The subject of security is complex and difficult to describe succinctly. This bulletin is a coffee break read but is probably as close to a plain English explanation as you will find. The bolded paragraph headers can guide you if you choose to read up on one particular aspect of the topic, such as Firewalls for example. I intend to follow this bulletin with others on the subject of security, but this will provide the needed overview. It can also serve as a current checklist of recommended protections for your computer.
So here we are in December 2004 and the Internet is rapidly becoming the Wild West of old. This technology has attracted a new breed of unethical malcontents and the pace of lawless intrusion cannot be overstated. These people cut their teeth on spam and pop-up advertising but have now moved on to attacks which are not just nuisances but rather, which threaten the very usefulness of our personal computers. Their products have become vastly more sophisticated and come with ever increasing frequency. In the first nine months of this year, an estimated 4000 new viruses were detected. That compares to 1000 new viruses in the same period last year. More bad news - viruses are no longer considered the biggest threat to your security. A newer class of attack known as spyware has emerged as an even greater threat. You simply cannot use the Internet with any regularity today, without taking security precautions. If you do, you will find your computer disabled or noticeably slowed down and you will be subjected to intrusive and undesirable advertisements.
So where do we stand today in terms of security?
Especially if you have a high
speed Internet connection, your minimum level of protection must now include:
1) Windows Updates
The key thing to understand about Windows Updates is that you are in a race with
the attackers to see who gets to your computer first. Why? When Microsoft
finds a security hole in their software, they design and release an update to
fix the problem. Along with each release is a bulletin which describes the
vulnerability in detail. The unintended consequence is that the bad guys read
those bulletins as well, learning exactly how to attack your machine. They know
that only about 30% of the public will install the update promptly and that
leaves them plenty of time to write a new virus which then attacks the 70% of
machines which haven't been updated promptly. Don't let that be you! If the
virus does attack your machine, your machine can be slowed or even rendered
useless. It will be painfully expensive to have it removed.
Note - The Windows operating system normally notifies you that updates are available. A small bubble message opens from your system tray (far lower right corner of your screen). You can click on that message to begin the update process. To access Windows Update manually, there is a shortcut found either on the upper part of the Start menu or in your Programs menu. You must be connected to the Internet to access the Microsoft Windows Updates site.
And here's a TIP - NEW MACHINES ARE NOT UP TO DATE!
It comes as a big shock to people to learn that brand new machines are not fully
up-to-date on Windows Updates. Why would that be? Well, it's because computer
manufacturers don't install software they way you and I do. For them, that
would be way too time consuming. Instead, they create a master disk with Windows
and the software they include in the particular package you buy. They then copy
it to the next 10,000 machines of that model that they build. That means that
for weeks or months, they don't do any updates. Remember when you first
brought home your new machine. The Windows XP master disk was still in its
sealed package. That's because the manufacturer never used it to install on your
machine. So, when you first get your new machine, you should check for updates
and install them right away.
2) Anti-Virus Programs
These programs are very familiar to all PC owners. It is almost impossible to
purchase a computer which doesn't come with an anti-virus program already
installed. In most instances, the anti-virus software provided will be either
Norton or McAfee. These "free" programs are good for only 90 days but I see
lots of people who never touch them again, usually until they get attacked!
What should you be doing? The first day you own a new machine, or the first day that you install an anti-virus program, you should run the update program which comes with it. This downloads the very latest data file to be used to scan for threats. If you don't you may be weeks behind and unprotected from the newest attacks!
Secondly, before the 90-day trial period is over, you need to either renew with that company or install another vendor's anti-virus program.
3) Spyware Programs
Here, you have two choices to make. The first is, what program to use. There
are several companies selling spyware detection and removal programs. The most
highly regarded company at this time is Lavasoft, a Swedish company and authors
of "Ad Aware". In a move which is very unusual in this business, Dell is
recommending that their customers install Ad Aware as soon as possible after
receiving a new machine. Ad Aware comes in two varieties, a version which is
offered at no charge to individuals and a for-sale version. (There are actually
more versions but the lowest price one is all you need.) The free version has
the same scanning program and uses the same scanning database as the for-sale
version. The big difference is that the computer owner must remember to run the
free version periodically, while the for-sale version runs more like an
anti-virus program, scanning for spyware as you work and keeping it from being
installed in the first place. The free version finds and removes spyware
only after it has been installed on your machine. This is not a small
difference and if your budget allows, I DO recommend buying the for-sale
version. I have run the purchased version on my own computer for several months
now and the amount of spyware which reaches my machine is dramatically reduced.
4) Bi-directional Firewalls
Firewalls have been around for a while now but until this year, I considered
them to be unnecessary. No longer. The frequency of attack on our machines has
made them necessary. Still, at a minimum you need to understand several
things about firewalls, including:
What they do - When your computer wants to communicate with another computer, whether it's in the next room or out on the Internet, it has to assign something called a "port" to the communication. Ports are numbered (1,2,3,... into the thousands) and you can think of them as doors. With the door open, data can flow back and forth. With the door closed, nothing goes in or out.
A simple example will help here. When your computer wants to download your incoming emails, it opens a port, sends the request out through that port to your Internet Service Provider, and waits (with that port still open) for the reply. Your Internet Service Provider transmits the new emails back through that same port. Then, your email program closes the port again. Simple enough.
Spyware and virus programs have to find a way to get onto your machine and if there are no open ports, they can't. That's why they try to get in by piggybacking on incoming emails or when you browse to a web site and it is downloading to your machine. It's just like a thief trying to sneak into a building to find a place to hide there. That person would probably gain initial access by walking in with a crowd of people (an email arrival or a web site download). Once inside, the trick is to find a hiding place from which to work (which our virus does by getting lost in the thousands of files on our computers). Finally, the thief needs a way to make repeated trips in and out while remaining undetected. So does our computer attacker and he does this by opening his own door (port) from which to operate. It's usually some obscure and seldom used port and it becomes his way in and out.
Why do I keep saying "bi-directional" - Firewalls are designed to lock the doors (ports) in two directions, coming in (from the Internet) and going out (from your computer out to the Internet). You may have read that Microsoft just added a firewall to Windows XP when it issued the Service Pack 2 update. Well, that firewall protects against incoming only. It offers no protection for outgoing traffic. It is unquestionably a big improvement but it is not complete. For the record, if you are using a device called a router on your high-speed connection, you probably already have what is known as a hardware firewall. It provides the same protection as Service Pack 2's firewall, protecting against incoming access only. Virtually all newer routers block incoming traffic which has not been initiated by your computer (such as calling for email to be delivered to you).
You might wonder why would you need to block a request from your own computer? In my prior example, I explained how a virus or spyware would open its own port use it to perform its dirty work. That dirty work might be to transmit every keystroke you make to some attacker's server, where it would be scanned to find your bank account number, social security number, or some such valuable piece of information. Once that spyware has hidden itself on your computer, it calls OUT through a port IT OPENS, without your knowledge. If your firewall is bi-directional, it will notify you that someone is trying to open a port, and ask you if that's okay? That's how it works.
Which brings us to, what to expect when you add a firewall - When you install any software firewall, you must be prepared to live with a few interruptions. Firewalls will attempt to minimize the interruptions by trying to figure out which applications you have installed on your machine and not ask you about any obvious traffic. They also "learn" as they go, meaning that when you tell them that it's okay to access your email, you can also tell them to "always" allow that kind of access. Over time, the firewall will allow all normal Internet accesses and notify you only when it sees one it hasn't seen before.
Last, but not least, there is the problem of knowing what to allow and what to block. This is probably the most frustrating part of setting up a software firewall. When you see these notifications, they often tell you that some program called xdykwn.exe has requested access. You sit there asking yourself, "What the heck is program xdykwn.exe anyway . . . and how am I supposed to know whether to block it, or not?" Well, I'll start by telling you not to feel bad. None of us know what these programs are!
Here's how you make the decision. I'll use examples. If you are installing a program and a registration screen pops up, followed by an immediate notification that a program is trying to access the Internet, it's a safe bet that it's the registration program trying to call the software company's web site. The registration program has a legitimate need to communicate with its home office during registration, and you can "allow" the access. However, let's take another example. Say you are typing away creating a Word document, just minding your own business, when a notification pops up. Nothing you did would require access to the Internet and this notification doesn't mention anything like the inquiry being from Symantec (possibly your anti-virus program checking for updates). There's a good chance that something is up to no good. If you're not sure, block it this time (but don't check the box that says to "Always block" this type of request). Over time, you may come to realize that the access is legitimate, but you can still block it for now, until you figure out why it's asking for access. Firewall programs do allow you to make corrections when you accidentally establish a permanent block.
Note - There are many firewall programs available for sale, but there are also some free ones which are just as effective. The most frequently recommended free firewall is from Zone Labs and is called ZoneAlarm. It can be downloaded from the Internet. Just look up ZoneAlarm in Google and it will take you right to it. Zone Labs also sells a "pro" version, for a modest price. It may be more convenient to use, but I have not used is personally and can't advise you on that particular product.
So, that's the overview. I plan to follow this with some specific information about specific products but if you have questions in the meantime, please feel free to call.
