At least weekly I check for sites with tips on computer security for the average user (translation: Windows user :-)) or thump myself on the head and ask, “What have I been doing that would be useful to others but that I’ve not gotten around to sharing?” *heh* Here’s a site that popped up on my radar not long back:
http://www.eset.com/threat-center/security_help.php
ESET’s security tips page is unusual for a security software vendor in that it does not directly tout its own wares and still gives good advice. The email and financial security tips are especially notable. ESET’s NOD32 Antivirus has a very strong reputation in computing circles, though, so if you’re in the market to buy security software, its internet security suite would be one place to look. For Windows users, ESET also offers free online scanning that is very thorough and doesn’t have the stumbling blocks some online scanning tools place in the way of less technically adept users. It is slow, though, precisely because it is very thorough, I imagine. Use it or another online scanner like Trend Micro’s once in a while as a “second opinion” to whatever anti-malware product(s) you already use.
http://www.eset.com/onlinescan/
http://housecall.trendmicro.com/
Another site offers a highly welcome freebie from Microsoft: Microsoft Security Essentials I have been using/testing out this product on a Windows box for a short while now, and it performs remarkably well. While I don’t normally recommend running two anti-malware programs loaded at the same time, Microsoft Security Essentials doesn’t even seem to cause any conflicts with my primary anti-malware software. I know of some folks who’ve been testing it since it was in early release (beta) who are technically competent enough to listen to and who also profess to use it as their primary anti-malware defense, now. Free from Microsoft. Be sure, if you decide to use it, to download the correct version for your machine. Microsoft will scan to determine your Windows validation.
And another freebie from Microsoft that I highly recommend: the Microsoft Password Checker. Use it to test the strength of your passwords. My suggestion for memorable, moderately strong, passwords is that you have passwords that are eight characters or more in length composed of mixed upper and lower case letters and some numerals that do not correctly spell any word. To make them memorable, use place names, geographic features from places you’ve visited but not lived, or corruptions of old addresses or telephone numbers (more than 20 years out of date, if possible). Make sure each of these is misspelled or otherwise NOT possibly “cracked” with a “dictionary attack”. I think if you follow such a procedure, you’ll find some moderately strong passwords that are also memorable. Change passwords for online sites, routers exposed to the internet and computers that are open to visitors or the public regularly.
Computer security expert Rick Hellewell has this to offer:
[You] may want to ensure that all of their application software is current. One tool to do this, which has been discussed before, is the free Personal Software Inspector program from the anti-virus company Secunia, available here. This is a program that you will download and install, and it will scan the programs on your computer for current versions. Links in the program will help you install the updates, sometimes with minimal interaction. Secunia also has an on-line scanner here, which does require Java to be installed. I have used the PSI program, and the on-line scanner, and can recommend either.
Application updates are an important layer in malware protection. As is recognizing “social engineering” attacks (‘Your computer has a virus” popups, for example), operating system updates, and other safe computing practices.
I didn’t include the links Hellewell had in his text, because both are accessible here. I have used the PSI program and have found it to be useful, as well. A recent scan reported the usual suspects *sigh*
Yep. Internet Exploder. Still the world’s “least good” major browser, although it does suck less than previous versions. Oh, what wasn’t reported as “insecure”? The other two browsers I use regularly: Opera and Firefox. Heck, even Safari passed.
And this, from a lesson learned the hard way by Jerry Pournelle,
…Roberta’s XP system was infected, probably through a forwarded link to a New York Times story; the Times article contained a popup advertisement that said it had detected a virus, and offered a program to remove the virus. Roberta knew better than to click on the “download” button, but she did click on the little red x up in the right hand corner of the message. That, of course, invited the virus to download, since the entire message was one big button. I’ve said this before, but it bears repeating: if you get any such message, don’t try to close the message window. Use Task Manager to close the whole browser.
Yes, such popups can be a real pain in the neck (although most folks seem to feel the pain in an anatomically lower place), and even dangerous. Task Manager is accessed in Windows by the CTRL+ALT+DEL key combo. In Vista and Windows 7, you’ll be offered a page with options to choose from that includes “Start Task Manager” as an option. This article, from Microsoft, explains how to use this great tool that’s included with all current Windows installations. (Note: if you are on a business network, your IT department may have disabled access to Task Manager.) Better? Avoid all such popups by using Firefox or Opera as your primary browser, either of which can be more easily configured to kill most, though not all, such popups. Vista and Windows 7 have an added layer of protection from such “drive by” installations, though, in User Access Control prompts that nag users about software installation. In such cases, the nagging can save you quite a bit of hassle, though, so appreciate it. 🙂