Get our latest top picks
Subscribe to our Top Picks RSS Feed or enter your email address below to get the feed delivered to you by email:
|
Follow Gizmo |
 |
 |
 |
Register/Login
Top Rated
Gizmo's Freeware is Recruiting
We are looking for people with skills or interest in the following:
- Mobile Platform Reviews
- Rootkit Scanner and Remover
- Streaming Media Recorder
- Email Client
- Archive Manager Interested? Click here
Safe Computing in Under an Hour
Safe Computing in Under an Hour
.... or the Battle of the BOTS*
*Automated internet malware programs
Yes, that's right. You too can secure your PC in under an hour simply by following the guidelines below.
These days 95% of your risk of malware infection comes from the Internet and the rest from removable media such as infected CD's and pendrives. People are always asking us what we recommend in terms of protection and then how best to set it up. Even amongst freeware the choices are as varied as the people making them but the quality is often as good if not better than many of the commercial alternatives. No one mix of applications is going to suit everybody but for performance and ease of use there is a starting point which anyone would do well to consider. On this basis I've put the following list together with some added comments and descriptions.
Please remember the golden rules for PC security.
1] The best protection will come from programs you can understand and configure to their best potential, no matter where they might appear in someone else's "test" chart. (From the software recommended on this site).
2] 95% of all infections are caused by poorly configured software or other forms of user error.
OK, lets start this battle by sending in some front line troops without even considering our main army at this stage.
1] The Front Line
Whenever you connect to the Internet and type "Softpedia" into Google. a request is sent via a DNS (domain name) server which converts your request into the page you want and doesn't present you with Porkys Uncovered instead! This system, like everything else on the Internet, is open to abuse and of course targeted by criminal elements seeking to do just this. Some of the most unsafe servers (and sometimes the slowest too) are those provided by your ISP, but not always. You can change your default DNS server settings very easily and use an external free service like OpenDNS or Comodo. Both have a slightly different approach to achieving the same thing but offer protection against phishing and malware sites. OpenDNS is currently more configurable and offers content filtering as well. One recent entrant is Norton ConnectSafe. which is a little more aggressive with its ratings.
Check them out and choose which one suits your needs best. Parents or guardians with children may prefer OpenDNS because of it's content filtering options. If you can't understand how to set it up from the website instruction then ask in the forum here and we'll help you out.
Right, having secured the road for the troops lets now find them some transport.
2] Troop Transport
You can say what you like about Microsoft but the fact remains that several other browsers offer better security overall than Internet Explorer. Try to resist the temptation to install six because you can only use one at once. Anyone who must have a choice though can always pick Lunascape which is the biggest thing in Japan since Datsun started cloning western cars! It has the rendering engines of IE, Firefox and Chrome/Safari so you can choose whichever options suits. Currently though plugin support in English is highly limited (like there's just one for Twitter!) so from a security point of view this is not ideal, although still better than IE. There are nearly 200 skins available for Lunascape and being of oriental origin many must seem quite "unique" to people outside this region. That said, if you want your browser to look like a pink fairy at Halloween then look no further!
My own recommendation for this category is Firefox, not because I think it's the best browser but because this list is all about getting people onto the net safely and in a way they can understand. Firefox on it's own needs a little help so after installing the program choose the following extensions from the list available at Mozilla.
Public Fox (Block downloads, lock down bookmarks/addons/downloads with a password)
Ghostery (Chrome users click here)
NoScript (Chrome users can add the NotScripts extension)
Adblock Plus (Chrome users click here)
Webutation (Chrome users click here)
WOT (Chrome users click here)
Dr. Web link scanner (Chrome users click here)
BetterPrivacy (handles flash cookies)
Respected vendor Trend Micro have also appeared on the scene with a freeware product called Browser Guard 2011. Browser Guard 2011 has zero-day vulnerability prevention and protects against malicious JavaScript using advanced heuristics and emulation technologies. Still in beta, this will work on XP, Vista and Windows 7 including x64 bit but unfortunately only supports IE V6.0 or higher (click the System Requirements link on their product page for full details). It is hoped that later versions will support a bigger range of browsers.
3] Forward Defenses
OK, so now the troops are on the road and heading for the front line. Now we need to provide some forward defenses and heavy artillery.
Firewalls cause more issues for users than any other type of software. Mostly this is hyped by the various vendors to suit there own ends and has nothing much to do with a program which just filters your connections traffic. Some of course have extended functions of varying degrees of complexity.
For the purpose of this exercise, please ask yourself these questions.
1] Am I capable of, and do I wish to learn about network ports and firewall rules configurations?
2] Will I be able to answer correctly lots of alerts about the things in question 1?
If your answer is no then stick with the firewall provided with Windows, end of story. If your answer is maybe then install either TinyWall or Privatefirewall. TinyWall utilizes the existing Windows firewall filtering platform and does not install any additional drivers. Privatefirewall on the other hand includes a sophisticated HIPS component. This makes it more difficult to manage effectively, but will give more protection to a system where the user has this level of knoweldge.
There are other firewalls offering greater functionality and a bit more in terms of protection. You can always change to something else with more buttons later on when your learning curve begins to straighten out! As with everything here, we are more than willing to help individual users via the forum but not at the expense of becoming a help file substitute. Please try to at least read through this before posting a support request.
4] Heavy Artillery
Right, now the forward troops are engaged in battle so lets give them some support.
The choice for an antimalware program is not so easy as it was before when Avira led the freeware field and others followed. This is down to two main reasons. First, malware is evolving at such a fast rate that traditional signature scanners just aren't updated often enough to keep pace. This then places more reliance on heuristic and other detection methods which inevitably leads to false positives. Second, in the race to keep market share vendors are rushing out semi-unfinished products complete with bugs and other issues. Currently, my own preferences are for FortiClient Lite, Panda Cloud, or MSE. All three offer simplistic management and more than adequate protection as part of your security setup. Another one worth checking out is the latest version of Ad-Aware Free. I ran this myself for quite a while on Windows 7 and was impressed. It's not suitable for low powered machines but resource use is comparable with others of its type.
Specifically for users engaged in P2P, another consideration comes into play. The very nature of this medium requires you to connect to a variety of other computers, bringing with it greater exposure and higher risk. You can reduce this risk considerably by using an IP address blocking program like PeerBlock. The program comes with a choice of default lists for things such as spyware and ads or you can add your own depending on what you consider to be your main areas of risk.
5] Clean-up Squad
After any battle there's always some mopping up to be done. Hopefully, you won't need this if you follow our advice above but just in case this is the guy to have around. The *free version of Emsisoft Anti-Malware has two malware scanning engines with an outstanding detection rate across a broad spectrum of threats. Just be aware that it also has a fair rate of false positives which are safe files wrongly identified as malware. Care needs to be taken after scanning not to delete files which your operating system or other programs need to function (black screen - no bingo!). If you're unsure about your scan results then post a screenshot in the forum and we'll either direct you to a dedicated source to check them out or offer another alternative. If you're not sure how to post a screenshot then we'll help you with this too. Don't worry too much about letting your scanned nasties back out into your computer because the scanner will catch them again for you next time round.
*When downloading, you'll get the full version including all protection features for 30+3 days for free. Afterwards the unpaid software switches to a limited freeware scanner mode that allows you to scan and clean your PC whenever you want, but does not include the protection features against new infections.
Another option is HitmanPro. This is an outstanding cloud based antimalware which allows you to remove anything it finds for 30 days. After that you must purchase the program to retain this function, but the scanner remains fully operational indefinitely.
6] SUMMARY
Following the advice above and what follows should keep you malware free, certainly from serious infection anyway.
1] Always ensure that your operating system and security software is updated with the latest signatures and patches. Try to use an automated function for this where one exists.
2] Never enter a site rated "Red" by WOT or LinkExtend. There will be 100 other safe alternatives to choose from.
3] Only make downloads from trusted sources and still scan the link first with Dr. Web.
4] If you need an email function use Thunderbird, a safe address like me@gmail.com and never open any attachments unless you are sure of the source and scan them first. Another alternative is to switch to either Opera or Seamonkey. Both browsers contain high quality integrated mail clients, and Seamonkey now accepts many of your favorite Firefox addons too.
5] Never run software from borrowed removable media without scanning the content first.
6] If you lend yours to someone else check it when it comes back!
7] If it looks like the offer of a lifetime then yours (online) is about to end!
8] Cracked software is only for cracked heads or people dumb enough to think differently.
- Article type:
- Login or register to post comments
Printer-friendly version
Comments
This page is not readable on the latest - 2011, July 23rd - Opera and Firefox. But it shows correct on IE 9. Is that on purpose?
Fine for me too. Firefox on Win XP.
Maybe the problem is at your end.
Reads fine for me Windows/Linux, Firefox, Opera, Chrome.
Note that as of Sept 1st 2011 Clear Cloud DNS will be discontinued.
Thanks very much, I was aware but holding off as sometimes these things have a habit of changing depending on the feedback. Remember the demise of PC Tools firewall which was then resurrected and still going strong?
I have ClearCloud listed in several articles so I'll need to remember to change all of 'em come D.Day :)
It appears that GFI are now exerting their rights of ownership/partnership over both the former Sunbelt and Malwarebytes too.
I stumbled across this site yesterday. I am hoping that someone out there might be able to provide some feedback on what this company is offering, being highly unqualified myself.
http://www.antihacksecurity.com/the-news/1-latest-news/102-windows-security-checklist-asg-and-dod
Thanks in advance.
Never heard of them. With stuff only working with XP/2003 and not updated for over a year I would stay well clear :)
Two things remain unclear to me:
1. If I am behind a firewall at my job or even if my ADLS modem has a firewall with NAT, do I need a personal firewall installed into my system?
2. If I already use Panda Cloud or MSE, for instance, why do I need to install another anti-virus/anti-malware like Emsisoft Anti-Malware?
Thanks in advance.
Well, you certainly don't need two firewalls but with antivirus software, a secondary scanner may well pick up something that another one misses.
Ok, I got the antivirus picture. But still about firewall: may I trust the firewall embeded into an ADLS modem/router to the point of dismissing to install a personal firewall on my computer? Is there any point in installing a personal firewall into my job computer whose corporate network that has a firewall for the entire net but lacks firewalls at each individual computer?
If you have control over the modem/router then it's safe to assume that this is OK on it's own although you can leave the Windows firewall enabled as a secondary precaution. A corporate network however is something you have no control over so there's no guarantee it isn't infected, or won't be the next time someone plugs a flashdrive into it.
Thanks a lot, MC!
I am unable to use either OpenDNS or Comodo. Everytime I update DNS server IP given and connect to the internet, the DNS settings change back to 'automatic'. Is it possible for my ISP to control this?
This is possible especially if you are using a router also supplied by them.
You could try ClearCloud instead but download the utility program instead of just copying the server addresses into your network settings.
http://www.clearclouddns.com/Setup/
This should enable you to switch between your default DNS servers and ClearCloud from the tray icon. They also provide a setup for routers.
When you're done, type "ipconfig /all" (without the quotes) into a terminal window to see your DNS servers and other information. If you're not comfortable with command line working then download and install this little gem instead.
http://www.nirsoft.net/utils/awatch.html
Nir Sofer develops a lot of high quality free software and you might find some of his other stuff useful too.
Hello MC,
Thanks for the suggestions. The router trick worked. I also installed ClearCloud. It is a nice application. I also double checked the DNS servers both through command-line & https://www.dns-oarc.net/oarc/services/dnsentropy
Great results!!!
Much appreciated,
Cheers
You're welcome! :)
Your link to Norton Safe Web Lite seems to take you to Norton 360 Version 5.0 Beta.
Thanks for the heads-up. I notice that it momentarily opens at the right place and then immediately redirects (sneaky!). I've now changed the link :)
Thank you for your article.
If I may add my two cents:
Being logged into a limited account and not an administrative account (unless required for the task at hand) should be one of the first recommendations in all articles about computer security.
It's not absolute protection of course but it goes a long way. The advantages of this security measure are many, and the cost is small. It doesn't require selecting which program to use, configuring the program, updating the program, it's free etc.
If many people won't or don't do this, then more articles should educate people about this.
What you say is 100% correct, but in this article I've confined my attentions to the majority audience. By far the biggest number of users have no wish to know or understand anything about using limited accounts. This is also evident by the number of hits on articles such as "How to switch of UAC". This is even more strange when you consider the numbers of folks who migrate to Linux where this policy is enforced by default and then live with it quite happily. Trying to promote this policy amongst the majority of Windows users not only falls mainly on deaf ears but is also likely to drive them away. Folks will continue to do what they want irrespective and any attempt to "preach" otherwise I find is counter productive.
We see this all the time too with firewalls. Since Vista, the need for any form of third party software is minimal and yet users continue to want something done for them rather than looking at how they can do this for themselves using the resources already built in to their system.
Firefox gives malware protection.
It has report attack sites and report web forgeries.
Firefox uses the Google service and is only good against sites which have already been reported. It is no substitute for having a resident AV with realtime protection.
I use
windows Security essentials is pritty light and free,
got great reviews, when it came out.
Very Rare for Microsoft product?.
I use ccleaner.... superspyware ..... comodo ... my browser is
safari 5 and chrome, keeps me safe.
Not had a problem so far. no spyware or virus.
I use www.filehippo.com they have all the up to date beta and stable, virus protection and spyware also a lot more all free downloads.
hope it helps your computer stay safe. when you go online your always at risk. stay to web sites you know. clicking links can take you into spyware hell.
angus cooney
Good list. I use most of these apps myself.
I would add spywareblaster and MVPS hosts to either the frontline or defense categories. These apps are quite good for adding yet another layer of security and use NO system resources.
A question I have concerning DNS. When I used a wireless connection I used and like DNS Advantage. Now that I have changed to wired, I don't see any apparent benefits. Any idea why?
Wired or wireless, I guess it just depends on what type of service your ISP provides and if you think it's adequate. Most folks switch for safety reasons because some of the independents offer a more robust service. I've been a Comodo user for some time. I did try the Norton Beta service recently and this seems fine too but personally I'm happier with Comodo than I am with Symantec so I switched back again.
Thank you MC! I will try Comodo DNS and see.
Hi there,
How about user rights? I think a lot of people surf the net and download stuff through P2P logged in as the administrator. How important is it to set up a different user account for those activities? Would you rate this as important as some of the things you listed above?
/RP
Hi,
Yes I would, and there's a lot of other stuff I could add as well, but I've tried to keep this very simple. Like it or not, the fact is that most folks either don't or won't use anything other than an admin account so I've just tried to focus on a few programs they can install to help in general.
Got to agree that you are almost committed to keeping an article short and to the point when you are dealing with a topic of this nature. As usual, I agree with you which is a norm for me after reading many, many of your items on various subjects. Absolutely loved your "pink fairy at halloween" routine. Would adding "hosts" files to your front line and "ghostery" to your firefox addons be unreasonable suggestions. (I certainly do not want to make your original article a novel so these suggestions are just that). I also happen to be fans of both for security levels on my system.