Step 1. Use a strong password
The danger: malicious computer users can gain access to your computer over the Internet, stealing and deleting data and potentially implanting viruses and Trojan horses.
By using a legal and free tool, hackers can easily locate and gain access to your data by finding your IP address and attempting to connect using the administrator account. Obviously, if there is no password on the account, you are defenseless.
Step 2. Make sure your system is protected by a firewall
The Danger: Malicious users may locate and attempt to break into your computer from the Internet.
All computers that communicate over the Internet must have a valid IP address, such as 61.232.252.6. These addresses allow computers to exchange data with other computers over the 'net. Your system also leaves a variety of ports open to listen for incoming data. Ports are access points for certain kinds of data to enter and leave your computer. For example, while you are viewing this website, your computer and Th3Zone's are communicating through port 80, default for HTTP.
The trouble is that anyone can use freely available software like GFI's LANguard security scanner to scan a range of IP addresses for computers and gather information about these systems. If your computer is poorly password protected these utilities provide remote users with the ability to directly access your files. This happens because by default, many ports in your system are fully prepared to listen and respond to any data request from the Internet. This means that your system is fully visible, the equivalent of wearing glow-in-the dark clothes in a blackout?
Almost all home Internet sharing devices include firewalls, so if you are using a router to share your Internet connection within your home, you are likely already protected. Otherwise you need to use a software firewall. Windows XP comes included with one, though you need to activate it. Several free third-party software firewalls are also available, most notably Zone Lab's Zonealarm.(www.zonelabs.com)
Step 3. Use anti virus software
The Danger: Computer viruses can cripple your computer and destroy your data. A FIREWALL IS NOT ENOUGH!!
There are an incredible variety of computer viruses on the Internet, with many different ways of infecting your system. The stereotypical vector for viruses is the email attachment, and this is still the most common source of infection for unwary users. Opening up a seemingly innocent attachment from a friend can have disastrous consequences. There are few computer users who have not experienced the effects of a computer virus at some point, and malicious coders keep churning them out. Using an antivirus software package from a reputable manufacturer like Symantec's Norton or McAfee provides an effective defence against viruses. You should scan your system for viruses once a week at least, and use the software to examine any email attachments you are unsure about. Many packages, like Norton Antivirus, come with auto-protection features which will scan any files entering or leaving your system for viruses.
Secondly, make sure you keep the program updated. Antivirus software manufacturers are constantly creating new sets of virus definitions to keep up with new threats. Without updated definitions, the software will not stop newer viruses from infecting your PC. Most reputable antivirus programs will update themselves automatically when you are connected to the Internet, but it doesn't hurt to make sure you have the latest updatebefore you scan for viruses.
Step 4. Check your PC for spyware and adware
The Danger: Spyware and Adware programs can quickly infest your PC, compromising privacy and performance.
Spyware and adware are generic names for a variety of programs designed to collect data and/or advertise products. Sound innocent? The catch is that these programs are often installed on your PC from websites or as part of 'free' software like Kazaa, and work from inside your computer, gathering information about your surfing habits for marketing purposes. Worse, this is only the tip of the iceberg.
Programs in this category may call up extra pop-up advertising while you are surfing, or even redirect your browser to websites of their own choosing. While makers of this type of software need to obtain your consent to install their programs, they are often presented in misleading ways, or hidden within the license agreements of other software.
So, to cure this install and use a reputable spyware finding/removal tool.
Fortunately, certain individuals have devoted a lot of time and effort to create free software which is specifically aimed at removing these (legal) pests from your system. One software system we tend to use is Ad-Aware, freely available from the Lavasoft (www.lavasoft.com) website as it is the most popular and frequently updated removal tool. Ad-Aware functions much like any antivirus program, so it should seem instantly familiar to most users.
Step 5. Update, update, update!
The Danger: Viruses and malicious users may exploit newly discovered security holes within Windows and Internet Explorer.
Windows XP is an extremely complex operating system, and as such has a number of bugs and design holes which are constantly in the process of being fixed by Microsoft. On the other side of the fence, there are users who are enthusiastically trying to discover these flaws, either for the purpose of informing Microsoft or just for the heck of it. To fix this keep your Windows computer up-to-date with the latest Microsoft security patches.
Windows XP includes an automatic updating feature which will periodically check Microsoft for updates and download them to your system, ready for installation. To use automatic update, right click on 'my computer' and select properties, then choose the 'automatic updates' tab.
Step 6. Change the name of the administrative account
The Danger: Malicious users may attempt to use the built-in 'administrator' user account to gain access to your PC.
As mentioned above, every Windows 2000 and XP installation includes an 'administrator' user account which has full control over files and system settings. This account cannot be locked or disabled and is thus the first target for anyone trying to hack into your computer. While the account should already have a password, provided you followed the procedure above, this does not protect it from attack. So, rename the administrator account to something, anything, just not Administrator or Admin
Step 7. Disable 'hidden' shares within XP and 2000
The Danger: Malicious users can easily gain access to every file and folder in your computer.
Windows 2000 and XP both use a system of hidden administrative shares. Every drive on your computer system is shared under the name '(drive letter)$.' These shares exist to allow users with the correct username and password to remotely administer files on your computer. Of course, if a malicious user obtains a username and password with administrative rights to your system, all your files and folders are available to them over the Internet. They would be free to copy, change or delete as much of your data as they saw fit.
Unless you are in a business environment, it is unlikely you will have a need for the hidden shares. Disabling them will considerably reduce the danger of your data being compromised remotely.
You will need to edit the Windows registry using REGEDIT in order to carry out this step. Please ensure that you backup your registry to a file before editing it.
To disable the hidden shares first start REGEDIT ('start\run' and type 'regedit') and then navigate to: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\lanmanserver\parameters
Add the Dword value 'AutoShareWks' with a value of '0' and restart your computer.
Step 8. Change Internet Explorer security settings
The Danger: Viruses and browser hijacking programs can infect your system through the use of ActiveX code on certain websites.
By default, Internet Explorer will run certain content, including small programs embedded in the code of a website. An example of this sort of thing would be a pop-up ad asking you whether you wish to install so-and-so's software. Say yes and you may have just saddled yourself with a spyware problem. Certain malicious software may not even have the courtesy to ask before it has its way with your browser. Or you can use a much more secure browser like Firefox Very Happy
Raise Internet Explorer's default security level.
Fortunately, IE can be set to a more restrictive level of security. At this setting, the browser will not run certain types of content found on websites. This includes potentially malicious ActiveX code. Of course, this can also change your web browsing experience, as it will cut off certain content from safe websites also. To get around this, you can add known safe sites that you regularly visit to Internet Explorer's 'trusted sites' list. Open Internet Explorer, go to the 'tools' menu and select 'Internet options.' Now select the 'security' tab. Set the Internet zone to the 'high' security setting. This will ensure that IE will not run activeX instructions, the means by which most browser hijackers get access to your computer. You can place trusted websites that you regularly visit into the 'trusted sites' Internet zone. Site addresses that you enter here will be mostly unrestricted, allowing them to display their content properly.
Step 9. Secure your shared files
The Danger: Intruders may access your shared files
By default, Windows XP uses the simple file sharing system. This allows any user that has authenticated to your computer to have full access to all shared files. In Windows XP Home, the 'guest' user account is the account used by all remote users to access shared files. Of course, the guest account has no password by default, allowing unlimited, non-password access to your shared files for virtually anyone who finds your IP address.
While a firewall will block this type of access in most cases, it still pays to limit your venerability by configuring simple file sharing and the guest user account more securely than the default.
Secure and configure the guest user account
If you are using Windows XP Professional, you should password protect and disable the guest account. This will force any intruder to use one of the user accounts you created or the administrator account, both of which should now be secure if you followed the above procedures.
Make sure you are logged in as a user with administrative privileges (the first user created during the XP install process has these, as does the administrator).
Right click on 'my computer' and select 'manage.' Expand 'local users and groups' then 'users.' Highlight the 'guest' account and right click. Choose 'set password' and provide the account with a secure password. Now right-click the guest account again and choose 'properties.' Check the 'account is disabled' box.If you are using Windows XP Home, you cannot truly disable the guest account, as it is used as an integral part of the file sharing system. You can password protect it though? Bring up the command prompt (start/run and type 'cmd') and type 'net user guest password' where 'password' is the password you want to use to secure the account.
Step 10. Stop using Internet Explorer and Outlook Express
The Danger: many viruses and malicious programs target Internet Explorer and Outlook Express specifically.
IE and OE are unquestionably the most popular web browser and email client in the world. They are the default applications that a majority of Windows users are familiar with. Because of this, many viruses and other malicious programs are created to target specific vulnerabilities in these two programs. Since the user base is so huge, they can afford to be specific. These viruses generally will not affect systems which employ other products for their web browsing and email retrieval. Learn to use a new web browser and email client.
There are several free browsers and email clients available that can easily replace IE and Outlook Express. The trick is to get used to using them. By not using IE and OE, you considerably reduce the danger of infecting your system with a virus.
Some examples of alternate browsers and mail clients include;Mozilla the makers of this popular browser also offer Thunderbird, a free email client.Opera. Eudora which is an ad-supported mail client with a long and successful history.
The danger: malicious computer users can gain access to your computer over the Internet, stealing and deleting data and potentially implanting viruses and Trojan horses.
By using a legal and free tool, hackers can easily locate and gain access to your data by finding your IP address and attempting to connect using the administrator account. Obviously, if there is no password on the account, you are defenseless.
Step 2. Make sure your system is protected by a firewall
The Danger: Malicious users may locate and attempt to break into your computer from the Internet.
All computers that communicate over the Internet must have a valid IP address, such as 61.232.252.6. These addresses allow computers to exchange data with other computers over the 'net. Your system also leaves a variety of ports open to listen for incoming data. Ports are access points for certain kinds of data to enter and leave your computer. For example, while you are viewing this website, your computer and Th3Zone's are communicating through port 80, default for HTTP.
The trouble is that anyone can use freely available software like GFI's LANguard security scanner to scan a range of IP addresses for computers and gather information about these systems. If your computer is poorly password protected these utilities provide remote users with the ability to directly access your files. This happens because by default, many ports in your system are fully prepared to listen and respond to any data request from the Internet. This means that your system is fully visible, the equivalent of wearing glow-in-the dark clothes in a blackout?
Almost all home Internet sharing devices include firewalls, so if you are using a router to share your Internet connection within your home, you are likely already protected. Otherwise you need to use a software firewall. Windows XP comes included with one, though you need to activate it. Several free third-party software firewalls are also available, most notably Zone Lab's Zonealarm.(www.zonelabs.com)
Step 3. Use anti virus software
The Danger: Computer viruses can cripple your computer and destroy your data. A FIREWALL IS NOT ENOUGH!!
There are an incredible variety of computer viruses on the Internet, with many different ways of infecting your system. The stereotypical vector for viruses is the email attachment, and this is still the most common source of infection for unwary users. Opening up a seemingly innocent attachment from a friend can have disastrous consequences. There are few computer users who have not experienced the effects of a computer virus at some point, and malicious coders keep churning them out. Using an antivirus software package from a reputable manufacturer like Symantec's Norton or McAfee provides an effective defence against viruses. You should scan your system for viruses once a week at least, and use the software to examine any email attachments you are unsure about. Many packages, like Norton Antivirus, come with auto-protection features which will scan any files entering or leaving your system for viruses.
Secondly, make sure you keep the program updated. Antivirus software manufacturers are constantly creating new sets of virus definitions to keep up with new threats. Without updated definitions, the software will not stop newer viruses from infecting your PC. Most reputable antivirus programs will update themselves automatically when you are connected to the Internet, but it doesn't hurt to make sure you have the latest updatebefore you scan for viruses.
Step 4. Check your PC for spyware and adware
The Danger: Spyware and Adware programs can quickly infest your PC, compromising privacy and performance.
Spyware and adware are generic names for a variety of programs designed to collect data and/or advertise products. Sound innocent? The catch is that these programs are often installed on your PC from websites or as part of 'free' software like Kazaa, and work from inside your computer, gathering information about your surfing habits for marketing purposes. Worse, this is only the tip of the iceberg.
Programs in this category may call up extra pop-up advertising while you are surfing, or even redirect your browser to websites of their own choosing. While makers of this type of software need to obtain your consent to install their programs, they are often presented in misleading ways, or hidden within the license agreements of other software.
So, to cure this install and use a reputable spyware finding/removal tool.
Fortunately, certain individuals have devoted a lot of time and effort to create free software which is specifically aimed at removing these (legal) pests from your system. One software system we tend to use is Ad-Aware, freely available from the Lavasoft (www.lavasoft.com) website as it is the most popular and frequently updated removal tool. Ad-Aware functions much like any antivirus program, so it should seem instantly familiar to most users.
Step 5. Update, update, update!
The Danger: Viruses and malicious users may exploit newly discovered security holes within Windows and Internet Explorer.
Windows XP is an extremely complex operating system, and as such has a number of bugs and design holes which are constantly in the process of being fixed by Microsoft. On the other side of the fence, there are users who are enthusiastically trying to discover these flaws, either for the purpose of informing Microsoft or just for the heck of it. To fix this keep your Windows computer up-to-date with the latest Microsoft security patches.
Windows XP includes an automatic updating feature which will periodically check Microsoft for updates and download them to your system, ready for installation. To use automatic update, right click on 'my computer' and select properties, then choose the 'automatic updates' tab.
Step 6. Change the name of the administrative account
The Danger: Malicious users may attempt to use the built-in 'administrator' user account to gain access to your PC.
As mentioned above, every Windows 2000 and XP installation includes an 'administrator' user account which has full control over files and system settings. This account cannot be locked or disabled and is thus the first target for anyone trying to hack into your computer. While the account should already have a password, provided you followed the procedure above, this does not protect it from attack. So, rename the administrator account to something, anything, just not Administrator or Admin
Step 7. Disable 'hidden' shares within XP and 2000
The Danger: Malicious users can easily gain access to every file and folder in your computer.
Windows 2000 and XP both use a system of hidden administrative shares. Every drive on your computer system is shared under the name '(drive letter)$.' These shares exist to allow users with the correct username and password to remotely administer files on your computer. Of course, if a malicious user obtains a username and password with administrative rights to your system, all your files and folders are available to them over the Internet. They would be free to copy, change or delete as much of your data as they saw fit.
Unless you are in a business environment, it is unlikely you will have a need for the hidden shares. Disabling them will considerably reduce the danger of your data being compromised remotely.
You will need to edit the Windows registry using REGEDIT in order to carry out this step. Please ensure that you backup your registry to a file before editing it.
To disable the hidden shares first start REGEDIT ('start\run' and type 'regedit') and then navigate to: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\lanmanserver\parameters
Add the Dword value 'AutoShareWks' with a value of '0' and restart your computer.
Step 8. Change Internet Explorer security settings
The Danger: Viruses and browser hijacking programs can infect your system through the use of ActiveX code on certain websites.
By default, Internet Explorer will run certain content, including small programs embedded in the code of a website. An example of this sort of thing would be a pop-up ad asking you whether you wish to install so-and-so's software. Say yes and you may have just saddled yourself with a spyware problem. Certain malicious software may not even have the courtesy to ask before it has its way with your browser. Or you can use a much more secure browser like Firefox Very Happy
Raise Internet Explorer's default security level.
Fortunately, IE can be set to a more restrictive level of security. At this setting, the browser will not run certain types of content found on websites. This includes potentially malicious ActiveX code. Of course, this can also change your web browsing experience, as it will cut off certain content from safe websites also. To get around this, you can add known safe sites that you regularly visit to Internet Explorer's 'trusted sites' list. Open Internet Explorer, go to the 'tools' menu and select 'Internet options.' Now select the 'security' tab. Set the Internet zone to the 'high' security setting. This will ensure that IE will not run activeX instructions, the means by which most browser hijackers get access to your computer. You can place trusted websites that you regularly visit into the 'trusted sites' Internet zone. Site addresses that you enter here will be mostly unrestricted, allowing them to display their content properly.
Step 9. Secure your shared files
The Danger: Intruders may access your shared files
By default, Windows XP uses the simple file sharing system. This allows any user that has authenticated to your computer to have full access to all shared files. In Windows XP Home, the 'guest' user account is the account used by all remote users to access shared files. Of course, the guest account has no password by default, allowing unlimited, non-password access to your shared files for virtually anyone who finds your IP address.
While a firewall will block this type of access in most cases, it still pays to limit your venerability by configuring simple file sharing and the guest user account more securely than the default.
Secure and configure the guest user account
If you are using Windows XP Professional, you should password protect and disable the guest account. This will force any intruder to use one of the user accounts you created or the administrator account, both of which should now be secure if you followed the above procedures.
Make sure you are logged in as a user with administrative privileges (the first user created during the XP install process has these, as does the administrator).
Right click on 'my computer' and select 'manage.' Expand 'local users and groups' then 'users.' Highlight the 'guest' account and right click. Choose 'set password' and provide the account with a secure password. Now right-click the guest account again and choose 'properties.' Check the 'account is disabled' box.If you are using Windows XP Home, you cannot truly disable the guest account, as it is used as an integral part of the file sharing system. You can password protect it though? Bring up the command prompt (start/run and type 'cmd') and type 'net user guest password' where 'password' is the password you want to use to secure the account.
Step 10. Stop using Internet Explorer and Outlook Express
The Danger: many viruses and malicious programs target Internet Explorer and Outlook Express specifically.
IE and OE are unquestionably the most popular web browser and email client in the world. They are the default applications that a majority of Windows users are familiar with. Because of this, many viruses and other malicious programs are created to target specific vulnerabilities in these two programs. Since the user base is so huge, they can afford to be specific. These viruses generally will not affect systems which employ other products for their web browsing and email retrieval. Learn to use a new web browser and email client.
There are several free browsers and email clients available that can easily replace IE and Outlook Express. The trick is to get used to using them. By not using IE and OE, you considerably reduce the danger of infecting your system with a virus.
Some examples of alternate browsers and mail clients include;Mozilla the makers of this popular browser also offer Thunderbird, a free email client.Opera. Eudora which is an ad-supported mail client with a long and successful history.
