Basic security guidelines for your Windows system
Your browser, no matter if you’re using Firefox, Chrome, IE6/7/8, Opera, or whatever browser is a huge, gaping security hole. Each browser has a set of ways to make it more secure and people will have vastly differing opinions on such. However, there are a few general guidelines that will plug up your browser’s security hole a great deal of the time. Since I only use FireFox, I’ll be linking FireFox extensions. Use Google to find similar add-ons for your browser.
HOSTS file – the HOSTS file is your computer’s first line of defense on resolving addresses before they’re even loaded in your browser. Simply adding a malicious site to your HOSTS file and directing it to your local loopback address (127.0.0.1) will preemptively keep that site from ever seeing the light of your screen. The address will simply not resolve thus preventing anything malicious form that site entering your computer. Thankfully, there are diligent people out there chronicling malicious websites and adding them to a freely available modified HOSTS file.
http://www.mvps.org/winhelp2002/hosts.htm - Go here and follow the directions specific to your OS version.
Adobe Flash – pretty much the biggest security hole on the entirety of the Internet. Keep it updated. If you are using Firefox, get an addon called “FlashBlock” as it blocks Flash-based files from loading unless you hit a little button where it is on the page. These days there are a huge amount of ads that are Flash-based and it is super simple to have malicious code injected into them. Most other browsers (minus IE6/7) should have either an add-on to get this functionality or a built-in option for it.
http://get.adobe.com/flashplayer/?promoid=BUIGP
https://addons.mozilla.org/en-US/firefox/addon/433
Javascript – JavaScript is nearly as bad as Flash when it comes to security vulnerabilities. Most browsers these days have an option to disable JavaScript entirely. Sadly, it’s an all or nothing option, usually. NoScript for FireFox allows you to selectively block and allow scripts to run on pages and even add sites to a white list to always allow scripts to be run.
https://addons.mozilla.org/en-US/firefox/addon/722
Ads – many ads today are susceptible to code injection, thus corrupting them with malware and hitting any user that loads that ad. This is very prevalent in Flash ads. What the HOSTS file doesn’t catch, an ad-blocker will. Now, ads do generate money for a lot of sites out there based on loads and clicks so being fairly ethical about what you block is a good idea. Sites that you frequent and know to be safe would be a good place to add to your white list. Most browsers have some sort of add-on that does comprehensive ad-blocking or have the feature built-in.
FireFox: https://addons.mozilla.org/en-US/firefox/addon/1865
Chrome: https://chrome.google.com/extensions/detail/gighmmpiobklfepjocnamgkkbiglidom
IE8: http://www.ghacks.net/2009/04/08/internet-explorer-8-ad-blocking/
http://adblockie.codeplex.com/
Opera: http://my.opera.com/Tamil/blog/ad-block
Anti-virus – this is probably the trickiest one to quantify as people have glaringly large opinions on which one is the best. Personally, I’ve always had bad luck with the expensive security software suites. They either bog your machine down too much or don’t offer enough protection. So, I’ll list off my top choices for free, top-rated anti-virus solutions that often work better than the licensed software.
Avira AntiVir: has a very high detection rate. The free version is anti-virus only. It is lightweight, fast, and very effective on keeping threats out. However, it has been known to throw out false positives at times. It is anti-virus, anti-malware, and anti-spyware. It’s free for life on a non-commercial license. The full security suite is much the same and worth the price if you want a full security suite.
http://free-av.com/en/trialpay_download/1/avira_antivir_personal__free_antivirus.html
Avast!: has a very high rate of detection, works well, and is fairly robust for a free anti-virus. My only complaint about it is that is has a lot of bloat to it and is often slow. The audio alerts are also fairly annoying at times but easily disabled. It, too, is worth the price of the full security suite but still suffers from the bloat and resource hogging.
http://www.avast.com/free-antivirus-download
Microsoft Security Essentials: this one has gotten better and better since launch not too long ago. It’s fast, very lightweight, anti-malware, anti-spyware, augments and bolsters the Windows Firewall in XP/Vista/7 to a respectable firewall, and is all around a very good piece of software. I would highly recommend this to anyone who wants a fast, lightweight all-in-one solution that won’t bog down your computer like others.
http://www.microsoft.com/security_essentials/
AVG: this one used to be a good set but has gotten progressively worse the last couple of years. It’s better than having nothing but the above solutions are much better at the same jobs. It’s also gained a lot of bloat in the last couple of years as well.
http://free.avg.com/us-en/homepage
Anti-spyware/malware/adware – sometimes, the scanners above miss threats and having another line a security helps. Like anti-virus solutions, there’s a bunch out there and people have differing opinions on which is the best. I’ll offer up my top choices – most are free.
Spybot Search & Destroy: probably the highest rated anti-spyware/malware/adware piece of software out there that’s the right price.
http://www.safer-networking.org/en/download/index.html
Malwarebytes: also a highly rated anti-spyware/malware/adware piece of software. The free version is fairly crippled in functionality, though. The full version is pretty damn good though.
http://www.malwarebytes.org/
Windows Updates – these come out at least once a month on the second Tuesday (a.k.a. Patch Tuesday http://en.wikipedia.org/wiki/Patch_Tuesday). It’s generally a good idea to pull in the latest updates. I suggest adding Microsoft Update to your system as well so that your other MS products (if you use Office or Visual Studio or anything MS) will stay updated as well. I have mine set to automatically download but notify me about installation since I like to evaluate the updates beforehand. If you’re interested in looking up the update info, I’d recommend this as well. If not, just set to automatic install. Checking the “optional” updates is also handy at times for driver updates (I prefer going to the hardware manufacturer directly) or non-critical system updates.
HOSTS file – the HOSTS file is your computer’s first line of defense on resolving addresses before they’re even loaded in your browser. Simply adding a malicious site to your HOSTS file and directing it to your local loopback address (127.0.0.1) will preemptively keep that site from ever seeing the light of your screen. The address will simply not resolve thus preventing anything malicious form that site entering your computer. Thankfully, there are diligent people out there chronicling malicious websites and adding them to a freely available modified HOSTS file.
http://www.mvps.org/winhelp2002/hosts.htm - Go here and follow the directions specific to your OS version.
Adobe Flash – pretty much the biggest security hole on the entirety of the Internet. Keep it updated. If you are using Firefox, get an addon called “FlashBlock” as it blocks Flash-based files from loading unless you hit a little button where it is on the page. These days there are a huge amount of ads that are Flash-based and it is super simple to have malicious code injected into them. Most other browsers (minus IE6/7) should have either an add-on to get this functionality or a built-in option for it.
http://get.adobe.com/flashplayer/?promoid=BUIGP
https://addons.mozilla.org/en-US/firefox/addon/433
Javascript – JavaScript is nearly as bad as Flash when it comes to security vulnerabilities. Most browsers these days have an option to disable JavaScript entirely. Sadly, it’s an all or nothing option, usually. NoScript for FireFox allows you to selectively block and allow scripts to run on pages and even add sites to a white list to always allow scripts to be run.
https://addons.mozilla.org/en-US/firefox/addon/722
Ads – many ads today are susceptible to code injection, thus corrupting them with malware and hitting any user that loads that ad. This is very prevalent in Flash ads. What the HOSTS file doesn’t catch, an ad-blocker will. Now, ads do generate money for a lot of sites out there based on loads and clicks so being fairly ethical about what you block is a good idea. Sites that you frequent and know to be safe would be a good place to add to your white list. Most browsers have some sort of add-on that does comprehensive ad-blocking or have the feature built-in.
FireFox: https://addons.mozilla.org/en-US/firefox/addon/1865
Chrome: https://chrome.google.com/extensions/detail/gighmmpiobklfepjocnamgkkbiglidom
IE8: http://www.ghacks.net/2009/04/08/internet-explorer-8-ad-blocking/
http://adblockie.codeplex.com/
Opera: http://my.opera.com/Tamil/blog/ad-block
Anti-virus – this is probably the trickiest one to quantify as people have glaringly large opinions on which one is the best. Personally, I’ve always had bad luck with the expensive security software suites. They either bog your machine down too much or don’t offer enough protection. So, I’ll list off my top choices for free, top-rated anti-virus solutions that often work better than the licensed software.
Avira AntiVir: has a very high detection rate. The free version is anti-virus only. It is lightweight, fast, and very effective on keeping threats out. However, it has been known to throw out false positives at times. It is anti-virus, anti-malware, and anti-spyware. It’s free for life on a non-commercial license. The full security suite is much the same and worth the price if you want a full security suite.
http://free-av.com/en/trialpay_download/1/avira_antivir_personal__free_antivirus.html
Avast!: has a very high rate of detection, works well, and is fairly robust for a free anti-virus. My only complaint about it is that is has a lot of bloat to it and is often slow. The audio alerts are also fairly annoying at times but easily disabled. It, too, is worth the price of the full security suite but still suffers from the bloat and resource hogging.
http://www.avast.com/free-antivirus-download
Microsoft Security Essentials: this one has gotten better and better since launch not too long ago. It’s fast, very lightweight, anti-malware, anti-spyware, augments and bolsters the Windows Firewall in XP/Vista/7 to a respectable firewall, and is all around a very good piece of software. I would highly recommend this to anyone who wants a fast, lightweight all-in-one solution that won’t bog down your computer like others.
http://www.microsoft.com/security_essentials/
AVG: this one used to be a good set but has gotten progressively worse the last couple of years. It’s better than having nothing but the above solutions are much better at the same jobs. It’s also gained a lot of bloat in the last couple of years as well.
http://free.avg.com/us-en/homepage
Anti-spyware/malware/adware – sometimes, the scanners above miss threats and having another line a security helps. Like anti-virus solutions, there’s a bunch out there and people have differing opinions on which is the best. I’ll offer up my top choices – most are free.
Spybot Search & Destroy: probably the highest rated anti-spyware/malware/adware piece of software out there that’s the right price.
http://www.safer-networking.org/en/download/index.html
Malwarebytes: also a highly rated anti-spyware/malware/adware piece of software. The free version is fairly crippled in functionality, though. The full version is pretty damn good though.
http://www.malwarebytes.org/
Windows Updates – these come out at least once a month on the second Tuesday (a.k.a. Patch Tuesday http://en.wikipedia.org/wiki/Patch_Tuesday). It’s generally a good idea to pull in the latest updates. I suggest adding Microsoft Update to your system as well so that your other MS products (if you use Office or Visual Studio or anything MS) will stay updated as well. I have mine set to automatically download but notify me about installation since I like to evaluate the updates beforehand. If you’re interested in looking up the update info, I’d recommend this as well. If not, just set to automatic install. Checking the “optional” updates is also handy at times for driver updates (I prefer going to the hardware manufacturer directly) or non-critical system updates.
