10-step security for your PC

Avoiding the Latest Phishing Attacks Computerworld presents a 100% free and online security event today! Client Security Podcast Intercept Spam & Viruses Spam Spikes: A Real Risk to Your Business What Every E-Business Should Know about SSL Security and Consumer Trust Sign up to receive Security Resource Alerts

October 14, 2005 (PC World) -- Each new wave of computer viruses, spies and spam may have you ready to dust off your typewriter, but PC security can be effective without being a chore. To keep your computing safe from current and future threats, we've distilled our security advice down to the basics. These 10 quick and easy tips will help protect your hardware, software and data.
1. Patch automatically: Ensure Windows is set to update itself. In XP, click Start, Control Panel, Security Settings (if you're in Category view), Automatic Updates. In 2000, choose Start, Settings, Control Panel, Automatic Updates. In both versions, verify that 'Automatic (recommended)' is selected. You can also have Windows notify you before it downloads an update, or you can install the update manually. (The steps and options are only slightly different in Windows 98 and Me.)
2. Don't wait for Windows: If your PC has been off for more than a few days, don't wait for Windows' automatic update to kick in. Make the Windows Update site your first Internet stop. Also, there may be a lag between when a patch is available and when Windows Update pushes it to you. Microsoft releases Windows patches on the second Tuesday of each month, so to be safe, check for updates manually every couple of weeks. And don't forget to set your antivirus and anti-spyware tools to update automatically (or check weekly for updates yourself).
3. Use XP's security monitor: Windows XP Service Pack 2's most welcome addition is the Windows Security Center, which alerts you when your PC's firewall and antivirus protection are disabled or out of date. Still, XP's own firewall protects you only from inbound pests; it doesn't alert you to suspicious outbound traffic. We recommend that you disable the XP firewall and instead use Zone Labs' (ZoneAlarm) or another third-party firewall program that protects both ways.
4. Make your file extensions visible: Some viruses masquerade as harmless file types by adding a bogus extension near the end of their name, as in "funnycartoon.jpg.exe," in hopes your system is set to hide such extensions (the default in Windows XP and 2000) -- you see '.jpg' but not '.exe'. To make these troublemakers easier to spot, open Windows Explorer or any folder window and click Tools, Folder Options, View. Ensure that the option 'Hide file extensions for known file types' is unchecked.

• Bonus tip 1: To get the most complete picture of your Windows setup, check Show hidden files and folders and uncheck Hide protected operating system files (Recommended).

Bonus tip 2: Click herehere to play Microsoft's video guide to Windows XP security settings.

5. Keep Internet Explorer safe: Many people find Internet Explorer 6's Medium security level too obliging to ActiveX controls and other small programs, or scripts, that the browser runs on your PC. ActiveX and JavaScript enable such useful Web features as order forms and security scans, but they also may run malicious code and give attackers access to your system. To make Internet Explorer safer, click Tools, Internet Options, Security, Custom Level, select High from the drop-down menu at the bottom of the Security Settings dialog box, and click Reset, Yes, OK.
Unfortunately, setting Internet Explorer to the High security setting can lead to the browser's unleashing a fusillade of warnings and permission pop-ups every time you visit a site. The solution is to add the sites that you access often to Internet Explorer s Trusted Sites list: Choose Tools, Internet Options, Security, click the Trusted Sites icon, and then click the Sites button. Enter the Web address, click Add, and repeat as necessary. Be sure to uncheck Require server verification (https:) for all sites in this zone. When you're finished, click OK twice.

Block JavaScripts site-by-site in the Firefox browser via the NoScript plug-in.

6. Make Firefox more secure: The only way to block JavaScripts on a site-by-site basis in the Mozilla Foundation's free Firefox browser is to download and install the NoScript add-in that was created by Giorgio Maone. NoScript places a warning bar at the bottom of all the Web pages you visit that use JavaScript. Click the bar to see options for allowing scripts on the site (permanently or temporarily), blocking scripts, and other operations. The program can also stifle Flash animations and other Firefox plug-ins, but keep in mind that going Flash-less means you'll be missing out on some of the Web's richest content (along with all of those great dancing ads). Although NoScript is freeware, the author does accept donations at www.noscript.net.
7. Handle e-mail links with care: If a virus infects your PC, chances are good it arrived piggybacked on e-mail. To reduce your risk of an e-mail-borne infection, don't click links in suspicious messages (the text in the message may mask the actual Web address). Instead, enter the URL in your browser's address bar manually, or go to the site's home page and then navigate to the page in question.
8. Scan attachments for viruses: Run each of the e-mail attachments you receive through your antivirus software before you open them. Rather than double-clicking the attachment to open it instantly, save the file to a drive on your PC, open Windows Explorer, right-click the file, and choose the option to scan it for viruses. (Better yet, set your antivirus software to scan incoming and outgoing e-mail automatically.)
9. Close the preview pane: Some maleficent messages need only be opened in your e-mail program's preview window to do their dirty work. That's why we recommend that you close the preview pane in all of your in-boxes. In Microsoft Outlook 2003, click View, Reading pane, Off. In Outlook Express 6, click View, Layout and verify that 'Show Preview Pane' is unchecked. In Mozilla Thunderbird, click View, Layout and confirm that 'Message pane' is unchecked (or press 'F8' to toggle the preview pane on and off).
10. Read your mail in plain text: Since many e-mail pests rely on HTML code to achieve their nefarious goals, you can stop them in their tracks by viewing your messages as plain text. In Outlook 2003, click Tools, Options, Preferences, E-mail Options and check Read all standard mail in plain text. In Outlook Express 6, choose Tools, Options, Read and click Read all messages in plain text. In Mozilla Thunderbird, select View, Message Body As, Plain Text.

Wireless safety
Encrypt your Wi-Fi network: When you install a wireless network, it's tempting to keep the vendor's default network name and leave the network unencrypted. But doing so is an open invitation to your neighbors and anyone else within range to help themselves to your Internet connection. Open your network's configuration program to rename your network and apply Wi-Fi Protected Access (WPA) encryption. And check the maker's Web site regularly for driver and security updates.

Print this Story

Send Us Feedback

E-mail this Story

Digg this Story

Slashdot this Story

"It's IT Blogwatch: in which Grisoft, maker of the AVG anti-virus package, backs down in its attempt to DDoS the..." Read more... Read more Security posts or See all Blogs

Google gives away home-cooked Web application security scanner HP eyes move of support facilities out of Colorado Springs Microsoft trumpets security additions in upcoming IE8 More top stories...

How much is too much? Upgrade your notebook without going over the line French ruling on counterfeit goods could have far-reaching effects for eBay Apple cuts price of high-end SSD MacBook Air by $500

This old laptop: Revitalizing an aging notebook on the cheap All it takes is a couple hours and about $125 to breathe new life into an old laptop. Here's how. Bill Gates moves on Is Microsoft's Golden Age over? What are Gates' most memorable quotes? Find out in Computerworld's complete coverage of the end of the Bill Gates era at Microsoft. Five things you should never tell your boss There are some things your CIO definitely doesn't want to hear. Also don't miss the flipside, Five things you should always tell your boss. Hands-On: Firefox 3 fixes what's broke and keeps what's right With its latest version, Mozilla's browser continues to raise the bar for what Web browsers should be. Windows Vista A to Z Reviews, analyses, how-tos, visual tours, hot issues and predictions about Microsoft's new OS. More Continuing Coverage After 9/11: Homeland SecurityAsk a Premier 100 IT LeaderBlackBerry Legal BattleData Security BreachesElectronic VotingFirefoxH-1B VisasHP's Boardroom ScandalHandheld DevicesHurricane Katrina AftermathMicrosoft Legal IssuesMicrosoft's VistaOpen SourceRFID TechnologySCO's Linux FightSarbanes-Oxley ActSpamVoice Over IPWi-FiWindows Meta File VulnerabilityWindows XP Service Pack 3 IT Careers 2010 Four years from now, the IT field will be a vastly different place. Will you be ready? More Special Reports Premier 100 IT Leaders 2007 Best in Class2006 Computerworld Horizon Awards2006 Premier 100 IT Leaders2006 Salary Survey2007 Best Places to Work in IT2007 IT Forecast2007 Premier 100 IT Leaders40 Years of ComputerworldASPs, Take TwoBest Places to Work in IT 2003Best Places to Work in IT 2004Best Places to Work in IT 2005Best Places to Work in IT 2006Business Intelligence Home RunsBusiness Intelligence: Smarter BIBusiness Intelligence: The Future of BICRM Goes VerticalCRM: Sober CRMCareer Planning Guide 2005Careers: IT Profession 2010Computerworld Horizon Awards 2005Data Management: Mining for GemsData Management: Taming Data ChaosDevelopment: Hard-Workin' Web SitesDevelopment: New Tools New ChoicesDevelopment: The New World of Application DevelopmentDevelopment: The Web Services TsunamiDevelopment: Web Services HurdlesDisaster Recovery: Preparing for the WorstE-commerce Grows UpE-mail/Groupware: Big DecisionsFaces of Mobile ITForecast 2006Global MobileHardware: Multiple Cores, Multiple ChallengesHardware: On-Demand Un-HypedHardware: The Shape of Things to ComeHorizon Awards: 10 Cool Cutting Edge TechnologiesIT Management: Guide to Managing VendorsIT Management: Navigating Global ITIT Management: Recovery AheadIT Management: The Future of ITIT Management: The Resourceful Project ManagerInnovative Technology Awards 2004Management: Reinventing ITMicrosoft in TransitionMobile/Wireless Leaders and LaggardsMobile/Wireless: The Untethered WorkerMobile/Wireless: Tiny Gadgets, Huge CostsNetwork Management: Taking ControlNetworking: Turbulence Ahead!Networking: VoIP Goes MainstreamOperating Systems: In the Slow LaneOperating Systems: Linux Goes GlobalOperating Systems: Should You Nix Unix?Outsourcing: Offshore Buyer's GuideOutsourcing: Outsourcing DangersPremier 100 IT Leaders 2004 Best in ClassPremier 100 IT Leaders 2005 Best in ClassROI: Do the Math!Salary Survey 2003Salary Survey 2004Salary Survey 2005Security Action PlanSecurity: Compliance HeadachesSecurity: Proactive SecuritySecurity: Risk and RewardSecurity: Tips From Security ProsSouped-up SecurityStorage: Battling ComplexityStorage: Cheap & Secure Data StoresStorage: Stretching Your Storage DollarsStorage: The Lean Storage MachineStorage: The New Rules of StorageStorage: The Ultimate Backup GuideSupply Chain: Missing LinksSupply Chain: RFID Reality CheckThe Business of SecurityWeb 2.0 SecurityWireless: Wireless At Work All Zones Application Performance Zone Business Continuity Zone Data Center Management Zone Enterprise-Class Security Zone The File Data Management Zone Grid Computing on Windows Zone Security Management Zone ITIL Best Practices Zone The SAS Zone Storage Virtualization Zone Business Intelligence and Analytics Zone See your link here

Why SaaS is Vital to Email and Web Security Why SaaS is Vital to Email and Web Security Download this webcast, free, compilments of Webroot Software Go to the webcast  Managing Mobile Data with Endpoint Security for Laptops Download this white paper now, compliments of Computerworld and Absolute Software. (Source: Absolute Software) A NetworkWorld survey of IT professionals found that only 1 in 100 employees consistently follow data security policy. This paper outlines endpoint security for laptops that restricts data access beyond encryption to safeguard against insider threats and user error. Read this whitepaper to learn lessons from recent data breaches, limitations of traditional data security, and how to remotely wipe out data and monitor computers that go off the network. Download this executive briefing  Top 10 Reasons to Upgrade Get this white paper now! (Source: Symantec) Symantec Backup Exec 12 and Backup Exec System Recovery 8 deliver industry leading Windows data protection and system recovery. Download this whitepaper to find out the top reasons to upgrade and how to get continuous data protection and complete system recovery. Download this white paper  White Papers Read up on the latest ideas and technologies from companies that sell hardware, software and services. Deploying Virtualized NetWare on Linux Whitepaper Toward More Flexible, Next-Generation Collaboration Solutions Driving Business Success Through Workgroup Choice and Flexibility View more whitepapers

• Google gives away home-cooked Web application security scanner
• HP eyes move of support facilities out of Colorado Springs
• Microsoft trumpets security additions in upcoming IE8
• More top stories 

XenServer FREE trial Citrix XenServer is the simplest and most effective way to virtualize and provision servers. XenServer combines comprehensive server virtualization capabilities with unparalleled scalability, performance, economics, and ease-of-use. Based on the open source Xen hypervisor, XenServer delivers fast performance, easy management, and advanced features such as live migration. Request free trial now

Try Fluke Networks' EtherScope Analyzer on your network FREE Quickly solve the wide range of problems you encounter - 10, 100 and Gigabit, twisted pair and optical fiber, LAN or wireless LAN. The EtherScope Analyzer combines the essential tools you need to monitor network traffic and switch interfaces, discover devices, networks, VLANs, access points, mobile clients and more. See the power of this portable network analyzer on your network. Request free trial now *Terms and conditions: Evaluation units are available only for a limited time and will be scheduled on a first-come first-served basis. Not available in all geographies. Limited quantities available; customers requesting evaluation units may be waitlisted for the next available unit. It will be at the discretion of Fluke Networks to accept or decline requests for this free evaluation.