"It's
the most simple, straightforward, useable guide to security for a home computer
that I've seen. LarryS3, Senior member of the Virtual Dr
Forum"
(c)
Vicente Aceituno 2003.
The aim of
this page is to protect in only one visit against fraud, viruses, intrusions and
catastrophes the personal use of home computers. This is not a step-by-step
guide, because if you don't know how to do it, you won't know how to keep it
either, so it wouldn't make any good in the long run. If you know of any Mickey
Mouse guides, email me and I will happily link to them.
The
expectations in a home environment are basically that no one can access the
computer files from Internet, the computer users can't access each other secret
files, the software installed is only the users' choosing, and not to be abused
because of our Internet use. Some users are concerned about the registry of
their data and personal habits too.
The habits
and measures proposed protect these expectations. We can clasify them in malware
protection, theft protection, intruder protection, privacy protection, disaster
protection and fraud protection. These measures are not for eveyone;
every user is the ultimate responsible for the measures and habits he will take
or not, depending on how valuable is the information he uses to him, and how
uncomfortable is the measure or habit. Use your common sense. For
example, maybe a skilled user with modem connection will prefer to use a
firewall. However, not to take the measures marked in black and grey can render
the rest of measures useless.
We will
assume:
- The
computer might be shared among members of the same family.
- None
of them is an IT technician.
-
Internet connection is modem, adsl or cable.
-
There are two main file type by size, "big ones" and "the rest". "Big ones"
are normally photos and movies.
-
Windows is the operating system.
- A CD
burner is available.
Every
suggestion has a different difficulty and results. Difficulty is evaluated as
High, Medium or Low. The results are qualified as Excellent, Very good or Good.
Code
Difficulty / Results
Protection Type
For
simplicity only one or two tools to check/solve every spot are cited. On-line
and free tools are cited whenever possible. If you feel there are better tools,
for comments and feedback, email me to: vaceituno@telefonica.net
To
use this page:
Check if
the advice applies to you.
Check if
you have the problem cited.
Ask
yourself: Am I going to do this from now on?
Use the
solutions provided. If you download freeware, please donate for development
efforts.
Install an
antivirus with automatic updates over Internet. You can check
for virus right now at
Panda . If
you know you have a virus perhaps you can remove it with
some
help. If you don't want to pay for
Panda, try
AVG or
F-Prot Antivirus for DOS.
Clean your computer if you have
spyware and adware
too. Don't use more than one antivirus, it will bring more
trouble than security.
M2
Medium / Excellent
Intruder protection
If you have
an ADSL/Cable connection, or you connect a laptop to a public
network, it is advisable to install a firewall.
ZoneAlarm
or Kerio
(more difficult to use) are two good options. Firewalls will
help us to control what programs can connect to Internet, and
what can connect to us. At
Sygate or
Shields up you
can check what can be seen of your computer from Internet. If
your IP address and browser version are visible, it's not big
deal. If shared folders are visible it IS big deal. Don't use
more than one firewall, it will bring more trouble than
security.
M3
Low / Excellent
Fraud protection
If you have a
Modem connection, ask your phone carrier to block your telephone
access to expensive prefixes. Some malicious programs try to
connect to those numbers.
M4
Low / Very good
Disaster Protection
Power the
computer and peripherals using one or two n-way sockets with a
switch. If electricity supply in our area is specially poor, the
n-way sockets should be
surge protected. Avoid
placing computers near heating devices and any fluid (like coffe)
containers near laptops.
M5
Low / Very good
Offensive Content Protection
Install some
content control program such as
Net Nanny, or configure Windows for content protection. If
the father can install it, probably the son can circumvent it,
thou.
M6
Low / Very good
Disaster Protection
Write
down or print the following information:
-
Customer care number of Internet access.
- Customer care number of your computer and
peripherals providers.
- Modem connection details.
- ADSL or cable connection details.
- POP3/IMAP mail details.
- Operating system, application, laptop and
peripherals serial numbers.
- BIOS' CMOS configuration (or save it with
cmos14).
To find out
if you have an administrative hidden Windows NT/2000/XP drive
share you can download and exec
this script. If the share is unavailable or disable you'll
get "Specified network name couldn't be found". To disable it
you can download and exec
this file and reboot. To enable it again, download and exec
this other file and reboot. If a firewall is up and running
this could be a redundant security measure.
Configure
applications for
automatic save to disk every ten or fifteen minutes. That
way if there's a power failure, you won't lose all your work.
C2
Low / Excellent
Intruder and Privacy protection
Configure the
browser to not to remember passwords. If someone checking on
what we've been doing with the computers is a concern, we can
shrink the applications "history".
C3
Medium / Excellent
Intruder Protection
Disable
disks or folder sharing whenever they are not being used.
Shared resources have an icon of a hand in them. Check with
this script what shared resources are "on" now.
C4
Low / Very good
Malware Protection
Configure
mail to text only, no HTML If you receive and send mail in
different fonts and colors you have HTML on. You can check the
security of your mail at
Windows Security.
C5
Low / Good
Disaster Protection
To create a
directory for very "big" files (normally photos and video) in a
separated directory of "My Documents" will make backup easier.
To check where your big files are use
JDiskReport.
Never execute
email attachements, unless verified with an antivirus to be
safe. Configure windows to
not to hide file extensions.
CR2
Medium / Excellent
Disaster Protection
Depending on
the filetype, the easiest backup copy is different:
- Save
normal files in a rewritable CD once in a while.
Write the date on the CD and store it safely. When not all
files will fit in a CD, backup copy becomes a lot more
complicated, so perhaps we will choose only the most often
used files o the files we have no copy of. Older rewritable
CD's can be overwritten.
- Save
big files, like photos and video on a normal CD once.
Write the date on the CD, and store it safely. As photo and
video files are kind of static, you will need only one or
two copies.
- Keep at
least one copy of all you software and drivers.
If you don't have the drivers any longer (like you inherited
the computer or something), search for
wdrvbck.exe to back them up.
If you don't
backup regurlaly, you should at least use the more reliable NTFS
filesystem instead of FAT. You can check the filesystem in the
properties window of the drive. To convert FAT32 to NTFS use the
"CONVERT <unidad> /fs:ntfs" command from the command line.
CR3
Medium / Excellent
Intruder protection
Don't send
confidential information using unecrypted e-mail. Keep
confidential information, like passwords, account numbers, etc,
on diskettes or CD only, never on the hard disk.
This is specially indicated when the computer is shared, or when
the computer goes for repair or maintenance by technical
service. The disk must be safely stored. If the disk is a
diskette it should be changed once in a while. When discarded
these disks should be destroyed.
CR4
Medium / Excellent
Fraud protection
As not
everything we read in Internet is true, it's healthy to be a
little skeptical. We must
be specially careful with economic and medical information. The
sites of medical information that adhere to this
code of conduct
deserve much more confidence than those that don't. To
prevent being deceived, is good to remember some carachteristics
common in chained e-mails and spam:
- They
ask you to be sent to everyone you know. Sometimes they
resort to threats or emotional blackmail.
- They
alert on dangers like virus, food poisoning, product
defects, lost children, etc. Sometimes they justify the
impossibility to verify the supposed defect, as "Antivirus
won't detect it", or "The government wants to keep it
secret".
E-mails
in which it is requested to add our name at the bottom by
some noble cause are totally ineffective, because they are
too easy to forge and therefore they are not accepted for
vindication. News of manufacturers who give products away
are normally false, neither there are governmental companies
nor organizations that use chained e-mail as communication
device. If a chained mail claims to come from Hotmail,
Microsoft, Nokia, or the Police, it is undoubtfully false.
If in doubt, we can verify at
hoaxbusters if
there is information about a specific e-mail.
When making
friends online, werther it's a date or not, follow this
safety tips.
CR5
Medium / Excellent
Intruder protection
Format (not
Fast Format) the hard disk when we giving away or selling the
computer to someone you don't trust totally. If it is a concern
that some information from the hard disk could be recovered, use
Eraser or a similar
program. To delete everything, including operating systema and
applications, use Darik's
Boot and Nuke.
CR6
High / Excellent
Intruder protection
Email
accounts are used as IDs in many websites. Use a mail account to
subscribe to e-mail lists and free services. Use another one for
personal mail and paid-for services. The passwords of both
accounts must be totally different, as if you use the same and
subscribe, let's say to a newspaper, perhaps the newspapers'
technicians can read your mail. These passwords should be
"good", this is:
- Long
enough, eight characters at least.
- It
shouldn't have an obvious relation to current events, nor
your environment, our family, tastes, or professional
terminology.
- It
shouldn't belong to any dictionary in any language. This is
easy to achieve duplicating or deleting characters. For
example "elephhant" instead of "elephant".
Perfect
passwords have non lower case letters, like capital letters or
numbers in the middle of a word. We can generate one of these
passwords with the help of
this page. In
order to see how good your passwords are test them
here.
Changing your
passwords is a time consuming process. Change you passwords
whenever you feel they have been compromised, or when they
become too old. You should never write a password, but if you
really really have to do it, follow the CR4 (above). There is no
software yet for using
inkblots.
CR7
Low / Very good
Intruder protection
When we use a
public computer, like at an university or cybercafe, we must
connect using a safe option when writing passwords.
- If
the link reads https insted of http, we
are in a "safe" page.
-
Disable any option of being "remembered" in web pages.
-
It's better to "logout" instead of closing the browser
window.
CR8
Low / Very good
Disaster, Intruder and Malware Protection
Keep the
system up to date using
Windows Update.
To find out if there are driver updates for your computer try
DriversHQ. Update your
BIOS only if you have stability or compatibility problems.
CR9
Low / Very good
Disaster Protection
When we are
going to be abroad for a long time, or when there is an
electrical storm, unplug the computer and the peripherals. If we
have multiple way plugs, it's enough to switch those off.
CR10
Low / Excellent
Privacy Protection
When filling
forms online, fill with true info only the fields that are
really necessary for providing the service. Whenever possible,
use ficticial values instead of the real ones.
When mailing
many people at once copy them in "bcc" (hidden copy) instead of
"cc" (copy) or "To".
Use a
padlock or an alarm when using it in places of public
access. Alarms work everywhere, padlocks need something to
attach the laptop to.
MP2
Low / Excellent
Intruder protection
If we are
going to leave the laptop alone in a public place set a
screensaver with password and disable infrared connections.
MP3
Low / Very good
Theft Protection
Write down
the serial number, to identify and claim the laptop in the case
of theft.
MP4
Low / Good
Theft Protection
Label it
clearly and permanently as your property. In some BIOS you can
record your name so it will be shown in the screen while the
computer boots too.
MP5
Low / Good
Theft Protection
Set a
boot password (not a setup password) in BIOS setup.
When the machine boots, you will normally get a prompt saying
what key to press to go into BIOS setup. Otherwise, check
here
for tips.
In the
case of a catastrophe in a home environment, instead trying to recover the
system it is better to recover the data and reinstall. The described process
will recover data, not the system. Skip the non-pertinent steps, but for the
first.
Disaster Recovery
1- First and
Foremost, don't get nervous. Read slow and carefully this line 2
to 10 times.
2- If the
computer is on, leave it on. If it's off leave it off.
3- Check
in other computer if there is a good enough
copy of the file like:
- A
recent backup copy.
- In the
outbound tray of Web Mail, or perhaps somenone we mailed a
copy to.
4a- Case "a":
The application is configured to save to disk automatically.
Most applications will open the last opened filed but for:
- We
deleted the file accidently. Go to the recicling bin and
recover it.
- We have
ovewritten a valid file by mistake, or deleted a file from
the recicling bin by mistake. If your filesystem is NTFS you
can try to recover it
here
using Internet Explorer.
If the file hasn't been recovered yet, switch off the
computer and follow this procedure to carry on trying to
recover info:
-
Extract the hard disk.
-
Connect it as a seconday disk in a working computer.
-
Boot the computer in safe mode (press F8 on boot). If
failing to do this it is likely that data will be
written in the disk. The computer we use to recover data
could be damaged too.
-
Check the disk for virus. The presence of a virus
doesn't need to be the cause for the data loss.
If
you can't do this, build a
rescue disk in a different computer and boot yours
from the floppy.
4b- Case"b":
Perhaps there is a remain of the information among the temporary
files despite of:
- The
recovery from backup copy has failed. (point 4a).
- The
application can't save to disk periodically, or we didn't
configure it.
- There
was a power failure for any reason (like blackouts).
- We
exited an application without saving.
- The
computer "crashed".
We can
search the temporary files for a similar size and date to
the work we were doing. If we find one:
-
Copy the file to the computer we are using for recovery.
-
Change the extension and try to open it.
4c- Case "c":
Rest of casuistics, included:
-
Temporay files are not related to the data we lost (point
4b).
- The
file is lost as a result of using utilities such as Scandisk
or disk manipulation such as PartitionMagic. Try to recover
it with free tools like
Grenier's (partition recovery) or
R-Tools (file recovery). If this doesn't work and the
information is valuable enough, we can try tools like
this.
- Disk
failure. We can only recurr to expensive solutions offered
by companies like this
and this.
5a- In any
case, perhaps when opening the file this is corrupted. To fix it
there are repair tools like
EasyRecovery FileRepair and
Recoveronix.
5b- If the
file is encrypted and the password is lost we can try to recover
the content with software found at
here or
here.
6- Reinstall
shoulnd't be difficult if we have a copy of all our software and
drivers. If some drivers are missing to find out what hardware
is in the computer you can use
AIDA.
Look for the missing drivers at the maker's website or Google.
Use a tool
like Cleanup once
in a while to eliminate temporary files and all traces or your
Internet navigation and computer use. Using
TweakUI
you can configure the cleaning of files history.
For the
specially paranoid, use a tool like
Eraser to guarantee
information erasure.
MA4
Medium / Excellent
Privacy Protection
If somebody
obtaining data from hard disk is a concern we can use tools like
Drivecrypt to prevent
it, or the older,
free version.
PGPDisk is good too.
MA5
Medium / Excellent
Privacy Protection
Use
navigation, instant messaging and mail privacy services, like
JAP,
Anonymizer or
IM Secure
or Secure AIM / ICQ.
Here you can check
what can be seen of you Internet browsing.
MA6
Medium / Excellent
Disaster Protection
If there are
two computers at home, have every computer to hold a copy of the
others' data.
Synchromagic can help. Obviously you will have to use shared
folders for this.
MA7
Medium / Very good
Intruders Protection
If we have a
router for Internet connection and we want to prevent our ISP's
technicians to access it, we can:
- Change
the admin's password.
- Keep a
backup copy of the router's configuration.
Install a
browser different from Explorer, like
Mozilla. Configure it to
block pop-ups. More on details on this issue
here.
MA10
High / Excellent
Privacy Protection
Configure our
mail client to send and to receive encrypted mail.
Hushmail provides
web-based encrypted mail.
MA11
High / Excellent
Disaster protection.
Use
Cobian Backup
to backup both data and system files. Test how to
restore files.
MA12
High / Very good
Intruders Protection
Review the
security option of the browser getting a balance between
security and usability. If your browser is Explorer
here
you can verify the effect of your configuration in the behavior
of ActiveX. In
this
page you can check the current options of your browser.
Use an open
source operating system like Linux or
OpenBSD, and to follow the
equivalent recommendations for those systems. Or get a Mac.
MA15
High / Good
Disaster Protection
Use
Yahoo Briefcase or
similar services as an alternative media for backup of non
confidential information.
MA16
High / Good
Disaster Protection
If a
catastrophe happens, FATxx is easier to recover than NTFS, but
NTFS is more reliable. We could use FATxx in C:, bearing
operating system and applications, whereas D: with our data can
have NTFS.
MA17
Low / Very Good
Disaster Protection
To guarantee
access to our data even if the computer won't boot, is good to
have bootdisks, like
these.
Knoppix is a great way to
do the same.
or 
or 
