Basics of safe computing

From HelpDeskWiki

Table of contents

1 Introduction 2 Staying safe is easy 3 Safe computing in a nutshell 4 More detailed information

Introduction

The biggest computer security problem is that most people still don't realise that safe computing and surfing habits are much more important and effective than even the best antivirus and other security programs. In fact, most dangerous habits are of course only normal and are comparable to normal human activity in other sectors of society, in which people are however better protected by laws and their enforcement.

The main reason normal, sloppy habits become dangerous in using computers is because the most common operating system, Windows, has major design problems. These include programs providing Internet access that are more or less a part of the operating system (e.g. Internet Explorer, Outlook, Outlook Express, Windows Media Player) and the default habit of making users run their computers as administrators with full rights.

Even more incredible is that most users are not warned when buying a computer that they need to make regular copies ("backups") of all their private data on external drives or separate media (CD, DVD, USB flash drives, etc.). Users are not told that some or all of their data can at any moment become inaccessible or disappear due to hardware or software failure.

Staying safe is easy

Safe computing habits (see list below) are easily learned, and good programs would remind users each time they do something potentially dangerous. But the computer and software industries are still in their infancy, and more advanced manufacturers like Apple still have a hard time attracting normal users. One reason is that the authorities do not produce or enforce enough regulation (and do not hold manufacturers responsible for even major damages regularly suffered by very many users).

Common dangerous computer habits are often called "operator errors" by savvy users, but it's simply a sign of sloppy consumer protection, of essentially nonexistent control of the computer industry by the authorities, and of the primitiveness of the industry that users are not sufficiently warned when they do something potentially dangerous. Computers have simply not been around long enough to allow competition and regulation to produce equipment that is even remotely as safe as older household appliances.

This is why it can be an advantage to use an antivirus program like AVG that is only fairly good if the user knows it's only fairly good. (AVG gets rid of most but not even close to all known, older malware (malicious software including viruses), and automatically provides at most only one update per day.) If people realise they aren't protected as well as possible, it makes them cautious.

Even the best antivirus programs take a few hours to get updates sent out to all users. New malware can spread very far in even a few minutes, and programs with heuristics are only able to identify some malware without prior information (in an update). Using a better antivirus program than AVG usually gives people a false sense of security. In fact, the only real protection against malware is provided by applying basic safe computing methods such as in the following list (longer version below provides additional info).

Safe computing in a nutshell

• 0) Regularly back up (make backups = copies of) all important data (see Introduction!). (The verb is "back up" and the noun is "backup".)

• 1) Use only a safe browser and a safe email program that are not directly connected with the operating system, in other words, don't use Outlook Express, Outlook, or Internet Explorer or programs based on these. And get spam filtering that works (http://en.wikipedia.org/wiki/Stopping_e-mail_abuse#Statistical_content_filtering), based on statistics (Bayesian filtering), not fixed rules, because these destroy ham and don't find much spam.

• 2) Don't open any email attachment coming from someone you know unless it's announced in the email. But even this only eliminates malware automatically attached by infected computers, not malware embedded in "cool" or funny stuff that people send on purpose without knowing it's infected. Obviously don't open any attachments coming from strangers until you've corresponded with them enough to trust them at least a bit.

• 3) Even if you have a safe browser like Firefox or Opera, don't download anything from any website that has not been recommended by a trustworthy source or that you have not scrutinised carefully. Even computer-savvy people often first check what Wikipedia or some other reputable site says about any unknown website before downloading anything. Since most people are too lazy to do that and since many have trouble spotting even obviously shady websites, you may need to read what follows at #4 in the detailed list below.

• 4) Most browsers and good email programs have some phishing protection (tells you when a site is a clever imitation that is trying to steal personal information), but installing the Comodo Verification Engine (http://www.comodo.com/products/free_products.html) provides even more protection. In any case, never click on any link in any email unless you're very sure it's not spam or phishing email. Even if an email comes from what you are very sure is a legitimate source, don't click on any links if the email is not from a private person and especially not if it asks you to enter or verify personal data. Instead, always enter the address (URL) manually in your browser. But you can of course safely click on links in emails asking for registration confirmation if these emails arrived just after you registered on some website.

• 5) Use one good firewall, antivirus, and antispyware program each, and update them and your operating system regularly. Make sure both your antivirus and antispyware programs provide real-time protection (called "guard", "shield", "autoprotect", or "on-access scanning"). You should sometimes scan with a second antispyware program, but make sure only one antispyware program provides real-time protection (and turn this off while scanning with the other one).

• 6) Only some antivirus and antispyware programs are able to identify and especially remove most trojans, so you should regularly scan with a dedicated antitrojan program or at least one online antitrojan scan.

• 7) To make sure your antivirus and antispyware programs are not missing anything, you should sometimes run an online scan.

• 8) Be aware that some antimalware (especially antispyware) programs are made by crooks and either install their own malware or make a big fuss about harmless registry remnants of already deleted malware. For example, even Spyware Doctor is a big problem because it is an excellent program that simultaneously uses such scare tactics in what is apparently a deliberate scam (company does not respond to criticism sent by email). See Anti-spyware_software.

• 9) Install and run https://psi.secunia.com/ or regularly run http://secunia.com/software_inspector/

• 10) Install WinPatrol (http://www.winpatrol.com/download.html). As explained on that website: WinPatrol uses a heuristic behavioral approach to detecting attacks and violations of your computing environment. Traditional security programs scan your hard drive searching for previously identified threats. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. You'll be removing dangerous new programs while others prepare to update their definition/signiture data files.

More detailed information

0) Regularly back up (make backups = copies of) all important data (see Introduction!). (The verb is "back up" and the noun is "backup".)

1) Use only a safe browser and a safe email program that are not directly connected with the operating system, in other words, don't use Outlook Express, Outlook, or Internet Explorer or programs based on these.

And get spam filtering that works (http://en.wikipedia.org/wiki/Stopping_e-mail_abuse#Statistical_content_filtering), based on statistics (Bayesian filtering), not fixed rules, because these destroy ham and don't find much spam. The beginning (http://en.wikipedia.org/wiki/Anti-spam_techniques_%28e-mail%29) of that Wikipedia article also describes what to do to prevent getting spam in the first place.

2) Don't open any email attachment coming from someone you know unless it's announced in the email. But even this only eliminates malware automatically attached by infected computers, not malware embedded in "cool" or funny stuff that people send on purpose without knowing it's infected.

In any case, it's a good idea to wait at least one day before opening any attachment if it's not urgent (especially if it's forwarded) to give your antivirus and antispyware programs a chance to get an update for potentially new malware.

Obviously don't open any attachments coming from strangers until you've corresponded with them enough to trust them at least a bit.

3) Even if you have a safe browser like Firefox or Opera, don't download anything from any website that has not been recommended by a trustworthy source or that you have not scrutinised carefully. Even computer-savvy people often first check what Wikipedia or some other reputable site says about any unknown website before downloading anything. Since most people are too lazy to do that and since many have trouble spotting even obviously shady websites, you may need to read what follows here:

Gullible people have always been and will always be subject to fraud, but it helps a lot to remember that the Internet is part of real life and that anything that sounds too good to be true is just that. However, even safe browsers should warn even more clearly than they already do that they can only protect users against automatic drive-by downloads and that any download or installation that users manually allow can cause major financial and other loss.

Most people don't seem to realise that it's much easier and especially much less expensive to set up a good-looking website than even a barely decent-looking store in the real world. One can argue that some well-known big companies also rip off their customers, especially when they're monopolies, but small criminal outfits are much more aggressive and dangerous, and they can easily hide on the Internet. Most countries have not yet begun to apply basic laws to the Internet, and international cooperation in law enforcement is an even bigger joke in the Internet than it still is in more traditional arenas.

Generally speaking, it's a good idea to avoid websites that have more advertisement than actual content and to immediately leave if they ask you to install something to "view their site correctly" besides well-known plugins or programs like Java, Shockwave, Flash, PDF, RealMedia, QuickTime, Windows Media Player, etc. And then make sure you go to the manufacturer's own site to download these (check Wikipedia for example), not to a link to a perhaps rogue site.

Most importantly, if people finally realised that surfing with Internet Explorer to unknown sites is like walking down dangerous side streets and entering stores with offers too good to be true, they wouldn't use IE anymore. The only exceptions are well-known websites that require IE. These sites either require ActiveX (purposely not supported by Firefox and Opera because it's dangerous), or they don't look right in standards-compliant browsers like Firefox and Opera (because these sites are programmed in violation of the international W3C (http://validator.w3.org/) standards.

And die-hard IE users would at least not go to shady websites. Even Google results usually show enough to know not to click on the link. With a safe browser, it's like sending your robot there; you can use it to spy on the crooks, but you wouldn't make the robot bring any junk home from there...

4) Most browsers and good email programs have some phishing protection (tells you when a site is a clever imitation that is trying to steal personal information), but installing the Comodo Verification Engine (http://www.comodo.com/products/free_products.html) provides even more protection. In any case, never click on any link in any email unless you're very sure it's not spam or phishing email. Even if an email comes from what you are very sure is a legitimate source, don't click on any links if the email is not from a private person and especially not if it asks you to enter or verify personal data. Instead, always enter the address (URL) manually in your browser. But you can of course safely click on links in emails asking for registration confirmation if these emails arrived just after you registered on some website.

5) Use one good firewall, antivirus, and antispyware program each, and update them and your operating system regularly. Make sure both your antivirus and antispyware programs provide real-time protection (called "guard", "shield", "autoprotect", or "on-access scanning"). You should sometimes scan with a second antispyware program, but make sure only one antispyware program provides real-time protection (and turn this off while scanning with the other one).

Be aware that the best-known antivirus programs are from companies spending the most money for advertisement and for being preinstalled on computers, and some of these programs are not good and may even slow down your computer severely.

Some free antivirus programs like AntiVir PersonalEdition Classic (http://www.free-av.com) use very little system resources and have detection rates that are as high or higher than pay versions (often incorrectly called "paid" or "commercial") of programs by the same or other manufacturers. Many of these free versions don't provide email scanning, but you should consider turning this off anyhow in programs that provide it because it can cause serious problems and because it provides no real advantage.

You are not better protected by letting your antivirus program delete infected emails, but this can corrupt some or all of your emails. If your antivirus's real-time protection is on, it will not let you open infected attachments. Turning off email scanning has the extra advantage that important but infected emails are not deleted. Especially in company but also in private mail, one can lose very important mail sent by a user with an infected computer that attaches malware to perfectly legitimate messages.

Almost all antivirus programs have real-time protection, but many antispyware programs don't. Most users are not savvy enough to be protected sufficiently unless both their antivirus and antispyware programs are constantly actively analysing all files and folders opened by the user. There are only three antispyware programs with real-time protection: Comodo BOClean (http://www.comodo.com/boclean/CBO_download.html) This is not a scanner, so it should keep your computer clean, but you'll need to scan with a different program if your computer is already infested.

Spyware Terminator (http://www.spywareterminator.com)

Windows Defender (http://www.microsoft.com).

The free version of Sunbelt Personal Firewall (http://www.sunbelt-software.com) is excellent and easy to use, which is not true of most firewalls. The Comodo Firewall (http://www.comodo.com/products/free_products.html) is a bit more complicated, but perhaps provides more protection. Unfortunately, it continues to ask permission about Internet access for the same programs on some computers, often even asking illogical questions.

This (http://www.pcstats.com/articleview.cfm?articleid=1618&page=4) and this (http://www.outpostfirewall.com/forum/showthread.php?t=9992) site provide help in setting up and configuring a firewall. Make sure you test your firewall on one of the sites linked to there or here:

http://www.pcflank.com/

https://www.grc.com/x/ne.dll?bh0bkyd2

http://www.auditmypc.com/

http://www.testmyfirewall.com/firewall-test/

http://www.hackerwatch.org/probe/

6) Only some antivirus and antispyware programs are able to identify and especially remove most trojans, so you should regularly scan with a dedicated antitrojan program (for example the free version of A-squared http://download5.emsisoft.com/a2FreeSetup.exe) or at least one online antitrojan scan: http://www.emsisoft.com/en/software/ax/ http://www.windowsecurity.com/trojanscan/ http://www.pcflank.com/trojans_test1.htm (It's necessary and OK to use Internet Explorer on these safe sites.)

(It does not yet seem necessary to have an antitrojan program with real-time protection, and there apparently aren't any free ones yet.)

7) To make sure your antivirus and antispyware programs are not missing anything, you should sometimes run an online scan. The following are the best ones for all malware, but they produce more false positives (claim harmless files are dangerous) than the program versions "really" installed on computers and they don't find as many true positives. They can take very long, and they will not work correctly if you don't temporarily disable your current antivirus and antispyware programs. At the end of the list are sites where you can scan individual suspicious files.

It's necessary and OK to use Internet Explorer on these safe sites:

BitDefender (http://www.bitdefender.com/scan8/ie.html) seems to be the best online scan by far, and it also removes what it finds. (Be sure to read the warning and check the settings!) Kaspersky's (http://www.kaspersky.com/virusscanner) online scan often finds even more malware, but it does not remove anything; it "only" shows you what it found and where. http://support.f-secure.com/enu/home/ols.shtml finds less but sometimes things missed by the others.

Good for improving Internet performance and finding some spyware that other scans don't find: http://pcpitstop.com/pcpitstop/default.asp

This scan also works in Firefox but it produces at least one false positive (TSPY_AnalogXProxy), and Trend Micro has done nothing to fix it since May 2006 (http://forums.spywareinfo.com/index.php?s=f5997b625c586b0e1e247af30af912d8&showtopic=74883): http://www.trendsecure.com/portal/en-US/free_security_tools/housecall_free_scan.php

For scanning individual files:

http://www.virustotal.com/

http://virusscan.jotti.org/

http://www.kaspersky.com/scanforvirus

8) Be aware that some antimalware (especially antispyware) programs are made by crooks and either install their own malware or make a big fuss about harmless registry remnants of already deleted malware. For example, even Spyware Doctor is a big problem because it is an excellent program that simultaneously uses such scare tactics in what is apparently a deliberate scam (company does not respond to criticism sent by email). See Anti-spyware_software.

The authorities still do almost nothing to shut down websites offering rogue antimalware and engaging in other illegal activities. Even Google has taken a very long time before it even considered not showing sites offering known malware in its search results. Once consumers realise how they've been screwed for many years by big and small companies and more blatant crooks and due to the incompetence of the authorities, there may be a strong reaction...

9) Install and run https://psi.secunia.com/ or regularly run http://secunia.com/software_inspector/

10) Install WinPatrol (http://www.winpatrol.com/download.html). As explained on that website: WinPatrol uses a heuristic behavioral approach to detecting attacks and violations of your computing environment. Traditional security programs scan your hard drive searching for previously identified threats. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. You'll be removing dangerous new programs while others prepare to update their definition/signiture data files.

11) Many experts recommend making a separate administrator account and turning all accounts normally used by all users of a computer into limited accounts. This can prevent some malware from being installed automatically. Since program installation then however requires switching to the administrator account or temporarily turning a limited account into an administrator account, this is impractical and too difficult for most normal users. In addition, this does not prevent the main cause of computer infections, people actively but unknowingly installing programs infected with spyware and other malware because they didn't check if it's reputable and don't have up-to-date antivirus and antispyware programs with real-time protection.