|Posted on April 25, 2010 at 3:11 PM|
First published at CastleCops by Larry Stevenson, aka Prince_Serendip, CastleCops Staff Writer, December 12, 2004.
Edited, updated, and republished: April 25, 2010.
This article was originally written for Internet Explorer 6, but most of the information is still current and useful. Updates have been added for IE 7 & 8, Vista and Windows 7.
No one application nor technique can protect you at 100%, but you can still get pretty close to that. When these guidelines are followed by Windows users, it can bring their chances of being infected by malware almost to zero. Now we begin our next installment of the Windows Security Checklist, Part 3: Safe at Any Speed Online. (Btw, "Safe at Any Speed" is a futuristic, sci-fi short story by Larry Niven.)
It is not as complicated as it may first appear, although there is a lot of information to absorb. The experts at Spywarehammer.com can help you if you have questions about any of these techniques and applications. The applications featured here are compatible with all Windows platforms, unless otherwise noted.
Browsing the Shelves
Configure your browser for maximum privacy. **Force it to prompt you for permission for everything possible.** (To be absolutely honest I prefer settings which do not interfere with my surfing. Personally, I don't like a lot of promptings.) You can configure Internet Explorer to provide good security with a minimum of fuss. For more details on how to do this please refer to the following articles, depending on which version of Internet Explorer you are using:
For all other browsers please refer to their Help sections.
With Internet Explorer, clear your browser cache, called "Temporary Internet Files" or TIF, and browser history often. Always clear these after visiting any site where you performed personal business such as online banking or buying products. Click Tools > Internet Options. On the General Tab see Browsing History and a button labelled "Delete..." For those who would prefer an application to do it for them, this little freeware can speed up the job. CCleaner at http://www.piriform.com/ccleaner
Other browsers, such as Opera and Firefox, can be set to clear cache and history just by closing the program.
For Internet Explorer users: Get a web content/browser filter to prevent remote site contact through ad banners and embedded web bugs. Proxomitron is an example of a web content filter. For more info, please visit http://www.proxomitron.info/
Also, get a cookie filter. They are built into most browsers these days, but third-party programs usually offer better filtering options. For IE there is CookieWall: http://www.analogx.com/contents/download/Network/cookie/Freeware.htm
Another excellent application for browser filtering and to prevent hijacks is WinPatrol: http://www.winpatrol.com/
Internet Explorer can be a safe and able browser if you configure and protect it properly. Some of the reasons as to why IE has had security problems are due to a combination of inept and uninformed users, malware writers and browser hackers. These articles help alleviate that by informing and educating all users.
Take Care of Your Information
Stay away from everything to do with mailing lists and requests to use your personal information. Avoid sites that offer some sort of prize or free gift in exchange for your contact details. These are sure to be some form of identity theft scam or for spam.
Do not use "click here to unsubscribe" with spam e-mails. What this really does is verify that the spam was delivered to a valid e-mail address and confirms that you saw it. The sender has no intention of honoring your request. By responding you are certain to get even more spam from the same sender, as well as those who were sold your confirmed address. Delete the spam without responding to anything. Most webmail outlets provide a place for spam. You may have to check it to be sure no legitimate e-mails are there before deleting.
Do not use your personal e-mail address when posting to message boards, or newsgroups. Always use a webmail address. Spiders and crawlers are constantly checking these places for valid addresses to use for spam. Many websites provide a choice in your profile whether to hide or reveal your e-mail address.
Also avoid giving your personal e-mail address to your friends. They may not be as well protected and informed as you. Use a disposable, free webmail account instead. These are easily obtained from Hotmail (Windows Live), Yahoo, Google etc.
Anonymizers or proxies can help where both privacy and security are at risk when browsing to new websites and posting to certain newsgroups.
Be informed. Visit Spywarehammer, and other security websites frequently. Read the news and apply what you learn.
Test the Waters First
Try one or both of the free services listed below to test the security of your computer connection to the Internet. Be sure to include a check for identity vulnerabilities and port scanning.
ShieldsUP! by Steve Gibson Research Corporation: https://www.grc.com/x/ne.dll?bh0bkyd2
Symantec Security Check: http://www.symantec.com/norton/sygate/index.jsp
Look at the results. Make adjustments to your firewall or network settings, and apply software patches as required for the best defense.
Check your firewall and router logs often for suspicious incoming or outgoing traffic. If you suspect that you are a victim of a hacker attack, that someone did in fact compromise your system for criminal intent, go to the Internet Crime Complaint Center: http://www.ic3.gov/complaint/default.aspx for instructions on gathering proof and filing a report. Look for changes on your hard drive, unknown or changed files and folders with decreased hard drive space. Do not delete. Quarantine anything suspicious as you will need this information for evidence. An easy way to quarantine files is to encrypt them so they cannot be opened except by you. A useful (free) tool for doing this is My LockBox: http://download.cnet.com/My-Lockbox/3000-2144_4-10789387.html My Lockbox can also be useful for protecting sensitive personal files and folders. Use strong passwords.
Always Have a Backup!
Keep current backups of all personal and system files. Backups restore lost data in the event that your system security is compromised or your critical files become corrupted. Keep copies of everything you need whether for a simple or a major restore. In the event of something catastrophic, like a hard disk failure or major file damage, you need to be prepared to re-install your Operating System. This means keeping your installation CD for Windows, the CDs/DVDs for all of the other programs you have installed, copies of programs downloaded put on CD/DVD, a flash/thumb drive, or an ISB Hard drive, and any personal files in a safe place seperate from your computer. These will be destroyed when you re-format a hard drive partition.
Always create a backup of your registry before installing any new program or making any changes to your system settings. Instructions to do this are in your Windows Help Files. An easy way to do this on XP, Vista and Windows 7 is to make a System Restore point. A shortcut is placed by default under System Tools in the Start Menu via Control Panel.
Added Security for Internet Explorer (any version)
An up-to-date Hosts file (free): http://www.mvps.org/winhelp2002/hosts.htm will block a lot of malware out there.
Spybot Search & Destroy (free): http://www.safer-networking.org/en/download/ will strengthen your Hosts file using the Immunize feature, as well as applying extra security to your browsers.
SpywareBlaster (free): http://www.javacoolsoftware.com/spywareblaster.html will bolster security on most of the popular browsers, a set-it and forget-it type of program.
You can't go far wrong by implementing the above advice and techniques to secure your browser and your computer. Good luck always favors the prepared. You can surf with confidence, knowing what to do if trouble comes. If you need further help, come see us at http://www.spywarehammer.com/
Best regards and always take care of your security!
This document is provided "AS-IS" without warranty, and confers no rights.
Categories: Security Articles