Saturday, June 18, 2005

Security Tips

The more prominent and irreplaceable computers become in our lives, the more the bad guys seek to compromise PCs and networks for their own nefarious purposes. Don't be a chump; learn how to protect yourself from hackers who want to control your system, steal your data or identity, or simply take you down for the fun of it.

Carry a Big Stick

Lest anyone come away from this story with the idea that you can be safe without a panoply of security products, we'll take this opportunity to remind you: Every PC needs effective and up-to-date antivirus, personal firewall, antispyware, and antispam. You'll find our latest reviews of these security utilities, alone and bundled into suites, plus loads more tips for keeping your computing on the safe side, at .

Give Windows Firewall Its Moment in the Sun

One of the first things you'll want to do with a new system is download updates to the operating system and applications, activate any security software that came with your system, and install any security software that didn't.

Hold on. To do most of this, you'll have to get online—sans adequate security. Windows XP does come with a personal firewall, although it does only half the job. Still, before you even plug in the cable that will connect your PC to the Internet, go to the Control Panel, double-click on Windows Firewall, and switch it on. Later, when you've got a full personal firewall installed and updated—along with the rest of the security canon—you'll want to disable the Windows one and simply use the Security Center to confirm that your security apps are functional and up to date.

Update Automatically

Reading about a new virus outbreak or Windows security hole every few weeks—or every few days, at times—is worrying. Keeping the operating system patched with the latest security fixes is critical. During setup of Windows XP Service Pack 2, either with a new machine or an update, you're asked whether to turn on automatic updating. If you spazzed and clicked No, find the option in Windows Security Center and make the change

Toughen Passwords

We've said it before, and we're gonna just keep on saying it: Any word in the dictionary is not a strong password, no matter how many syllables it has. A password should consist of at least eight characters, including letters, numbers, and symbols. We urge you to check out our story on password crackers (—these clever little programs aren't getting any slower. You may also want to consider long, easy-to-remember passphrases instead—see for more on this.

Lock Your Windows

Get in the habit of locking your system before you walk away. It couldn't be easier: Just press the Windows key plus the L key and the system will immediately lock, requiring your log-on password (or an administrator's) to function again.

If your keyboard is missing the Windows key (IBM PCs, for example, lack them), pressing Ctrl-Alt-Del, then Enter, will accomplish the same (although some will hit a snag here; for more details, see this User to User tip).

Use Wpa for Wireless Network Security—Or Make the Best of Wep

We recommend using WPA-ready wireless equipment, but many of us are stuck with WEP-only wireless cards or access points. Neither security protocol is particularly intuitive to set up, but if you leave your wireless connection unsecured, the very least you can expect is a hitchhiker or two on your connection.

We've put together a comprehensive guide to setting up a WPA-encrypted connection; you'll find it at .

Windows security center

For those using WEP—which isn't weak, exactly, although it can be broken—make the best of it. As sure as any lock can be picked, someone who's determined enough will get through WEP encryption. But most people aren't determined. You want to bolster your WEP connection with as many of the following steps as your hardware will allow:

  • Make sure the firmware is up to date with the latest security patches, which should be downloadable from the manufacturer's Web site.
  • Set the WEP to the highest level of encryption that both the access point and the wireless card(s) will allow.
  • Define the MAC addresses allowed: Go to each machine you want to allow on your wireless network, open a command prompt, and type ipconfig /all. Copy down the physical addresses, then use the access point's configuration options to limit connection to only these addresses.
  • Never use the default SSID, administrator password, or WEP key, and set all of these using criteria for tough passwords ("Password Dos and Don'ts," ).
  • Disable SSID broadcasting.

  • Be Spyware-Aware

    Spyware is like the common cold. You didn't do anything risky—it seems as if you must've gotten it by touching a doorknob or something similarly innocuous. Your system starts to drag a little, and then a lot… and then things start getting weird, with loads of pop-ups, maybe a changed browser home page. Of course, your immune system will wipe out your cold eventually, whereas spyware tends to get worse and worse, often inviting its spyware buddies to little parasite parties on your system.

    So, how do you pick up spyware? About as easily as a cold—all you have to do is browse the Web for a while. Not all freeware is really free—in some cases, you pay by getting spyware along with it. If you use a peer-to-peer file-sharing program, you almost certainly have spyware, either directly bundled with the sharing program or from an infected fellow file sharer.

    There are steps you can take to minimize your risks, but we recommend purchasing a good antispyware utility and keeping it up to date (for reviews of antispyware utilities, visit ) and following safe computing practices:

  • Don't take candy from strangers: If you didn't specifically request a download, don't click on the OK button to tell your browser that you want the download.
  • If it's spam, don't click: It won't enhance your love life or your hairline, but it may load malicious code on your system.
  • Don't invite anyone in: Set Internet Explorer to prompt you when sites attempt to push ActiveX controls onto your machine—and to reject unsigned ActiveX controls automatically (Tools | Internet Options | Security | Custom Settings).
  • Don't give it all up: If you must use a file-sharing app, at least set it not to share your entire hard drive. In fact, consider keeping any files you might want to share in one specific folder, and then setting the app to share only that folder. At the very least, exclude all system folders (anything within C:\Windows) from sharing.
  • No comments: