A very good question. There are lots of options out there and contrary and conflicting advice. You can keep a good level of security inexpensively and by following a few golden rules. This article provides advice for the home user using low cost or free software as experience tells me that most novice users want exactly that.
The BBC Honeypot
This article gives a really good view on the sorts of attacks that occur every few minutes to your home PC and also describes in layman’s terms things like “botnet” and how these things work.
The Golden Rules
You can spend nothing or a fortune on security solutions and then let yourself down by making a silly mistake. The following is a list of rules most of which have been broken at some stage by somebody who has then asked me to help fix the mess.
1. Don’t use email to send passwords or confidential information
2. Don’t give out your email address on forums or publish it on your website
3. Don’t use Limewire or similar file-sharing tools unless all your security is up to date.
4. Install some anti-virus software or even a full security suite. When your security software says you need to renew your subscription, either do that or replace it – Now!
5. If you get an annoying pop-up message telling you your “computer is at risk but click here to download some software”, close the box using the red X in the top corner and check your security software yourself (or get help), do not click OK.
6. Don’t respond to any spam messages. It only tells the sender that you are a real mailbox user and that they should send you more.
7. Only use your credit card or a secure system like paypal to buy goods. Never use a money transfer service.
8. Don’t join, forward or reply to a chain email. They are perfect tools for spammers looking for a load of email addresses. There is no millionaire waiting for 1000 emails before paying for the child’s operation and you won’t die in a horrible accident because you deleted the mail. Delete it or look it up on hoax-slayer.com
9. If you get an email warning you about some kind of hacker trick or virus doing the rounds and it isn’t from a security notification service you have subscribed to, it is most likely a hoax. Read this article to wise-up on this subject.
10. Don’t visit sites promising free ipods, playstations, pornography or whatever. Pyramid scams work faster on the Internet and disappear just as quickly.
11. Understand what an “advance fee ” scam is (most well known are the “Nigerian 419” ones) and don’t fall for it.
12. If your bank, building society, ebay, Amazon or whoever send you an email telling you your account details need checking or have become vulnerable to a hacker, close the email telling you this. Only then should you fire-up Internet Explorer (or firefox) and navigate to the correct website. Links in emails can point to spoofed websites where the scammers will steal your account details. They can’t do that if you are going to the legitimate page. To understand how to spot these “phishing ” scam emails and what to do when you receive one, click here .
13. Get a firewall either a software one , a hardware one or enable the firewall features in your router.
14. Turn-on wireless security on your router or access point. It is easy and saves your neighbours stealing your bandwidth, downloading things they shouldn’t and getting you blamed for it.
Problem: Viruses
Solutions: AVG Anti-Virus Free , Norton Security Scan, Panda ActiveScan
AVG free is a free anti-virus tool. If you have no anti-virus software, stop reading this article and go install a copy. If you prefer the Norton brand name or are interested in some of the other tools in the Google Pack then go look at that instead. You absolutely without doubt must have one of these or a paid for anti-virus tool on a Windows PC (Linux uses can go with the fantastic ClamAV which isn’t listed here). Panda Activescan is an online scanner good for doing a one-off scan when you can’t install another AV package or just want to see how effective your current one is.
Problem: SPAM (aka Junk email or UCBE)
Solutions: Windows Mail, Agnitum Anti-Spam Terrier or Spamfighter
Spam is a spicy meat foodstuff that is popular in Asia and used to be very well-known to Europeans but is going a little out of fashion. It may however be revived by shows such as “Spamalot”. If you are getting lots of unsolicited email making you offers for wonderful and vulgar things that you never asked for then you are suffering under a the other form of “spam”. If you have Vista, then Windows Mail will do a good job of filtering what it can. If you don’t have Vista or want to enhance the anti-spam defences, have a look at Spam Terrier which will do a fanstatic job and not cost you a penny. Spamfighter has more options and has no mention of terriers.
Problem: Hackers (Crackers)
Solutions: Agnitum Outpost , ZoneAlarm , PC-Tools Firewall, Windows Firewall
You computer by default trusts everyone. So a firewall controls what your computer can see and what other computers can see of it. Generally you don’t want other computers talking to your one unless they are responding to a request for something. But you also want a firewall that can ensure that any horrible oik of a nasty already on your computer can’t go sneaking secrets to the outside world, Windows Firewall can pretty much handle that. or you can go for something like Outpost (this is an affiliate link so I get a few pence if you buy using this link – google for it instead if you object) or ZoneAlarm. If you connect through a router rather than having a box on the end of a USB cable dangling out of a laptop then your inbound protection is even stronger. Your outbound protection however still needs a software firewall. Test how good your firewall is with a free firewall test .
Problem: Spyware (Adware, tracking cookies, keyloggers)
AdAware, AVG Anti Spyware Free or PC Tools Spyware Doctor (Starter Edition) , Windows Defender
Spyware can be unobtrusive internet cookies used by advertisers to see which sites you visit or could be some nasty website redirector which annoys you with pop-ups telling you that your computer is un
safe (blackmail). Even worse could be a keylogger, secretly recording every keystroke and sending it to a third party. None of these are nice things to catch. Each of the above tools covers one or all of these. Spyware Doctor costs about £15 but if you go to the link above it will let you download a “lite” version from Google for free. AdAware is best run periodically or when your computer acts oddly. AVG Anti-Spyware is free for 30 dyas and then stops updating itself so it kind of works like Ad Aware unless you pay the £20 for a 2 year subscription. If you visit lots of download sites, get one of these. If you have Vista, you already have Windows Defender which does a pretty good job for no cost.
Problem: Other Malware (trojans, backdoors, Rootkits and diallers)
Solutions: Sophos Anti-rootkit, AVG rootkit , GMER , PC Tools Spyware Doctor or UnHackMe
Some anti-virus or anti-spyware tools will scan for these things. With PC Tools, be sure to tick the rootkit box in the settings. Diallers are less common these days as fewer computers have modems attached to them but any good security suite should pick them out. Backdoors and Trojans are generally considered as “viruses” and most av software will remove them. If a rootkit infection is suspected, there is always the AVG rootkit tool if you are not using PC Tools Spyware Doctor or Norton Security Suite. To look for just the common ones like Mebroot, use GMER. If you are too late and the computer is already infected, go straight to UnHackMe, HiJackThis or VundoFix
Problem: Browser Helper Objects (BHO)
Solution: BHO Removal Tool
Internet Explorer has some nice functionality to allow other developers to expand the functionality. Of course, somebody has to spoil the party and that is where being able to remove a BHO that you don’t recognise comes in handy. Run this tool if your start page is suddenly a porn site you cannot change or similar weirdness.
Problem: Rogue websites
Solutions: Site Advisor , Google safe searches and IE7 anti-phishing blockers
Don’t visit dodgy websites. Which sites are dodgy? Well lots of people have been deciding that for you. SiteAdvisor is amust-have utility. I install it on every PC I go near these days. It is very simple to use. When you do a Google search, it puts a tick or cross next to the results to tell you if the site is a known baddy or confirmed goody. You can also make your web-surfing a bit safer by asking Google to filter out nasties it knows about. Goto Google, next to the search box is a link called “preferences”. Use the next page to choose your filtering choice. If you run Internet Explorer 7, under the tools menu you can configure the anti pop-up and anti-phishing functions. Turn these both on if you turned them off in a moment of madness.
Tools you already have:
Windows Firewall
Windows XP and Vista have the Windows Firewall. It isn’t perfect but if you don’t have any other firewal software, turn it on. There are some detracters claiming this product is insufficient but if you have nothing else, use it. It does not block viruses. So you do still need to get AVG Free or something similar.
Windows Defender
Vista also has Windows Defender which is a general anti-spyware tool. It just runs in the background and blocks spyware. It is not as agressive as some of the other tools available because Microsoft consdier some advertiser’s internet tracking cookies to be fine and leave them alone. Even running Defender, PC Tools tells me I have picked up a handful of tracking cookies. I don’t consider them a big risk and so don’t run any other softwar. If they worry you then run something instead of or as well as Windows Defender.
Paying money for piece of mind
PC World will happily sell you the complete Norton Security suite which includes anti-virus, anti-spam and firewall. It is very good, easy to use but needs an annual subscription. If you use this option and don’t renew the subscription you are leaving yourself open to attack.
Conclusion
This can all seem a bit daunting and no doubt somebody out there with question or contradict me on one point or another but the golden rules still stand. If you are still unsure what to do, go and ask a friend that knows. Just remember that Your computer is like your car. You don’t leave it unlocked and parked in an unlit street with your GPS siting on the dashboard. Don’t go on the Internet without anti-virus to lock your computer away from nasty programmes and a firewall to keep everything else out of sight.