What the Threats Are

I have been cogitating for awhile trying to figure out the best approach to take on an article about computer security. You understand that this an enormous subject. There are hundreds of books written about it, many of them way over my head — and I am very familiar with the subject. I think that for our purposes here, the best way to tackle this is to give a brief rundown of the existing security threats as covered in our glossary, and then tell you what you need to do about them.

Just as you can never be 100% certain that you are secure in your home, you can never be 100% certain that your computer is secure. But that doesn't mean you should stop using your computer for the things you want to do with it or that you cannot enjoy the fabulous resource that a computer can be — just as you relax and enjoy your home. You do what you can do to secure your home and you rest knowing you are safe as you can be. Similarly, you take the precautions you need to take to use your computer — you gain some insight into its inherent dangers and take the appropriate steps to secure yourself against those dangers — and then you stop worrying about it.

I know right away some folks will read this and think that no, that's wrong, you can never stop worrying about it. Not only can you, but you should. That doesn't mean that you put security precautions in place and then throw caution to the wind! You wouldn't secure your home with an alarm system and then leave the doors unlocked while you go to the store, would you? Well it's the same with your computer. Put the programs in place that will protect you, then keep them up to date and don't click on things you shouldn't click on.

First let's clear up the terminology.

Virus: A virus is computer code that inserts itself into another program's code. It does not exist on its own, it becomes part of another executable file. It replicates its code into other executable files. (Executable just means that it runs when you click on it or otherwise tell it to run.) These executables, or programs, then behave differently, often destructively, and can destroy data files opened with the program. A virus must exist inside of executable code.

Worm: A worm is a destructive computer program that infects and worms its way into and around a computer network, propagating itself from machine to machine, generally by sending itself out in emails.

Trojan horse: A Trojan horse is so named because it is much like the Greek legend of the Trojan horse. The legend tells of the Trojan war, a war between the Greeks and Trojans. The Greeks being unable to take the city of Troy, instead left a huge wooden horse outside the gates. The Trojans, after the Greeks had left, brought the huge statue inside their gates. The horse was filled with Greek soldiers. After dark, the Greek soldiers emerged from the horse and captured the city. This is also where the phrase "Beware of Greeks bearing gifts," comes from. A Trojan horse on a computer is a small program which you are persuaded into installing on your machine. It may masquerade as something else. One of the more flamboyant examples of this was Happy 99. This was sent around on New Year's Day of 1999, and it seemed to be a very lovely fireworks display when you clicked on it. A lot of very knowledgeable folks got fooled by this one and sent it around to their friends before anyone ever discovered that it also modified system files, and sent itself out to addresses it found in the computer's address book. Because it propagates itself in this fashion (sending itself to others), it is also a worm.

Spyware: Spyware are small applications installed on your machine, with or without your knowledge or consent, that track your activities on the Internet and report back to their originator things such as what links you click on, what ads you have seen or clicked on. This is used to send you advertising and to pop up ads during your browsing. Installing these applications without informing you of the fact is illegal -- but we know that doesn't stop anybody. However, many spyware vendors do inform you of the fact but may hide the information inside of a license agreement, which almost nobody reads. Occasionally they will be up front about it on the website. Spyware is usually an additional piece of software to some free software you want to download. Examples would be various search bars or free utilities. Not all search bars or free utilities have spyware in them. You have to know which ones do and which ones don't, or you need to read all the fine print and the license agreement.  Spyware creates real problems for your computer, however, in addition to violating your privacy. (And don't dismiss the possibility that although the intent of spyware is to sell you goods and services, once some program has the ability to send out information from your machine, it could be abused.) I see more problems from spyware today than I see from computer viruses. Spyware can slow your machine down to a crawl; it can pop up windows on your machine at a great rate, making it impossible to surf the web; it can also completely break your internet access. Because there are so many good anti-spyware programs today, the spyware vendors are getting more crafty about how they install their programs and protect them from removal. There are forms of spyware today that cannot be removed by any automated process. Some require a reformat of your hard drive to get rid of them. So the best way to deal with spyware, is to prevent it from being installed in the first place.

Rootkit: You've probably heard about this "new" threat in the news. It's not terribly new, but it is becoming more widespread. These things compromise your operating system. In other words they get right into the core of Windows and they prevent Windows from disclosing their presence to you or to any antivirus or antispyware tool. Once you've gotten one, unless you specifically know what it is and have the in-depth instructions and ability to remove it, your best bet is to reformat your hard drive and start over. Rootkits are another reason that backups are so vital!  Windows Vista is much more hardened against rootkits than Windows XP is, meaning it is far more difficult to get a rootkit into Vista.

Phishing: This is a type of scam that has become very prevalent, whereby someone tricks you into giving them sensitive information such as credit card or bank account numbers. Web pages are easy to copy. Someone can copy your bank's web page, send you an email with your bank's logo, have it very official looking, with some sort of message that tricks you into going to a site and entering account information — but the site it takes you to is not that of your bank. Some of these are extremely convincing. It can also happen that a hacker hijacks your bank's website and redirects it to a different computer, so that when you go to yourbank.com, you actually wind up in some other place. You may then enter your account number and password, and you've just given it to some nefarious person or group.

Hackers: Hackers can sometimes get into your machine, log on, poke around your files, copy files and information, install programs such as Trojans, all without your ever knowing they are there. How they do that is very technical and the subject of volumes. The main defense against hackers is a good firewall.

Firewall: A firewall is used to keep other people from snooping around your computer. The internet was designed for people to communicate and share information. It does this via ports, which you can think of as doors or channels into your machine. When you send information out of your machine, you send it out through a port. These ports have numbers and some of them are standardized numbers. For instance, web pages come into your machine on port 80. There are thousands of possible ports on a computer. These are not real doorways, they are virtual doors. When you click on a link to a web page, your firewall watches and sees that you have made a request to receive information. When that web page loads on your machine, it is transferring data from another computer to your computer, a process that we call downloading. Your firewall lets the data in because it knows that it is data that you have requested. Firewalls monitor ports on your machine to ensure that nothing is allowed in which you have not requested or given permission to. Some applications, such as instant messaging programs, leave a port open and listen for incoming connections. If this were not the case, no one could ever send you an instant message because the firewall would block it. At some point you tell your firewall that it is okay to accept instant messages. A firewall is a vital part of staying secure on the Internet today.

Operating system and program vulnerabilities: This is pretty technical also, but let's just say that vulnerabilities can exist in how the operating system or program is written that allow a bad hat to inject bad code into the program or operating system and cause that code to run.

See the sidebar in our glossary at Virus for a discussion of how some of the above dangers differ.

Next we'll take a look at how to protect yourself against each of these dangers.

What to Do About It

Viruses, worms and trojans are all handled by an antivirus program. There are many good antivirus programs on the market today. These automatically keep themselves up to date in the background so you don't have to think about updating them yourself. This is a good thing. Not all antivirus programs are equal though. Some are not as well designed as others and can cause problems for your system, or may even malfunction themselves. I'm not going to go into which ones are bad, mainly because I'd probably get sued. I will tell you, however, which are my favorites. Please understand that I have hundreds of clients, end users just like yourself, and I've seen these programs work, and some of them break down, on all sorts of different machines. Any programs I recommend are the ones that I have found to be the most reliable and trouble-free, but none are perfect.

A pretty good, reliable, free antivirus program is Avast, which you can find at http://www.avast.com. They also have a professional paid version.

You might want to try my favorite antivirus program, NOD32, from Eset, which you can find here: http://www.eset.com/home/home.htm. There are a few quirks to the ordering, downloading and installation of this program which can be daunting, however once installed and configured it does a terrific job and won't bog your system down in the slightest. They have added an installation video which is terrific and which should make installing the program quite easy. There is a 30-day free trial, but this is a paid program. This is what I use on my machines and install on most of my clients' machines, and I can say in all honesty that it is my favorite application program of any kind.  It does a superb job of doing exactly what it is supposed to do without conflicts or problems. (Eset also has a full security suite currently in development and testing.)

On a par with NOD32, and I say that because in some respects NOD32 is superior, and others not, is Kaspersky Antivirus.  You can find Kaspersky at http://www.kaspersky.com. This is a paid program and they also have a full security suite if you are into that sort of thing. In addition, Kaspersky has a free online scanner that is excellent.

Next comes spyware. There are two basic types of anti-spyware programs out there. One scans your computer for existing spyware and removes it, the other prevents spyware from being installed in the first place. I recommend you have one program of each type.

For your first line of defense, you'll want a program that stops spyware before it ever infects your machine. For this I use Windows Defender, which is free from Microsoft and which you will find here: http://www.microsoft.com/downloads/details.aspx?FamilyID=435bfce7-da2b-4a6a-afa4-f7f14e605a0d&displaylang=en.  It can be installed only on machines running Windows XP Service Pack 2 or later.  It is built into Windows Vista, so if you're running Vista, you won't need to add this.

Before you put a preventative program on your machine, I always want to scan it first and make sure that any existing spyware has been removed. Ad-Aware SE is my "big gun" spyware removal program. In a word, it is fabulous. It is a free program, but it has no auto update function. There is a paid version, Ad-Aware SE Plus, that does check for updates when you open the program. This isn't a program that is always running and so keeps itself up to date (the paid version does have a background protection function). You have to launch it and tell it to scan your machine manually. I feel very, very fortunate to have a program like this, that does such a fabulous job of spyware removal. You can get Ad-Aware SE Personal (the free one) as well as Ad-Aware SE Plus here: http://www.lavasoft.de/.

Everyone who runs Internet Explorer 6, should upgrade to Internet Explorer 7 if you haven't yet done so.  IE7 has a built-in anti-phishing filter that is terrific, so make sure it is turned on.  (Click on Tools, then Phishing Filter.)  Other browsers have various similar functions.  I'm just going to say right here that I have all my clients on Internet Explorer 7.  Yes, there are other wonderful browsers out there.  But my site is geared toward novice users, and I can be most certain that they are being protected properly when using IE7 because Microsoft keeps its browser patched and updated via Automatic Updates.  Other browsers may need manual updates or some form of user intervention.  Statistics have shown that a higher percentage of IE users (by far) are up to date with security patches than those using other browsers.  There are other wonderful browsers out there; if you use one, make sure you are keeping up to date with their security patches. (All browsers have security vulnerabilities.)

Now we come to hackers, and the way you keep hackers out of your machine is by using a firewall. Note that if you are using a router in a home network that the router acts like a hardware firewall. Routers are a terrific first line of defense against hackers. Today though, it is probably good insurance to also run a software firewall. If you are fortunate enough to be running Windows XP with Service Pack (SP) 2 installed, you are already protected by a software firewall that is an excellent firewall. Windows XP's firewall protects you against incoming traffic only, and there are those who prefer to have their firewall also monitoring outbound traffic. If you had managed to get a Trojan horse on your machine, for instance, a firewall that monitored outgoing traffic would not allow the Trojan to send data out from your machine.

Firewalls that monitor outgoing traffic do so by granting permission or denying permission to the applications or processes that are trying to connect to the Internet. Guess who has to make the decision of whether to allow something to access the Internet or not? That's right, you do. What are you going to say when an application-based firewall asks you if you want to allow "Generic Host Process" to access the Internet? Yes or No? This brings with it an inherent insecurity for most users. If you don't know what the process is that is asking permission to access the Internet, you will probably get into the habit of either saying yes or no. If you say yes to the wrong thing, you may be opening a door into your computer for a Trojan and giving it permission to operate freely. If you say no, you may find yourself, as has happened, with no Internet access at all. So my preference is to rely on the antivirus and anti-spyware programs to keep the Trojans out in the first place, and use XP SP2's firewall instead, which is a very smart firewall indeed. Vista's built-in firewall is even better than XP's.  If you are not running Windows XP or Vista, however, you really have no choice, you will have to install a software firewall of some sort. Kerio Personal Firewall, now owned by Sunbelt, http://www.sunbelt-software.com/Home-Home-Office/Sunbelt-Personal-Firewall/, or Outpost firewall, http://www.agnitum.com/, are excellent, or you could use the one in Kaspersky's Security Suite.

Last but not least, we come to operating system and program vulnerabilities. Chances are you are running Windows. Each version of Windows has its own Windows Update page where you can get critical security patches for your version of Windows. Windows Update will scan your machine to see what you have and what you need, present a list of updates for you, and walk you through downloading and installing those updates. You should find a link to Windows Update somewhere on your Start Menu. If you are running Windows XP SP2, you probably have automatic updates turned on, which does all of this without user intervention. 

When you go to Windows Update now, you will see a link on the right-hand side to Microsoft Update. Click on it and it will migrate you over from Windows Update to Microsoft Update. Microsoft Update combines Windows Update with Office Update and in the future will also automatically update other Microsoft programs. Your critical Office Updates will now come down to you automatically just like your Windows Updates do. You will also have a new link on the top of your All Programs menu to Microsoft Update.

As far as other applications go, they each have their own updates and ways of getting them. Not all have automatic updating today, but more and more do.

You can see that we are only skimming the surface of the subject of security here, and yet this article is already lengthier than I had wanted or anticipated. I hope it gives you enough information to protect yourself. If you have specific questions about security, we have a forum devoted just to that topic at our Computer Haven forum site.