The Internet is not a safe place if you go online without securing your computer. The information here may seem like a lot to absorb, especially for novice computer users, yet if you are patient and take each item one at a time you will soon realize how uncomplicated this really is. Following these protection guidelines is an absolute must in today's online world.|
After applying everything listed here you are lowering your vulnerability to almost zero; however nothing will ever protect you 100%, and don't ever believe anyone who claims otherwise.
Always consult your program's documentation for specific instructions on configuration.
The software suggestions listed at the bottom of this guide are for getting you started and were chosen for their reliability and ease of use. Some are free, some require purchase, yet each free program is every bit as effective as those that require purchase and only lack some additional features of their paid counterparts.
Basic protection guidelines:
- Use a good bi-directional that will monitor all incoming and outgoing traffic and will alert you for access permission if such traffic is detected. It also has the ability to hide your presence from intruders by completely blocking access to the ports that are used for the transfer of information. Select the highest security level for your internet zone and set all programs to prompt you for access -- even those you use frequently. When in doubt, deny access of a program until you know for sure its identity.
- Use a (anti-virus), keep the virus data files current (check for updates at least once a day), be sure it includes anti-rootkit technology with automatic startup file checking, set it to scan all downloads and e-mail attachments -- before they are opened, and be sure it is enabled for Web access protection, too. Let it quarantine and destroy anything suspicious. (Never run two anti-virus programs simultaneously -- they will compete with each other.)
- Disable File and Printer Sharing in your network settings if you are using a computer that is not connected to a Local Area Network (LAN). This will shut all NetBIOS ports -- those which are used for the sharing of files. Even if you are using a router and a firewall, this is giving you added protection by disabling something you don't need.
- Be extremely careful when using any P2P (peer-to-peer) network service for sharing/swapping files across the Internet. Be sure you are not exposing any drive folder other than the one designated for access by these services, and keep your virus scanner active at all times.
- Secure your IMs. It is wise to use an IM encryption utility to secure your AIM, ICQ, MSN, or Yahoo messages, but be aware that the encryption will only be effective if the utility is used on both ends.
- Know your IP. If you know the IP address of your internet connection (and the IP addresses used by your local network), you will recognize when an outsider is trying to break in.
- Use a registry guard if none of the defense programs you are already using have this included. A registry guard monitors your Windows Registry for changes. Incoming trojans can go undetected. They will place a specific set of instructions in the registry or other system files and will activate the next time you start your computer. A monitor with active polling will alert you to unauthorized changes to your startup files, registry keys, and values before the damage is done. It is also a useful tool for alerting you of authorized changes when installing new software.
- Never allow a downloaded application or any downloaded executable content to launch on its own, and be especially careful of downloading files that end in exe, bat, vbs, and com.
- Disable file transfers in IM (instant messaging) programs, as this feature, if configured incorrectly, can enable the sharing of more than you intend. AIM, .NET Messenger, and others let you disable file transfers from the Preferences or Options menus. If someone wants to send you an image or file, use e-mail to verify that the request is legitimate.
- Never accept nor download and run an "ActiveX Control" or "Java Class" unless it comes signed and from a trusted site. It is best to force your browser to prompt you for permission. Not only could you be granting permission for the installation of something malicious, you could become a victim of
- Disable the Java plugin in your internet browser. Open the Java settings from the Control Panel, click on the Security tab, and make sure "Enable Java content in the browser" is unchecked. It's even better to completely remove Java from your system, but some programs and games may depend on it.
- Disable "Install on Demand" if you are using Internet Explorer so your browser will be forced to prompt you if additional components are needed in order to display certain content.
- Never follow links to banking sites from other sources, including links inside e-mail messages. Always visit banking sites directly and never through other sites even though those links may appear legitimate.
- Keep your OS, browser, and browser plug-ins up-to-date, in addition to any service or application that has access to the Internet. Apply updates and patches as they are released.
- Learn to identify which applications and system services are known to compromise security and do not allow them to have open access to the Internet. When in doubt, have your firewall prompt you for permission.
- Avoid using easily recognizable passwords such as the names of family members or pets, birthdays, or anniversaries. Make them as cryptic as possible; and if you must write them down, do not store them on your computer or any other place where someone may have access to them. If you must use your browser's password manager, never use it to store important passwords such as those used for banking.
- Encrypt your stored passwords. Most browsers include an option to store your online passwords. Be sure yours are stored encrypted and you set a master password for access.
- Be sure your browser is SSL-capable (Secure Socket Layer) and the encryption strength, or cypher strength, is not less than 128-bit.
- Practice good sense when shopping online. Know your merchant, use an "online-safe" credit card if possible, never use a Debit card, navigate to sites on your own (do not follow links from other sites), and keep good records.
- Never submit a secure form on an insecure server. This includes the checkout process when making purchases. Always check your browser for the secure page indicator and "https" in the address.
- Never conduct online banking on an insecure server. Always check your browser for the secure page indicator and "https" in the address.
- Frequently check your credit card bill for errors. Report fraudulent activity and cancel the card as soon as anything unauthorized appears.
- Secure yourself in wireless hot spots (WI-FI) in places such as airports and hotels. Make sure file and printer sharing is turned off in your network settings, and refrain from online banking, bill paying, making purchases, or opening spreadsheets or other personal documents that contain sensitive data. Also be careful with any e-mail that might contain sensitive data.
- Apply common sense when using public computers in libraries or internet cafes. Clear your private data (cache, temporary files, browsing history, form history, search history, location bar history, download history, authenticated sessions, , passwords) when you finish your session, and never perform personal business such as online banking, bill paying, or making purchases. Even if you clear all traces of your browsing session, you cannot be certain it is secure or free of malware or keyloggers.
- Never visit untrusted sites. If you do take the risk, be extremely cautious.
- Run spyware detection/removal software frequently to search your hard drives for , adware, keyloggers, spy-related modules, , to check for security leaks and registry inconsistencies, and clean up tracks from web sites, opened files, and started programs.
- Use a real-time if one is not included in your anti-virus or security suite software. This will help prevent spyware from ever being installed.
- Secure your sensitive files on any computer you use to connect to the Internet. Never place sensitive files on drives or inside folders that are configured as shared. Even better, the best place to store these files is on a CD, stick drive, or some other removable media. Another option is to install a third-party file guardian program but be very careful when using such tools as misconfiguration can result in complete inability to access your files and even your OS.
Additional guidelines for e-mail:|
Whether you use a stand-alone e-mail client such as Thunderbird, SeaMonkey Mail, or Microsoft Mail, or you access your e-mail by using a web site such as Gmail or Yahoo, you need to be aware that there are security and privacy risks here as well.
- Do not load images in e-mail unless you are sure it arrived from a trusted sender. A spammer will embed images and in e-mail so the remote server where these images reside is contacted immediately upon opening and viewing the message, instantly verifying your existence and receipt of the message. Although most e-mail clients will prompt you by default before loading remote content, be sure to check your settings.
- Disable HTML for e-mail if you want to view the safest of all e-mail messages. This will strip all HTML formatting and will prevent the loading of remote images (as described above) plus prevent cleverly-coded e-mail worms that are designed to execute just by viewing HTML-formatted e-mail. It will also help prevent by revealing the text of actual links instead of hiding them behind alternate text or images. Check your settings for an option to view message bodies as "Plain Text".
- Disable in e-mail. Most e-mail clients have this disabled by default.
- Never allow your e-mail client to "View Attachment Inline" ...unless you are sure it arrived from a trusted sender.
- Never allow your e-mail client to execute plug-ins ...unless you are sure it arrived from a trusted sender.
- Never open e-mail attachments from strangers. Period.
- Use encryption software for sending your most private e-mail messages. If you don't, keep in mind that what you are sending is the equivalent of a postcard. Also remember that encryption is for the message body only -- it does not hide the subject line nor does it hide the message headers.
- Never, ever use e-mail to send confidential information such as credit card numbers, bank account numbers, or your Social Security number. Even if you use encryption and the correspondence is for legitimate business, you cannot be certain that the recipient will protect this information once it is delivered and decrypted. It will only be as secure as the recipient's system permits.
- Never respond to e-mail asking for confidential information. Any e-mail you receive requesting your credit card numbers, bank account numbers, or Social Security number either via e-mail or a bogus web site link is surely an identity theft or scam.
Additional guidelines for LANs (Local Area, or "Home" Networks):
- Use a router between your LAN and the Internet if you have an "always-on" connection using DSL, cable, or any connection where you are assigned a static IP address. If your ISP advises against this, FIND ANOTHER ISP. A router uses (NAT) to mask the IP addresses of your internal network from the outside world. A router that also combines a hardware firewall is even better. IMPORTANT: Immediately after installation, change your router's default password!
- Use a router with WPA2 if your router connects you to a "wireless" network. WPA2 will use a passphrase to build an encryption key using AES (Advanced Encryption Standard), one of the few standards approved by the U.S. government. The only weak point of WPA2 is your passphrase, so create one that contains at least 20 characters using a combination of letters, numbers and symbols, and don't use any word found in a dictionary. Wi-Fi Protected Access 2 (WPA2) replaces Wired Equivalent Privacy (WEP) and the other security features of the original IEEE 802.11 standard. A router that supports only WEP can be cracked within minutes.
- If you choose a hardware firewall make sure it includes (SPI) for closely examining packet data structures. Even if you do choose a hardware firewall, continue to use your software firewall so you can be alerted about individual programs and their behavior.
- If you need to enable file sharing for your LAN, make sure all file-sharing ports are blocked to internet traffic so no one from the outside world can access the contents of your hard drives through these ports. NetBIOS ports (135, 137-139, and 445) should never be open to TCP/IP (the protocol computers use to communicate with each other over the internet). If you are behind a router this will be handled on its own, and software firewalls should block these ports by default by automatically detecting your network and all of the IP addresses that belong to it and then allowing you to define this zone as trusted. If the firewall you just installed does not allow your home-networked computers to communicate exclusively inside this trusted zone while excluding all other IP addresses that do not belong to it (those from the outside world), do not trust the firewall.
- Require a login user name and password for every computer connected to your LAN. For any hard drives that are configured as shared, do not configure share permissions to allow 'anonymous logon' or any access by groups or users outside your LAN.
- If you use a cloud service for backups be absolutely certain your data is transferred over a secure (https) connection.
- And remember... Even if only one computer is actually connecting to the Internet, any other computer sharing files on a network with that computer needs the same protection!
For additional Internet privacy protection:
- Use a web content filter (or browser filter) to prevent remote site contact through ad banners, malicious scripting, and embedded inside web page content. Filters are built into most browsers, but third-party programs or browser add-ons usually offer more configuration options and will include a blacklist with predefined rules for sites with a reputation for being untrusted.
- Use a filter. They are built into most browsers, but third-party programs or browser add-ons usually offer more configuration options. A good filter will provide a blacklist for sites with a reputation for being intrusive will help prevent certain ad-tracking cookies from being used even if your filter is set to accept all cookies, will include an option for rejecting third-party cookies, will allow you to permanently store cookies for trusted sites you visit frequently, and clean up all unwanted cookies after a browser session.
- Clear your private data after every browsing session. Clear your cache, temporary files, browsing history, form history, search history, location bar history, download history, authenticated sessions, and anything else on the list that isn't needed.
- Enable the popup blocker in your web browser. The better browsers have this built in.
- Don't tell sites anything you don't want them to know. Use common sense when filling out forms or submitting any personal information unless you are absolutely sure it won't be misused.
- Don't install and use adware cautiously. Many freeware, shareware, and adware programs not only contain spyware, but can contain viruses and trojans. Make your selections carefully and always do a Google search on software titles for all the information you can gather.
- Opt out of everything from mailing lists to requests to use your personal information for whatever purpose is intended, and beware of sites that offer some sort of reward or prize in exchange for your contact or other information.
- Never respond to spam by using their "click here to unsubscribe" or "follow this link for removal from our list". The one and only thing this does is verify that the spam was delivered to a valid e-mail address and confirm that you saw it. The sender has no intention what so ever in honoring your request. In fact, by responding you are guaranteed the delivery of even more spam from the same sender plus those who were sold your confirmed-valid address. Destroy the spam without responding to anything.
- Can the Spam. Take advantage of the built-in junk mail filters inside your e-mail client. In addition, configure your own filters to automatically trash or delete incoming e-mail that contains certain keywords. By using a combination of various filters you can noticeably reduce the amount of spam reaching your inbox.
- Never give your personal e-mail address to a commercial vendor. This applies to anything from making a purchase online to responding to an online survey. Apply for a free Webmail account or subscribe to a Disposable E-mail Service and use that address instead. You can always dispose of it and acquire a new one quite easily if necessary.
- Never use your personal e-mail address when posting to message boards or newsgroups. Always use a webmail address if a valid address must be supplied. Spiders are constantly crawling these places for addresses to use for spam. If you must use your personal address, or any valid address you plan to keep, always insert some text that the viewer will know to remove when responding to you. No one will question your intent -- this is standard practice.
- Never reveal personal details to strangers. Period.
- Realize you may be monitored at work. Be careful where you browse, avoid sending highly personal e-mail to anyone, and keep sensitive files on your home computer -- not at work.
- Use anonymizers cautiously. They are not as private and secure as you might think. It is far better to avoid the sites where an anonymizer might be needed.
- Keep informed. Visit privacy sites frequently. Read the news. Apply what you learn.
Test for security vulnerabilities
- Use an online service to test the security of your computer's connection to the Internet. Shields Up!, an internet security detection system from Gibson Research Corporation, scans on request a user's computer and will check all service ports (including file sharing and common ports) and look for identity vulnerabilities.
- Examine the results and make adjustments to your firewall and/or network settings and apply software patches wherever required for maximum defense. Closed ports are good -- stealthed ports are better -- but keep in mind that more often than not, security problems exist with the software and not with the ports through which they are granted access.
Just plain sense
- Examine your firewall and router logs frequently for suspicious incoming or outgoing traffic. If you suspect you are a victim of a hack attack, that someone did in fact compromise your system, go to fbi.gov for instructions on gathering proof and filing a report. Also look for changes on your hard drive such as unknown or changed files and folders and decreased hard drive space. Do not delete but rather quarantine anything suspicious mainly because you will need this information for evidence, but also because a file that looks suspicious is not always bad -- it might be critical system or program file that you need to restore. For easy access to the router's log, install a logging program.
- Keep current backups of all personal and system files. A backup can restore lost data in the event your system's security is compromised or your critical files become corrupt. Keep copies of everything you would need for both a simple restore (the replacement of just one or two damaged files) and a major restore (bringing your system back to its original state). And in the event of something very serious -- like a hard drive crash or trojan damage -- you should always be prepared to re-install your OS from scratch. This means not only keeping your installation CD and License Key for Windows in a safe place, but also the installation CDs for all of the other programs you have installed plus any personal files (address books, e-mail, documents, etc.) that will certainly be destroyed when you reformat a hard drive partition. If you backup your files to another hard drive partition for easy access, ideally you should also place copies onto external media such as a CD, Zip disk, or removable hard drive. Using a secure cloud service is also recommended.
- What system files to backup? Daily backups of your registry files are recommended and you should keep at least 7 of the most recent copies. In addition, always create a backup before installing any new program or making any changes to your system settings.
- If you are selling your computer, thoroughly clean your hard drive. Deleting files and reformatting is not enough. Reformatting does not overwrite every sector, and private information can remain retrievable. Use a secure delete or disk wiping utility to overwrite every sector on all hard drives. Be sure to use a utility that supports the U.S. DoD standard of seven passes or wipes. While this method is good enough for most people, be aware that the only absolute way of destroying all traces of everything on your hard drives is to have these disks degaussed (neutralize the magnetic field) and physically destroyed.
But before you do anything, place anything you want to save (photos, music, iTunes library, personal documents) onto another drive or CD, or use a secure cloud location. And if you purchase digital media from iTunes (or any other similar service), remember to deauthorize your computer.
- If you are a victim of identity theft do all of these:
- Immediately file a complaint with The FTC.
- Close the accounts that you know or believe have been tampered with or opened fraudulently.
- File a police report. Get a copy of the report to submit to your creditors and others that may require proof of the crime.
- Request assistance and support from a leading organization such as Identity Theft Prevention and Survival or the Identity Theft Resource Center (ITRC).
- Contact the fraud departments of all three of these credit bureaus:
- Equifax, Inc. equifax.com
160 Peachtree Street NW
Atlanta, GA 30309
- Experian experian.com
National Consumer Assistance Center
701 Experian Parkway
P.O. Box 2002
Allen, TX 75013
- Trans Union transunion.com
Consumer Disclosure Center
P.O. Box 1000
Chester, PA 19022
Download the offline version of "Secure Your Home Computer"|
If you would like to download a copy of "Secure Your Home Computer" for your personal use offline... click here.
Unzip the contents of the file secure-computer.zip and place them into any new folder of your choice. All other information is in the included readme.txt file.
The current version is 2.46
View Version history