dive into mark

‣ September 4, 2001 ‣

Seven ways to protect your home Windows PC for free

7 ways to protect your home Windows PC for free (choose all 7)

1. Windows Update. Free service (although you must use IE5+ to access it). Download all the latest service packs, security hotfixes, and latest versions of bundled Microsoft programs. (Warning: not everyone is happy with IE6, but you should at least upgrade to IE5.5 SP2. (Nested warning: not everyone is happy with IE5.5 SP2 either, since it removes support for Netscape-style plug-ins. I really don’t think this will be a long-term problem; Apple’s QuickTime was temporarily unusable in IE5.5 SP2, but this is now fixed, so suck it up and upgrade.)) Also install the Windows Critical Update Notification program, which polls Windows Update for new critical patches you need to install.

2. Microsoft Personal Security Advisor. Free service (although you must use IE5+ to access it). Once your Windows Update list reads “no update, no update, no update,” go here to find out that you’re still missing 8 security patches. (No, really, I was missing 8. Why aren’t they included in Windows Update? I have no idea.) Some of the suggestions are blatantly self-serving (”you’re running Outlook Express; if possible, you should upgrade to Outlook.” Hey, thanks. Were ya gonna pay for that for me, too, or just suggest it? I thought so.) Read more about MPSA in this Wired article.

3. Guidescope. Free for home use. Cookie and ad blocker. Works with any web browser, not just IE. (It installs as an HTTP proxy on port 8000. Don’t worry if you don’t know what this means; detailed installation instructions are included, with pictures.) Easily configurable to allow cookies on a per-site basis. I find that I have a very short list of sites from which I allow cookies. It also allows you to block individual ads that it misses, although it misses so few that I rarely need to use this feature.

4. Ad-Aware. Basic edition is free. Scans your computer for spyware (programs that report on your Internet activities behind your back) and safely removes it. you’re probably running one or more spyware programs and don’t even know it. They now come conveniently bundled with file sharing programs like BearShare and AudioGalaxy. All spyware programs violate your privacy to some degree; some can crash your machine. Read more about spyware here. Steve Gibson is a bit of a wacko, and his HTML reminds me of my dog’s home page circa 1996, but he knows what he’s talking about.

5. ZoneAlarm. Basic edition is free. Personal firewall. It blocks all the people you didn’t realize were hacking into your computer while you’re online. Do not, I repeat, do not use a cable or DSL modem without a firewall. (Actually, automated scanning tools are getting so good that even dialup users should use a firewall. Yes, the 30 minutes you spend checking your email is enough time for an attacker to find you completely at random and break into your computer. Read about the Honeynet project if you don’t believe me, especially the latest statistics on attacker activity.) ZoneAlarm also allows you to control which programs on your own computer can get out to the Internet, so it’s good for catching spyware programs in the act. (It does not remove spyware programs from your computer; it only blocks them when they try to “phone home”. Ten points if you’re old enough and American enough to know what movie the phrase “phone home” comes from.)

6. ShieldsUP! Free service. Scans your computer over the Internet and reports the results. You should do both the “Test My Shields!” and “Probe My Ports!” tests. If you’re running ZoneAlarm and haven’t messed with its (excellent) default settings, the “Probe My Ports!” test should show all ports as “stealth”, meaning that attackers can’t even tell that your computer exists. Anything less is just begging to be attacked. If you’re not running ZoneAlarm or any other firewall, I can almost guarantee that at least one of your ports is open, probably port 139. Go ahead, see if I’m right. Then go do something about it, before somebody else does. According to my ZoneAlarm logs, attackers scan my computer 15 times a day on average. they’re scanning yours, too.

7. Anti-virus software. Most have free trial versions for home users (since they make most of their money from corporate licenses). McAfee has a free web-based scanner, which (the last time I checked) requires IE5+. Regardless, if you don’t have some sort of anti-virus software, you’re an idiot. Go get some.

Bruce Schneier has some more general (and drastic) advice here. I particularly like his closing comment: “If possible, don’t use Microsoft Windows.” Truer words were never spoken.

Respond privately

I am no longer accepting public comments on this post, but you can use this form to contact me privately. (Your message will not be published.)

firehose ‧ code ‧ music ‧ planet