Windows XP [Electronic resources] : Visual Quickstart Guide, Second Edition نسخه متنی

Securing Your Computer

Updating Windows XP" in Chapter 19.

The Microsoft Windows Malicious Software Removal Tool detects and removes infections by specific malicious software, including prevalent viruses and worms. Microsoft releases an updated version of this tool on the second Tuesday of each month. New versions are available through Windows Update or www.microsoft.com/security/malwareremove/default.mspx.

Baseline Security Advisor is a little-known but excellent Microsoft tool that scans your PC for security holes and suggests how to fix them. Download it for free at www.microsoft.com/technet/security/tools/mbsahome.mspx. Its diagnoses contain some technical language but make clear where the problems lie.

A good general site on web privacy and security is www.junkbusters.com.

Viruses and Spyware

Associating Documents with Programs" in Chapter 6).

A

Trojan horse is a destructive program disguised as legitimate or enticing software, or even as a logon screen. (A file named sexy.exe or FreeMP3s.bat probably is dangerous.) Trojans don't replicate themselves like viruses, but they can be just as destructive. A exceptionally vicious program, called a

dialer, uses your modem to make calls to premium-rate telephone numbers (at, say, $20 per minute).

Spyware (or

adware ) relies on people's credulity or ignorancechildren are a favorite targetto download and install it. Trickery or bait often are part of the repertoire. If a pop-up window that looks like a legitimate Windows dialog box appears onscreen when you're browsing, don't click Agree, OK, or Close (which might trigger spyware installation); always click the red Close button () or press Alt+F4 in this situation. Other programs, such as the popular Kazaa file-swapping program, promise free music or software but also install spyware surreptitiously. Some spyware exploits security flaws in Internet Explorer to install itself when you simply

visit a web site (usually an X-rated or Free Stuff! site); it's not unusual for these

drive-by downloads to install dozens of spyware programs on your PC in a single visit.

Like those of viruses, spyware's effects depend on the creator's intent. Spyware can report your browsing habits to third parties, highjack your browser's home page, redirect your web searches, inundate you with ads (even when you're offline), steal online-store affiliate commissions, or plant a new barnaclelike toolbar in your browser. You also may notice system slowdowns and instability, but these are only side effects; spyware's aim is profit, not destruction.

Security Center

If you've just bought a new computer, upgraded to XP, or installed SP2, you'll probably be greeted with a Security Center warning message in the notification area (system tray) the first time you log on (Figure 12.10 ). This message and icon, or sometimes only the icon, appear if Security Center thinks that your computer has insufficient protection (or if it doesn't recognize the firewall and antivirus software that you're using).

To open Security Center:

Click the Security Center icon () or pop-up message, if it appears.

or

Choose Start > Control Panel > Security Center (Figure 12.11 ).

or

Choose Start > Run; type wscui.cpl and then press Enter.

Security Center has a dashboard of indicator "lights" for your PC's Firewall, Automatic Updates, and Virus Protection components. For each item, a blue bar and green light labeled ON mean that everything is okay. Otherwise you'll see an orange or red bar and light labeled OFF, CHECK SETTINGS, NOT FOUND, NOT MONITORED, or OUT OF DATE. Click one of the headings to expand that section and to learn what the problem is and what to do about it. Security Center offers a status report and provides links to the relevant help screens, online resources, and Control Panel programs that you'll need to fix things.

If you don't want to be bothered with alerts, you can turn them off selectively. You might want to turn off alerts if Security Center doesn't recognize your firewall or antivirus program, either because it's an obscure brand or it came out before SP2 was released.

To turn on or off Security Center alerts:

1. In Security Center, click Change the Way Security Center Alerts Me.

The Alert Settings dialog box appears (Figure 12.12 ).

2. Check or uncheck the boxes to turn each alert on or off.

3. Click OK.

Tip

If you're an XP Pro user on a network domain, Security Center doesn't display your security status or send alerts. (Your security settings typically are managed by your network administrator.)

Firewalls

Chapter 17 covers routers in more detail.)

If you're on a network, a router won't protect you from

other computers on the network if one of them becomes infected because someone downloaded a virus. For that kind of protection, you'll need a software firewall on your individual PC. Also, laptop users will want a software firewall so that they don't have to lug around a router. If all you need is a router, turn off the Windows (software) firewall, ignoring the dire warning that appears.

Third-party firewall (software). You can use a non-Microsoft firewall instead of Windows' built-in one. The popular brand-name software firewalls include BlackICE, McAfee, Norton, and Tiny Personal Firewall, but most people opt for ZoneAlarm (free; www.zonealarm.com). Windows Firewall blocks only inbound traffic, but ZoneAlarm provides two-way protection by blocking

outbound traffic tooa major advantage that can stop spyware and viruses on an already-infected PC from sending your personal information out. Every time that a program (any program) tries to access the internet, ZoneAlarm intercepts it and asks for your approval (Figure 12.14 ).

Security Center recognizes popular third-party firewalls and turns off its own firewall automatically. (Don't run two software firewalls at the same time; you might not be able to get online.) If Security Center doesn't know your firewall, turn off Windows Firewall manuallyand look for a post-SP2 update of your firewall.

Windows Firewall (software). Prior to Service Pack 2, XP had Internet Connection Firewall, which was weak, hard to find, and turned off by default. SP2 replaces ICF with Windows Firewall, which is stronger, available in Control Panel, and turned on by default.

To turn on or off Windows Firewall:

1. Choose Start > Control Panel > Network and Internet Connections > Windows Firewall (Figure 12.15 ).

or

In Security Center, click the Windows Firewall link (refer to Figure 12.7), right-click a network connection; then choose Properties > Advanced tab > Settings (below Windows Firewall).

or

Choose Start > Run; type firewall.cpl and then press Enter.

2. On the General tab, click On or Off; then click OK.

Tips

In the Network Connections window, a small padlock appears in the icon of each connection that Windows Firewall is protecting (Figure 12.16 ).

You can check Don't Allow Exceptions to block

all unsolicited incoming traffic, even traffic that normally would be permitted by an exception (described next). Use this extra-secure mode when you connect to a public wireless (Wi-Fi) hotspot in a café, hotel, or airport, or when a virus is spreading over your network.

An easier way to protect yourself from wireless hotspot hazards is HotSpotVPN ($8.88 per month U.S.; www.hotspotvpn.com).

Traffic flows in and out of your computer through

ports small, authorized doors in the firewall. (These ports aren't the same as the hardware ports that you connect devices to.) A port number identifies each port uniquely, and certain ports handle only a specific type of traffic. Port 80 is used for HTTP (web) traffic, for example. Other ports allow instant messages, printer sharing, and so on. (You can find others by searching for

"well-known ports" in Google.)

Windows Firewall leaves some ports open by default (File and Printer Sharing, Windows Messenger, FireWire connectors, and your local network connections, for example) but blocks most of them to incoming traffic, so when a new program wants to get online, the firewall displays a dialog box asking you if it's okay (Figure 12.17 ). Click:

Unblock if you recognize the program name. The firewall opens the relevant listening port temporarily for incoming connections.

Keep Blocking if you don't know which program the firewall is asking about. The program might not work properly if it can't accept incoming traffic (desirable in some cases).

Ask Me Later to deny permission this time but want to be asked again the next time you run the program.

Tip

To test your computer for online vulnerabilities, go to www.grc.com and navigate to the ShieldsUP! page; then run the tests (Figure 12.18 ). (The tests take some reading and clicking to find.) This web site also contains a lot of useful internet security information, as well as free and for-pay software.

Common sense applies to opening ports: Open one only when you really need it, never unblock a program that you don't recognize, and close a port when you no longer need it. But sometimes you'll change your mind about a program or will be tricked into unblocking a hostile program named to fool you. Windows Firewall lets you create

exceptions for these programs and manage them manually.

To configure programs and ports:

1. Open Windows Firewall.

2. Click the Exceptions tab (Figure 12.19 ).

3. Do any of the following:

To open or close ports for specific programs, check or uncheck the boxes.

To add a program, click Add Program; then select it in the list or browse to it.

To delete a program, select it in the list; then click Delete. (You can't delete the preconfigured programs.)

To open an individual port by number, click Add Port; then type the port name (any name) and number. (Windows assumes that you're geeky enough to know the port number yourself or that you read it in the program's documentation.)

4. Click OK in each open dialog box.

Tips

Adding a program is preferable to opening a specific port because it's easier to do, you don't need to know which port number to use, and the firewall is open only while the program is waiting to receive the connection.

Advanced users can open ports for, and configure the scope of, individual connections to minimize opportunities for intruders to connect to your computer or network. In Windows Firewall, click the Advanced tab; then use the settings under Network Connection Settings.

Automatic Updates

Updating Windows XP" in Chapter 19.

Virus protection

Security Center warns you if you have no antivirus software installed and running. Unlike the firewall feature, Microsoft doesn't provide an antivirus program, but if you click the Recommendations button (visible in Figure 12.11) and then click the How? link in the dialog box that appears, you're taken to a web page that offer free time-limited trials of various third-party products. Save yourself some money and get AVG Anti-Virus (free; www.grisoft.com).

After you've installed antivirus software, Security Center responds with a green ON light in the Virus Protection section. If Security Center doesn't recognize your brand, you can turn off the antivirus alert manually, as described earlier in this section.

Is Antivirus Software Necessary?

No. Plenty of peopleincluding meuse no virus protection and don't get infected. I don't like antivirus programs because they display chronic Chicken Little warnings that interfere with my workflow, program installations, and routine internet transactions. If you think that you have a virus, run an antivirus program to eradicate it. The 24/7 protection that continuously running antivirus programs promise is cold comfort. The best way to avoid viruses is to behave safely: Use a firewall, delete executable or risky attachments (even from friends), browse with Mozilla Firefox instead of Internet Explorer, don't download "free" music and movie file-sharing programs, and use an aggressive spam filter. Also, ignore virus myths, publicity stunts, hoaxes, chain letters, and hysteria; see Crypt Newsletter (http://sun.soci.niu.edu/~crypt) or Vmyths (www.vmyths.com).

Tips

McAfee's free online scanner checks your computer for viruses: Go to www.mcafee.com; click the Home & Home Office link; then click the FreeScan button. Symantec has a similar scanner at http://security.symantec.com. These tools detectbut don't removeviruses.

Antivirus programs designed specifically to kill Trojan horses include TDS-3 ($49 U.S.; www.diamondcs.com.au), Trojan Hunter ($49; www.misec.net), and Ewido ($35; www.ewido.net/en).

Spyware protection

You can download Microsoft AntiSpyware at www.microsoft.com/spyware (Figure 12.21 ). No spyware cleaner can detect every spyware program, so use a second cleaner in tandem. Try Ad-Aware (free; www.lavasoftusa.com), Spybot Search & Destroy (free; www.safer-networking.org), or Spy Sweeper ($40; www.webroot.com). Don't bother with the antispyware components that come bundled with antivirus programs from Symantec, McAfee, and others.

Spyware is very difficult to remove without a spyware cleaner (and sometimes with one), so do a little research before you download a suspicious program. Use Google to search for the program name and "spyware". A

kazaa spyware search, for example, yields more than 1 million hits. Or read the product's editorial or user reviews at www.download.com or www.nonags.com. Here are some sites that list clean freeware:

www.pricelessware.org

www.onlythebestfreeware.com

www.majorgeeks.com

Tips

Run your antispyware programs at least once a month.

The home sites of some utilitiesKazaa and LimeWire, for exampleswear that they're spyware-free, but they define "spyware" very narrowly.

Some spyware-laden programs fraudulently promise to

remove spyware. Spyware Warrior (www.spywarewarrior.com) publishes a list of such products (click the Rogue/Suspect Anti-Spyware link). The same site has a review of antispyware programs (click the Anti-Spyware Testing link). Other worthwhile sites are www.benedelman.org and www.spywareinfo.com.

Spyware Lineup

You're most likely to pick up spyware when you download free file-sharing

(peer-to-peer )

, shopping, animated-buddy, weather, or toolbar utilities. Here are a few culprits:

BearShare

BingoFun

BonziBUDDY

ClipGenie

CoolWebSearch

Dashbar

eAcceleration Software Station and Threat Scanner

Freeze.com's Living Rainforest screen saver

Grokster

Hotbar

iMesh

Kazaa

LimeWire

Morpheus

Messenger Plus!

Panicware Pop-Up Stopper

PuritySCAN

Smiley Central

WeatherBug

XXXtoolbar

PC Pitstop publishes a regularly updated "Top 25 Spyware and Adware" list at www.pcpitstop.com/spycheck/top25.asp.