10 must do tips to make your Windows PC more secure

These tips are geared towards Windows however they are just as relevant for Linux and Mac OS users too.

1/ Update your anti-virus software once a week and run a complete test.

Anti-virus software that doesn’t have the patches for the latest virus’s is the same as not having any anti-virus software on your computer at all. If you use the free version that came with your computer when it was new make sure you renew your subscription as soon as it runs out. If you do not have anti-virus software you can get a completely free version called AVG from http://free.grisoft.com/freeweb.php. Run a complete virus test on your computer once a week immediately after updating your anti-virus software.

2/ Install a firewall.

Firewalls stop unauthorized programs from using your computer over the internet. If your computer is on the internet it is vulnerable. If you do not have a firewall program you can get the free Sygate Personal Firewall or free version of ZoneALARM (probably the best on the market) , please be aware that in out opinion the windows default firewall is not a real good solution. Download ZoneALARM

If your firewall says that a program is trying to contact the internet and you are not sure what it is, say “no”, if a program stops working you can always say “yes” the next time it asks.

3/ Update your operating system with the latest patches every  week!

New security flaws are discovered in operating systems all the time. Your computer is vulnerable to these flaws if you do not install the free fixes that are available. Windows can be updated at http://windowsupdate.microsoft.com.

4/ Do not use Internet Explorer

Internet Explorer has more security vulnerabilities than any other web browser.

Try the free Firefox browser from http://www.mozilla.org/products/firefox/.

5/ Be very careful where you give personal information out.

Never enter unsolicited personal information on a website that is not secure and doesn’t begin with https. Do not respond to emails asking for personal information when you have not contacted them first. Some emails can contain links to websites that look like the real companies website but in fact just collect your information for hackers. If in doubt phone the company with the information.

6/ Be very careful opening email attachments

Email attachments can contain virus’s. Scan attachments with your anti-virus software before opening them and only open attachments that you are expecting to receive.

7/ Ignore “virus warning” emails

“Virus warning” emails can be hoaxes that make you damage your own computer. Rely on up-to-date anti-virus software to protect you. The only exception to this rule is if you work for a company with an IS&T department and they send you the message at work.

8/ Use anti-spyware software

Spyware is software that gathers personal information about you from your computer, changes your internet homepage without your permission and installs software you have not asked for. Spyware can can accidentally installed with other software or without your permission from unscrupulous websites. Lavasoft Adaware, which is free, works in the same way as anti-virus software but for spyware can be downloaded from http://www.lavasoftusa.com/software/adaware/. Update and run a complete test every week at the same time as your anti-virus software.

9/ Do not forward emails that claim something will happen if you send it to a certain number of people

These emails can be a way of getting you to pass on a virus. Email messages cannot count how many people you have sent them to and they will not do whatever they say they will do if you forward it to a certain number of people.

10/ Backup up important files

Backing up files such as documents, spreadsheets and photo’s that you would not want to lose will not prevent anything horrible happening, however, if something does happen it changes the event from being devastating to just an inconvenience.

Conclusion

Following these tips will greatly reduce your chances of being affected by a computer security issue. The person I know had a very close call, I urge you to spend the small amount of time it takes to protect yourself so that nothing nasty happens to you on your computer. For more information on home computer security you can go to the United States Computer Emergency Readiness Team (US-CERT) website.

AVG Anti-Virus Free Edition is a free anti-virus protection tool developed by GRISOFT for home use. Join the millions of satisfied customers worldwide who have downloaded the software and now enjoy the benefits of AVG Anti-Virus Free.

What you get with AVG Anti-Virus Free

	Easy to use
	Regular and automatic virus database updates
	Realtime protection of files and e-mails
	Scheduled and manual testing
	Windows and Linux
	And most of all … great customer satisfaction

Connecting to the Internet is like opening a door to your computer. Through that door, you can easily go online to shop, read the latest news, send e-mail, and more. But an open door also allows hackers to easily gain access to your PC.

Once inside, hackers can steal your valuable personal data, such as bank account numbers and passwords. Your PC can be used without your knowledge to launch attacks on other computers, even on entire networks. A hacker can render your computer useless—to everyone except the hacker.

To protect yourself from hacker attacks, you need a PC firewall. In effect, a PC firewall shuts your computer’s door to hackers, allowing only authorized traffic to flow through. antivirus software protects you from known viruses and can help clean up after a virus attack. But only a PC firewall can block unauthorized access to your Internet-connected computer and protect against both known and unknown malicious software and Internet threats. At the same time, a PC firewall allows your computer complete, unrestricted access to the Internet.

What does a basic PC firewall do?
In a building, a firewall is a fireproof wall that acts as a barrier between one part of a building and another. The firewall’s goal: to prevent a fire from spreading.

Similarly, a basic PC firewall acts as a barrier between your PC and the Internet. The PC firewall’s goal: to prevent Internet threats from spreading to your computer.

Working in the background, a basic PC firewall monitors the traffic flowing through your computer’s open door to the Internet. When anything seems suspicious, such as a request by an unknown source to connect to your PC, a basic PC firewall automatically identifies and blocks it.

A basic PC firewall not only prevents unauthorized access to your PC or network, it also hides your Internet-connected PC from view. And that helps prevent attempted intrusions in the first place.

What does a basic PC firewall not do?
A basic PC firewall can’t detect or remove computer viruses and worms if they’re already on your computer. And a basic PC firewall can’t clean up your computer after a virus attack; block phishing e-mails, spam, and pop-up ads; filter inappropriate or dangerous Web content; or shield IM users from spammers, thieves, and predators.

Are there PC firewalls that offer more advanced protection than basic PC firewalls?
Yes. Some PC firewalls offer security features that go beyond basic firewalls:

Dynamic firewalls. A basic PC firewall keeps your computer’s door open to the Internet while monitoring the flow of traffic through that door. But a dynamic PC firewall automatically opens your computer’s door to the Internet when needed, allows only authorized traffic through, then immediately shuts the door. As a result, a dynamic PC firewall, such as ZoneAlarm, provides more protection than a basic PC firewall.

Outbound and inbound protection. Many basic PC firewalls only protect your PC from unauthorized inbound communications. But some PC firewalls, such as ZoneAlarm, protect your PC from unauthorized inbound as well as outbound communications.

Suppose a hacker tries to install software on your PC that can capture your bank account information and transmit the data to the hacker. The attempted software installation would be an unauthorized inbound communication. The transmission of your private data to the hacker would be an unauthorized outbound communication.

A basic PC firewall might not catch a hacker’s every attempt to access your PC. Should the hacker succeed, your bank account information could then be transmitted to the hacker—unless your PC firewall was capable of automatically blocking unauthorized outbound communications.

For more advanced protection, you should consider a dynamic PC firewall that provides both outbound and inbound protection.

If I use a dial-up Internet connection, do I still need a PC firewall?
Yes. Regardless of the type of Internet connection you use—dial-up, DSL, cable, or wireless—a PC firewall is your essential foundation of defense against hackers.

Dial-up Internet connections are often made from phone lines also used for conversation or faxing. As a result, a dial-up connection is ordinarily left running only as long as it’s needed, giving potential hackers less opportunity to gain access to your computer. Even so, as long as your computer is connected to the Internet, the door is open to hackers. The bottom line: Dial-up Internet users need a PC firewall, too.

Those with a dedicated Internet connection, such as a DSL line or cable modem, are even more vulnerable to security breaches. These users are more likely to leave their connection running whenever their computer is on. And the longer a computer’s door is open, the more accessible the PC is to hackers.

If my home network router has a built-in firewall, why do I need a PC firewall?
Most home network routers include a built-in hardware firewall that monitors and blocks inbound communications at the network level.

By comparison, a PC firewall can monitor and block both inbound and outbound communications at the PC level. For the most complete protection, a PC firewall should be installed on every computer on a network.

Combined, a router’s firewall and a PC firewall provide multiple layers of protection that a router firewall couldn’t provide by itself.

And unlike your home network router, a PC firewall can easily go where your computer goes. Only a PC firewall can protect your Internet-connected computer on the road.

If my computer has Windows XP Service Pack 2 (SP 2)—which includes a PC firewall—why do I need another PC firewall?
Microsoft’s recent upgrade to its Windows XP operating system, Windows XP Service Pack 2 (SP2), only provides protection against unauthorized inbound communications. For protection against unauthorized outbound communications you’d need a more robust PC firewall solution such as ZoneAlarm from http://www.zonelabs.com.

In the context of computer software, a Trojan horse is a program that contains or installs a malicious program (sometimes called the payload or ‘trojan’). The term is derived from the classical myth of the Trojan Horse. Trojan horses may appear to be useful or interesting programs (or at the very least harmless) to an unsuspecting user, but are actually harmful when executed.

Often the term is shortened to simply trojan, even though this turns the adjective into a noun, reversing the myth (Greeks, not Trojans, were gaining malicious access).

There are two common types of Trojan horses. One, is otherwise useful software that has been corrupted by a cracker inserting malicious code that executes while the program is used. Examples include various implementations of weather alerting programs, computer clock setting software, and peer to peer file sharing utilities. The other type is a standalone program that masquerades as something else, like a game or image file, in order to trick the user into some misdirected complicity that is needed to carry out the program’s objectives.

Trojan horse programs cannot operate autonomously, in contrast to some other types of malware, like viruses or worms. Just as the Greeks needed the Trojans to bring the horse inside for their plan to work, Trojan horse programs depend on actions by the intended victims. As such, if trojans replicate and even distribute themselves, each new victim must run the program/trojan. Therefore their virulence is of a different nature, depending on successful implementation of social engineering concepts rather than flaws in a computer system’s security design or configuration.

Definitions

“Trojan”

- A Trojan (or a Trojan horse) is a destructive program that masquerades as a benign application. Unlike viruses, Trojan horses do not replicate themselves but they can be just as destructive.

“hacker”

- “Hacker” is a slang term for a computer enthusiast. Among professional programmers, the term hacker implies an amateur or a programmer who lacks formal training. Depending on how it used, the term can be either complimentary or derogatory, although it is developing an increasingly derogatory connotation.

“client/server” approach

- A client is defined as a requester of services and a server is defined as the provider of services.

“IP Address” (Internet Protocol Address)

- The address of a computer attached to a TCP/IP network (e.g. the Internet). Every client and server must have a unique IP address. Client workstations have either a permanent address or one that is dynamically assigned to them each dial-up session. IP addresses are written as four sets of numbers separated by periods; for example, 192.168.111.222

“port”

- In an TCP/IP network (e.g. the Internet), a port represents an endpoint in the establishment of a connection between computers. For the computer that acts as the server, the port number will typically identify the type of service it is. For example, TCP port 80 is used for HTTP, TCP port 21 is used for FTP, and TCP port 25 is used for SMTP . It should be noted that there are 65,535 (64K) port numbers!

Which PC’s can be affected?

Depending on the trojan involved, they’re designed to affect Windows 95/98 PC’s, Windows NT PC’s, or both.

How do the trojans work?

How a hacker establishes the connection to another user’s computer, is that the hacker running the “client” portion establishes a connection to the IP address of a known PC that has the “server” portion installed upon it

If the hacker running the “client” portion doesn’t know the IP address of the user’s PC which has been compromised by the “server” portion. The hacker usually initiates a series of connections to a large range of IP addresses on the Internet (known as “scanning”), looking for any PC that responds back to the attempt. If a PC responds back, it responds with its IP address. Then all the hacker has to do, is to establish a connection to that IP address.

Keep in mind that 99% of the time, the hacker doesn’t have a specific target (or victim) to begin with, so any PC that answers back to their attempted connections satisfy their goal of hacking into another’s PC.

Because the “server” portion is configured to use (or “listen” on) a particular port number, it’s the client who attempts a connection to that specific port number to initiate the connection between computers.

NOTE: Some trojans may use more than one port number. This is because one port is used for “listening” and the other/s are used for the transfer of data.

In their default configurations, the following trojans use:

Back Orifice – UDP port 31337 or 31338
Deep Throat – UDP port 2140 and 3150
NetBus – TCP port 12345 and 12346
Whack-a-mole – TCP port 12361 and 12362
NetBus 2 Pro – TCP port 20034
GirlFriend – TCP port 21544
Sockets de Troie – TCP port 5000, 5001 or 50505
Masters Paradise – TCP port 3129, 40421, 40422, 40423 and 40426
Devil – port 65000
Evil FTP – port 23456
GateCrasher – port 6969
Hackers Paradise – port 456
ICKiller – port 7789 ICQTrojan – port 4590
Phineas Phucker – port 2801
Remote Grab – port 7000
Remote Windows Shutdown – port 53001

Types of Trojan horse payloads

Trojan horse payloads are almost always designed to do various harmful things, but could be harmless. They are broken down in classification based on how they breach systems and the damage they cause. The seven main types of Trojan horse payloads are:

• Remote Access
• Email Sending
• Data Destructive
• Proxy trojan (disguising others as the infected computer)
• FTP trojan (adding or copying data from the infected computer)
• security software disabler
• denial-of-service attack (DoS)
• URL trojan (directing the infected computer to only connect to the internet via an expensive dial-up connection)

Some examples are:

• erasing or overwriting data on a computer.
• encrypting files in a cryptoviral extortion attack.
• corrupting files in a subtle way.
• upload and download files.
• allowing remote access to the victim’s computer. This is called a RAT (remote administration tool).
• spreading other malware, such as viruses. In this case the Trojan horse is called a ‘dropper’ or ‘vector’.
• setting up networks of zombie computers in order to launch DDoS attacks or send spam.
• spying on the user of a computer and covertly reporting data like browsing habits to other people (see the article on spyware).
• make screenshots.
• logging keystrokes to steal information such as passwords and credit card numbers (also known as a keylogger).
• phish for bank or other account details, which can be used for criminal activities.
• installing a backdoor on a computer system.
• opening and closing CD-ROM tray.
• harvest e-mail addresses and use them for spam.
• Restarts the computer whenever the infected program is started.

Methods of Infection

The majority of trojan horse infections occur because the user was tricked into running an infected program. This is why it is advised to not open unexpected attachments on emails — the program is often a cute animation or a sexy picture, but behind the scenes it infects the computer with a trojan or worm. The infected program doesn’t have to arrive via email, though; it can be sent to you in an Instant Message, downloaded from a Web site or by FTP, or even delivered on a CD or floppy disk. (Physical delivery is uncommon, but if you were the specific target of an attack, it would be a fairly reliable way to infect your computer.) Furthermore, an infected program could come from someone who sits down at your computer and loads it manually. The chances of recieving the virus through an instant message are very low. It is usually recieved through a download.

Drive By Websites: You can be infected by visiting a rogue website.

Email: If you use Microsoft Outlook, you’re vulnerable to many of the same problems that Internet Explorer has, even if you don’t use IE directly.

Open ports: Computers running their own servers (HTTP, FTP, or SMTP, for example), allowing Windows file sharing, or running programs that provide filesharing capabilities such as Instant Messengers (AOL’s AIM, MSN Messenger, etc.) may have vulnerabilities similar to those described above. These programs and services may open a network port giving attackers a means for interacting with these programs from anywhere on the Internet. Vulnerabilities allowing unauthorized remote entry are regularly found in such programs, so they should be avoided or properly secured.

A firewall may be used to limit access to open ports. Firewalls are widely used in practice, and they help to mitigate the problem of remote trojan insertion via open ports, but they are not a totally impenetrable solution, either.

Precautions against Trojan horses

Trojan horses can be protected against through end-user awareness, namely to treat them like a virus. Viruses can cause a great deal of damage to a personal computer but even more damage to a business, particularly a small business that usually does not have the same virus protection capabilities as a large business. Since a Trojan Horse virus payload is hidden, it is harder to protect yourself or your company from it, but there are things that you can do.

Trojan Horses are most commonly spread through an e-mail, much like other types of common viruses. The only difference being of course is that a Trojan Horse payload is hidden. The best ways to protect yourself and your company from Trojan Horses are as follows:

1. If you receive e-mail from someone that you do not know or you receive an unknown attachment, never open it right away. As an e-mail user you should confirm the source. Some hackers have the ability to steal address books, so if you see e-mail from someone you know, it is not necessarily safe.
2. When setting up your e-mail client, make sure that you have the settings so that attachments do not open automatically. Some e-mail clients come ready with an anti-virus program that scans any attachments before they are opened. If your client does not come with this, it would be best to purchase one or download one for free.
3. Make sure your computer has an anti-virus program on it and update it regularly. If you have an auto-update option included in your anti-virus program you should turn it on; that way if you forget to update your software you can still be protected from threats
4. Operating systems offer patches to protect their users from certain threats. Software developers like Microsoft offer patches that in a sense “close the hole” that the Trojan horse or other virus would use to get through to your system. If you keep your system updated with these patches, your computer is kept much safer.
5. Avoid using peer-to-peer or P2P sharing networks like Kazaa, Limewire, Ares, or Gnutella because they are generally unprotected from viruses and Trojan Horse viruses spread through them especially easily. Some of these programs do offer some virus protection, but this is often not strong enough. If you insist on using P2P, it would be safe to not download files that claim to be “rare” songs, books, movies, pictures, etc.

HERE ARE SIX SIMPLE THINGS YOU CAN DO TO HELP KEEP SPAM AT BAY. Check out those basic rules to avoid spam robots to use your email for spaming !

1) NEVER RESPOND TO SPAM

Oh sure, they say they’ll take your name off the list, but they’re lying. What they really want to do is confirm that they’ve got a live address. Also, if you respond, they’ll sell your address to every other spammer on the planet meaning you’ll soon be flooded with even more spam.

2) DON’T POST YOUR ADDRESS ON YOUR WEBSITE

It seems like a good idea at the time, but posting your email address on your personal home page is just an invitation to spammers. Spammers and the people who sell spamming as a business have software that “harvests” email addresses from the Net. This software crawls through the Internet seeking text strings that are -something-@-something-.-something-.This e-mail address is being protected from spam bots, you need JavaScript enabled to view it When it finds one, it catalogs it on a database of other email addresses to be used to send spam.

3) USE A SECOND EMAIL ADDRESS IN NEWSGROUPS

Newsgroups are the great email address gathering ground for spammers. If you post to a group, you’re going to get spam — it is just a matter of time. So how are you supposed to participate? Use a different email address than the one you use for talking to friends and relatives. In other words, have a public address and a private address. You’ll just have to deal with the spam in your public account.

4) DON’T GIVE YOUR EMAIL ADDRESS WITHOUT KNOWING HOW IT WILL BE USED

If a website is asking for your email address, they want to use it for something. Be sure you know what. Read the terms of use and privacy statements of any site before telling them your address. Ask yourself some simple questions. Are they going to share or sell my address? Do I want emails from this website? Do I trust them? Is it worth the risk? If you can’t answer these questions satisfactorily, if you can’t find their privacy statement, don’t tell them your address.

5) USE A SPAM FILTER

While there is no such thing as a perfect filter, anti-spam software can help keep spam at manageable level. Some of it is cumbersome, some works better than others, some even requires that you let your email messages go through another system for storage and cleaning.

6) NEVER BUY ANYTHING ADVERTISED IN SPAM

The reason that people spam is because they can make money. They make money, like all advertisers, by convincing people to buy a product. If no one buys the things advertised in spam, companies will quit paying spammers to advertise their products.

Along with viruses, one of the biggest threats to computer users on the Internet today is malware (malicious software). Malware can hijack your browser, redirect your search attempts, serve pop-up ads, track what web sites you visit, and generally mess things up. Malware programs are usually poorly-programmed and can cause your computer to become unbearably slow and unstable in addition to all the other havoc they wreak.

Many of them will reinstall themselves even after you think you have removed them, or hide themselves deep within Windows, making them very difficult to clean. We will outline the different varieties of malware along with basic preventive measures. Although also considered to be malware, programs such as viruses, worms, trojans, and everything else generally detected by anti-virus software will not be discussed here, and the use of the word malware will only refer to software that fits in the categories listed below.

There are several ways in which your computer can be infected by malware. Malware is often bundled with other programs (Kazaa, iMesh, and other file sharing programs seem to be the biggest bundlers). These malware programs usually pop-up ads, sending revenue from the ads to the program’s authors. Other malware is installed from websites, pretending to be software needed to view the website. Still other forms of malware, most notably some of the CoolWebSearch variants, install themselves through holes in Internet Explorer like a virus would, requiring you to do nothing but visit the wrong web page to get infected.

The vast majority of malware, however, must be installed by the user (most people do this unintentionally, as the malware is often bundled with a software they want to install). Unfortunately, getting infected with malware is usually much easier than getting rid of it, and once you get malware on your computer it tends to multiply.

Will anti-virus programs protect against malware?

Anti-virus companies are only beginning to pay attention to malware. Aside from some of the latest versions (many include the malware scanner in the Internet security portion of their suites), most anti-virus programs have little or no protection. Those anti-virus programs that do protect are generally not as thorough as a dedicated malware remover. However, some especially virulent malware that scanners may miss will be removed by anti-virus programs, so it is generally a good idea to run a virus scan as well. Some of the anti-virus vendors’ delay may be caused by worries they will be sued if they start labeling programs as spyware, adware, etc., which has already happened in several cases.

Types of malware

Although there is no official breakdown, we can divide malware into several broad categories of malware. These are – adware, spyware, hijackers, toolbars, and dialers. Many, if not most malware programs will fit into more than one category.

Adware

Adware is the class of programs that place advertisements on your screen. These may be in the form of pop-ups, pop-unders, advertisements embedded in programs, advertisements placed on top of ads in web sites, or any other way the authors can think of showing you an ad. The pop-ups generally will not be stopped by pop-up blockers, and often are not dependent on your having Internet Explorer open. They may show up when you are playing a game, writing a document, listening to music, or anything else. If you are using the internet, the advertisements will often be related to the web page you are viewing.

Spyware

Programs classified as spyware send information about you and your computer to somebody else. Some spyware simply relays the addresses of sites you visit or terms you search for to a 3rd party server. Others may send back information you type into forms in Internet Explorer or the names of files you download. Still others search your hard drive and report back which programs you have installed, the contents of your e-mail client’s address book (usually to be sold to spammers), or any other information about you ar your computer. Information that you have stored on your computer such as your name, browser history, login names and passwords, credit card numbers, phone number and address may be collected by spyware programs.

Spyware often works in conjunction with toolbars. It may also use a program that is always running in the background to collect data, or it may integrate itself into Internet Explorer, allowing it to run undetected whenever Internet Explorer is open.

Hijackers

Hijackers take control of various parts of your web browser, including your home page, search pages, and search bar. They may also redirect you to certain sites should you mistype an address or prevent you from going to a website they would rather you not, such as sites that combat malware. Some will even redirect you to their own search engine when you attempt a search. Note: hijackers almost exclusively target Internet Explorer, so the easiest way to avoid this is to use a different web browser. There are many top quality web browsers available today, like Firefox, Mozilla, Netscape and Opera.

Toolbars

Toolbars plug into Internet Explorer and provide additional functionality such as search forms or pop-up blockers. The Google and Yahoo! toolbars are probably the most common legitimate examples, and malware toolbars often attempt to emulate their functionality and look. Malware toolbars almost always include characteristics of the other malware categories, which is usually what gets it classified as malware. Any toolbar that is installed through underhanded means falls into the category of malware.

Dialers

Dialers are programs that set up your modem connection to connect to a 1-900 number. This provides the number’s owner with revenue while leaving you with a large phone bill. There are some legitimate uses for dialers, such as for people who do not have access to credit cards. Most dialers, however, are installed quietly and attempt to do their dirty work without being detected.

The easiest way to deal with malware is to not get it in the first place. A little bit of common sense helps, but experience goes a lot farther. Experienced computer users, like it or not, hopefully possess the common sense that will let them avert potential disasters.

This edge can be acquired. The distinction is largely one of attitude, one which for lack of a better term I’ll call “skeptical computing.” We can examine this attitude and see how it reacts to common sources of trouble.

Skeptical computing breaks down into two parts. The first is having a minimum level of expectations for the working state of their computers. Operating systems for personal computers are extremely stable and reliable. Computers are no longer the cantankerous contraptions they were with Windows 9x or earlier versions of Mac OS. It’s not acceptable to have a computer that runs at a snail’s pace with advertisements flying up left and right. If things aren’t working as they should, you can find a fix, whether through Google, anonymous forums, or your friendly neighborhood guru.

The second component of skeptical computing is maintaining a skeptical attitude while browsing the internet. If something looks too good to be true, it probably is. Any “hot deals” had better come from a trusted source. If a warning starts flashing on your computer, look closely to see if it’s a legitimate message from Windows or just an animated image in a web browser.

Drive-by-Downloads

Internet Explorer can prompt users to download software that gets automatically installed on computers. The intention is that programs, such as Flash, that certain web pages depend on for viewing, can be seamlessly loaded so the user’s browsing experience isn’t interrupted. However, many malware developers take advantage of this process to foist their wares on unsuspecting users. Let’s look at two examples, one legitimate and one malicious:

It’s important to separate the generic form filler from the content provided by the program in each case. The first item identifies itself as “Windows Update,” the other “IE Plugin – Once you agree to the License Terms and Privacy Policy – click YES to CONTINUE.” The second program is imploring you to click yes, not Internet Explorer. It also doesn’t really tell you what the program is. Disregarding the second half of its name, it just identifies itself as “IE Plugin.” It’s not clear where it came from or what it would do if you installed it. This is one major tip-off.

Both products identify their supposed (remember, be skeptical) publisher. The first one is from “Microsoft Windows Publisher,” the second from “CLICK YES TO CONTINUE.” What would a program gain from obscuring its origin, especially by inserting a message in its place that suggests that clicking yes is your only option?

The last unique piece of information is the group that verified the publisher’s identity. This bit doesn’t tell you very much in either case. Both sound legitimate. However, weighing what else we know, it’s safe to say that the second program is bad news. The first program looks trustworthy.

While our deductions were accurate in both cases, you should also consider what you were doing when you received the prompt. The first prompt appeared while browsing Windows Update, the second prompt showed up on a warez site. It’s quite reasonable to expect that OS updates would require something to be installed. When you’re looking at something seamy or of questionable legality, you should be on the lookout for possible malware.

It should be noted that drive-by download prompts have changed in Windows XP SP2. The new design stops controls when new dialogs pop up and forces you to think more about what you’re about to download. Let’s look at what happens when Flash wants to install itself.

Unlike in prior versions of Windows, a dialog box is not the first thing to appear. Instead, a brief message appears in the toolbar, similar to IE’s built-in pop-up blocker. It informs you that the page wants to install an ActiveX Control. The information, program name, and publisher are exactly the same.

When you click on the message, you can either allow the installation, or seek further help (“What’s the Risk?”). The help is a generic section of IE’s help page informing you of the risks associated with installing ActiveX controls. If you choose to install, you then see a dialog similar to the one we looked at before:

Its appearance is more streamlined, plus it gives you an additional option. You can tell it to always deny the installation of controls from any given publisher. Definitely useful for users who frequently get asked to install particular pieces of malware, or just those who have a vendetta against Flash.

Bundlers

Much malware, especially adware, comes bundled with other programs. P2P software is a common source of bundled adware. The following message comes up while installing iMesh:

You can’t say the program isn’t honest. It lets you know it’s ad-supported, which pieces of adware get installed, and what you agree to in the process. Messages about required programs for displaying ads should set off warning sirens in your head. That information alone should be enough to make you stop installation.

Beyond skeptical computing, there are other preventive measures you can take to secure your computer. Verify that your Internet Explorer security settings are set correctly. To do this, open up Internet Explorer and go to the Tools menu. Click on “Internet Options.” Go to the Security tab and click on the globe labeled “Internet.” Then click the “Custom Level” button. Make sure “Download signed ActiveX controls” is set to “Prompt” (if you think you have everything installed that you need, you can set this to “Disable” for extra security), “Download unsigned ActiveX controls” is set to “Disable,” and “Initialize and script ActiveX controls not marked as safe” is set to “Disable.”

Updating Windows

Another easy and very important step is to update Windows. Some malware uses holes in Internet Explorer and Windows to install themselves without you knowing. There are many viruses which exploit Windows in similar ways, so it’s important to either enable Automatic Update or regularly visit Windows Update.

Users of Windows XP should make sure they have Service Pack 2 installed. It includes many improvements that should make it much more difficult for malware to infect your computer, including a basic firewall (more on these below). Before installing a major update such as a Service Pack, it is recommended that you back up any critical data. Also make sure that your system is free of malware before installing SP2. Malware can interact with the installation process in undesirable ways. You can get SP2 through Automatic Updates or Windows Update.

Users of Windows 98 or ME should upgrade if at all possible to Windows XP. XP is a much more stable and reliable OS, not to mention more secure. Those who can’t upgrade should be extra vigilant about system updates. Not only are the security holes in 98 and ME more well-known by malware developers, but those versions of Windows are less proactive about getting users to update.

Firewalls

One way of being warned that malware has infected your machine is by using a software firewall (this also works well for viruses too). Should malware get past your defenses and infect your computer, a software firewall will notify you if it tries to “dial home” (unfortunately, this will probably not work for malware that integrates itself into Internet Explorer). When a software firewall catches a program trying to make a connection, it will alert you, give you the name of the program, and ask if you want to block it from the Internet.

When using this software, apply skepticism in the same way you would when looking at a drive-by-download. When you receive a prompt from your firewall, scrutinize the program requesting access. Have you seen it before? Do you remember installing it? Does its function appear generic or otherwise ambiguous?

Software firewall warnings will aid in finding and removing the malware, as they give you the exact location of the process. They are especially important if you are not behind a hardware firewall. Firewalls do not know the difference between what is good and what is bad, so they will ask you about legitimate programs as well as illegitimate ones (many come with a whitelist of commonly-used programs that need the Internet, however).

If you do not know what a program is, usually a web search on it will tell you if it is something that should be accessing the Internet or not. Unfortunately, Windows XP’s built-in firewall (users of any previous Windows versions have no firewall protection at all built in) does not monitor traffic leaving your computer, just traffic that is entering it, so Windows XP users may wish to download a stronger third-party solution.

This screenshot shows an alert from the Windows XP SP2 firewall. It is informing you that iMesh is attempting to receive a connection (in other words, it wants to act like a server rather than a client). Since chances are you chose to install iMesh on your computer, it would be acceptable to let it carry out its normal functions.

Two popular free firewalls are

• Kerio Personal Firewall – There is a free version for home users. Many prefer the older 2.1.5, which can be found here.
• Zone Alarm – There is both a free version and a pay version with more features.

Other third-party software

If you’re worried about not being able to identify drive-by-downloads, there are several pieces of software that can nip the problem at the bud. SpywareBlaster and Blocklist set “kill-bits” in Internet Explorer which automatically deny known malware from installing. In addition, SpywareBlaster blocks many known malware distributing websites. Both programs use zero system resources.

Alternative browsers

An increasing number of users have concluded that Internet Explorer opens up too many potential problems and have switched to alternative web browsers. There are several excellent ones available, each with their own virtues.

• Mozilla Suite – Full-featured suite with browser, email client, IRC client, and HTML editor.
• Firefox – lightweight browser that utilizes Mozilla’s top-notch rendering engine.
• Opera -Lightweight suite with many features.

Social solutions

If you notice a high-profile company is advertising through adware, send an email or write a letter (even better) to one of their higher-ups. Tell them that you consider their association with this advertising medium to be a blemish on their image.

Support software publishers who sell software you like, especially software without adware. Companies use adware only when they’re worried about getting a solid revenue stream. If enough customers buy their software, they won’t have to experiment with these unseemly alternatives.

GAIN

One of the oldest and best known examples of malware is from the company Claria, which changed its name from Gator in 2003. Unlike most malware creators, Claria is a legitimate corporation with several big name advertisers and offices in both the United States and Europe. Claria is the maker of Gator Advertising and Information Network Publishing (or just GAIN), which actually consists of two programs that run in the background and work together. One program pops up ads while the other collects personal information. GAIN is typically bundled with other programs, including several published by Claria.

As far as malware is concerned, GAIN at first glance looks to be a well-behaved program. As can be in the above examples, all GAIN ads are usually clearly marked as such. Also included with GAIN is a utility that will display which program or programs it was bundled with, and thus require its presence, as shown below.

Unfortunately, GAIN does not come with an uninstaller of its own. One must use the uninstaller used by the program GAIN came bundled with and hope it does a thorough job.

A closer look at GAIN reveals more troubling features of the program. The first trouble signs come from the GAIN Privacy Statement (the privacy statement from GAIN version, 6.0, is used here). From the privacy policy, we learn GAIN is doing a bit more than simply serving ads. These other functions cause GAIN to cross categories and also fall into the realm of spyware.

From the statement, we learn that Claria is not only getting money from advertisements, but they are also gathering information that they can then sell to other entities. Claria also anonymously collects information it finds on the user’s computer, including their zip code, first name, software that is installed, even what password they use for eWallet, a program Claria distributes. They do not stop there, however.

We also associate the anonymous information we collect with a particular computer through a randomly generated anonymous ID number

In short, Claria maintains a database with profiles of each machine on which GAIN has been installed. Each profile has all the information mentioned before, along with anything they can infer from that data. Claria doesn’t simply store this information away, but also shares some of it with third parties:

We share certain anonymous information we collect in aggregated form with some of our partners and prospective partners… Our partners may use this anonymous aggregated information to improve their services, and may, in some cases, share this anonymous aggregated information with third parties such as their customers.

Keep in mind that, as intrusive as Claria’s data collection policies may sound, Claria is still a corporation with a public image to worry about. It is an easy target for lawsuits should Claria attempt something that goes against their user agreements (whether such agreements are legally binding is largely untested).

The larger problem comes from the vast majority of spyware programs are created by groups or individuals who will have no problem stealing whatever data they can from you, and they will not keep it anonymous or private. Most spyware creators do not have a valid website, much less any sort of user agreement or privacy statement they are obliged to keep.

webHancer

webHancer is a spyware application that is commonly bundled with other programs. Upon installation, it starts a program that runs in the background. This program, according to webHancer’s Privacy Policy, collects details of your surfring, such as the URL, page size, page load time, page completion state, and network delay time of the sites you visit. Looking at their products page, it is obvious they are going to sell the information gathered to other entities, as they attempt to answer questions like “What other sites are my customers visiting? Before? After? Where are they buying?” webHancer claims to have their program installed on millions of desktops, and it’s likely that most of those running the program have no idea what it’s doing.

While browsing the Internet for several minutes with Kerio Personal Firewall installed (we’ll discuss firewalls later), you are constantly being alerted that webHancer was attempting to access the Internet, always while a page was loading or immediately after it was finished loading. This doesn’t happen on every page, and there does not seem to be any real relationship between what web site you are viewing and when webHancer would attempt to connect.

Because of its deep hooks into Windows, webHancer has been known to leave the computer without working networking after being uninstalled (to fix this, the company suggests installing and uninstalling webHancer again) and may cause errors in other programs.

ISTBar

ISTBar is a combination toolbar and hijacker. It installs a toolbar with search functions provided by slotch.com, a web portal. The toolbar also has links to various web sites and a list of “TopSearches,” which include such classic keywords as “Britney Spears,” “Blackjack,” and “Loans.” ISTBar.

ISTBar includes the ability to download and install other software. Among the processes started by ISTBar is a hijacker that redirects you to internet-optimizer.com when you enter a bad URL This sends the link you attempted to retrieve to internet-optimizer.com in the process.

searchWWW

searchWWW is a malware program that is installed by the widely-used cjb.net redirection service. As a bonus, searchWWW has a hijacker component as well adware. The adware portion, once installed, will occasionally pop up ad windows. If we let the program run for a while, a collection of different popups will appear, including one that correctly warns that “AdWare” and “SpyWare” are installed on the computer.

In terms of adware, searchWWW is fairly benign. Many other adware programs are much more aggressive in popping up windows and embed themselves much deeper into Windows.

The searchWWW malware also has a hijacker component. Upon being installed, it changes both your Internet Explorer home page and the search bar. Your home page is changed to http://www.searchwww.com, and your search sidebar altered as well. Instead of the default, you get a rather minimalistic replacement that uses searchWWW.com’s very poor engine.

HuntBar/WinTools

HuntBar looks like a fairly typical toolbar. After installation, a toolbar appears with the usual staples: a search box, pop-up blocker, word highlighter, and even skin support. Many of its functions work through websearch.com, which gets its results from other sites. For example, web search results come from Yahoo, only with a dozen sponsored links above the results, while the maps come from Mapquest.

HuntBar also hijacks the search bar. This also uses websearch.com. The full address of every site you visit is sent to the server, along with a unique ID, adding a spyware component to Huntbar. The toolbar can also install updates or any other code the server may send it.

What makes HuntBar especially difficult to remove is that, along with the toolbar, three processes are installed, one of which is a service. Should you attempt to remove any part of HuntBar, these processes will simply replace the files or reset the settings. They will also restart each other should one of them be killed.

AccessPlugin

AccessPlugin is a somewhat legitimate dialer, as it actually needs you to set it up. However, nowhere on the web site it is downloaded from is there any mention of what this program actually does, only that it would allow you to view the site. In the terms and conditions pictured below you can see it mentions it costs $49.95 for a month. It would be very simple for somewhat to miss that, as most people do not read the fine print.

Most dialers will come from adult web sites and will advertise themselves as having to be downloaded in order to access a certain site, or as a “viewer.” However, the install process does not give any warning of the program’s true functionality, and they will often attempt to dial as soon as possible. Dialers are often detectable only by looking for the running process.

Windows Messenger Service

Although not a program downloaded to your computer and thus not really considered adware, Windows Messenger Service can be an annoyance easily dealt with. Some people may have noticed text messages popping up on their displays trying to sell something (often a program that will stop the messages from popping up). These may appear any number of times a day.

Such messages come through a little known part of Windows called the Messenger Service. This is not the same as the Internet Messaging (IM) program. The vast majority of users do not need this on.

Turning it off is rather straightforward: if you’re running Windows 2000, go to Control Panel >> Administrative Tools >> Services. Scroll down and highlight “Messenger.” Right-click the highlighted line, select “Properties,” and click the “STOP” button. Then select “Disable” or “Manual” in the Startup Type scroll bar. Click OK and you’re all set.

For Windows XP Home: Control Panel >> Performance and Maintenance, then click Administrative Tools. Double click “Services,” scroll down and highlight “Messenger.” Then right-click the highlighted line, choose “Properties,” and click the “Stop” button. Similar to 2000, Select “Disable” or “Manual” in the Startup Type scroll bar, click OK, and you’re done. The process for XP Pro is identical except that you go straight to “Administrative Tools” from the Control Panel. Windows Messenger Service is now disabled by default with Windows XP SP2.