Computer Security 101: The Basic Triad

I've always maintained that there's certain things you should do to a computer no matter what else you do on a computer. One of them is using a USB Optical mouse, but that's just a personal opinion. Running proper computer security software, on the other hand, is considered mandatory by anyone who has ever caught a virus and most people who make their living getting rid of them. The general concept is composed of a triad of problems and solutions. The problems are keeping bad things out, taking out bad things if they get in, and restoring your system if you can't get them out. The solutions are Firewalls, AntiVirus software, and Regularly Scheduled Backups. The problem comes when people forget any one of these three things. In this mini-guide, I'll tell you how to keep yourself from posting here in the past tense on about 60% or more of the problems we get. Links to download these tools will be provided at the end of this guide.
Note: In the example given below, Alpha will refer to your computer, and Beta will refer to some other computer - one on the internet trying to access your computer.
First of all is a firewall. The good news is that XP includes a built in firewall. It's not perfect, though. Firewalls can be of two types - Incoming and Outgoing. The problem is that the distinction between Incoming and Outgoing is often blurred. For example, a common system used to remotely access a computer (in this case, more often legitimately than as a virus) is VNC. VNC runs a server on Alpha and then Beta can access it from anywhere on the internet using a VNC client. For many years, to do this, you'd have to open the Incoming port on Alpha for VNC (5900) for Beta to be able to connect, but now you don't. If Beta has his client listening in "reverse connect" mode, then Alpha can start the connection and in doing so it gets around the windows Firewall, because it is seen as an outgoing connection by windows, and the Windows Firewall does not block outgoing connections at all. In this way, your computer can be remotely accessed and evade the windows firewall entirely. The only real solution to this is to use a third-party firewall, and you have several options. ZoneAlarm and Sunbelt Kerio Personal Firewall are both free options, and both Kerio and ZoneAlarm offer more advanced systems you can use for a price. These both block incoming and outgoing connections, therefore fully firewalling your computer.
Your next "line of defense" (though it's more like "offense in your own end zone" than defense) is Antivirus Software. Common Software for this include Symantec Norton AntiVirus and Norton Internet Security (which also includes a good firewall). McAfee has typically been seen as a secondary vendor though in modern times, both Symantec and McAfee are equally effective. ClamWin is also available, but does not offer real time scanning. Avira AntiVir, Avast!, and NOD32 are also good AntiVirus packages. Most new computers come with one of these included. So you already have an AntiVirus software, right? Good, but you're still not done!!! AntiVirus software is just that - AntiVirus. It's not AntiSpyware, AntiMalware, of AntiTrojan, and you have to protect against all of those, too. Two key products stand out to do this. One is Spybot Search & Destroy, which is open source and free. Spybot is the gold standard for AntiMalware. On the other end of the spectrum, Windows Defender from (who else?) Microsoft has been shown to do a good job. At one point after Microsoft bought out Gator they allowed Gator's malware through Windows Defender (back then under the name Microsoft AntiSpyware) and it's due to this that it's always a good idea to run both programs to allow each of them to check out the other. Another noteworthy program is SpywareBlaster, which does not offer any real time protection, but instead patches Internet Explorer and Firefox to prevent most Spyware from getting in in the first place. Running these three makes most, if not all systems impervious to Spyware.
If the above fails - and it will at some point - then your last remaining option is to restore a backup you've made in the past. What, you've never backed anything up?! Well, to make it as easy as it can be, you'll need 2 things to do this. First of all, backup (unlike the other two parts of the triad) will require you to buy additional hardware. In this case, you'll need a USB Hard Drive. The Hard Drive in question has to be AT LEAST 2/3 of the size of your main system drive. If your computers is really slow (1.5GHz or less) you'll want to get a USB HDD that's the same size as your system drive because compressing the drive backup will be way too slow. The second thing you'll need is a copy PING. PING (Partimage Is Not Ghost) is a Linux Live CD that you can boot from. Once you boot from PartImage, you can backup your entire hard drive to a disk image file. Then, if your system ever crashes, you simply boot from the PING CD again and restore the disk image. Of course, for this to be effective, you'll have to make images on a regular basis. How often you do so depends on how much you use your computer and what you use it for. If, for example, you only web browse for an hour a day, then imaging the computer once a month is fine. If you do major graphics design work that's impossible for you to reproduce later, backing up once a week or even twice a week isn't entirely out of the question. Your main goal is to minimize the amount of work you have to redo in the event that your computer crashes and you have to restore the image.
That's the basic computer security triad. There are several other useful strategies you can follow, too. For example, you can store any and all of your documents on a network server. If it's not a program, store it off-site. Then image your computer with nothing more than windows and your programs. After this, when your computer crashes (if you don't do any major configuration changes) you lose nothing when you image the system. Along the same lines, setting up two separate partitions or using a USB Hard drive for document storage accomplishes the same thing, but some of the major viruses will spread between local drives (whereas fewer of them will spread through the network). While you're at it, you can try software like DeepFreeze, which prevents any and all changes to the C: drive of your computer. You can also use Sandboxie to prevent just one program (such as your web browser, which is how most spyware is caught, or email to prevent most viruses) from writing to the hard drive while letting all your other programs through. This does not work sometimes, though, because this prevents your browser from downloading files and prevents your email client from storing email on the hard drive, so over time you have to download the same messages over and over.
So that's it. Here's the links.
* ZoneAlarm by Zone Labs -
http://www.zonelabs.com/store/content/home.jsp
* Kerio Personal Firewall by Sunbelt Software -
http://www.sunbelt-software.com/Kerio.cfm
(Note there's another firewall with the same name that is not free.)
* Symantec, makers of Norton AntiVirus and Norton Internet Security -
http://www.symantec.com/index.jsp
* McAfee, Symantec's primary competition - http://us.mcafee.com/
* SpyBot Search & Destroy –
http://www.safer-networking.org/en/index.html
* Windows Defender by Microsoft -
http://www.microsoft.com/athome/security/spyware/software/default.mspx *
*SpywareBlaster by Javacool Software –
http://www.javacoolsoftware.com/spywareblaster.html
* PING, or Partimage Is Not Ghost -
http://ping.windowsdream.com/
* Faronics, makers of DeepFreeze -
http://www.faronics.com/
* Sandboxie -
http://www.sandboxie.com/
Now stop reading and go secure your system! Good luck.

1 comments:

Anonymous said...

reverse cell phone lookup

Post a Comment

There was an error in this gadget
This Day in History

Today's Birthday

In the News

Quote of the Day
There was an error in this gadget