Security on the Internet
Security on the Internet
There are simple steps you can take to strengthen the security of your computer
while you are attached to the internet.
The information on this page is primarily for a single computer which is not connected to a network - other than
the internet. If your computer is networked, you will probably need to take other
measures rather these - your networking guru will be the one to consult about security
measures on your network.
Oh, and that sign at the top of this page - where ever you go on the 'net, you can
be tracked - no, I'm not tracking you, but you never know who might be.
Everytime you visit a website, you provide information about who you are via the HTTP headers. The User-Agent header provides information about your browser, operating system and language.
Replace Internet Explorer with a more Secure Browser
Internet Explorer is the most popular browser in use today. That has its advantages and its disadvantages:
- Internet Explorer comes preinstalled with the Windows operating system.
- If a web site will only work with some browsers, it most likely will work with Internet Explorer.
- Internet Explorer is the most likely target for mischief.
- Because Internet Explorer supports Active-X, it is basically more insecure than any other browser.
There have been a number of articles written in the last half of 2004 strongly suggesting that using Internet Explorer is not a good idea. If you really want to make your computer more secure when browsing the internet, you should switch to another browser.
The browser I'm currently using is Firefox from the Mozilla Organization. It's quite good, very stable, noticeably faster than Internet Explorer, and much more secure. I strongly urge you to stop using Internet Explorer as your primary browser and switch to Firefox. But don't just take my word for it; see the following:
Of course you will still have to keep Internet Explorer around for the badly done sites (like http://www.microsoft.com/) that only work using Internet Explorer.
After you have installed Firefox, check this link for info on how to set your options to secure Firefox: Configure Firefox's settings to strengthen security.
Tune Your Operating System
Choose from the following based on your operating system:
Internet Security for Win/ME
I don't have access to a Win/ME system, but I suspect it is much like Win/98.
See if you can turn off "Windows Scripting Host" just by following the directions
in the Internet Security for Win/98 section.
Then follow the instructions for Internet Security for Win/95/98/ME.
Internet Security for Win/98
Turn off "Windows Scripting Host"
Microsoft's Windows Scripting Host is a VERY insecure Accessory to have installed
on your system - it's what e-mail viruses (and worms) such as Melissa and
The Love Bug use to do their damage. You are much safer with it uninstalled
- which you can do in Win/98.
- click on the Start button
- click on Settings
- click on Control Panel
- double click on Add/Remove Programs
- click on the Windows Setup tab (wait for it to load your settings)
- click on Accessories
- click on the Details button (below and to the right)
- uncheck Windows Scripting Host if it is checked
- click OK to save any changes
- click OK again to save any changes
Now continue with Internet Security for Win/95/98/ME
Internet Security for Win/95/98/ME
This section explains simple steps for protecting your Win/95/98/ME computer
from viruses and hacker attacks while you are connected to the internet.
If you don't use Microsoft Outlook Express or Outlook for your email,
you are much less vulnerable to email scripting virsuses
and can skip this paragraph. Avoid using MS Outlook (AKA LookOut!) if possible - besides, Mozilla/Netscape has a
much better built-in e-mail program and Thunderbird is superior to both of those.
Then you don't have to worry so much.
If you do use Outlook Express, start it and
- Click Tools
- click Options
- click Security
- Set the Security Zone to Restricted.
- Click Apply.
- Then click the Connection tab
- Click Change
- Click Security on the next dialogbox
- Click Restricted Sites
- Click Custom Level and:
- Make sure all the Axtive-X options are disabled (or at least set to Prompt and
NEVER allow Active-X to run in your email)
- Set Java Permissions to High Safety
- Most important disable all the options under Scripting.
- Click OK all the way out.
Note: You will have already done steps 8 - 11 if you followed the instructions for
Tightening Security in your Browser for Internet Explorer, step #1.
For a complete picture of what your Restricted Custom Level should look like,
click here.
Assuming your Win/95/98/ME computer is a stand-alone one, these 2 measures will make your system
much less vulnerable to security breaches that come from a hacker who might use your
connection to the internet to gain access to your computer. Before beginning, you might
want to visit Gibson Research Corporation's website and click
on the Shields Up link just to find out how insecure you
currently are. They after you've taken the measures suggested below (and rebooted), visit again
and see if you feel safer.
These 2 simple measures will go a long ways to protecting you from a hacker attack.
After the Reboot, visit Gibson Research Corporation's website and click
on the Shields Up link to see your level of security now.
If you connect to the internet via a dialup modem, this is probably
all you really need to do to protect yourself.
You must also install a firewall, see the info on
A personal Firewall below.
Internet Security for Win/NT
Go to Steve Gibson's NT Unbinding Page
and follow the instructions to unbind your NETBIOS from the internet.
Also make sure you have disabled file and printer sharing.
You must also install a firewall; see the info on
A personal Firewall below.
If you use Microsoft Outlook as your e-mail program, see the info on
Restrict scripting in Microsoft Outlook above.
Internet Security for Win/2000
The following should be done if you have a stand-alone Window/2000 system;
if you are on a network, talk to your networking guru:
On the Desktop, right-click the "My Network Places" icon, click
Properties on the menu that appears. For each connection icon (not for the
"Make New Connection" icon), right-click the icon, then click Properties.
- For Local Area Connections (LAN), on the General tab,
uncheck both the "Client for Microsoft Networks"
and the "File and Printer Sharing for Microsoft Networks".
- For dialup connections, on the Networking tab,
uncheck both the "Client for Microsoft Networks"
and the "File and Printer Sharing for Microsoft Networks".
You must also install a firewall; see the info on
A personal Firewall below.
If you use Microsoft Outlook as your e-mail program, see the info on
Restrict scripting in Microsoft Outlook above.
Internet Security for Win/XP
I don't have access to a Win/XP system, so I don't know. You might try
following the Win/2000 instructions and see what makes sense.
I suspect that Outlook Express in Win/XP is configured by default to use the
Restricted Zone, but you will still need to
Tighten Security in your Browser for this to
be fully effective.
A Personal Firewall
If your computer connects to the internet and doesn't have a firewall, your computer will be taken over by
some nasty program in approximately 20 minutes - yes, in less than half an hour, you are "owned."
Steve Gibson has a wealth of good info on
his website.
I've installed ZoneAlarm from Zone Labs.
It's FREE and it seems to work. It's fairly easy to set up, and when a program of yours (your
browser, email, etc) trys to communicate outside for the 1st time, you
get a warning and can then easily reconfigure ZoneAlarm to allow that
program to communicate.
A note on configuring ZoneAlarm: You should not check the Allow
Server - Internet checkbox for any of your applications. Doing so opens
several holes in your firewall! If you have to perform a function where
you need to allow your system to act as an internet server, check the
box, do the function, uncheck the box.
After installing a personal firewall, visit
Gibson Research Corporation's website and click
on the Shields Up link to see your level of security now.
Anti-Virus Protection
Given the incessant nature of attacks by viruses, worms, trojans, etc.,
you are crazy to try to connect a computer to the internet without adequate
protection (just like you'd be crazy to have unprotected sex!).
There are a number of anti-virus vendors - but many of their programs all will cost
you money. PCWorld.com
has reviews of various offerings in their
Antivirus section. They also have a list of on-line virus programs, but these are no substitute for an up to date programs running on your system.
Lately, however, the big boys - Norton, McAfee, etc. - have started acting like they own your computer and their anti-virus suite is the most important thing on your computer. They seem to enjoy cloggin up your internet connection and intruding on your work. The number of false positives I've encountered lately makes it seem that these products ARE the virus. I strongly recommend you ditch the big boys and go with AVG Anti-Virus Free. The price is right, it's not intrusive and it's adequate. Just make sure you
- Download the AVG products first
- Disconnet from the internet
- Uninstall any current Anti-Virus programs (Start > Settings > Control Panel > Add/Remove Software)
- Install the new Anti-Virus program(s)
- Reconnect to the internet
Trying to run 2 anti-virus programs at the same time can totally trash your computer!
If you don't have a good anti-virus program, get one - it's just part of the
cost of computer ownership, just like condoms are part of the price you
pay for sex if it's not all "local".
Anti-Spyware Protection
Did you know your computer might be spying on you?!? Yep, that cute little
program you just downloaded might contain a package that lets others track
your every move on the internet. There's names for this stuff: "Adware" "Spyware" "Scumware".
The use of this stuff, which skulks onto your hard drive and can invade your
privacy online, has proliferated as companies become more desperate for your
money.
There wasn't much anyone could do about adware until
Lavasoft created
Ad-aware,
a simple, free program that scans your computer for the telltale files that
adware plants on your system--and deletes them. Ad-aware regularly offers
users fresh reference files that enable the program to find the latest spyware
to invade their system, much as virus definition files help antivirus software
clean up Windows. Ad-aware does its job quickly and
efficiently (much to the chagrin of spyware makers), and it has become an
indispensable tool in the fight for online privacy.
Get it, install it, run it once a week.
As good as Ad-aware is,
it doesn't catch all the spyware and there are some spyware programs that are devilish hard to remove.
To be really safe, get all of the following and run them periodically:
Keep an eye on what programs are talking to the 'net
TCPView is a free Windows program that will show you detailed listings of all TCP and UDP endpoints on your system, including the local and remote addresses and state of TCP connections. On Windows NT, 2000 and XP TCPView also reports the name of the process that owns the endpoint. TCPView provides a more informative and conveniently presented subset of the Netstat program that ships with Windows.
Of course just having TCPView's list of programs won't do too much good unless you know what those programs are. You can right click on each line and check a program's properties - if they has any. You can also look programs up on the WinTasks Process Library web page.
Gibson Research Corporation
Zone Labs for the ZoneAlarm Firewall
Lavasoft to download Ad-aware for removing Spyware
Spybot Search and Destroy - Much like Ad-aware but catches things Ad-aware misses.
CWShredder - Removes the variants of CoolWebSearch (a particularly nasty piece of work).
Spywareblaster
- Prevents some spyware from installing in the first place.
Analyze Your Internet Privacy
Configure Firefox's settings to strengthen security
View your User-Agent header
This page hosted by
Leigh Brasington
/
/ Revised 18 Nov 08