this article if any more information come up.

I was not able to find a engine that I knew of that was not listed, all the major players like Symantec, AVG, Kapersky and Avira are listed which means that the file will get a very special treatment. Even though the file gets scanned by those 32 engines it is no guarantee that it does not contain a virus. No script or software can give you that guarantee but this looks like the best way to scan a file for malicious code and the possibility of success is greater with it.

There does not seem to be a file size limit, at least nothing is mentioned on their pages regarding a file size limit. I suspect that big files will result in an error message after a certain time.

Files can be uploaded using SSL for increased security and it can be checked that the file will not be distributed to the antivirus companies if a virus is found. This is an important option that should be checked most of the time because of privacy issues.

Virus Total offers another way to check files for malicious code. You can send them an email to scan@virustotal.com with SCAN (or SCAN- if you do not want to distribute the sample) and no body text. Attach the file to the email and make sure that it does not exceed 10 Megabytes.

A report will be send after the scan to the email that send the file. Users can also download a shell extension to send files directly from the context menu to Virus Total. Found the link at Make Use Of.

Let me explain my security concept and ask some questions about yours afterwards. The most important part in my security concept is my knowledge. I know what I should do and what I should not do on the Internet. I know how phishing emails look like, I know when I should be doubtful of files that I want to execute and I do know how to select passwords that can not be bruteforced in a short period of time.

Firewall:

I do rely on a hardware firewall that is properly configured keeping many attacks away from my computer. I do however run no software firewall because I think this is a) not necessary because of the hardware firewall and b) could lead to attacks that are not there without it. Every piece of software installed on my system is a potential way to hack my system.

Anti virus:

I use the free AntiVir as a virus scanner. This is probably not the best choice in the world but good free scanners are rare. I keep it running all the time with automatic updates. Nothing compared to commercial products that update once every 30 minutes but good enough to react on all threats that make it on my system. My Knowledge prevents most possible ways of attacking my system with viruses and trojans anyway.

Encryption:

I have two hard drives with more than 500 gigabytes of encrypted data using the excellent Open Source software True Crypt. This is important to prevent local access to my files as long as the hard drives have not been mounted.

Spyware:

Something that I feel is overrated. I tend to run Ad-Aware and Spybot every other week to scan my system but I normally find some tracking cookies, that is all.

Rootkits:

The same can be said for Rootkits. I tend to use Rootkit Revealer or other products to check my system for rootkits but only occasionally. I would never put a Sony CD into my Computer anway ;)

Browsing, Email:

No Microsoft products if possible. I do use Opera and Firefox for web surfing and Thunderbird as my main email client. Both browsers are more secure than Microsofts Internet Explorer and Outlook. Maybe because they are better products, maybe because hackers like to concentrate on Microsoft products because more users are using them.

Did I leave something out ? What is your security concept ? Let me know, I like to read about software or tips that I never thought about in first place.

The guide is written for the inexperienced user mainly and consists of several parts. The first, called”The Basics: Spotting and Eliminating Threats” suggests to install a firewall, anti-virus software, anti-spyware software and other software like software that detects rootkits. They always recommend some programs that can be downloaded by following the links.

Now that they have covered the basics they tell you to update your operating system and software that is installed on your system. They suggest to use either Opera or Firefox instead of the Internet Explorer, want you to disable file sharing and be cautious when downloading.

As I said all those tips are good for beginners but geeks like we are should have implemented most of their suggestions already.

Next comes safe emailing with suggestions on good e-mail clients, again don’t use Outlook but tools like Thunderbird or Gmail instead. They also tell you to be wary of extensions and be cautious when clicking on links in emails to avoid malicious websites. (phishing). Last but not least you should setup email filters.

The next part deals with protecting your passwords which can be summed up by choosing different passwords that can’t be found using dictionary attacks. They also suggest to password protect the computer which I think is completely useless.

After that they make two suggestions to protect the wireless network which are really basic suggestions, they also suggest not to use the wireless connection of your neighbours because it could be setup for this case. (scanning the data like passwords that are send over the connection)

The last part deals with physical protection: Disguise your laptop and use anti-theft solutions should not bother most users but could be useful for business clients.

As you can see those are basic advices that could help inexperienced users. They miss to cover some topics that could really increase security but require knowledge of the subject. They fail to address the possibility to create a user account in Windows and use this one instead of the admin account. They also miss to mention that not needed services should be turned off, which user needs telnet or remote access anyways ?

I’m also not very fond of software firewalls and would suggest to use a hardware firewall instead. Software firewalls give a false sense of security especially if you are inexperienced.

The first and one of the most important steps would be to download and install the latest security fixes and services packs. I sometimes have to talk to users in my job (which is somewhat security related as well) and discover that they run Windows XP with the same settings that the pc was shipped with. No updates, outdated anti-virus definitions and the like. You do get the latest patches and fixes for your operating system at windowsupdates.

Make sure you have a valid license otherwise you will not be able to download the updates. A different way would be to use autopatcher which can be downloaded in a version that includes all the updates and fixes already.

The next step would be to turn off unnecessary services and programs that you won’t use. Why should the remote service be active if you never use it ? This reduces the chance of an attacker to get into the system. There are currently 19 services running on my system, if you never tinkered with them before you have probably double that size or even more.

Read the article about turning unnecessary services off, it explains the basics. It is a good idea to turn of the following services if you do not need them

• Telnet
• Universal Plug and Play Device Host
• IIS (not installed by default)
• Netmeeting Remote Desktop Sharing
• Remote Desktop Help Session Manager
• Remote Registry
• Routing & Remote Access
• SSDP Discovery Service

Talking about software. It is wise to not use the default Microsoft products like Outlook Express or Internet Explorer. Those are attacked the most because most of the users use them. (besides offering great ways of attacking them) Alternatives would be Firefox or Opera for Internet Explorer and Thunderbird for Outlook Express.

You should install a anti-virus solution. I do use Antivir but others should be fine as well. The most important aspect is that you keep the definition files up to date. If the software offers automatic updates I suggest you make it update the files once a day.

Firewalls. I do not use them. Well, not a software based firewall that is. I do have a hardware firewall which is all I need. I think that firewalls give the user a false sense of security. They are highly complex and require lots of attention to secure the system. It is not enough to simply install one and click on accept / deny every time a program wants to connect to the internet.

To secure the system you have to add all the tools that should have internet access to the firewall rules with exactly the ports they need. You should close every other port that is not needed by those applications. A good freeware that displays the list of currently open ports is currports.

I think those are the most important steps. If you have more let me know them.

Creating the file is pretty simple. Just create a new text file and paste the following line of code into it: X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

Save the file and rename it to test.com. When executed it displays the message EICAR-STANDARD-ANTIVIRUS-TEST-FILE. No harm will be done to your system if you accidentally execute the file. To test your virus scanner right-click the file and select to test it with your software.

You could also pack it and test it or send it to your email account to test the interaction between virus scanner and email client. After the test finishes you do know if your virus scanner is working as intended and able to detect viruses on your system. This does not necessarily mean that it will detect every virus that exists but it means that it is working.

Kaspersky Anti-Virus Products