Secure Your Home Computer
Protection Guidelines
By the time you reach the end of the list you will have acquainted yourself with all of the basics required to take control of and maintain your privacy and security over the Internet. To the novice computer user this may seem like a lot of information to absorb, yet if you are patient and take each item one at a time you will soon realize how uncomplicated this really is. Above all, don't be intimidated. No one learns everything in a single day.
These guidelines should be followed by all Windows users whether you are connected to a network or not.
Use a good bi-directional firewall that will monitor all incoming and outgoing traffic and will alert you for access permission if such traffic is detected. It also has the ability to hide your presence from intruders by completely blocking access to the ports that are used for the transfer of information. Select the highest security level for your internet zone and set all programs to prompt you for access - even those you use frequently. When in doubt, deny access of a program until you know for sure its identity.
Use a virus scanner (anti-virus), keep the virus data files current (check for updates at least once a week), enable the "Heuristics" or "Bloodhound" feature (for detection of virus-like activity of yet-to-be discovered viruses), and set it to scan all downloads and e-mail attachments - before they are opened. Let it quarantine and destroy anything suspicious. If it has settings for scanning ActiveX Controls and Java Classes for potentially harmful content, use that too. For even greater protection and a wider range of configuration options, combine the use of a virus scanner with a trojan scanner.
Disable File and Printer Sharing in your network settings if you are using a computer that is not connected to a Local Area Network (LAN). This will shut all NetBIOS ports - those which are used for the sharing of files.
Be extremely careful when using any P2P (peer-to-peer) network service for sharing/swapping files across the Internet. Be sure you are not exposing any drive folder other than the one designated for access by these services, and keep your virus scanner active at all times. Even better, also use a third-party File & Folder Access Protection program to lock access to all other areas of your hard drive during the time you open the P2P connection for a file sharing session.
Secure your IMs. It is wise to use an IM encryption utility to secure your AIM, ICQ, MSN, or Yahoo! messages, but be aware that the encryption will only be effective if the utility is used on both ends.
Know your IP. If you know the IP address of your internet connection (and the IP ranges used by your local network), you will recognize when an outsider is trying to break in.
Use a registry guard such as Greyware Registry Rearguard or RegistryProt to protect your registry, startup directories, and startup files from malicious programs. Incoming trojans can go undetected. They will place a specific set of instructions in the registry or other system files and will activate the next time you shutdown/restart your computer. A 'rearguard' will alert you before the damage is done. It is also a useful tool for alerting you of changes when installing new software.
Never allow a downloaded application or any downloaded executable content to launch on its own, and be especially careful of downloading files that end in exe, bat, vbs, and com.
Disable file transfers in IM (instant messaging) programs, as this feature, if configured incorrectly, can enable the sharing of more than you intend. AIM, .NET Messenger, and others let you disable file transfers from the Preferences or Options menus. If someone wants to send you an image or file, use e-mail to verify that the request is legitimate.
Never accept and run an "ActiveX Control" or "Java Class" unless it comes signed and from a trusted site. It is best to force your browser to prompt you for permission. If you are using Internet Explorer, these settings are located under Control Panel - Internet Options - Security - Internet , Custom Level. Mozilla, Opera, and Netscape users are prompted by default.
Disable "Install on Demand" if you are using Internet Explorer so your browser will be forced to prompt you if additional components are needed in order to display certain content. This setting is located under Control Panel - Internet Options - Advanced.
Never, ever, enable JavaScript for e-mail or e-mail attachments. While JavaScript may be fine for internet browsing, it can be dangerous when enabled for e-mail. See JavaScript Info for more details and How to disable JavaScript in e-mail programs for step-by-step instructions.
Disable HTML for e-mail or choose to view all messages as plain text if your e-mail client has such options - the better ones do; or use an e-mail content filter for web bugs and embedded content originating from a server other than the one belonging to the sender of the e-mail. Today's cleverly-coded e-mail worms can execute just by viewing HTML-formatted e-mail.
Never allow your e-mail client to "View Attachment Inline" ...unless you are sure it arrived from a trusted sender.
Never open e-mail attachments from strangers. Period.
Use encryption software such as PGP (Pretty Good Privacy) for sending your most private e-mail messages. If you don't, keep in mind that what you are sending is the equivalent of a postcard. Also remember that encryption is for the message body only - it does not hide the subject line nor does it hide the message headers.
Never, ever use e-mail to send confidential information such as credit card numbers, bank account numbers, or your Social Security number. Even if you use encryption and the correspondence is for legitimate business, you cannot be certain that the recipient will protect this information once it is delivered and decrypted. It will only be as secure as the recipient's system permits.
Never respond to e-mail asking for confidential information. Any e-mail you receive requesting your credit card numbers, bank account numbers, or Social Security number either via e-mail or a web site link is surely an identity theft scam.
Keep your OS and browser up-to-date, in addition to any service or application that has access to the Internet. Apply updates and patches as they are released.
Learn to identify which system services and applications are known to compromise security and do not allow them to have open access to the Internet. When in doubt, have your firewall prompt you for permission.
Be sure your browser is SSL-capable (Secure Socket Layer) and the encryption strength, or cypher strength, is not less than 128-bit.
Avoid using easily recognizable passwords such as the names of family members or pets, birthdays, or anniversaries. Make them as cryptic as possible; and if you must write them down, do not store them on your computer or any other place where someone may have access to them. If you must use your browser's password manager, never use it to store important passwords such as those used for banking.
Never visit untrusted sites. If you do, be extremely cautious.