PC Security: Tips To Make Your PC More Secure
A friend recently asked me a bunch of questions about PC security. How dangerous email was, how people could attack a website and so forth. The answers to his questions led to this article which is not going to cover the usual PC security recommendations that always include using antivirus software, a firewall or malware software. Yes, those programs do help but they are not fool proof and it happened more than once in the past that PC systems were hacked even if they were running an antivirus software and firewall.
I want to go beyond the usual recommendations to discuss PC security issues that many users do not think about at all or not enough.
You can install a secure operating system, an award winning anti-virus software and firewall and still fall prey to attackers through outdated system components. Programs that are used on the computer system need to be up to date. That is especially true for the operating system and programs that connect to the Internet. This includes the web browser (including web browser plugins like Flash), email client, instant messengers, but also the security software programs (which usually come with automatic updates turned on). The computer is vulnerable if the operating system and programs are not up to date.
There are only three rules for emails: Do not open attachments, do not click on links and do not use HTML emails. Email attachments can contain malicious software. They usually do if the sender is unknown or by a company that never send you attachments before. Links can be disguised to look as if they point to a trustworthy website when in fact they lead to a phishing website to grab your username and password. HTML emails can be used to exploit the browsing engine and are also used for tracking users.
Here is how I handle these three risks. Attachments send by friends are usually safe. It is important to check the extension of the attachment. I'm cautious if it is an executable (even when send by a friend). Executables send by senders I do not know are deleted instantly. I check the remaining executable attachments at the online service Virus Total. If I'm still unsure I contact the friend asking about the attachment and why it was send to me.
I never click on links in the email client. If it points to a site I know I open the site manually in my web browser. I otherwise check if the link text and the link are pointing to the same url. If they do I copy and paste the link in my web browser (Firefox with Noscript, so barely any risk here). I do not have to supply username and password since I do not know the service so no fear of phishing in this case.
HTML can be disabled in most email clients.
I use Firefox mainly for the add-ons and in particular because of the NoScript add-on which provides an excellent layer of security (it disables all scripts by default with the option to enable them individually again). NoScript takes care of most threats on the Internet if it is used in the right way. Someone who always enables all scripts on a website (because it is faster than enabling only some) is not more protected than someone without NoScript. If you enable scripts only on websites that you trust then you are well protected (yes there is always a tiny chance that you are attacked on these sites as well e.g. through malicious banner advertisement).
Another add-on that I have come to love is Last Pass. A password manager and secure password generator that can create and remember passwords and profile information. Last Pass connects urls and passwords which is an excellent phishing protection as well. Say you have username and password saved in Last Pass for PayPal.com. If you open a phishing website that mimics the PayPal website you will notice that Last Pass will not automatically fill out the username and password. Something that the add-on would have done on the real PayPal website.
Files that can be executed are another threat on the Internet. A good way of dealing with those files is to use Virus Total again to check them out before executing them on the local system. It is advised to only download these files from trustworthy sources (big download portals, websites of trusted developers).
The majority of attacks can be rendered useless with the right PC security. Updates are probably the most important part of every PC security strategy but caution is a close second. It is always advised to double-check a file or site. This might take more time but it can prevent attacks on a computer system which will save the user lots of time in the end.Advertisement
However earlier I was a die-hard kerio personal firewall fan, nowadays I think that using a home router that uses nat and propagates private addresses via dhcp seems even more secure than a good personal firewall.
You might need to call over your friend to set the wifi part secure if you don’t want to dig into mac address filtering and wpa settings. :)
If I had a bit smarter router, I’d configure it to share half meg free from my 30mbps connection. :)
‘Hitman Pro’ is also a rather interesting alternative to the mass of anti-virus and anti-malware available nowadays on the market. I’ve just ran Hitman today and it found a virus and a few malwares that ‘Kaspersky Virus Removal Tool” and anti-malwares had missed. All information provided by Hitman’s scan was confirmed when I checked the incriminated files on Virustotal.com . Interesting, especially when surveys show that 80% of IT Pros don’t believe in the efficiency of anti-virus softwares monitoring based on signatures. I think that a heuristic and cloud defense – in real-time or not – is today’s future.
Setting your router DNS to opendns can help too since they are very security conscious and tend to resolve issue’s sooner than ISP’s.
I’m sure you didn’t mention it intentionally, which is understandable, but adblock plus can help with malicious ads, just be sure to allow trusted ad networks to support web developers.
Never use your real name for PC’s, profiles, or online user names unless you need to.
Are these guidelines OS specific, or do they apply to all operating systems? Do mac users need a firewall, do Ubuntu users need to be careful of attachments?
I’m only using Windows which means they do apply to Windows. Most should apply to other operating systems as well, e.g. the firewall or not clicking on links in emails. Some might not have severe consequences but most can be dangerous depending on the setup.
As nearly all virus/trojan’s etc will come from someone you know, I think the ‘only open attachments from a friend’ is slightly debased. After all how did the email arrive with you if your email is not know? So it is more likely a friend will ‘send you’ a virus then someone you have never heard of.
I can not believe the number of people I come across in business who just double click an attachment, not only is this opening only a temp item, but is also opening them to be victim’s of unpleasant attachments.
I can not say it enough, save attachments people, give your AV a second crack at checking that file, and if you are not expecting an attachment/email, delete it, if it is important, they will follow up and resend.
Please give me an example of a website with an harmful js script. I can’t believe ecmascripts in html can possibly be more harmful than hanging the browser or open countless popups. Or maybe it’s the case in an exotic or very old browser that has unfixed flaws.
How about I just give you a link to five hundred twenty two thousand pages on the topic: