I've been in the computer industry for too many years to remember, the last decade as the IT Director of a large scientific R&D facility and lately as the President of a computer security company.  Security is obviously a very big deal in such environments and I've had to make myself somewhat of an expert.  As such, I'm often asked what my home PC security "secrets" are and, to make things much simpler all around, I just keep this article up to date and hand it out when asked.

This is a quick brief on major security issues and solutions for anyone connecting to the Internet by any means.  This article is about home PC security.  Although much of this could be applied to small companies I would strongly recommend that higher-end solutions be deployed. 

There are many ways to get your home computer infected.  Every computer has open ports, much like a house with open windows, as these ports are needed by applications to allow interconnection to other computers.  These open ports are often exploitable.  Every computer has applications such as word processing or e-mail, and many of those applications can be also be exploited.  Your web browser is an application and a major point of infection.  Browse the wrong web site and presto, one infected computer.  Viruses are less of a problem these days, it's now the world of trojans and/or rootkits, often one and the same.  We use the word "malware" as a generic term for all of these classes of objectionable programs.

Part of the problem, and it is a big one, is that most people insist on running their computers in full administrator mode. This means that all those applications, with the security holes and open ports to the Internet, are also running in full administrative mode.  Exploiting any of those applications means the malware author will "own" your PC and also have full administrative access.  Creating a non-administrative user on your local PC is the safest, and only use the administrative user to install software.  The bottom line is that your computer should not be run in administrator mode except when needing to install hardware or software. 

Every PC attached to the Internet by any means needs all the security patches installed.  This applies to all the operating systems out there, Windows, Linux, Unix, and yes indeed - the Macs.  Even hardware such as routers, printers, network cards, and yes, even hardware firewalls need these security patches installed on a regular basis.

The fastest way to infect your computer is to surf the porn sites.  Even a well patched machine, with browser patches up to date a month ago, runs a high degree of risk being infected with a trojan of some sort within short minutes of surfing these sites.

The Issues:

Malware (malicious software) and identity theft are the single biggest issues for users of the Internet today. Common malware reads e-mail addresses stored on your computer and spreads  accordingly.  Some types of malware will also read keystrokes searching for credit card information, on-line bank account information and almost all of them provide some sort of back door so hackers can remotely control your PC without you ever knowing.  Common malware may also set itself up as a server to distribute spam, pirated  games, music, pornography or attack other Internet sites - also without you knowing.  

In the past, most computer security revolves around protecting the PC with a blocking device called a firewall, and scanning for known threats with a virus scanner.  However, infection is a given these days, and most home and small business firewalls don't protect against malware running on your PC and connecting to the outside world.  Virus scanners tend to work poorly or not at all against a wide variety of malware.  Due to these deficiencies I use a security philosophy called "inside-out security" whereby I protect against unknown forms of malware already inside a network and blocking them from communicating to the attacker on the outside.  This gives you time to detect an intruder and remove the malware before it becomes a problem. A lot of this depends on being informed and educated on the complexities of computer security so I hope this article can be a start.

Some key points on PC security:

Anti-virus software provides no more than perhaps 25% of the needed protection against Internet based threats and is only useful for that 25% effectiveness if updated at least daily with new virus detection signatures.  Commercial grade systems update hourly and are often pushed out in real time from the vendor.  Anti-virus software, if not up to date, is often deleted once a machine is infected. Anti-virus software does not protect you from any defects in the operating system or software, the most common point of entry for hackers. Most anti-virus software also does not detect nor protect you against malware programs written by supposedly legitimate companies to track your Internet activities, display unwanted pop-up advertising, force you to use their home page or search engine, or worse yet - installs porn related programs without your knowledge. This kind of malware is called spyware or adware.

Software firewalls provide limited protection at best. Most users are unfamiliar with the operation of such software and often disable key features that allow malware programs to operate. Such firewalls can also be attacked and removed by new exploits that the firewall is unaware of, or even an exploit of the firewall software itself.

The vast majority of users are unaware that their computer is infected with malware or is being used by a hacker.  Indeed, they want to use your computer as along as possible and actively avoid detection.

Malware most often comes from just surfing the net or reading certain kinds of e-mail.  It's the browser itself, often a component within your e-mail software, that is the problem and you can be infected just by browsing random sites or viewing your e-mail.  Malware may also enter your system via open ports on your computer, something few people are aware even exist.  You may also install malware without your knowledge by installing some so-called free utility or screen saver.  Most home computers are infected with an average of over twenty applications that are unwanted, un-requested and potentially harmful to you or your computer.  Sadly, business computers are not much better. 

Here's a frightening statistic:  If you put a freshly installed (un-patched) version of Windows 2000/XP on the Internet it will most likely be infected by malware within minutes, or less...  The ONLY protection is a hardware router or firewall until you get all the security patches installed.

The answers to three things that most computer users either don't know or believe to be true.

(Q) I'm not on the Internet long enough for anyone to break in so I'm safe, aren't I? 

(A) Much of the malware out there can crack your computer faster than you can blink.

(Q) Will turning off my computer when I'm not using it make a difference? 

(A) No, because sooner or later you will turn it on again.

(Q) If I use a modem instead of a high speed connection will I be safer? 

(A) No.

(Q) No-one can break into my computer while I'm using it, can they? 

(A) Yep, you bet - and you will never know it.  In fact, you could have a hundred people roaming around the inside of your computer and not know it.

(Q) I use an anti-virus scanner so I must be safe?

(A) Dream on. This is a false sense of security at best.

Security Solutions:

No single solution provides protection beyond perhaps fifty percent coverage. Only when used in the following combinations, and kept up to date, will these tools and procedures keep your malware protection at close to one-hundred percent.

1) Update your operating system right away with any new security related patches. Ditto for any software used to communicate in any manner with the Internet. In particular this applies to users of Microsoft Office and Outlook products, plus whatever your favourite graphics viewer might be.  Java and applications such as Adobe PDF reader are other applications that need to be constantly updated.

2) Purchase a hardware router/firewall. LinkSys and D-Link make inexpensive and effective models and are found in any computer store. If you choose to go wireless make sure you read the manual and enable all the password protection and encryption security features. Do not use WEP encryption as it's easily crackable, use WPA encryption instead.  Check the manufacturer's web site regularly for any updates.  I have a personal preference for LinkSys as the product is more flexible due to the availability of 3rd party firmware upgrades based on open source code.  Not all the Linksys hardware is upgradeable to third party firmware, ask before buying.

3) Purchase anti-virus software and update it daily. http://www.grisoft.com makes a free one called AVG for home use.  This product does NOT detect nor remove spyware or rootkits so you need their other free anti-malware product to do this.  Also install their new root kit detector and do a scan with that.  These three products are also good at cleaning out what may be infecting your computer right now.

4) Purchase a software firewall even if you have a hardware firewall.  Software firewalls fill some key security holes not available with other products. ZoneAlarm and Comodo make good ones that are free for personal home use.  Both programs ask you if a program's request to connect to the Internet is legitimate and gives you a chance to say no.  Where this fails is that many people don't know when to say no.   Neither program is that great at telling you if a specific application is truly safe - but they are getting better.  I prefer Comodo myself but both have their good points.

5) Do regular manual scans for malware.  Do not rely in any automatic scans as the free products often remove that feature to encourage you to purchase the pay version.  And by all means, purchase the full products if you can afford to do so. 

If you are running Windows XP, or better, you can download a free version of PC Tools Spyware Doctor from Google's Google Updater.  Works well.  There is also a Symantec program you can use for scanning for existing malware.  Microsoft also has a free anti-malware program called Windows Defender.   Spyware Doctor has worked the best for me and I use the full commercial version on at least one of my PCs.  

You need all of these programs running to reach 90-95% protection.  All them, except the software firewalls, detect only what is known.  The software firewalls require some knowledge on the part of the user to know if an application is in fact malware.  Comodo is great here in that it allows you to send the suspect malware to them for testing.

6) Do regular external security scans free at http://nmap-online.com/

7) The following software monitors traffic through your firewall router and looks for anything suspicious.  Also makes for a great education. Worth every penny. Do try the working demo. http://www.linklogger.com/

On Spy and Adware:

One of the best security vulnerability database out there: http://xforce.iss.net/xforce/search.php  Do a search on your favourite operating system version plus any applications you have installed on your PC and prepare to be horrified.  Another good one is here:  http://nvd.nist.gov/

Remember:  You, and not the hacker, are probably your own worst enemy when it comes to computer security.  Most people treat the Internet as a highway to be driven down while wearing a paper bag over their head.  This attitude, unfortunately, creates havoc for the rest of us. 

Copyright, Dale Jackaman - 2007,2008. Product names are registered trademarks of their respective companies.  Any logos are dully scoffed from respective web sites. 

Should you ever require professional advice Dale's company is Amuleta Computer Security Inc. and he can be reached at dale AT amuleta.com