Working securely in Windows XP – Part 2
Intro
In a previous segment we tried to look at Windows XP and find out what general, simple measures are needed to make it more secure with only system tweaking, proper configuration, and wise, healthy and informed usage behavior. This means not resorting to exterior programs or third-party tools – using only those readily available in the Windows OS itself. In this segment, we’ll talk about how to further improve Windows security by implementing third-party commercial and free software available today on the Internet. Those who have not read the previous segment are recommended to go back to it (http://www.agnitum.com/news/securityinsight/june2005issue.php) and read it through before jumping into the present one.
Arm yourself with an antivirus
We believe it should be superfluous to say that up-to-date antivirus software should be used to check files, e-mails and everything you send and receive over the Internet for the presence of viruses. Also it’s still necessary to warn everyone not to open any documents, executables, screen-saver programs, video, photo or newsletter adverts received from unfamiliar or suspicious sources. But still, many people disregard these warnings and consequently infect their computers with all sorts of dangerous malware. Where for smarter folks there is a clear indication of possible infection, for the less cautious there’s only a prospect of something interesting coming in attachments and unsolicited correspondence that actually don’t carry anything but a malicious payload within them.
There are some specifics to know about using antivirus software (AV). First off, if you already know or suspect that a file or a folder might contain a virus, perform the virus scan for the object before trying to open it. In no way try to execute the program received from doubtful sources before making sure it’s virus-free.
Most of today’s antivirus software contains two virus checking modules – one is an on-demand scanner that you can use to scan selected files or folders on a computer, and the other one is a real-time virus activity monitor that works all the time and makes sure that no file containing a virus is accidentally opened. While the on-demand scanner is a kind of a proactive security solution, the real-time virus monitor is only reactive by trying to preclude a virus after the user has already clicked on an infected file. Therefore, while the real-time virus monitor serves as the “final line of defense”, it’s better if the situation doesn’t stretch that far.
Secondly, keep in mind that modern antivirus software basically relies on virus definitions, which are computer equivalents to human fingerprints used to identify a virus. Any slight deviation from a given definition and antivirus software is led astray in detecting the newest, recently created viruses. So there’s an obvious gap between the time a new virus comes into the wild and the moment the corresponding definition fingerprinting the virus is released by AV vendors. Because this gap may range from an hour to a few days, there will always be a moment when the new virus is unaccounted for and consequently undetectable to virus checkers. That lapse is the most destructive time when a successful virus makes the most of its rampage – a gap antivirus companies strive to minimize.
Additionally, to use your antivirus software most effectively and maximize the virus “catch rate”, don’t forget to enable the heuristics scan option within your antiviral program and select the following locations for the antivirus software to scan for viruses: the entire Windows installation folder, the Program Files folder, the Documents and Settings folder and the folder where you download Internet files. After the scan, also examine the antivirus event logs from time to time to verify if everything was done as instructed.
Close network doors with a firewall
As a company that develops a firewall of its own, the list of possibilities we can cite offered by firewall technology is really enormous. But the main principles behind every good firewall are packet filtering (global traffic and per-process data), ports stealthing, hacker attack defense and user privacy protection.
A firewall is like a shield that protects data communications between your computer and the rest of the machines your computer is connected to (either via the LAN or Internet). It safeguards data chunks (packets) entering and leaving your computer to make sure only the good ones are allowed and effectively dropping others. Without firewall protection, any program installed on a computer either knowingly or otherwise could connect to any remote address and upload or download whatever information it desires (which could be private user information that should be kept under a tight lock). It could practically launch any other program on a computer however affiliated, purely at its discretion. With a firewall you can explicitly define what each program will do, with whom it can connect and what kind of communication freedom it would be allowed to have. A firewall is in a sense a “network mentor” always watching computer connections and protecting user safety online.
Here’s a short list of dangers a firewall is able to protect from, to help you conclude whether you should get a firewall:
- Protection from hacker attacks; blocking worms and spyware from divulging sensitive data
- Hiding computer presence on a network to make the host unsusceptible on the Internet
- Barring illegal program activity, providing records of events happening on a computer
- Keeping Internet browsing activity private, facilitating blocking of inappropriate content
- Showing all network connections in real time
There’s a firewall included with Windows XP SP2, but it doesn’t provide even half of the aforementioned functions. Therefore, it’s largely unsuitable and can’t compete against mature standalone commercial firewall programs among which Outpost Firewall PRO ranks at the top.
Eradicate spyware and miscellaneous unwanted pervasive-ware
At least one form of antispyware program is recommended for a computer to clean what antivirus software might have left behind unchecked – various forms of spyware that don’t fall within the definition of a computer virus and therefore cannot be eradicated with conventional antivirus techniques. A pure firewall will close the avenue the spyware uses to “phone home”, but to eradicate it from a computer completely requires antispyware search and removal software.
The problem with spyware in general lies within the definition of spyware. There’s debate over what software should be regarded as spyware and consequentially removed from user’s computers. A good spyware scanner, however, should provide an option for a user to select types of spyware to remove along with hints about particular spyware.
We are planning to integrate antispyware capability into our upcoming firewall release, so if you haven’t got antispyware already or are looking for an alternate solution, our free inclusion might interest you.
Automatically wipe away spam
Everybody knows spam; it’s very pervasive, persistent and quite deceptive. Yet, many people choose to fight it with bare hands and delete it manually from their mailboxes every single day they exchange e-mails. However, this process can be automated with a viable antispam program that will analyze the text in the body of an unsolicited message and make an appropriate judgment as to its legitimacy. The program also safeguards your financial health and computer safety by not letting malicious payloads such as phishing or computer worms sent along with the spam message to get through to you.
With antispam software you have to educate it early to better identify spam; so there will inevitably be some margin of error in the recognition of false and true spam messages. You can minimize those errors through the process of education and by setting ingressive spam filtration levels.
Conclusion
Of course, the recommendations throughout this two-part material do not alone guarantee that your computer will be absolutely secure. Absolutes don’t exist in life. But these recommendations will contribute enormously to protecting your computer to the highest possible degree.
Posted in Security Insight
