How To Stop Viruses Spam, Viruses And Hacker _ www.bit.ly/taiho123

You need to be a little Machiavellian – building up your castle walls, hiring the right gatekeeper, eliminating spies, and acquiring the cloak of invisibility – to win the online battle.

Winning the

Online Battle:

How to Stop Spam,

Viruses, and Hackers Dead in Their Tracks

By Greg Reynolds

Spam Virus Help.com

Net Sense.Info

Introduction

About The Author: Greg Reynolds is a 23-year veteran of the

computer industry and the President of Net Sense, an IT consulting firm He has worked on systems integration projects with some of the largest companies in the U.S including IBM, Bank of America,

Wachovia, and Bell South

A graduate of the University of Michigan, Greg has been hands on with computers since the days when keypunch cards were used for data entry When he can get away with it, he likes to work on his notebook computer out on the back deck overlooking the lake

His consulting practice with Net Sense focuses on network security and project management for corporate clients The Spam Virus Help web site is geared toward assisting home computer users

Greg lives outside Raleigh, North Carolina with his wife and six kids When the five boys aren’t beating him up in various sporting activities,

he serves as the First Bank of Dad for all their financial needs And, of course, his daughter already has the keys to the vault!

About This Book: “Winning the Online Battle: How to stop spam,

viruses and hackers dead in their tracks” is work in progress

This ebook version is free for anyone to download You have full usage and distribution rights

You do not have the right to reprint, alter, or convert the content of this book into any other form

Copyright Notice: This book is copyrighted, March 2004, under the

laws of the United States All rights reserved

Version: This edition is Version 1.3 Check the web site for updates or

subscribe to the Net Sense newsletter

Table of Contents

Winning the Online Battle: 1

How to Stop Spam, Viruses, and Hackers Dead in Their Tracks 1

By Greg Reynolds Spam Virus Help.com 1

Net Sense.Info 1

Table of Contents 3

Introduction 7

Building Your Castle Walls 9

Start with a strong foundation 9

Use the right building materials 10

Hardware firewall 11

Software firewall 12

Protect your castle from spam and viruses 12

How break-ins occur 13

Let right in 13

Hand-delivered 14

Piggyback programs 15

Guessed right 15

Summary 16

Hiring The Right Gatekeeper(s) 17

Trustworthy 17

Multi-talented 17

Multi-tasking 18

Always on duty 18

Updated regularly 18

Gates To Guard 18

Internet connection point 19

Email 19

Attachments 19

Backdoors 20

Gatekeeping functions 20

Selection criteria 21

Cost 21

Ease of setup 22

Functionality 22

Automation 23

Upgradeability 23

Compatibility 23

Beware the Universal Solution 24

Summary 24

Eliminating Spies 25

Adware 25

Spyware 26

Malware 27

Summary 28

Acquiring the Cloak of Invisibility 29

Cookies 29

IP Tracking 30

Email Address Theft 31

Online Communication Eavesdropping 32

Summary 33

Use A Multi-layered Defense 34

Best Practices - Computer Security 34

Best Practices – Firewall 34

Best Practices - Spam Prevention 35

Best Practices – Antivirus Protection 35

Best Practices – Spyware/Adware Detection 35

Best Practices - Malware Defense 35

Summary 36

Computer security for your Windows PC 37

Windows security patches 37

Internet Explorer Security 38

How to secure Internet Explorer 39

Create a multi-layered defense 40

Spam filters block 93.7% of your spam email 41

Good spam filter: Spam Agent 41

Better spam filter: Spam Inspector 4.0 42

Best Spam Filter: Spam Arrest 43

Free Spam Filters are great anti-spam blockers 46

Free Spam Filters For Home Users 46

Free Spam Filter #1: Spam Pal 46

Free Spam Filter #2: Spam Weasel 47

Free Spam Filter #3: Spam Buster 48

Spam Prevention Tips: Anti-Spam Do's & Don'ts 49

Spam Prevention rules to live by: 49

Don't post your email address online 49

Don't open spam, ever 49

Don't buy anything from spam messages 50

Don't use spam "remove me" links 50

Do use an anti-spam filter or spam blocker 50

Antivirus software defeats the virus epidemic 52

Antivirus Review Criteria 52

Our Good Antivirus Software Pick: 53

McAfee VirusScan (#3 overall) 53

Our Better Antivirus Software Pick: 54

Panda Titanium Antivirus 2004 (#2 overall) 54

Our Best Antivirus Software Pick: 54

Kaspersky Anti-Virus Personal Pro (#1 overall) 54

Norton Antivirus 2004: Free Download Info 57

Norton AntiVirus software 57

Product Overview 57

Product Features 57

Product Problems 58

Product Pricing 58

Free Download 59

Norton Antivirus 2004 Update 59

Free Antivirus Software 60

Free Antivirus Software #1: 60

AVG Anti-virus 60

Free Antivirus Software #2: 61

AntiVir Personal Edition 61

Free Antivirus Software 62

Free Anti Virus Downloads 63

Free Antivirus Download #1: 63

Panda Titanium Anti-virus 63

Free Antivirus Download #2: 64

Kaspersky Anti-virus 64

Free Antivirus Download #3 65

Norton Anti-Virus 2004 65

Free Virus Scan Websites 67

Trend Micro HouseCall 67

Kaspersky Virus Checker 68

Need a free virus scan? 68

How to do your Free Virus Check 69

BitDefender Free Online Virus Scan 69

Panda ActiveScan - Free Online Scanner 70

Spyware removal protects your privacy 71

What is Spyware? 71

How you got infected with Spyware 72

Why you want spyware removal 72

Spyware Removal Review Criteria 73

Good Spyware Removal Pick: 73

X-Cleaner from X-Block (#3 Overall) 73

Better Spyware Removal Pick: 74

Spy-Killer V3.0 (#2 Overall) 74

Best Spyware Removal Pick: 76

PestPatrol (#1 Overall) 76

Free Spyware Removal Programs 78

Adware 78

Spyware 78

Free Spyware Removal #1 79

Lavasoft's AdAware 79

Where to download AdAware 80

Free Spyware Removal #2 80

Spybot Search & Destroy 80

Where to download Spybot Search & Destroy 82

Free Spyware Removal #3 82

PestPatrol (#1 Overall) 82

Spybot Search & Destroy nails 99% of spy bots 84

Spybot Home 84

Why Spybot S&D gets rave reviews 84

Where to download Spybot Search & Destroy 85

Where to get updates 85

Where to get Spybot SD questions answered 86

A Personal firewall keeps you safe online 87

A personal firewall blocks, on average, three hack scans a day 87

What is a firewall? 87

How a firewall works 87

Hardware firewall 88

Software firewall 88

Free personal firewall 89

Where you can get a free firewall 89

Free Firewall Software 90

Personal Firewall Software #1 90

Zone Alarm (#1 overall) 90

Personal Firewall Software #2 91

Tiny Personal Firewall (#2 overall) 91

Personal Firewall Software #3 92

Norton Personal Firewall 2004 (#3 overall) 92

Firewall Downloads 92

BlackICE Firewall 93

Outpost Firewall 93

Stay Safe in Your Castle 95

Resource Links Save You Time & Money 96

Spam Resources 96

Antivirus Resources 96

Spyware Resources 97

Firewall Resources 97

Ebook Resources 98

Computer Resources 98

Webmaster Resources 99

Security Resources 99

Additional Resources 99

Introduction

The key to winning the online battle is to think medieval And no,

that’s not really as odd as it sounds

You need to be a little Machiavellian – building up your castle walls, hiring the right gatekeeper, eliminating spies, and acquiring the cloak

of invisibility – to win the online battle

Then, once you have good defenses in place, you can protect easily protect yourself while you venture online as long as you keep your head about you

And how do you do that?

Simple You just use common sense:

• You don’t leave the front door open at your castle

• You don’t let anyone in unless they know the password

• You don’t let spies leak valuable information

• You don’t let anyone see where you’re going

So how does that translate to staying safe online?

You put systematic procedures in place that watch your back When you are connected to the Internet, no one can possibly keep up with all the communication process going on between your computer and the outside world

However, by using a combination of specialized programs, you can put

a multi-layered defense that monitors all the communications to and from your computer and keeps your castle safe

Every online computer needs the following:

these products work, covering best practices, and providing detailed product information.

Building Your Castle Walls

In medieval times, castle walls provided a good defense against

attackers Sure, there were still some risks such as bad guys scaling the walls, sneaking in the gates, or shooting flaming arrows over the walls But, all in all, living behind strong walls was a lot safer than being unprotected

The same holds true today Your computer is your online home and it needs to be a fortress to protect you from attack

In other words, PC = Home = Castle

So, how do you go about turning your computer into a fortress? You begin by building your castle walls We’ll get to guarding the gates, becoming invisible, and knocking off pesky spies in future chapters

Start with a strong foundation

To build strong castle walls, you first need a good foundation With your computer, that means having your hardware and software up-to-date, all the holes in your computer’s operating system plugged, and any necessary patches applied

Otherwise, your foundation will be weak because the building blocks weren’t strong enough to handle the load The unpatched operating system means the mortar was weak, causing holes and weak spots to

be left in your castle walls

Today’s programs place more demands on your computer than ever before You need a fast enough processor, sufficient memory, and a large enough disk drive to handle all the work Otherwise, you won’t have enough men to defend your castle

Most home computers today come with enough processing power, but are woefully short of memory Imagine defending your castle with soldiers who couldn’t remember what they were supposed to do and had to stop and think about it before acting

By then, things may have gotten out of control Or, worse yet,

everything will happen in slow motion as your computer slows to a crawl

Windows computers need a ton of memory to handle the many

processes they are running simultaneously When you build your castle walls, you’ll be adding even more tasks to their to-do list

Do your computer a favor and give it sufficient memory to do all the jobs quickly and easily

At a minimum, Windows XP systems should have 512k of memory By upgrading your computer’s RAM memory to that level, you’ll ensure that every task is handled swiftly

Likewise, having enough disk space is critical to your system’s

performance Today’s software programs are enormous compared to the programs in use a decade ago

As you add more files to your hard drive, the response time slows as more data is searched to find what is needed If you find your system slowing down, check and make sure that you have enough space

available on your hard drive

For more information about all the various performance settings to check and adjust on your computer, see the Chapter on “PC Settings - Best Practices”

Use the right building materials

Once a good foundation is in place, it’s necessary to use quality

materials to build your castle walls The basic building blocks are:

Simply put, a firewall detects, rejects, and protects

Hardware firewall

A hardware firewall is an external device that resides outside your computer A software firewall is a program that resides inside your computer

Both types of firewalls analyze all incoming and outgoing traffic

according to preset rules You can also add additional instructions to your firewall that will allow certain types of additional communication

Using a hardware firewall on a home computer is rare as they are designed to isolate and protect computer networks Taking our castle walls analogy a little bit further, these are like walls that protect an entire town or city

In some cases though, you might use a hardware firewall at home Many people network their home computers together and connect to the Internet through a single, high-speed connection, usually cable or DSL

Several manufacturers include firewalls within the cable/DSL routers sold in most home electronics stores

These hardware firewalls disguise everything behind them with their own unique addresses, called subnets Communication like this uses Network Address Translation (NAT)

NAT essentially hides you from prying eyes outside, just as if you were behind tall castle walls

A firewall isolates your computer from the Internet by inspecting each piece of data – inbound or outbound – as it reaches the firewall It uses certain basic rules to decide what goes through and what doesn’t

Each little package of data must correctly identify itself by specifying a destination address and a port number on that computer

It must also contain its originating address and the port number from which it was sent Think of it as the address information on a regular envelope – both return address and recipient

Since every data package contains this address information, a firewall can selectively accept or reject the various packages of data it

receives

Certain rules specify which ports are valid destinations on your

computer Other rules specify which ports are valid senders from your computer

Each data packages also contains a little snippet which states whether

it is initiating a conversation or acknowledging one that is already taking place Rules stipulate how data conversations can be initiated and how they must be acknowledged

Your firewall knows which packages match its rules and are therefore acceptable All other packages are refused delivery and go no further than the firewall

Software firewall

A software firewall performs the same functions as a hardware firewall

It places a wall of code in front of all data transmissions instead of a physical device that essentially contains its own wall of code

Either type of firewall will provide the necessary castle walls you need for your computer In addition, you’ll need to strengthen your castle walls with antivirus protection and spam prevention

Protect your castle from spam and viruses

You’ll want your walls to hold up to all types of bad weather, such as a spam deluge, and any type of attack hurled against it, such as a virus outbreak

Spam is an astronomical problem these days Brightmail reports that spam has climbed from 42% of all email in February 2003 to 61% in January 2004

Considering that overall email usage is growing at a rapid rate, the volume of spam has become a deluge of biblical proportions

To ensure that your castle walls stay strong, it’s very important to block or filter out all incoming spam You certainly don’t want this stuff coming inside your castle, so it makes sense to divert it away from your computer

A good spam blocker will keep 90-95% of spam from fouling your mailbox That goes a long way toward keeping your castle walls strong because a significant percentage of spam messages carry viruses and malware that can harm your computer

Likewise, a good virus protection program will catch the vast majority

of infected messages Without one, you are asking for trouble by

leaving major gaps in your castle walls

However, virus programs can never be perfect because each new virus has a unique signature that must be added to your virus protection programs scanning database before it can be detected and

quarantined

That’s why it’s so important to keep your operating system and your applications patched with the latest updates to close the holes these viruses are designed to exploit

Later on, we’ll cover spam and antivirus protection in depth and then lay out best practices to follow to keep your castle safe Right now though, we need to look at the remaining weak points in your castle walls

How break-ins occur

Your castle walls are vulnerable at certain weak points like the Internet connection point and your communications gateway Break-ins can occur in the following ways:

One way bad things can get inside your castle is by being let right in For example, if you had no defenses at all or had only partial defenses

in place

You can easily infect your PC simply by inserting a corrupted floppy disk or other removable media Your defenses must include protection from trusted sources

If you don’t have a good antivirus program in place that scans all your incoming email, you are effectively letting in any virus that shows up

at your door Then it’s only a matter of time before you make a

mistake and click on the wrong message, thereby triggering the

release of the virus

Another way that a potential intruder can be let right in besides having little or no defenses in place is via social engineering or “phishing.” For instance, you might get an email from someone purporting to be your ISP or a credit card provider, etc

You are asked to reveal information about yourself and your account access in order to verify your account Obviously, never respond to these types of email because these are just nefarious individuals

phishing around for information so that they can access your computer and/or your accounts

Hand-delivered

“Hand-delivered” messages are another way that your defenses can be breached By hand-delivered, I mean messages from a trusted source that contain malware, i.e code that damages your computer or does sneaky things

Some malicious code can spy out information within your PC and

report back to outside computers on what it finds

Needless to say, this type of code is unethical if not outright illegal Nevertheless, it exists and you have to protect yourself against it Many of the better antivirus packages can detect these malicious code packages

In addition, there are also software programs that can detect and remove these programs from your system These are covered on

Spyware/Adware protection

Piggyback programs

A third way that break-ins can happen is through piggyback programs Here, certain less than reputable companies include extra code in their downloads that are nothing more than spyware

This type of program reports back to another computer on certain aspects of your computer usage

They are used primarily to trigger annoying popup advertising when you are online, but they also can be used to take control of your

browser and take you to sites that you have no intention of visiting

Again, there are good programs available to detect these little

monsters and eliminate them before they can do any more damage

Guessed right

Guessing right is another way that your computer can be breached It’s somewhat akin to firing an arrow over the castle walls and striking

an unseen target

A potential intruder scans the Internet for likely targets and tries

thousands of addresses per hour automatically By chance, your

address is selected and the hacker tries to gain admittance to your system

They can quickly try dozens of automated probes looking for weak spots in your defenses

Without the correct implementation of every level of security on your

PC, a potential intruder can keep trying to get in until they finally

stumble across an opening or guess right on a necessary password

That’s why having strong defenses are so important A good firewall will keep them at bay, and if necessary, disconnect them after

repeated intrusion attempts

Summary

While keeping your computer in good shape – patched and ready to go – is a necessary foundation for your castle, a good firewall provides the essential building blocks of your castle walls

Without strong castle walls, you will eventually suffer a breach and possibly lose valuable information to a hacker or even lose all your data if/when a virus attacks your PC Deploying spam blocking and virus protection are a must for keeping your castle walls intact

However, there’s one important consideration that’s critical to

maintaining a strong defense against intrusion and that’s selecting the right gatekeeper Let’s move on to the next chapter and see just how

to make the right choice

Hiring The Right Gatekeeper(s)

Having a gatekeeper controlling access to the inside of your castle is very important, but selecting the right one is critical And, because there are actually several gates in and out of your computer, you’ll need to take care in selecting the best gatekeepers for each one

First, let’s take a look at the qualities a gatekeeper should possess Your gatekeeper should be:

version

A gatekeeping program shouldn’t be reporting back to the vendor about your activities unless you consciously agree For example, some antivirus programs report their data back to their company, but never ask you if that’s OK with you

And, don’t even get me started about burying reporting notifications deep within the legalese

Multi-talented

A multitalented gatekeeper isn’t one that can perform multiple

gatekeeping functions such as spam filtering AND antivirus protection Rather, it’s an intelligent program that makes decisions (albeit minor ones) independently

It shouldn’t need to be told to go get updates The program should be able to decide that it is better to be safe than sorry when making

decisions And, your gatekeeper should always have your best

interests at heart, not those of its creator

Multi-tasking

Your gatekeeper should be capable of doing many things at the same time Too many programs have single track tasking, i.e they stop doing their job while they go off to get an update or they’re disabled while those update files are copied

Granted, it’s a small thing, but it’s a security exposure nonetheless

Gates To Guard

Which gateways to and from your castle need a gatekeeper?

• Internet connection point

• Email

• Attachments

• Removable media

• Backdoors

Internet connection point

Your Internet connection, whether it’s dialup or always on like cable or DSL, is your gateway to the world

As we discussed in the previous chapter, your best castle defense is to make your Internet connection point as hard to penetrate as possible

When you surf the Internet, your location (IP address) is part of the communication you exchange with every website

Since you are broadcasting your address, it makes sense to be

prepared for visitors

Email

Your email arrives through your Internet connection point, but it

contains many items that simply cannot be completely checked as they arrive

One example is any links within an email message Your main

gatekeeper can’t examine everything and this is one area that needs watching

A second is HTML code within an email that reports back to its sender whether you have opened the mail, how long you looked at it, and other possibly sensitive information

Obviously, you want to control this type of gateway communication even though it’s not necessarily harmful

Attachments

Email attachments are a huge area of exposure Even trusted friends can inadvertently send you a virus-infected attachment

And of course, there seems to be thousands of other folks out there who delight in sending viruses to as many people as possible

So, it’s critical that all of your mail be examined by a separate

gatekeeper before you open it and, if you want your friends to still like you, before you send something as well

Well, there are sophisticated automated tools which can probe all of your computer ports in less than four minutes

So, anyone can simply and quickly determine which backdoor to your castle might be left open and unwatched by any gatekeeper

And of course, once they gain access, you’ll have a dickens of a time getting rid of them!

Gatekeeping functions

And what are the gatekeeper’s jobs?

• Controlling who and what comes and goes (firewall)

• Approving any new requests to go outside (firewall)

• Identifying and locking up troublemakers (virus protection)

• Keeping out the riffraff (spam blocker)

As we’ve discussed, different needs means multiple gate keepers Firewall hardware and firewall software do a great job of providing

strong castle walls and tightly monitoring traffic through the main gateways

A software firewall will also routinely request your approval for any new application before it grants Internet access This prevents any type of spy code or malicious program from being able to sneak away with your personal information

It also blocks executable code from launching your mail program and unleashing a barrage of virus-laden emails to your entire email

address book

Your virus protection gatekeeper will impound any known

troublemakers and prevent them from spreading their payload within your castle

A spam gatekeeper will block annoying or offensive messages and either keep them from entering your castle at all or relegating them to the junk bin within your email program

Together, these four gatekeepers will do a fabulous job of keeping you safe within your castle walls

There are free and inexpensive gatekeepers that do a great job

However, the old saying that “you get what you pay for” holds true in the computer world as well

Most free programs that provide the gatekeepers have fewer features than their commercial brethren

Oftentimes, the free program is offered by the same vendor and is intended as a stepping stone to entice you to use their paid product

Sometimes, these programs come with annoying advertising blurbs or expire after a free trial period Nevertheless, using a free gatekeeper program is way better than not using one at all

Also, the highest priced offering is not necessarily the best Check our chapters on recommended products for insight as to the most cost-appropriate firewall, antivirus, or spam solution for you

Ease of setup

Ease of setup is another important criterion I sometimes think that there is an evil interface demon that exists solely to kludge up

programs by making them non-user friendly

A good setup program is intuitive, i.e it has a good understanding of what you want to achieve and the default settings are therefore

appropriate for most users Bad setup programs require you to answer

a seemingly endless list of questions before settings are determined

Functionality

Functionality is critical in any application controlling a gateway

Feature set choices should be robust and at the same time, enough information should be provided to make understanding and enabling the extra functions a breeze

If a gatekeeping program lacks certain functions, it won’t be able to perform all the expected tasks

Prime examples of this are most antivirus programs They fail to

provide more than limited functionality in their ability to clean infected files

It’s not that doing so is impossible; it’s just that for many of these vendors, cleaning infected files is not a priority

One program, Kaspersky Anti-Virus Personal Pro, has the ability to clean almost any infected file The real question is - why don’t the other antivirus programs?

Automation

Another key factor is automation A program should function

independently and interrupt/alert you only when absolutely necessary

A useful feature is one where you can set the alert threshold level to the settings you prefer instead of being stuck with what someone else assumed you would like

Automation also means that a gatekeeper program like spam or

antivirus protection that needs update signature files will get the

required updates either on a regular schedule or as alerted by its

source

Upgradeability

A gatekeeper program should offer a smooth upgrade path Examples include an upgrade from a free version to a paid version that doesn’t require removing the first one, and also a simple way to upgrade to the latest version of a program

It goes without saying that the upgrade path should be only a fraction

of the cost of buying the new version outright

Compatibility

Your gatekeepers should coexist nicely You wouldn’t want a program that repeatedly crashed other programs that you were using nor one that hogged so many system resources that other programs slowed to

a crawl

Beware the Universal Solution

A universal gatekeeping solution is not the best approach Many

companies offer combination programs that provide antivirus

protection and spam filtering at the same time

Unfortunately, they usually don’t do a great job at either one

You want best-of-breed solutions in each of these critical gatekeeping roles, not a compromise solution that the marketing department dreamed up See the various product reviews for additional

information

Summary

Selecting the right gatekeeper is critical to properly defending your castle against sneak attacks (hackers), invasions (spam), diseases (viruses), and spies (adware)

As we review the various product offerings that fulfill these vital

gatekeeping functions, remember just how important the gatekeeper job is

Be sure to select yours carefully and prudently

Eliminating Spies

In medieval times, every castle had to beware of spies who might betray their secrets to the outside world Today is no different There are active spies inside your computer castle right now

It’s time to be a little bit Machiavellian and start eliminating spies from your computer

These spy programs fall into three broad categories:

banners are displayed while the program is running

These applications include additional code that delivers the ads, which appear as pop-up windows or through a bar or panel that appears on a computer screen

The justification for adware is that it helps recover programming

development cost for some freeware or shareware application that has been downloaded to your computer, i.e., it helps to hold down the cost for the user

Adware has been criticized for occasionally including code that tracks a user's personal information and passes it on to third parties, without your authorization or knowledge

Ads are often tailored based on your surfing habits or closely matched

to the website you are visiting at the time

If you think about adware in the context of TV viewing, it’s as if the TV was observing your lifestyle and displaying ads based on what it

observed about you as you watched TV

For example, your TV ad might be for a competing beverage or snack aimed at convincing you to switch brands

Adware smacks of invasion of personal privacy and sometimes borders

on theft of personal information

You are much better off without all of your online activities being

reported back to various companies, most of whom you’ve never done business with in the first place

Spyware

Another common spy that may be lurking on your computer is the appropriately named spyware

Spyware is potentially far more dangerous threat than Adware because

it can be used to record your keystrokes, history, passwords, and

other confidential and private information

It is often sold or freely distributed as a spouse monitor, child monitor,

a surveillance tool or simply used as a tool to spy on users to gain unauthorized access

Spyware is also known as: snoopware, PC surveillance, key logger, system recorders, Parental control software, PC recorder, Detective software and Internet monitoring software

Spyware covertly gathers user information and activity without the user’s knowledge Spy software can record things like your keystrokes

as you type them, passwords, credit card numbers or other sensitive information, where you surf, your online chat logs, and can even take random screenshots of your activity

Basically, whatever you do on the computer is completely viewable by the spy You do not have to be connected to the Internet to be spied upon

The information captured by the spyware can be retrieved directly from your computer or transmitted to another computer

The latest permutations of spyware include the use of routines to mail out user activity via e-mail or posting information to the web where the spy can view it at their leisure

Also many spyware vendors use “stealth routines” and “polymorphic” (meaning to change) techniques to avoid detection and removal by popular anti-spy software

In some cases spyware, known as a “retrospy”, will counter-attack

anti-spy packages by attempting to disable the program In addition they may use routines to re-install the spyware application after it has been detected

Malware

The worst type of spy is malware Malware is computer slang for

malicious software In that sense, malware is software that is designed specifically to disrupt a computer system

A trojan horse or a virus could be classified as malware Some

advertising software can be malicious in that it can try to re-install

itself after you remove it, so in some ways that could be categorized

as malware as well

Simply put, malware is software specifically engineered to damage

your machine or interrupt your normal computing environment You most definitely never want to allow malware to gain even the tiniest foothold on your computer

What are some examples of malware that you might encounter?

Home Page Hijack:

Your browser home page can be hijacked by a malicious website The home page would then only open to a porn page or to a page of ads

Dialer Hijack:

Another type of hijacking concerns your modem A porn dialer can be installed on your computer without your knowledge It may come

bundled in some kind of fun software, theme or screen saver

If you are online when the dialer actually installs, it will cut your

current modem connection and dial into a porn site in another country The billing will appear on your next phone bill and could be substantial

Search Page Hijack:

Definitely one of the worst hijacks, and one of the hardest to remove,

is one where your browser is permanently rerouted to a paid search engine

The most egregious offender here is a company called Cool Web

Search, which not only hijacks your browser; it also actively fights attempts to remove it

Malware poses significant risks to your computer and to your

pocketbook because it can damage your PC, destroy critical data files, require an expert to remove and restore everything, or, as in cases involving hidden installations of auto-dialers, run up a huge phone bill for a dial-up user

Summary

Now that you know what kind of trouble spyware, adware, and

malware can cause you, you’ll need to learn how to stay safe

In a subsequent chapter, we’ll examine the various prevention and removal tools available to combat spyware, adware, and malware But right now, we’re going to complete our introduction by finding out how to be invisible online

Acquiring the Cloak of Invisibility

Becoming invisible online is a worthy goal It will help you greatly in your efforts to protect your privacy as well as your castle, not to

mention greatly reducing the amount of spam headed your way

The cloak of invisibility means your web surfing habits aren’t

constantly being recorded and passed on to strangers, your Internet IP address is shielded from prying eyes, your email address is protected, and your online communications are shielded

When you venture online, your browser exchanges a significant

amount of information with each website that you visit There are a number of ways that your privacy is invaded:

• Cookies

• IP Tracking

• Email Address Theft

• Online Communication Eavesdropping

Cookies

Whenever you browse the Web, it's likely that hundreds of marketers are tracking your every move using cookies tiny programs that hook onto your browser and track your surfing habits, reporting them back

to the originating site

Web site owners can see what kind of operating system and monitor you're using, what part of the country or world you're in, and when you last visited their site They can tell which Web site you visited before theirs, and which one you went to next

Many websites use cookies to track user visits and preferences There

is nothing wrong with that, but most sites do not ask your permission nor do they set their cookie to self-destruct after leaving their site

Cookies, those little text files silently placed on your computer by the web sites you visit, continue to be a privacy issue Many cookies serve

a useful purpose, such as remembering log-in information or helping e-commerce Web sites keep track of what's in your shopping cart

But cookies are also used by advertisers to track your surfing and shopping habits Instead, websites use their cookie to track what other websites you visit, how often you visit those sites, and other

significant details of your online behavior

It’s like they’ve planted a little spy on your shoulder that reports back

to them as soon as you return to their website

Most users just ignore the cookies that are planted on their computers

It isn’t unusual for an active user to accumulate several thousand of the little boogers in a year, all reporting back to various sources just what you’ve been doing

Certainly you wouldn’t stand for that happening when you were at a shopping mall Imagine having a horde of chattering mavens harping about your every shopping move on their cell phones to their

to see when you’re online

To shield your moves online from the prying eyes of marketers and hackers, you also can disguise your Internet protocol (IP) address a unique number that identifies your computer in somewhat the same way that your Social Security number pinpoints you

How do you do that? By using a service that encrypts and reroutes connection requests as you click from one Web site to another,

essentially hiding your IP address

Alternatively, you could disguise your IP address using special

software or online services such as "The Cloak", found at

The-Cloak.com, or the "Anonymizer", at Anonymizer.com

The latter, which works on most versions of Windows, automatically strips your IP address from all outgoing data as it flows through

Anonymizer servers

The service can also encrypt all web page requests that your browser makes, so that only you know which sites you visit

Email Address Theft

Your name and e-mail address may be embedded in your browser Websites can then take them from your browser and make a

permanent record of your visit

Hidden scripts on a Web page can bore into your hard drive and

retrieve private information, often without your knowledge With only one extra line of computer code, a website can capture your email address from information stored within your browser

To prevent this, you can go into your browser's preferences menu and delete this information or replace it with a false name and a dummy e-mail account

The sharing of your email address might not seem like a big risk, but having it grabbed from your computer without your permission is never a good thing It’s far better to keep your real identity a secret unless you choose to reveal it

Sites that swipe email addresses without permission usually have a reason for doing so and those don’t include doing you any favors Your email address can end up being bundled and resold to literally

hundreds of spammers as part of huge mass mailing lists

Other personal information at risk also includes your name since it is stored by your email program right next to your email address

From there, it’s easy for a company to match up your name (and all the details from your cookies) with information stored in huge

databases which are readily accessible to almost any business

Your credit history and payment records can be accessed by a

business For a small fee, your personal financial history is laid bare for anyone to see

Best to take precautions and be invisible to prying eyes

Online Communication Eavesdropping

There are several million people in the world with sufficient technical knowledge to eavesdrop on network communications It simply

requires a “packet sniffer” tool and a moderate understanding of what

to look for and how to reassemble the packets

Given that there are free versions of packet sniffers available online, one could safely surmise that almost any Internet communication was subject to eavesdropping

In practice, it is somewhat difficult to target a specific communication, but much less difficult to tap into a random one

Without going into a lot of technical detail, any email that you send, any online chat session, or instant messaging for that matter, can be accessed as it traverses the Internet

However, given the dynamic nature of the Internet, it is impossible to absolutely predict exactly what path network traffic will follow One email message that you send could take an entirely different path to reach the recipient than another that you send to the same person

In fact, it is even worse than that: for the sake of efficiency, email messages and other network traffic are typically broken down into smaller little chunks, or packets, before they are sent across the

network, and automatically re-assembled on the other side

Each of these individual packets may in fact follow a different path to get to the recipient! (In actual practice, a given path tends to get reused until the operational parameters of that or other related paths have significantly changed.)

The net result of all this is that your message, or at least little chunks

of your message, travels through an indeterminate set of systems and network devices, each of which offers a point of interception

These systems may be owned or operated by corporations and profit organizations, by colleges, by governments and government agencies, or by telecom and other connectivity providers

non-Given such a widely divergent group, it is easy to see how either an unethical organization or a renegade employee may easily gain access

to the messages and traffic crossing their systems

All of these factors combine to make the Internet itself the primary source of message interception points:

• Internet Service Provider (ISP)

• Email Provider

• Office

• Hotel/Conference Center/Internet Café

• Housing Provided Connectivity

• College/Trade School

• Local Loop (cable or broadband access)

• Metropolitan Area Network

Use A Multi-layered Defense

As we’ve seen in the previous chapters, there are many types of

exposure when your computer is connected to the Internet You have spam, viruses, and hackers trying to invade your castle almost non-stop

To be safe, you have to construct a multi-layered defense against intrusion, information leaks, identity theft, and malicious code Your castle walls need to be strong, high, and airtight

The best way to protect yourself is to combine best practices with common sense We all know what common sense is – it’s what we forgot while we did the wrong thing

Seriously though, common sense is sound judgment not based on specialized knowledge We all have it, but don’t always use it

Hindsight is always 20-20, so you need to know what “best practices” are for computer security and use them to protect yourself even when common sense flies out the window

Set up your multi-layered defense by following these best practices

Best Practices - Computer Security

1 Apply operating system security patches as soon as possible

2 Apply all application security patches

3 Automate the process of checking for Microsoft patches

4 Secure your browser against intrusions

5 Secure Outlook/Outlook Express settings

6 Turn off RPC and DCOM on your PC

7 Disable unnecessary file shares and printer shares

8 Turn off any unnecessary networking services

9 Turn off Windows Messaging Services (not instant messenger)

Best Practices – Firewall

1 Always use a software firewall on your computer

2 Don’t leave the default username and password settings

3 For DSL or cable connections, add a hardware firewall – a home network router does the trick nicely

4 Pay attention to the settings on your firewall

5 Read the manual! Follow the instructions

Best Practices - Spam Prevention

1 Always use a spam filter

2 Never open spam, ever

3 Don’t buy anything from spammers

4 Don’t post your email address online

5 Don’t use a “remove me” link in a spam email

Best Practices – Antivirus Protection

1 Always use antivirus software

2 Never open email attachments from unknown senders

3 Be wary opening any attachments from friends

4 Keep your software’s virus definitions updated automatically

5 Set your antivirus software for real-time protection

6 Use the best antivirus software you can afford

Best Practices – Spyware/Adware Detection

1 Always use a spyware removal program

2 Use one that also blocks spyware and adware from your PC

3 Scan your system at least weekly

4 Don’t download P2P file sharing programs

5 If you do, immediately run your spyware remover

Best Practices - Malware Defense

1 Lock down your PC’s system settings

2 Secure your browser settings See computer security section

3 Tighten security for ActiveX and Java settings

4 Don’t download files from unknown sights

5 Make sure all OS and application files are patched

Summary

The online world is 99% safe, but the other 1% can make your life pure hell if you’re not careful

You want strong castle walls that protect you, good gatekeepers

controlling access, and spies eliminated with the utmost dispatch

Most importantly, to win the online battle, you want to acquire and wear the Cloak of Invisibility

With the right security settings, using a good firewall, and following best practices will keep you invisible and safe within your castle walls The next chapters will tell you all about the necessary tools for:

We give you the links to the best free versions and to free trials of their commercial brethren

The important thing is to be safe, so definitely put your protection plan into motion ASAP

Let’s be safe out there…

Computer security for your Windows PC

Computer security is a goal to which we all aspire Windows security is

an oxymoron - a contradiction in terms

If you want computer security on a Windows platform, you have your work cut out for you This article discusses three things you must do to build a strong security foundation

• Apply all Windows security patches

• Tighten Internet Explorer security

• Create a multi-layered defense

Windows security patches

Viruses, trojans, and hackers all exploit known flaws in Microsoft

Windows To protect yourself, you need to close the holes and prevent those exploits

Obviously, the source for all the security patches for Windows and related applications such as Microsoft Internet Explorer is the Microsoft web site The Microsoft Windows Update site provides critical updates, security fixes, software downloads, and other relevant security info Simply click the Scan for Updates button and Microsoft will tell you what updates are available for your system Then browse the list and check off the ones you want to install

Critical updates will always be in a small group at the top of the results page Always install those first

Upon completion of your download, each update will automatically install itself You may need to reboot your system for some security updates to become active

To maintain your system's protection, you can keep abreast of any new security updates automatically with Windows Update

Periodically, when you launch Internet Explorer you will be directed to the Windows Update page for a new scan

Note: If you use Microsoft Office products such as Word and Excel, you can get the security updates for them through Windows Update as well Simply click the top button labeled "Office Update"

Internet Explorer Security

Microsoft Internet Explorer needs to be updated regularly to maintain computer security Microsoft Internet Explorer is the default web

browser installed on Microsoft Windows platforms

All existing versions of Internet Explorer have critical vulnerabilities if they are not kept up-to-date with current patches

The vulnerabilities can be categorized into multiple classes:

• Web page or Windows interface spoofing

• ActiveX control vulnerabilities

• Active scripting vulnerabilities

• MIME-type and Content-type misinterpretation

• Buffer overflows

These vulnerabilities could lead to disclosure of cookies, local files or data, execution of local programs, download and execution of arbitrary code, or complete takeover of the vulnerable system

Patches for these vulnerabilities are available for Internet Explorer version 6.0 Earlier versions of Internet Explorer are also vulnerable However, patches may not be available for earlier versions

If you are using IE 5.5 or earlier, upgrading to IE 6.0 is strongly

recommended as service packs for earlier versions of Internet Explorer are no longer available

If you are using IE 6.0, start by upgrading to the most recent service pack for Internet Explorer

To maintain your system's protection, keep abreast of any new IE updates with Windows Update as previously discussed

How to secure Internet Explorer

To configure the Security settings for Internet Explorer:

• Select Internet Options under the Tools menu

• Select the Security tab

• Click Custom Level for the Internet zone

Most of the flaws in IE are exploited through Active Scripting or

ActiveX Controls are not as popular but are potentially more dangerous

as they allow greater access to the system

• Select Prompt for Download signed ActiveX Controls

• Select Disable for Download unsigned ActiveX Controls

• Select Disable for Initialize and script ActiveX Controls not

marked as safe

Java applets typically have more capabilities than scripts

• Under Microsoft VM, select High safety for Java permissions This puts access barriers around the Java applet and prevents

privileged access to your system

• Under Miscellaneous select Disable for Access to data sources across domains

This protects you from cross-site scripting attacks

Also, make sure that no un-trusted sites are in the Trusted sites or Local Intranet zones as these zones have weaker security settings than the other zones

These security settings for Internet Explorer will also be automatically applied to your other Microsoft applications such as Outlook and

Outlook Express

Create a multi-layered defense

Computer security is all about having multiple lines of defense After applying the security patches to Windows and fortifying Internet

Explorer, you have a good foundation in place

You are now ready to further increase your computer security by

building upon that foundation and creating some strong castle walls for additional protection

Here's what you need:

If you can't afford to purchase any or all of these, then use the free versions we recommend While not as effective as the commercial versions, they nevertheless provide a strong extra layer of much-