Promoting a Safe Windows Environment
In this article I aim to provide a high level overview of some steps that when followed can help provide a safer environment for web browsing and general use of any computer running some recent version of Windows.
While some portions of this article are specific to Windows XP, most of the recommendations apply to any version of Windows.The new User Account Control feature in Windows Vista and Windows 7 is a great step towards better security while maintaining some level of convenience by not requiring an alternative login.Thanks to this new feature, the steps suggested in the Windows User Accounts section are not required for Windows Vista or Windows 7.
Windows User Accounts
The most important and frequently forgotten rule in creating a safe computing environment is user account privileges.If you don’t intend to be installing software or changing important system settings, use a limited user account.
For more information about creating and managing user accounts can be found in Microsoft KB article 279783: http://support.microsoft.com/kb/279783
For more information about account types can be found in the Microsoft ‘Types of user accounts’ article: http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/ua_c_account_types.mspx?mfr=true
Most computers that I rebuild for customers are set up with two accounts, one named Internet and the other Owner.Internet is a limited user account and is intended for general use such as document writing, web browsing, music and video playback, etc. and usually doesn’t require a password.The Owner account is a full administrator account and should only be used to install and run software that requires administrative privileges and has a password that is easy to remember.
To run an application with administrative rights while logged on to the Internet account, simply right click on the program that needs administrative rights and click the “Run as…” option.Here select “other user” and enter the user name and password for an administrator account (like Owner) and click OK.
More information about the Run As feature can be found in the Microsoft KB article 294676:
The Modern Web Browser
The web browser is visible to the internet like no other piece of modern software.As such it is incredibly important that the browser be up to date and properly configured.
Microsoft provides updates to Internet Explorer, but some users and companies continue to use outdated versions, such as the nine year old IE6, despite the protest of security experts and web developers worldwide.
So what should one do for their web browser? No matter which browser you use, keep it up to date, don’t install unnecessary plug-ins, use the recommended security settings and avoid ‘free’ toolbars like the plague.
Choice of Web Browser
Most simply put: “Switch to Firefox” - But not for the reasons you might think.
Most Firefox fans would argue to switch to Firefox for the simple reason that “Firefox is obviously more secure”.While this may have been true in the past, Microsoft has definitely picked up in the security game for the IE8 browser and unfortunately Firefox has had its fair share of recent ‘critical’ security issues.
Some might also argue that Firefox is much faster than Internet Explorer.In my personal experience there is no significant difference in speed of startup or page loading time between the two.The fastest web browser I have found is Google’s Chrome, but that is for another article.
There are other browser choices like Safari and Opera, but the main advantage and reason I recommend that everyone should use Firefox is the extensive collection of free ‘add-ons’ not found in any other browser.
Safer Web Browsing With Firefox Add-ons
The number one source of malware infections using ads to date is FakeAV displayed on legitimate web pages through compromised or unscrupulous advertising networks.Some of these ads rely on the user performing some action such as clicking or downloading, but others use the vulnerabilities in web browser plug-ins to do their dirty work without user interaction.
For more information about the FakeAV epidemic, see the report by Google
Recent example of advertising network displaying FakeAV ads on Star Tribune website http://securitywatch.eweek.com/rogue_av/star_tribune_hit_with_malicious_online_ads.html
In the past, publishers of browser plug-ins didn’t have the convenience of automatic updating like Microsoft or Mozilla, so their software is left un-patched.In some cases I have found Java runtime environments and Acrobat Readers that were not updated for six years.These kinds of problems are easily exploited by baddies like Vundo/Virtumonde that can install other Trojans, Viruses, and Scare Ware (like FakeAV).
So what does this have to do with Firefox?Some Firefox add-ons enable us to reduce the attack surface by reducing the visibility of plug-ins and features to sites that are not trusted, and Firefox helps to keep installed plug-ins and add-ons up to date automatically.
It is free and requires no maintenance beyond the initial ad-block subscription selection, usually based on country of residence. This prevents the display of nearly every advertisement on most websites.This gives you more control by narrowing most of the page to the site you actually intend to visit, rather than that site plus some unknown advertising networks.
This simple add-on displays a ‘play’ icon on the page wherever a Flash object is found, to view it simply click the play icon.Flash is a very powerful web media enhancement, but also has great potential for misuse.A Flash web app can store tracking information on your computer without permission, and has been exploited in the past to access, download, and run files.
While AdBlock Plus and Flash Block are relatively painless, living with NoScript takes a little getting used to.If most of your web browsing centers on a certain group of sites with only occasional variance, one wouldn’t notice the difference after adding the appropriate pages to the whitelist.If browsing is usually to random sites that require scripting for active content, it can quickly become more of an annoyance.
Since most malware nowadays utilizes the prevalence of advertising and any exploit requires some kind of scripting, a browser with this set of add-ons would be well defended against nearly any drive-by attack.
Update all the software on your computer frequently, not just Windows, Office and your web browser. Other software can have vulnerabilities as well, including multimedia applications, photo editors and viewers, office productivity software, even printer drivers.
Software by third parties is under attack for the same reason as third party browser plug-ins, they often lack an automatic update feature, leaving vulnerable old versions of software defenseless.
Most applications have an update feature, usually available on the 'help' menu. If not, check the publisher's website. Most large software companies release udates or new versions on a regular basis. Usually security and stability updates while new upgrade versions can be purchased for a reduced price..
Some software is available for keeping most of the software on your computer up to date automatically. One such application, called TechTracker, is available free from CNET http://www.cnet.com/techtracker/.
Antivirus Antispyware and Antimalware
While some advocate running no antivirus product whatsoever, in the famous words of public service ads everywhere ‘It only takes once’.
Until recently any antivirus suite was sure to take a toll on system performance, especially products from big names like Norton and McAfee.Antivirus vendors have recognized the complaint of everyday users and responded.Norton Antivirus went from a notorious performance draining application to one of the lightest and fastest antivirus suites available.
Most new antivirus suites have a minimal impact on system resources thanks to a feature called ‘fingerprinting’ which allows the scanning engine to skip files that have not changed since the last scan.This makes for extremely fast scanning; even a full system scan with antivirus software featuring fingerprinting technology reduced scan time from 10+ minutes to less than 2 minutes in one performance test.
In the comparatives Norton and Avira Antivir (my two favorites) score extremely well in terms of detection rates, scanning time, installation time, and system resource use.Avira Antivir is completely FREE for personal use, and is linked on our Free Helpful Essentials page.
For more information on antivirus reviews and performance, check out AV-Comparatives http://www.av-comparatives.org/home and Antivirus Ware http://www.antivirusware.com/.
Education is the best preventative tool, because the most powerful tool against malware and viruses is you, the user.Most Internet Service Providers (ISPs) don’t allow unsolicited traffic to your computer, either by rule at their end of the line or use of a Network Address Translation and Port Address Translation (NAT & PAT) enabled router or gateway in your home.This means that in order to get a virus, someone has to go online and visit some malicious or compromised web site.
Searching the Web
Know what you are looking for.If a page has lots of random looking phrases, and not a real sentence or statement pertaining to your search terms, it is most likely computer generated and may be malicious.The use of computer generated buzz words and phrases, usually popular search terms, is known as Google poisoning and is intended to artificially boost page rank in Google search results.While often used for monetary gain by click-through advertising, these pages can also be trapped with drive-by downloads and deceptive pop-ups.
Don’t download first and ask questions later; if something seems too good to be true, it most likely is.Only download from trusted websites, such as that of the software publisher.There are many web sites that host the file for download, publisher descriptions, site contributor reviews and user reviews.Some good example websites are PC World http://www.pcworld.com, CNET’s Download.com http://www.pcworld.com and Softpedia http://www.softpedia.com.Look for the spyware and adware policy on the download or reviewing website, all of the examples I have given scan uploaded files for unwanted components.
Email and Attachments
Beware of the infamous email attachment! This used to be one of the most effective methods of infection, since it plays on the expectations and response of the user.A great many people became aware of the problem with the enticingly named double extension script that became known as the ‘ILOVEYOU’ virus.These kinds of viruses depend upon ‘social engineering’ or deceiving the user to do something they wouldn’t do otherwise.Since the outbreak of this particular virus, most email programs prevent opening of executable file attachments.Look out for emails with unusual titles that have links or attachments, even if they seem to come from friends.Links can go anywhere, even if the description seems believable.Hover over a link to see the real destination address.
Get to know your computer and software.Every user should know what a Windows Update notification looks like, how the Windows Security Center is supposed to appear, and how their antivirus software warns about dangerous files.This helps to prevent deceitful adverts and popup windows from tricking you into doing damage to your own computer by running malicious software.Helpful Hint: If you would like to see what your antivirus software does when it detects a virus, try downloading the Eicar Antivirus Test Signature.It is not a real virus, but a simple executable text file intended to verify that an antivirus product is functional.
It can be found here: http://www.eicar.org/anti_virus_test_file.htm
Copy and paste the link into your browsers address bar.On this page you will find a description of the test string, what it does, and why it was created.Scroll all the way to the bottom, and there will be several links to a copy of the test string.Click one and see what happens.Your antivirus software *should* react immediately by prompting you for an action to take or quarantine the file automatically.
Even the best computer systems can fail. Without a backup system in place, all your valuable files and your time in setting up your computer just the way you want it could simply disappear. Best practice is to use either an online backup service (See our vendors page for a recommendation soon!) or an external hard disk with backup software.
Most vendors include backup software with their drives, but it will only back up files and not Windows settings or installed applications. For this purpose, Brighter Computer Solutions recommends software like Norton Ghost or Acronis True Image.
Backing up also protects against accidental deletion of files or email messages and other important information. Unlike older backup software, recent suites allow individual file restoration and 'hot backups' which run in the background without interrupting your work.