Seven
steps to tightening your Internet security
by Alan Zisman (c) 2004 First published in
Business in Vancouver August
10-16, 2004; issue 772
High Tech Office column
My neighbourhood has seen more than its share of break-ins and car
thefts. As a result, like many homeowners, we've spent time and money
upgrading the locks on our doors, putting bars over our windows, and
installing alarms. And we've learned that awareness of security is
ongoing.
Like East Vancouver, the Internet started out as a small, friendly
community where people knew and trusted their neighbours. But times
have changed. Recently, in setting a computer up for Internet access, I
performed the digital equivalent of changing the locks and installing
alarms.
Here are the seven steps I took towards making it more secure:
- Downloaded and installed a firewall. The time
it
takes before a new computer online gets probed by hackers is now 15
seconds. A firewall blocks those probes. I installed Zone Alarm (www.zonelabs.com),
which will
(unlike the firewall included with Windows XP) also inform you of any
programs trying to "phone home." Be prepared for a period when you need
to click to confirm multiple programs that you do want to allow online.
- Downloaded and installed antivirus software. Avast (www.avast.com)
is free for home use (with registration). Set its options to update its
virus database and core program quietly in the background.
- Downloaded and installed Mozilla's Firefox Web browser (www.mozilla.org) and
let it set
itself as the default browser and import Internet Explorer favourites.
Since this computer will be using webmail sites for e-mail, I didn't
bother replacing Outlook Express; otherwise, I might have installed
Mozilla's Thunderbird e-mail program, which will import Outlook Express
mail and settings and includes spam filtering.
- Ran Windows
Update
repeatedly until it no longer listed any "critical updates." (Note that
Microsoft's Windows Update site will only work with Internet Explorer;
using the Start Menu's Windows Update link will load that browser if
you're using Firefox or some other browser).
- Downloaded and installed the free Spybot Search and Destroy (www.safer-networking.org),
choosing to install its Teatimer option, which lurks in the background,
informing you when something is trying to change your PC's settings to
load itself automatically. Again, be prepared for a series of warnings
checking whether you really meant to install any new software you're
adding. Run Spybot frequently to remove any spyware that might have
slipped through.
- Visited Steve Gibson's Shield's Up website (www.grc.com) and
downloaded and ran a
series of tiny utilities, each of which shuts down a Windows security
flaw: the DCOMbobulator, Shoot the Messenger, UnPlug 'n' Pray, and
XPdite.
- Created a new user (using the User accounts
control
panel and the Computer Management Administrative Tool) with limited
rights, making it more difficult to install software or change
settings. I set the computer to log into that user account by default.
(This can be done with Windows NT, 2000, or XP, but not Windows 95/98
or ME.)
All of this took the better part of an evening, but at the end of it, I
had a computer that could go online relatively safely. At least as long
as anyone using the computer pays attention to the various warning
messages.
I did all this using free software; there are alternative programs to
do the same things. For example
Symantec's
Internet
Security Suite
($70) includes a good firewall, anti-virus software, spam filtering and
spyware monitoring.
Like securing my house, securing this Windows PC took time and requires
an ongoing attention to security. Alternatively, I could pay a premium
for fewer security issues by buying a Mac, or I could consider
switching from Windows to Linux (the digital equivalent of moving to
the country, where housing costs less and there's less crime, but you
have to be prepared to do everything for yourself).