Home Computer Security 101

hazmat · Dec 19, 2002

After reading the <A target="_blank" HREF=http://www.tractorbynet.com/cgi-bin/compact/showflat.pl?Cat=&Board=off&Number=216823&page=0&view=collapsed&sb=5&o=0&fpart=>Computer Stalls Thread</A>

I've come to the realization that I've been waaay too naive / lazy when it comes to security of my home computer./w3tcompact/icons/blush.gif

So, experts come forth & get me going in the right direction.

I've got a cable modem (AT&T Broadband) at home. Currently running Norton Utilities for win 95 on windows 98 manchine.

Do I need a firewall? Are the free ones good enough?

What about these trojan finders? Is this a different thing?

Best antivirus software?

Other best practices?

Any good websites for more info?

Thanks

MikePA · Dec 19, 2002

Do I need a firewall? Yes! Anyone who accesses the Internet should have this, but particularly people with a permanent, e.g., cable, DSL, satellite, etc. connection.

Are the free ones good enough? The free version of Zone Alarm is a great product.

What about these trojan finders? PestPatrol is a good product as well.

Is this a different thing? Depends on the definition of trojan. Some can be malicious while others simply report back more about you than you'd like.

Best antivirus software? Kinda like asking what the best tractor is /w3tcompact/icons/laugh.gif. I've used both McAfee and Norton. I am using Norton AV software since I think it's easier to keep it up to date. Norton is more set it up and forget it. McAfee not only needed to have the virus definition database updated but also the virus scan engine, which was a separate process, at least it was on the version I used.

I have Norton set up to automatically update the virus database and I periodically run PestPatrol to clean things up.

I prefer using all of the above plus a router with a built in firewall for protection. The router sits between your PC/network and your broadband connection. Most routers can also eliminate the need to run software on your PC(s) to access the Internet and they can be set up to automatically connect you to the Internet.

RanchMan · Dec 19, 2002

To parrot Mike's reply....

Firewall: ABSOLUTELY. Without getting into the minutia, there are 2 ways to go here - a FW which is loaded on your PC or one that is in a separate piece of hardware (e.g. a router). Both have advantages & disadvantages, so using both in conjunction with one another is the best.

Small routers for home use (choose your brand: SMC, Linksys, Netgear, etc...) are pretty cheap now days and offer a good "front line" to defend against attacks. (AT&T does block some ports on their network for you, but don't count on this to save you!) Sure, $100 isn’t “free”, but how much is keeping your information secret worth to you? (e.g. financial info, personal documents, family pictures, etc.)

Obvious things like personal information on your PC (such as tax info, money manager stuff, etc.), is at a very high risk without something to block intruders, however, that isn't the only problem. If you ever order anything on-line or fill out information on a web page (passwords, personal info, etc.), it can be "observed" too through the use of some <A target="_blank" HREF=http://security.tao.ca/keylog.shtml>malicious programs that track they keystrokes</A> you make (think of it like a recorder.) (Don't count on SSL to "save" you from these programs!!!) This is where your anti-virus software comes in to play to keep those programs off your PC.

To make things short, my vote is for NAV as well - it covers a wide spectrum malicious programs (Trojans, viruses, etc.) With the auto update feature & your cable modem, it can always remain up to date with little to no intervention from you.

As far as the free firewall software, ZoneAlarm is considered one of the best, however, be aware that there are It may work just fine with your setup (and free is nice), but regardless of what <A target="_blank" HREF=http://www.cnet.com/software/search/1,11066,0-352108-1202-0,00.html?pn=3&ob=1&qt=&qn=&F2=0&F3=0&sm=1&rs.x=21&rs.y=4>CNET says, there are other products out there that I believe are better.

Other Best Practices: Some Motorola cable modems allows you to disable the ethernet connection to your PC by the press of a button on the front of it. This is nice because it puts a “hard break” between your computer and the Internet when you aren’t using it while letting your modem stay connected to the network. Other than getting a modem that has this feature, I’d recommend you disable your Wake On LAN feature (assuming you have it) in your BIOS and keep your PC off (or otherwise disconnected from your modem) when not using it. If you have your home PCs networked, disable (or at least password protect) the various sharing services (disk, printer, etc.) Again, AT&T usually blocks these ports for you already, but not every provider out there does. Of course, this is addition to using the firewalls (HW & SW) and anti-virus software mentioned above.

Here's a few other links you might find helpful or interesting. Hope this helps...

http://hardware.search.com/search?curl=1,0,0-1016-0&tag=srch&qt=firewall&cn=&ca=1016

http://www.pricegrabber.com/home_comp.php/ut=0cef7e8f5b58e3ee

jwstewar · Dec 19, 2002

Here is how I've been keeping my virus protection up to date w/o having to by subscriptions. Each year Norton and McAfee are fighting for customers. Each year I have to buy a tax package. I pay $19.95 for TaxCut Deluxe. That gets me Federal and State Editions plus free electronic filing for Both. Kiplingers have partnered w/ Microsoft so that you get $39.95 back for the purchase of Microsoft Money - current edition. The virus folks then offter a $30 mail-in rebate for upgrades of the virus package or traders from the competition. They then also offer a $20 rebate for purchasers of Tax Cut. So for $19.95 I get TaxCut (w/ Federal & State electronic filing), Microsoft Money, and new virus protection. I've already seen Norton doing it this year so I'll be switching from Mcafee to Norton and upgrading from Microsoft Money 2002 to 2003.

Jim

Hank · Dec 19, 2002

Do I need a firewall? Are the free ones good enough?


To parrot the other responses, yes, you need a firewall. Systems that are "always connected" to the Internet are constantly bombarded by port probes and probes for other known OS and software vulnerabilities.

I am the security administrator for our company's LAN, with a T3 Internet connection. Our logs show many, many daily probes. These are mostly "kiddie-scripts", which can be downloaded over the Internet. They are set to scan vast ranges of IP addresses, and they just keep a log of where vulnerabilities appear. The "kiddies" then come back later for a closer look at the discovered vulnerabilities, and run more scripts to attack them. Compromising a vulnerable machine is really simple. For the most part, anymore, it's all done via downloaded scripts.

Zone Alarm is good, and for $40 you can also get Zone Alarm Pro, which offers some additional configurability. With a home network, it's usually better to protect at the point of connection (the router).

We like NAV, but McAfee is also good. The key is keeping them updated with the latest virus definition files.

In the category of "other best practices", I would disable any services that are not being used (two of my favorites in this category, with XP, are the NetMeeting Remote Desktop sharing service, and the Universal Plug and Play service).

An excellent web site for keeping track of the latest vulnerabilities is <A target="_blank" HREF=http://www.cert.org>CERT</A> (Computer Emergency Response Team), a govt sponsored site run from Carnegie Mellon University. They have a mailing list you can subscribe to that will alert you to new problem issues as they arise. Unlike many other such sites, they are not in the business of selling security software, so they only issue alerts for new, serious vulnerabilities...no scare tactics.

Believe CERT when they inform you of a problem, and apply the recommended patch from your vendor (Microsoft, etc). We just received a bulletin today about a serious problem with XP's Windows "shell" (basically, the operating system).

looch · Dec 20, 2002

If I had high speed, I'd get a firewall. Like others have said, you can pick up a router/firewall "appliance" for around a hundred bucks. Personally, I'd probably build one out of an old PC - more for amusement. Just 2 network cards and any version of Linux. Mandrake even has a version of Linux made specifically for this purpose. I read about a really neat idea, but can't remember where. It was a firewall made up of a PC, a floppy disk, and a CD-R - no hardrive. The floppy is for booting the machine, and the OS and firewall are all on the CD, making it very easy to recover if something goes wrong.

Bird · Dec 20, 2002

Gosh, I wish I understood what you guys are talking about./w3tcompact/icons/frown.gif Anyway, I'm running Norton System Works and keep it updated very frequently, and there's a firewall built into XP, so I didn't install Norton's firewall, but do have the built in firewall running, and there's a log that shows lots of hits. In fact that log is up to nearly 4 meg and I was just looking this morning to try to find a way to clear the log without screwing up something else. Anyway, I guess this novice will just hope for the best./w3tcompact/icons/laugh.gif

Hank · Dec 20, 2002

Bird, the firewall built into XP is really all you need for a single computer. It provides the basic firewall protection right out of the box. The other main things one needs are current anti-virus protection, and to visit Microsoft for the "Windows Update", to get the latest security patches.

Don't be too alarmed about the number of hits in the log file. They are just "probes", and your system, with its firewall running, is reporting back to the prober that your shields are up, so they will look elsewhere.

Mosey · Dec 20, 2002

Bird - I have windows XP also, but didn't know about the built in firewall. Does it run by default or do I have to enable it? If so, how do I enable it? Thanks.

Bird · Dec 20, 2002

Danny, with XP Home Edition, click on "Start", then "Help and Support" and just enter the single word "firewall" in the search box at the upper left. I get 39 hits and the top one is "Enable or disable Internet Connection Firewall". If you click on that, you'll get the instructions in the box on the right. I can't remember what the default is; whether on or off, but think it's on.