Tek Mo PC ko (Tech My PC): January 2007

The Internet can hold a host of dangers for the unwary computer user. Without proper precautions, your data is at risk every minute your system is connected to the web.

With this guide, I have set out to inform you clearly and concisely of the dangers you face, and the steps you can take to avoid them. Once you look through, I think you'll be struck by how little effort is required to make your PC more secure. Even performing the first five steps of this guide will make your system better protected than the vast majority of Internet connected PCs. It is not wise to rely on the comparative anonymity of the Internet to keep you safe. If you do, you will be burned eventually and inevitably. Secure your PC now to avoid future regrets.

The next five procedures can be considered essential for any computer user that values the sanctity of his or her data. By following these five easy steps, you can avoid 99% of the potential trouble lying in wait for you on the Internet.

Step 1. Use a strong password

The danger: malicious computer users can gain access to your computer over the Internet, stealing and deleting data and potentially implanting viruses and Trojan horses.

The cause:The major irony of Microsoft's shift from non-password protected home operating systems like Windows 98 and ME to the password and access-list based 'security' of Windows 2000 and XP is that your data is actually less secure by default.

Sure, the new operating systems give security conscious users all the tools they need to protect their data, but what if the users are not aware of the risks? During the install process, you are prompted to create a password for the built-in 'administrator' user account. Users accustomed to Windows 9X/ME's pointless passwords often decide to bypass this by entering a blank password, thus opening up their entire computer to anyone who takes the trouble to look twice at their Internet address.

There are two reasons for this vulnerability: One, every Microsoft Windows XP and 2000 system has a built-in account called 'administrator' which has full access to all files and configuration settings of the computer. Anyone who is remotely familiar with these operating systems knows of this account's existence. This definitely includes anyone who might try to break into your computer.

The other factor in Windows 2000 and XP's vulnerability is the presence of hidden administrative shares. Each logical drive (C:, D:, etc.) on your system, plus the Windows directory, is actually shared (made available for remote access) by default. These hidden shares are only accessible to Users with administrative privileges, but once an intruder has your administrator account password, he has your entire system laid open for him.

By using one of a multitude of free and legal software tools, a potential intruder can easily locate and gain access to your data by finding your IP address and attempting to connect using the administrator account. Obviously, if there is no password on the account, you are defenseless.

Even if you have put a password on the account, you may not be safe. Simple passwords can easily be discovered by an intruder using a 'dictionary attack' software tool, which can try words and combinations of letters until your password is compromised.

The administrator account is uniquely open to this style of attack, because while other user accounts can be 'locked' by the operating system if an incorrect password is entered too many times, the administrator account cannot be locked out. This means that an intruder is free to try as many password possibilities as he or she wants, without worrying about losing access to your system.

The cure: Set effective passwords for all users

The best way to protect yourself from malicious users is to effectively password protect all your user accounts. An effective password, according to Microsoft, is at least seven characters long and contains a mix of upper and lower case letters, numbers and symbols. While you can cut corners a bit here in the interests of memorization, make sure to use six or more characters and include at least some numbers and upper case letters in the middle of the word. By using several characters and a mix of upper and lower case letters and numbers, you can make your password effectively uncrackable to intruders who do not possess super computers capable of predicting the weather...

To change user passwords make sure you are logged in as a user with administrative privileges (the first user created during the XP install process has these). Right click on 'my computer' and select 'manage.' Expand 'local users and groups' then 'users.' Right click on each user and select 'set password.'

Note the ominous warning message. If you have used XP's built-in file encryption to protect any of your files, you must remove it before you change your password or you will lose access to the files. Otherwise, proceed and set a secure password for each account.

The accounts you should set passwords for are the administrator account, and any accounts you created during or after the installation of Windows.

Step 2. Make sure your system is protected by a firewall

The Danger: Malicious users may locate and attempt to break into your computer from the Internet.

The Cause: All computers that communicate over the Internet must have a valid IP address, such as 61.232.252.6. These addresses allow computers to exchange data with other computers over the 'net. Your system also leaves a variety of ports open to listen for incoming data. Ports are access points for certain kinds of data to enter and leave your computer. For example, while you are viewing this website, your computer and our web server are communicating through port 80, the default port for the HTTP language that web pages generally use.

The trouble is that anyone can use freely available software like GFI's LANguard security scanner to scan a range of IP addresses for computers and gather information about these systems. If your computer is poorly password protected these utilities provide remote users with the ability to directly access your files.

This happens because by default, many ports in your system are fully prepared to listen and respond to any data request from the Internet. This means that your system is fully visible, the equivalent of wearing glow-in-the dark clothes in a blackout…

The cure: Use a firewall program or device.

A firewall is a software program or hardware device which blocks remote access to your computer. It does this by closing all ports to data unless the communication is initiated from inside the firewall first. So you could, for example, surf this page without problems through a firewall since your computer sends the request for data to our web server first.

The firewall would note the Internet address that your request was sent to, and allow return communications from that specific address back through the firewall. However, anyone trying to scan a range of IP addresses for vulnerable computers would turn up a blank for your address, since the firewall blocks all unsolicited communication from the Internet.

Almost all home Internet sharing devices include firewalls, so if you are using a router to share your Internet connection within your home, you are likely already protected. Otherwise you need to use a software firewall. Windows XP comes included with one, though you need to activate it. Several free third-party software firewalls are also available, most notably Zone Lab's Zonealarm.

To activate the Windows XP firewall go to 'start/control panel/network and Internet connections/network connections' then right click on your Internet connection and select 'properties'.

Go to the 'advanced' tab and check the 'internet connection firewall' box.

The windows XP firewall is now active and will block most non-requested data from entering your system.
If you have installed Service Pack 2 for Windows XP, the firewall works a little differently. Unless you have another form of firewall software like Zonealarm installed, the XP firewall should be active by default.

To check this, go to 'start\control panel\windows firewall' and ensure that the firewall is set to the 'on (recommended)' position. The 'windows firewall' icon in control panel is only available to Service Pack 2 users, so if it's not there, simply follow the directions given in the last paragraphs.

To use Zonealarm first download and install the software.

Go to 'alerts and logs' and change the 'alert events shown' setting to off. This is just to prevent the program informing you every time it blocks data remotely.

The main advantage of Zonealarm over the XP firewall is its ability to block data coming from inside your system out to the Internet. This enables it to catch Trojan horse viruses and Spyware in the act and prevent them from sending privacy and security compromising data from your system. Zonealarm will pop-up a permission box every time a program attempts to access the Internet.

If it's a recognized program like IE, you can allow it permanent access by checking 'yes' and 'do not ask this question again.' Otherwise, you can go to the 'program control/programs' window within Zonealarm and manually set which applications can access the Internet.

Step 3. Use antivirus software

The Danger: Computer viruses can cripple your computer and destroy your data.

The cause: There are an incredible variety of computer viruses on the Internet, with many different ways of infecting your system. The stereotypical vector for viruses is the email attachment, and this is still the most common source of infection for unwary users. Opening up a seemingly innocent attachment from a friend can have disastrous consequences. There are few computer users who have not experienced the effects of a computer virus at some point, and malicious coders keep churning them out.

The cure: Install and use a professional antivirus program

Using an antivirus software package from a reputable manufacturer like Symantec or MacAfee provides an effective defence against viruses. You should scan your system for viruses once a week at least, and use the software to examine any email attachments you are unsure about. Many packages, like Norton Antivirus, come with auto-protection features which will scan any files entering or leaving your system for viruses.

While this is fairly self explanatory, a couple of extra tips: if you're going to buy and install anti-virus software, do it now, before you get infected with a virus, rather than waiting until your system starts to act up. The reason for this is that many viruses have components that can disable or subvert popular antivirus programs like Norton's and McAfee's software. So if your system is infected before you install the antivirus software, it may not be able to help you.

Secondly, make sure you keep the program updated. Antivirus software manufacturers are constantly creating new sets of virus definitions to keep up with new threats. Without updated definitions, the software will not stop newer viruses from infecting your PC. Most reputable antivirus programs will update themselves automatically when you are connected to the Internet, but it doesn't hurt to make sure you have the latest update before you scan for viruses.

Personally I recommend the use of Eset's NOD32 as your choice of antivirus program, refer to my previous blog entry about NOD32.

Step 4. Check your PC for spyware and adware

The Danger: Spyware and Adware programs can quickly infest your PC, compromising privacy and performance.

The cause: Spyware and adware are generic names for a variety of programs designed to collect data and/or advertise products. Sound innocent? The catch is that these programs are often installed on your PC from websites or as part of 'free' software like Kazaa, and work from inside your computer, gathering information about your surfing habits for marketing purposes. Worse, this is only the tip of the iceberg.

Programs in this category may call up extra pop-up advertising while you are surfing, or even redirect your browser to websites of their own choosing. While makers of this type of software need to obtain your consent to install their programs, they are often presented in misleading ways, or hidden within the license agreements of other software.

There is a second category of programs involved as well, browser hijackers. These malicious programs can subvert your web browser's home page and links and generally cannot be removed without great difficulty. At their worst, these programs can make using your computer a trial. System and Internet performance can be slowed due to the extra data being sent from your computer, and floods of (often obscene) advertisements may dog your Internet surfing experience.

The cure: Install and use a reputable spyware finding/removal tool.

Fortunately, certain individuals have devoted a lot of time and effort to create free software which is specifically aimed at removing these (legal) pests from your system. One software system we tend to use is Ad-Aware, freely available from the Lavasoft website as it is the most popular and frequently updated removal tool. Ad-Aware functions much like any antivirus program, so it should seem instantly familiar to most users.

Use the 'check for updates now' function to make sure you have the latest updates. Hit the 'start' button and choose 'next' to scan your system with the default options.

Once the scan is complete, you will be shown any suspicious files, registry entries or cookies detected. You can now delete or quarantine these files.

If Ad-aware found and removed malicious software, you should empty your recycling bin and restart your computer and scan again to make sure it is completely removed. Make sure to rescan your computer weekly.

Other recommend antispyware programs are Xoftspy, Spysweeper and ScanSpyware.

If you are using NOD32 you don't need to install a separate antispyware program because NOD32 also protects your PC from spywares and adwares.

Step 5. Update update update

The Danger: Viruses and malicious users may exploit newly discovered security holes within Windows and Internet Explorer.

The Cause: Windows XPis an extremely complex operating system, and as such has a number of bugs and design holes which are constantly in the process of being fixed by Microsoft. On the other side of the fence, there are users who are enthusiastically trying to discover these flaws, either for the purpose of informing Microsoft or just for the heck of it.

Generally, major vulnerabilities or flaws are patched almost immediately after their existence is made known, or even before. However, users who do not update their systems with the new patch are at the mercy of anyone using software tools designed to exploit the vulnerability.

A recent example of this would be the infamous 'blaster' worm which used a weakness in Window's RPC (Remote Procedure Call) handling to infest an enormous number of systems across the world. Once on a system, the virus could spread itself out to other vulnerable PC's and also force its host to shut down automatically. Microsoft quickly patched the security hole and provided a tool to remove the worm, but since many users did not patch their systems, the infestation spread and slowed down Internet traffic worldwide.

The Cure: Keep your Windows computer up-to-date with the latest Microsoft security patches.

Windows XP includes an automatic updating feature which will periodically check Microsoft for updates and download them to your system, ready for installation. To use automatic update, right click on 'my computer' and select properties, then choose the 'automatic updates' tab.

If it is not already, check the 'keep my computer up to date…' checkbox to enable automatic updating. Now run Windows update from 'start\all programs\windows update' to make sure you are fully patched for now. Windows update will now periodically check Microsoft's site for updates and download them to your PC. You will be prompted with an icon in the task bar when new updates are available.

Advanced security steps: The following five procedures will provide you with an extra blanket of security to complement the essential changes you just made to your system.

Step 6. Change the name of the administrative account

The Danger: Malicious users may attempt to use the built-in 'administrator' user account to gain access to your PC.

The cause: As mentioned above, every Windows 2000 and XP installation includes an 'administrator' user account which has full control over files and system settings. This account cannot be locked or disabled and is thus the first target for anyone trying to hack into your computer. While the account should already have a password, provided you followed the procedure above, this does not protect it from attack.

The Cure: rename the administrator account.

Renaming the administrator account adds an extra layer of security by removing the standard user name 'administrator' which any malicious user will try first when attempting to gain access to your PC.

Make sure you are logged in as a user with administrative privileges - the first user created during the XP install process has these, as does the administrator. Right click on 'my computer' and select 'manage.' Expand 'local users and groups' then 'users.' Highlight the 'administrator' account and right click. Choose 'rename' and change the account to a name of your choosing.

Step 7. Disable 'hidden' shares within XP and 2000

The Danger : malicious users can easily gain access to every file and folder in your computer.

The Cause: Windows 2000 and XP both use a system of hidden administrative shares. Every drive on your computer system is shared under the name '(drive letter)$.' These shares exist to allow users with the correct username and password to remotely administer files on your computer. Of course, if a malicious user obtains a username and password with administrative rights to your system, all your files and folders are available to them over the Internet. They would be free to copy, change or delete as much of your data as they saw fit.

The cure: Disable the hidden shares.

Unless you are in a business environment, it is unlikely you will have a need for the hidden shares. Disabling them will considerably reduce the danger of your data being compromised remotely.

You will need to edit theWindows registry using REGEDIT in order to carry out this step. Please ensure that you backup your registry to a file before editing it.

To disable the hidden shares first start REGEDIT ('start\run' and type 'regedit') and then navigate to: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\lanmanserver\parameters

Add the Dword value 'AutoShareWks' with a value of '0' and restart your computer.

Step 8. Change Internet Explorer security settings

The Danger: Viruses and browser hijacking programs can infect your system through the use of ActiveX code on certain websites.

The Cause: By default, Internet Explorer will run certain content, including small programs embedded in the code of a website. An example of this sort of thing would be a pop-up ad asking you whether you wish to install so-and-so's software. Say yes and you may have just saddled yourself with a spyware problem. Certain malicious software may not even have the courtesy to ask before it has its way with your browser.

The cure: Raise Internet Explorer's default security level.

Fortunately, IE can be set to a more restrictive level of security. At this setting, the browser will not run certain types of content found on websites. This includes potentially malicious ActiveX code. Of course, this can also change your web browsing experience, as it will cut off certain content from safe websites also. To get around this, you can add known safe sites that you regularly visit to Internet Explorer's 'trusted sites' list.

To raise IE's security level:

Open Internet Explorer, go to the 'tools' menu and select 'Internet options.' Now select the 'security' tab.

Set the Internet zone to the 'high' security setting. This will ensure that IE will not run ActiveX instructions, the means by which most browser hijackers get access to your computer. You can place trusted websites that you regularly visit into the 'trusted sites' Internet zone.

Site addresses that you enter here will be mostly unrestricted, allowing them to display their content properly.

Step 9. Secure your shared files

The Danger: Intruders may access your shared files

The Cause: By default, Windows XP uses the simple file sharing system. This allows any user that has authenticated to your computer to have full access to all shared files. In Windows XP Home, the 'guest' user account is the account used by all remote users to access shared files. Of course, the guest account has no password by default, allowing unlimited, non-password access to your shared files for virtually anyone who finds your IP address.

While a firewall will block this type of access in most cases, it still pays to limit your venerability by configuring simple file sharing and the guest user account more securely than the default.

The Cure: Secure and configure the guest user account

If you are using Windows XP Professional, you should password protect and disable the guest account. This will force any intruder to use one of the user accounts you created or the administrator account, both of which should now be secure if you followed the above procedures.

Make sure you are logged in as a user with administrative privileges (the first user created during the XP install process has these, as does the administrator).

Right click on 'my computer' and select 'manage.' Expand 'local users and groups' then 'users.' Highlight the 'guest' account and right click. Choose 'set password' and provide the account with a secure password. Now right-click the guest account again and choose 'properties.'

Check the 'account is disabled' box.If you are using Windows XP Home, you cannot truly disable the guest account, as it is used as an integral part of the file sharing system. You can password protect it though… Bring up the command prompt (start/run and type 'cmd') and type 'net user guest password' where 'password' is the password you want to use to secure the account.

Step 10. Stop using Internet Explorer and Outlook Express

The Danger: many viruses and malicious programs target Internet Explorer and Outlook Express specifically.

The Cause: IE and OE are unquestionably the most popular web browser and email client in the world. They are the default applications that a majority of Windows users are familiar with. Because of this, many viruses and other malicious programs are created to target specific vulnerabilities in these two programs. Since the user base is so huge, they can afford to be specific. These viruses generally will not affect systems which employ other products for their web browsing and email retrieval.

The Cure: Learn to use a new web browser and email client.

There are several free browsers and email clients available that can easily replace IE and Outlook Express. The trick is to get used to using them. By not using IE and OE, you considerably reduce the danger of infecting your system with a virus.

Some examples of alternate browsers and mail clients include;Mozilla the makers of this popular browser also offer Thunderbird, a free email client.Opera. Eudora which is an ad-supported mail client with a long and successful history.

Tek Mo PC ko (Tech My PC)

PC Troubleshooting, Maintenance and Upgrading Tips, Tutorial, Hardware and Utility software Product Reviews

Cleans the following Windows components:

Advanced Options allow cleaning of:

Application Cleaning:

Registry Issue Cleaning:

Safety:

High Security:

Multiple Languages: