jump to navigation

Protecting PCs

As most of us are aware, attacks on Windows-based computers are becoming more and more frequent. Away from work, I am regularly asked to help someone “clean up” their Windows PC that has become infested with malware (spyware, trojans, worms, and so on). Interestingly, this type of thing very rarely gets into my systems at home. With this in mind, here are my recommendations for Internet and PC protection software. There may be better options, but these are my current recommendations.

Web Browser: Mozilla Firefox, Chrome, or Opera

Firefox is again my general purpose web browser, though I’m doing some extended testing of Google’s Chrome. I’m was using Opera, and was impressed with it’s speed, but its behavior is still a bit off, and the array of plug-ins for Firefox is too compelling. As before, the only time I use IE is when I a specific site (like Microsoft.com) requires it. I’m a big fan of two specific plug-ins for Firefox that have no clear equivalent in other browsers: NoScript, and IE Tab. NoScript gives you tight control over what domains are allowed to upload and run scripts within the context of a given page. Gone are the days that I’ll just load anything willy-nilly. IE Tab allows me to run IE within the context of a Firefox window, for those pesky sites that insist on being in IE. If you absolutely must use IE, then crank up the security level, and add sites to the Trusted Sites list when something breaks. However, add sites here with caution.

Web Browser Context: DropMyRights

In addition to running NoScript to control the execution of Javascript and other active content, you should be running your browser with less than “Administrator” rights. There are two ways to do this. The first is to log in as a non-administrative user. This is troublesome for many Windows applications, and the frustration of this causes many people to abandon this as a strategy. The second way is to launch your browser using the DropMyRights application, which forces Windows to limit the things that the browser will be able to do.

E-mail: Outlook Express (built-in)

I have looked at other clients, but the built-in mail program seems to work better than most of the rest. I’ll look at Thunderbird (from Mozilla) soon, but for now, I haven’t seen a good reason to do so. I’ve played with the built-in e-mail capabilities of Opera, but it doesn’t provide enough privacy and security (as far as I’ve been able to see) in a multi-user environment.

AntiVirus Software: eEye Blink

The virus/antivirus game is over. We’ve now reached the point where it’s simply a race to see which code boots first. With the advent of rootkits, it’s more and more likely that an effective attack on your PC can be carried out without getting the attention of most AV products, presuming that you’re goofy enough to surf to the wrong site, or run javascript that redirects you to such a site. (See info on the NoScript plug-in for Firefox above.) However, if you’re going to install something, make it something useful, and not something that is available at your local computer store (I’m intentionally avoiding naming a product, but if you’ve heard of it, it’s probably crap.) Instead, download eEye Blink, which is free for personal use. However, this is a comprehensive product, and it will definitely affect performance on slower systems. It will also allow you to protect against CD-ROM or jump-drive attacks.

Disaster Recovery: Microsoft SteadyState

Wouldn’t it be nice if you could boot your system, and if something goes wrong, just roll back the clock to the point where you first booted? That was supposed to be the promise of Microsoft’s System Restore function, but alas, it never quite worked out that way. SteadyState, in contrast, does work that way, and does it very well. If something stupid happens and you surf to the wrong place, just reboot.

PC Firewall: None (use XP’s built-in firewall or a hardware device)

If you are running Windows XP, you should be running the built-in firewall, but you should also (at minimum) put your system behind a NAT router. Putting a non-server out on the Internet without a hardware firewall is asking for trouble. Looking for a hardware device? Check out the Astaro Security Gateway.

HOSTS File: From MVPS

If you don’t do anything else I’ve suggested here, check out the link above and then download and install the HOSTS file as directed. Update it periodically. Warning: You’ll notice that many sites will display an empty frame where you might have expected to see content. That content has been blocked by the HOSTS file, which means that you’ll never have to worry about potential bad stuff from that site getting into your browser (and thus into your system) to begin with.

Advertisements

Comments»

1. Kevin Chapman - July 31, 2006

I find a hardware firewall and Opera web browser is all I need. Never received a peace of spy ware or a virus in the 2 or is it 3 years I have been using it. I have no Antivirus and only use IE for windows updates.

2. Will - August 15, 2006

Hey Tim:

I agree with Kevin – you really should check out Opera. I have a post on comparing the three main browsers I encourage you to check out. btw, I like your blog.

3. Tim - August 15, 2006

I’ll definitely take a closer look. Thanks for the feedback! – Tim


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: