Bueno, ya que sigo sin Internet sólo puedo hacer pequeños aportes

OS explicar que es Secunia…

Secunia is a Danish computer security service provider best known for tracking vulnerabilities in more than 12,400 pieces of software and operating systems.

Numbers of “unpatched” vulnerabilities in popular applications are frequently quoted in software comparisons.

Secunia also tracks currently active computer viruses. Secunia has gained publicity and a notable reputation with the discovery of major zero day attack vulnerabilities in Internet Explorer and other widely used programs

En español quiere deciar algo así:

Secunia es un programa danés de seguridad proveedor de equipo de servicio más conocido para el seguimiento de las vulnerabilidades en más de 12.400 piezas de software y sistemas operativos.

Número de “vulnerabilidad” en las vulnerabilidades de las aplicaciones más populares se citan con frecuencia en las comparaciones de software.

Secunia también rastrea los virus informáticos actualmente activo. Secunia has gained publicity and a notable reputation with the discovery of major zero day attack vulnerabilities in Internet Explorer and other widely used programs. [ 1 ] Secunia ha ganado la publicidad y una notable reputación con el descubrimiento de importantes cero vulnerabilidades de ataque de día en Internet Explorer y otros programas

El programa lo podeis descargar desde aqui:

Descargar Secunia

Nos podemos encontrar una pantalla como esta:

Lo descargamos y a la hora d hacerlo nos dará escoger una opción:

Nosotros elegiremos el uso personal ya que será para uso personal.

Lo instalamos  y nos pesdirá si queremos iniciarlo..

Iniciamos el programa, el cual, hará falta una conexión a Internet

Ahora se iniciará el programa

Ahora nos dará la bienvenida al programa

Luego después de eso, veremos de manera si,ple como se está realizando el escaneo a tu pc.

Si le damos a la esquina podemos ir al modo avanzado.

Una vez acabado el escaneo nos mostrará un resumen.

Aqui podemos ver las aplicaciones que hay para descargar.

Y si le damos a la flechita de descargar nos descargará la aplicación que necesitamos.

Hasta aquí la versión de uso personal.

Mam wam do zaprezentowania ciekawy programik dotyczący bezpieczeństwa w sieci. Sprawdza on skuteczność zabezpieczeń naszego komputera i jego podatność na potencjalne ataki hakerów i crackerów Naprawdę świetny soft godny polecenia osobom ceniącym sobie bezpieczeństwo.

Download

Szacun

Spalding

Are users who download from Adobe official site being duped?:

‘The Register covers security firm Secunia [0]calling out Adobe for its insecure distribution practices with regard to Adobe Reader. (Here is [1]Secunia’s note.) The accusation is that the way Adobe provides Reader extends the software’s window of vulnerability once an exploit has begun to circulate. Version 9.1 of Reader, which is what you get when you visit the official download site, contains 10 vulnerabilities that were patched by later releases. “Adobe Systems has been taken to task for offering outdated software on its downloads page that contains dozens of security vulnerabilities, several of which are already being exploited in the wild… Visitors who obtain Adobe Reader from the company’s official downloads page will find that it installs version 9.1 of the program on their computers, even though the most recent version was 9.1.2 at time of writing. That could put users at considerable peril given the number of vulnerabilities fixed in the two iterations that have come since 9.1, complains Secunia…”‘ posted by kdawson on Slashdot

Nu när jag nyligen börjat köra Windows XP på arbetsdatorn (från att ha kört OSX dom senaste åren) har man fått börja vänja sig Windows-miljön igen.

Ett program jag stötte på för ett tag sedan var  PSI från det danska välrenommerade säkerhetsföretaget Secunia. PSI körs i bakgrunden (finns en liten ikon nere vid klockan) och skannar installerade program, kollar mot Secunias databas över säkerhetsbrister och meddelar med små ballong-popups om något skulle vara på tok.

Kanske inget program för alla men om man är mån om säkerheten och kanske inte följer alla bloggar och säkerhets-feeds aktivt kan PSI vara ett bra alternativ.

PSI - Skärmdump

You’ve almost certainly already got Internet security and firewall software installed – these are obviously key to keeping safe when using the Internet. However, software which you use is also likely to contain weaknesses which are discovered and then patched by the company. These weaknesses could potentially put your computer at risk – so it’s best to avoid them. However, it’s not always easy to check whether your software needs updating. Much of it probably won’t alert you, or might only very occasionally run a check. That’s where Secunia Personal Software Inspector comes along to rescue you.

Secunia PSI will let you know of any security issues with software, and help you to easily fix them by updating or downloading patches.

The name is a bit of a mouthful, and my weary hands and addled mind do not want to keep repeating it; so I’ll be likely to refer to it as PSI at times here. The file size is very small – the download coming it at about 530 kb. Once you’ve installed the software and opened it, a window will pop up, which, after loading, will allow you to run a scan of your computer. During the scan PSI is sifting through all your software and checking them against its database. This database contains the versions of software, and the security issues related to them. Be patient during this phase. After scanning, it’ll then let you know if it’s found anything that needs sorting out.

It will list the software name and version; the threat rating; a link to a patch or update download; and a link to a forum for the issue. Clicking on the threat rating, which appears as a bar with a number of coloured squares within, will take you to a Secunia webpage with more information about the issue and its severity. You can click the arrow underneath the ‘Solution’ column to download patches or updates to fix the issues which it found. If you’d rather not take this route, you could manually download a newer version of the software which it’s getting upset about. Once the issues have been fixed, PSI should automagically realise this and remove it from the list. If not, simply scanning again will give it the nudge which it needs to appreciate your efforts.

There’s also the option to view the advanced interface. This looks a little bit deeper, but makes things more confusing. For example, when changing to advanced mode PSI picks up around ten threats on my desktop; but these are all from software which is more hidden away in windows folders; or the remnants of updated software, rather than installed and used applications. The advanced mode also provides links to the folders containing the software with which it finds issues, which will allow you to have a wander around and decide whether you’re willing to tamper with it or not. For most users I’d suggest not changing to advanced, as simple mode seems to provide all the functionality needed.

Secunia PSI will continue to run in the system tray even when you’re not using it. It will keep an eye out for software updates and security patches. If you install a new application it’ll check it against its database to see if there are any known security issues, and will then advise you as to updates and patches. Similarly, if issues arise with software you are running, it will diligently alert you to this, too. You can also go back and run a full scan as often as you wish – just to make sure everything’s up-to-date and secure.

Overall, a rather spiffing bit of kit. Once the first scan and update is completed, you’ll have very little else to do other than follow the updates as and when PSI lets you know about newly discovered security issues. You can download it from www.secunia.com/vulnerability_scanning/personal.

Untuk menjaga keamanan aplikasi-aplikasi yang terinstall di komputer kita ada baiknya apabila kita selalu meng-update patches atau menginstall versi terbaru dari aplikasi-aplikasi yang kita gunakan. Secunia, computer security service provider dari denmark yang didirikan oleh Niels Henrik Rasmussen dan Thomas Kristensen, membuat sebuah aplikasi gratis (untuk penggunaan personal) yang membantu kita untuk men-scan&udpate dari masing2 aplikasi yang terinstall di komputer kita. Selain untuk meng-update aplikasi yang ada, secunia juga bisa untuk men-scan virus. Adapun produk yang dikembangkan oleh mereka adalah:
-Enterprise Security Manager
-Vulnerability Tracking Service
-Surveillance Scanner
-Network Software Inspector
-Personal Software Inspector
-Online Software Inspector

Beikut fitur utama secunia-PSI:
-Scan, melakukan scan terhadap program-program yang ada di komputer
-Insecure Program, memberikan informasi program yang “kurang aman” dan memberikan informasi link download program terbaru atau solusinya, add/remove program, referensi online, detail dan sebagainya.
-End of Life, memberikan informasi program yang tidak di support lagi oleh vendor pembuatnya. Disertai link download versi terbaru atau untuk uninstall.
-Patched, memberikan informasi program yang dideteksi, tetapi diketahui tidak mempunyai update security (jadi mungkin tidak memerlukan perhatian yang lebih)
-Overview, memberikan informasi (gambaran umum) kondisi komputer setelah di scan.

Di ZDNet, Secunia PSI masuk daftar 10 besar Essential security tools, dan berada di urutan pertama dalam kategori free software. Aplikasi ini hanya berukuran sekitar 521 KB dan bisa berjalan di platform Windows 2000, XP 32/64bit, dan Vista 32/64bit. Agar bisa berjalan (Scan) maka perlu adanya koneksi internet.

Link:
en.wikipedia.org
download PSIsetup.exe
advisories

CMIIW,
Stay secure

On the heels of Microsoft’s last Security Intelligence Report there have been a number of articles like this one on vnunet.com positing that applications rather than the OS (read Microsoft) are the primary culprits for software vulnerabilities.

Research by vulnerability specialist Secunia suggests that third-party applications are increasingly being used by malware writers in preference to using operating system attacks.

The Danish company said that data from its free Personal Software Inspector (PSI) tool showed that there were far more unpatched applications than operating systems among users. Furthermore, application patches were left open to abuse for far longer than operating system patches.

While I’m certainly not convinced that this lets OS vendors – and yes this includes Apple as well as Microsoft – off the hook, it definitely points out a serious problem: how do you keep all of your software patched. Not just the OS. The approach that pretty much all Windows users have grown to accept is to run the updater services that come with each package they install in addition to the OS updater. There are significant problems with this approach. There are frequently clashes between the different vendors updater programs, not to mention that they consume system resources and are generally not terribly stable. As if these weren’t bad enough, the bottom line is these updater programs – including OS updaters – only patch security problems as a side effect. Let’s be real here, the primary purpose of update programs is not to make the end user more secure – it’s to cover the vendor’s booty and to grab  more booty from the end user by pushing new features, applications and services.

Back when I was building highly available UNIX software, a patch meant “the smallest change possible to fix a specific problem“. If you weren’t seeing that specific problem, then you didn’t install the patch. In addition a patch NEVER, EVER introduced new functionality. Period. Now certainly this led to problems of it’s own like an explosion of patches and extremely complex mechanisms for determining which patches should be applied, but it also led to systems that were stable and highly available. Systems that were not shutdown or restarted for years. That is certainly not the case nowadays with personal computers. We’ve been convinced – mostly by OS vendors – that we should accept every update they choose to push to us. Without question. In fact the default (recommended) behavior in Windows Vista is to automatically install all updates that Microsoft deems “important”. Stuff like “Microsoft Genuine Advantage Validation Tool” (what user isn’t dying to have this on their machine?)  Stuff that reboots your machine – automatically (hey – it’s Windows we’re totally used to that). And application vendors can be even worse. Who hasn’t ended up with a copy of “Adobe Photoshop Album Starter” on their system with no idea what they would ever use it for. And don’t even get me started on Real. The point is that if what you want is to keep your personal computer secure without additional bloatware, crapware, superfluous features and the instability introduced by same, vendor provided update software will not get you there. Or even near there.

I’m a long time user and huge fan of Secunia PSI. I have it installed on all of my Windows machines because it actually addresses this problem of how to keep your applications and the OS patched. Without having to run multiple update services. Or even Microsoft update. How does it perform this amazing feat? First off, Secunia is primarily a security research company. They make a living by finding and cataloging software vulnerabilities. They also sell a corporate version of their Software Inspector, but in general they have no financial stake in end users buying the latest, greatest versions of any particular software. The Secunia company jewels are the research and associated database of vulnerabilities that they can cross reference to specific updates that will fix those vulnerabilities. Essentially Secunia PSI works like this: it scans your system for software that it knows about (a real scan, not just a registry scan) and looks up those packages in the Secunia database, reporting on vulnerable software it finds. It works on a pull rather than push model (i.e. you pull down their database info, you don’t push your software inventory to them). So rather than having Adobe or Microsoft notify you to download an update just because there is one, PSI will only notify you if there is a known vulnerability in your software and specifically which update will fix it. The best part is that it knows about all of the software installed on your system – not just the most recent version according to “Add Remove Programs”. A PSI scan of my wife’s laptop discovered three (count ‘em – 3) different and vulnerable versions of Apple Quicktime. Apparently several programs had installed their own private version of Quicktime and never registered it. I’ve seen similar situations with Java and Flash.

So now I run Secunia PSI on my Windows boxes – real and virtual – instead of a separate updater for every peice of software I own. Now if Secunia would only come out with a Mac version of PSI I’d be a happy camper. Or at least a marginally less snarky camper. So update your Windows systems intelligently. Don’t just be a stooge for the software vendors. Give Secunia PSI a shot. You’ll be glad you did. And your system will be much happier. And more secure.

You know that updating programs is a must. But some programs that you don’t use often may not get automatically updated. So what do you use? Run the Secunia Online Software Inspector from time to time. A quick scan ranging from a few seconds to a few minutes will reveal which programs need updating and which don’t. It also scans for Windows patches and hot fixes. If you prefer faster scan times, download the free Secunia Personal Software Inspector. Over 20 million applications are supported.

On the follow up from yesterday, I have a whole bunch of tips and suggestions to keep your computer safe for free.

Antivirus

This is probably the biggest things that you need for your computer. It’s the backbone of your computer security, it’s the last barrier between malware and your computer. So of course, it has to be powerful.

There are plenty of options for your computer. If you are more technical and can handle a little work and tweaking of everything and you feel the need for open source, you should try ClamAV, sometimes known as Clamwin, personally, I’ve never used it as I like the ones I turn on and then require little to no maintenance. The most popular is, of course, AVG Free. I personally don’t like AVG, as it seems to be less powerful, and a bit of a resource hog. Another option is Avira, although, only install it if you can stand being bombarded with messages saying you should upgrade to pro. Now, my personal favourite is definitely Avast!, it does marvels, and it always stops viruses and tells me when it updates databases and asks to update. It is also light on resources, which is a huge bonus if you’re on Vista.

Spyware Blocker

This is also important, but can easily be handled by Windows Defender in most cases. But, otherwise, there are the two big ones, Ad-Aware and Spybot S & D. I didn’t like Ad Aware, as it was a real system downer and it wasn’t as effective as I think it should have been. I personally enjoyed the Spybot S&D experience, although it can be tricky to use at times, and scanning, although very effective, is a resource hog. Personally, I’ll stick with Defender, because, although it is weaker, it also doesn’t make a resource hog out of itself.

Firewall

The second most important tool is the firewall, and as most people know, for more than basic tasks, Windows Firewall won’t cut it. There are two major ones in this field as well. There is COMODO Firewall Pro and ZoneAlarm. Both are good, and both do system integrity and web traffic monitoring. I found ZoneAlarm for Vista buggy, and didn’t use it on XP. I still think I prefer COMODO, as it is a firewall with options for simple controls and options for more complex controls. And the level of security is easy to change. I like COMODO, simply because it just works on both XP and Vista, no mucking about.

Miscellaneous

I have a few suggestions for some extra system maintenance tools as well. The first one is Glary Utilities. It’s a brilliant program (actually a group of programs integrated into one) with so many excellent tools. It’s also quite powerful, and it’s got a one-click maintenance button for people with simple needs. CCleaner is also good, but with less tools, it is also very user-friendly and nice. Both those programs have one function in common, which is they clean crap you don’t need from your computer.

A second useful utility, that, as far as I know, is one of a kind, is called Secunia PSI. It inspects your software to make sure everything is up to date. This is a nice tool to run occasionally, because if your programs are out of date, they can be threats to your system’s security.

And lastly, is the final program, called ThreatFire, it works as an Antivirus supplement, which scans for virus-like behaviour, stopping zero-day attacks on your system. Not a necessity, but good if you have some RAM and a processor to use.

Conclusion

In conclusion, I hope you have tossed your copy of Norton or Kaspersky or whatever else for something nice and free. These programs are great and will keep your computer safe in the age of electronic epidemics. I personally use Avast! and COMODO, while occasionally pulling out Defender and Glary. Thank you for reading and keep it free.

Download Links

Always keep a USB drive with the programs you use and backups in case a virus does get by. But, anyways, here’s a list of where to get the downloads.

NOTE: I just noticed that COMODO also offers a free security suite. I will try it out and bring back the results in a bit. It also seems that you can no longer download COMODO Firewall alone from the COMODO website. Also, many of these companies offer other free (and some pay) services, like SaferNetworking (all free!), the people who do Spybot.

Mira que nos cuesta tener los programas del ordenador  siempre actualizados. Esta tarea en Mac o Linux es más sencillo, pero en windows por el momento tenemos que ir aplicación  por aplicación. Es por eso que programas como este de Secunia permite comprobar las versiones que tenemos instaladas y si son vulnerables por algún tipo de fallo. Recomendado!.

Para descargar esta aplicación visitar esta página web.

Here are few simple tips that can keep your computer safe on the web. It’s not guaranteed that these steps will prevent all computer disasters but, following all of these simple measures will go a long way to keep your investment safe.

1. I think of all the things that you should remember to do on a regular basis is to keep your system’s operating system up to date with the latest security patches. The bad guys are at work everyday trying to find holes in your system and are succeeding on a regular basis at exploiting these vulnerabilities that could and do cause problems for our systems. Windows XP makes it easy for you to keep itself up to date by giving you the option for it to check automatically for critical updates and download them at a specific time of day.

2. Keep all of the other software on your system up to date. Programs like, Adobe’s Flash or Reader, Sun Microsystem’s Java, Microsoft’s Office, OpenOffice.org, Apple’s Quicktime, and even your printer’s software can be used against us by hackers that exploit vulnerabilities in these programs to gain control of your computer. You can use a program like Secunia to search your system automatically and use it to help determine which programs installed on your computer will require an update or a patch due to a known security vulnerability.

3. Install a reputable antivirus program and keep it up to date. Having a good antivirus program can be thought of as getting your shots or immunizations before you visit a foreign country or, a digital shield for your computer. How do you know if an antivirus program is reputable? You can either do some research on the web, ask your local computer repair shop, or visit a major retail store and visit the computer section to get help with choosing one within your budget. Not one antivirus program can guarantee to stop all viruses but, having reputable protection on your system can go a long way in defending against most malware out there.

4. Use your router’s firewall and install or enable a software firewall. When you’re connected to the internet a firewall can help police your computer’s internet connection by guarding what data is allowed in and out of your computer. If you’re using a router on your network at home, make sure that this feature is enabled in the router’s settings. Windows XP has a built in software firewall program. You can enable this firewall feature by going into the security center or the windows firewall settings under the control panel. Also, some of the same companies that manufacture antivirus software may include their own firewall in an internet security suite type product that could cost a bit more than their stand alone antivirus program. Like in the above step, make sure you do your research to see if you need all of those bells and whistles because these type of products can be quite costly.

5. Back up your important files in three different locations on a regular basis. This step is your insurance policy that will help to stop that big sinking feeling you’ll get in the pit of your stomach when you find out that all of your important files have just been wiped out by a virus, bad hard drive, fire, or whatever disaster you can think of. Remember Murphy’s Law? What this means is you should make sure you keep digital copies of your important files stored on…your own computer’s hard drive, on an external local storage device, and also by using a remote storage back up solution. If your computer goes down you can go to your external local storage device to recover your files. If your external storage media goes down you can recover your files using the secure remote storage service. There are a few programs and remote services that can make this backup process automatic and easy. I would go with a more trusted name brand when choosing a backup program or service. Do your homework and don’t trust your data with just any ole company.

6. Keep your computer unplugged or turned off when not in use. Not only can this prevent unnecessary wear and tear on your system it can also help reduce the chance that your computer will be discovered or used as a zombie by a digital threat known as a bot. Bots are virus programs that turn your computer into a zombie and use your computer’s resources and internet connection to attack other computers either on your own network or other vulnerable machines on the web. Bots are used to cause damage and bring down major networks by using what’s called a denial of service attack. Once your computer has been infected with a bot virus the attacker has full control over your system and it can be used to do whatever they want with it. Using good antivirus software and being observant to your computer’s behavior can also help to block these threats.

These are just a few steps that can help to make your computer a little safer on the web and possibly prevent a headache or two. They won’t prevent every single disaster but, they will help keep you a little safer on the internet.

Instead of just telling everyone the same thing over and over, I’ve tried to codify my recent advice about keeping your system safe and secure online into one document. I’ll be moving this to my “Protecting PCs” page soon.

Please note that this advice is primarily intended for home users. Much of this applies to businesses, but there are some additional things a business should do that aren’t feasible for the home user.

Rules and Advice

Here are the basic rules from which my advice springs:

1. Don’t trust sites that you visit regularly (NY Times, Courier-Journal, etc) too much. Commercial sites pay a lot of money to make sure their systems aren’t hosting bad stuff, but your opinion of “bad stuff” and theirs may be different. They may feel that it’s perfectly OK to track your shopping behavior as you go from site to site, but you may not. Also, because big sites tend to be trusted, hackers know that planting something bad there will almost guarantee to infect lots of people.
2. Protect yourself against problems with untrusted sites by limiting how much of the content on their site your computer downloads and uses.
3. Learn to trust VERY few sites (Facebook? Kinda. MySpace? No!)
4. Trust your friends, but don’t trust your friend’s computers. You may be a freak about how you take care of your computer, but they may not, so you have no way of knowing that the email they sent with some really cool application or movie or picture, wasn’t really sent by a virus on their system.
5. Recognize that porn sites and sites with bit-torrents are prime places for hosting bad stuff (they use freebies to get traffic). Accordingly, this is why the worst virus infections hit computers used by teens.
6. Recognize that control over your computer is worth real money to a large number of people, most of whom have ties to organized crime, and have no problem with doing all sorts of things, and putting forth a great deal of energy, just to get control over your system. Recent research has determined that hackers have gained remote control of hundreds of thousands of computers, and organized them into large “botnets” (networks of Internet robots) that they can use in various nasty ways to make money.
7. In addition to #5, recognize that information you possess may be even more valuable, especially if you do online banking, make purchases, and so on. Passwords to bank accounts can be worth $1000’s, so you have to protect the computer accordingly if you use it this way. Recently, a small town had it’s bank account wiped out to the tune of $50,000 when a virus was implanted to get the town clerk’s passwords to the town bank account. Crooks now tend to steal smaller amounts from more people, as it’s less likely to be noticed.
8. Virus infections used to be something like taking out the trash. Not anymore. Today, a computer infected with a virus is like a bowl of soup with poison poured in. Even if the color of the poison makes it stand out, how can you be certain that you got it all? For the most part, you can’t, and would just throw the whole bowl out and start over. This applies to computers, as the only way to REALLY know that a machine is clean is to throw everything out and start over.

What I wrote above should frighten a lot of people, because most people treat the Internet as a friendly place. It’s not. The percentage of bad people online is probably higher than it is in real life, largely because of the anonymity that the Internet provides.

With that said, there are two major ways computers are used, and the approach is different for each one:  used only by me, and used by others. Each scenario requires some variations to accommodate the advice above.

Used Only by Me

If the computer is used by me only, then I can take full responsibility for everything that happens to it, and have complete control of where I surf, what I download, and so on. For the most part, what I wrote above might very well be all that is necessary to protect someone who is the only user of a computer. However, even someone who is careful can do something dangerous, so having some extra protection in place makes a ton of sense.

A) Keep your computer up-to-date

If you’re running Windows, you should be downloading updates from Microsoft automatically. If you run custom software or business-critical stuff (or if you’re a control freak like me), you might want to install them manually, but otherwise, you should set your system to install them automatically. Microsoft sends these out on “Patch Tuesday,” the second Tuesday of each month.

To monitor potential issues with other applications, download the Secunia Personal Software Inspector from here: http://secunia.com/PSISetup.exe and it will alert you to applications that have known security issues. You don’t need to run this all the time, but you should at least run it once a month. I recommend running it on Patch Tuesday, since that’s when you’re updating everything else. The little notice from Microsoft that your system was (or needs to be) updated can be your reminder to run Secunia.

If you’re running something other than Windows (Mac OS X or Linux), then the risk of your system getting infected is much lower. This is for a variety of reasons. Even so, it pays to keep your operating system (and other applications) up-to-date.

B) Keep your computer from downloading bad stuff to begin with

This may seem obvious, but it’s not, and this suggestion has several parts
to it:

• Get this file: http://www.mvps.org/winhelp2002/hosts.zip and follow the directions in the ReadMe.txt file.
• Download the Firefox web browser from here:
  http://www.mozilla.com/en-US/firefox/. There are other good web browsers, but Firefox can use some add-ons that make it much safer than the other options out there.
• After installing Firefox, download and install NoScript from here:  https://addons.mozilla.org/en-US/firefox/addon/722
• Next, download and install AdBlock Plus from here:  https://addons.mozilla.org/en-US/firefox/addon/1865
• Get the ad filter list from the following location (AdBlock should prompt you for this):  http://easylist.adblockplus.org/easyelement+easylist.txt
• You’ll notice that NoScript causes a bunch of stuff to break, the first time you visit a site that uses “active content.” Go here http://noscript.net/features for an explanation of what it’s doing, why, and how to allow the content you want, and block the content you don’t want.

Using the blocking HOSTS file, Firefox, AdBlock, and NoScript addresses
rules 1-3.

C) Protect your computer from bad stuff that you got anyway

In spite of our best efforts, sometimes, stuff sometimes finds it’s way through, and hits our computers. There are two ways of addressing this problem: sandboxing bad stuff, and catching bad stuff after it gets in.

As I mentioned earlier, viruses are like poison that’s been dumped into soup. The stuff in section B was telling you how to keep the poison out, but what if some of it gets through? The hope of most Antivirus products is to search out and find the “poison,” hopefully before it’s mixed in thoroughly, and hopefully before you eat some of it. However, new kinds of viruses come out every day, and the people writing them are so good, they typically install all of the major Antivirus software on a test machine, and don’t bother releasing a new virus unless it goes undetected on the test system.

Geek note: Yes, I’m aware that there are products that attempt to protect your system based on the behavior of malware, often referred to as “heuristic” scanning. There is not much in the way of conclusive evidence that the end-user products that do this are as effective as the overall strategy I’m recommending here.

At this point, most Antivirus products will not protect you from something brand-new. This doesn’t mean you shouldn’t run an Antivirus, but it means you should not pay much, if anything, for it. My current recommendation is the free version of AVG, found here: http://free.avg.com/. Pay for Antivirus only if you have extra money sitting around, and can’t think of anything better to do with it.

To “sandbox” downloaded things, imagine the scenario of the soup with poison in it. Instead of dumping stuff into the pot as the soup is cooking, what if you just dump it into a bowl? If you do this, then all you have to throw out is one bowl, and the rest of the soup is still good. What do you sandbox, and how do you do it? You sandbox anything that touches the Internet, but most specifically your web browser, your instant messaging software, and your email client.

I use and recommend Sandboxie (called this because it was originally developed to “sandbox” Internet Explorer, commonly called “IE,” so the name was really “SandboxIE”). The sandbox keeps everything you do on the Internet in a “sandbox,” and doesn’t let it get out to touch the rest of your system without you doing so very intentionally. You can download and try Sandboxie here: http://www.sandboxie.com/. If you decide to buy it, it’s about $30 USD.

D) Don’t surf or answer email using an Admin account

I put this last because many of the steps above require you to install software, update your system, or change the configuration. All of these are risky things to do, and they are things that shouldn’t happen very often.

One thing most people don’t recognize is that most versions of Windows (except for Vista) run, by default, as the System Administrator. Why is this a big deal? Well, in computer terms, the System Administrator is God, and can do whatever he/she wants, like installing new applications, and changing the way the system works. Obviously, it’s important to have an account like this, but unless you install new applications all the time, there’s no reason to use this account most of the time.

Instead, create a new admin user. Now, log out, log back in as the new admin, and change your old user account to be a non-admin account. Finally, log back out, and log in using your old name & password, which is now a “regular user.” You won’t be able to install applications here, but most software should work correctly, and even if you do get bad stuff, it won’t be able to infect your system in nasty ways. In effect, by restricting the rights of your account, you’ve put handcuffs on all of the applications you run, which is similar to sandboxing. (However, I recommend that you run in a sandbox, even as a non-admin user.)

Used Only by Others

If the computer is used by other people, you want to do everything in A, B, C and D above, except for installing Sandboxie. Instead, download and
install Microsoft SteadyState (http://www.microsoft.com/windows/products/winfamily/sharedaccess/default.mspx), and make sure you turn on “System and Disk Protection.” SteadyState gives you a ton of features, but the most important (from a security standpoint) is the ability to simply reboot, and have the system completely forget about everything that happened on the startup disk. (Obviously, if you want to save any work, you need to store that on a jump drive, or another disk.)

If you’re logged in as an Administrator, SteadyState will ask you if you want to save changes when you shutdown/reboot. This allows you to use the admin account to install new programs, save those changes, and then go back to normal usage.

For All Systems

Remember item #7 at the beginning? Imagine that you’ve done everything that I’ve suggested, but now you’re surfing around, and hit a site that contains some bad stuff. You shouldn’t allow it to run everything, but you ignore the NoScript add-on and run all their content anyway. At this point, you’re running your browser inside a sandbox (or within a SteadyState-protected user account), so all the bad stuff will go away when you shut down the sandbox (or reboot). Unfortunately, any bad code you’ve downloaded during this session will still be there. What do you do?

Always… always… ALWAYS shutdown your browser/system and start from scratch before doing any kind of financial transaction, or hitting any site that requires important passwords. If you’re using Sandboxie, shut down the sandbox and start a new browser session. If you’re using SteadyState, shutdown and reboot.

If you follow the advice above, you’ll keep your system clean and free from nasty stuff, and you won’t have to worry about anyone capturing important financial information from you.