Article, October 2003
Protect Your PC!
Microsoft Windows Security Inside Out for Windows XP and Windows 2000
by Ed Bott
The recent Blaster and Sobig.F fiascos made us realize that not everyone has read our book and heeded our advice!
Like you, we've been besieged by worried readers wanting to know how they can protect themselves from viruses, worms, and hackers. So Ed adapted material from an updated excerpt of our book and created an easy-to-follow, four-step program that should help any user at any level.
—Carl Siechert, co-author, Microsoft Windows Security Inside Out.
Did you get Blasted last month? Did your Inbox overflow with infected e-mail messages? Were you ready to toss your PC into the trash and unplug your Internet connection? If you answered yes to any of these questions, you've got plenty of company.
Last month, the Internet got a loud wake-up call when the Blaster worm (aka MSBlast or LovSan) struck with a vengeance, crashing a million computers and practically paralyzing the Internet.
If you were lucky enough to avoid getting Blasted, chances are you personally felt the effects of the Sobig.F virus, which appeared one week later and had a devastating impact on worldwide e-mail delivery systems, overwhelming individual computers and mail servers with a torrent of infected messages. At the height of the deluge, some security experts estimated that Sobig-infected messages made up more than 70 percent of all e-mail traffic.
Blaster was noteworthy for the speed with which it spread. Sobig.F was noteworthy for the sheer volume of e-mail that it generated. This double-whammy served as a warning for anyone who thought they didn't need to worry about computer security. In the past few weeks, Carl Siechert (my co-author on a couple of best-selling Windows books) and I have been bombarded with questions from friends, family, neighbors, and business associates who want to know how to stop these two bits of nasty computer code and how to protect themselves from the inevitable next wave of attacks. I've personally had to clean up a handful of infected computers. It's not fun. The task is especially unpleasant when the victim doesn't have a recent backup and faces the prospect of losing irreplaceable business documents and e-mail.
Magic? There Isn’t Any
Unfortunately, there's no magic bullet that can protect you against viruses, worms, and other nastiness. Thanks to always-on, high-speed Internet connections, you're vulnerable to attack at any time. Good habits alone won't protect you, either. Blaster, for instance, hopped from computer to computer over ordinary Internet connections. You didn't need to open an e-mail attachment or click a deadly Web link - all that Blaster needed was a Windows computer whose owner had been too busy to install Microsoft critical update MS03-026 and who hadn't bothered to install a firewall.
Protecting your computer (and your network, if you have one) requires a little bit of education, a little bit of persistence, and the willingness to take charge of your own computer's security. You've taken the first step by reading this article. The four-point program we outline here is appropriate for anyone using Windows XP or Windows 2000, and most of its recommendations are applicable even if you're using an earlier Windows version. It's a simplified version of a comprehensive 11-point program in Windows Security Inside Out, which is aimed at power users and network administrators (you'll find the complete list in Chapter 2). We've added some commentary to bring the material up to date and make it even more accessible for people who might be uncomfortable with some of the jargon of computer security.
Here’s What to Do
Each of the items in the checklist below is part of a comprehensive security policy. If you follow this program, you can protect yourself from all sorts of threats to your security and privacy.
1. Install All Windows Security Patches: This task belongs at the top of the list, and for good reason. Without exception, every version of Windows ever released includes bugs and defects that open the door for intruders. Over time, as these security problems are identified, Microsoft's developers release patches and updates (sometimes referred to as hotfixes) that repair the problems. At regular intervals, Microsoft releases service packs, which incorporate all bug fixes and security updates to that point.
We know a few Windows experts who insist that you should not install each Critical Update as it comes out. Instead, they say, you should wait and see whether a particular Windows patch causes problems on other people's computers before you take the risk of installing it on your own. And with all due respect to these colleagues, we say: Are you crazy? These days, the authors of viruses and worms are moving at Internet speed. The Blaster worm arrived less than four weeks after Microsoft issued an update that plugged the hole that it exploited. In theory, an attacker could launch a worm within days or even hours of a published alert.
If you see a Critical Update whose description warns that the security hole in question "could allow an attacker to compromise a computer running Microsoft Windows and gain control over it" or "could allow an attacker to execute code on the system," you should install the update immediately, without delay. We cannot imagine any inconvenience that could be worse than having your data destroyed by a virus or your computer hijacked by a hacker.
We recommend that you configure Windows' Automatic Updates feature to check for critical updates at regular intervals. You can choose to receive notifications only, download the updates automatically, or (if you have Service Pack 1 installed) have Windows update your system files automatically. To configure this feature, open the System option in Control Panel (under Performance And Maintenance if you're using Category view) and click the Automatic Updates tab. Windows XP users will find illustrated, step-by-step instructions at Microsoft's Security and Privacy Web site. [Note: The Automatic Updates feature is available for virtually all Windows versions, not just Windows XP. Ironically, you may need to connect to Windows Update to install this feature!]
2. Install and Configure a Firewall: A firewall is a system or software that controls the flow of traffic between networks and protects your computer or network from intruders. This extra layer of protection is especially important on any computer with an "always on" Internet connection, such as a DSL line or cable modem. Firewalls vary widely in their cost and features, but in general they consist of hardware, software, or a combination of the two, which prevents unauthorized users from making a connection to your computer without your permission. A personal firewall is intended to block hackers from trying to break into your PC. On networks, a firewall acts as a single point of access to the outside world, making it easier to maintain security on every network computer and to keep a log of intrusion attempts.
The built-in Internet Connection Firewall (ICF) included with Windows XP effectively blocks all incoming traffic from the outside except on ports where you've requested data. (If you request a Web page, the firewall allows that data to get through; if a hacker tries to "ping" your system, the request gets blocked.) In Windows XP, the ICF is automatically configured when you run the Network Setup Wizard. Many Windows-based programs can work seamlessly through the firewall (all traffic from the local machine is allowed out), although you might need to configure some ports manually before you can run a third-party program that uses nonstandard ports.
Third-party firewall programs (such as ZoneAlarm and Norton Internet Security) are appropriate for use with any computer running a version of Windows other than XP, and for Windows XP users who want more protection than the basic capabilities provided by ICF. In addition to intrusion detection and logging, many of these programs supply tools to help you configure traffic on a per-application basis, allow virtual private network connections, and alert you when intrusion attempts are taking place. Those extra capabilities, of course, come with a fairly steep learning curve.
Finally, if you have more than one computer using the same cable modem or DSL connection, get a hardware router, which makes it easier to share Internet access and effectively blocks unwanted traffic from outside.
3. Install and Configure Antivirus Software: Given the pandemic spread of viruses on the Internet in recent years, it's foolhardy to even think of connecting a computer to the Internet without robust, up-to-date antivirus software. Dozens of options are available, most at relatively modest prices. More important than installing the software, of course, is making sure it is capable of detecting all current viruses (using a virus signature file that is updated frequently). The best antivirus programs include software agents that handle the chore of updating signature files automatically, so you are continually protected. After installing the software and the latest updates, scan your system to ensure that you're virus-free.
Don't let a virus or worm take over your computer or network. It's important that you train all users of your computer and network (especially other family members who aren't sophisticated computer users) in safe computing procedures. Install antivirus software on every desktop computer, and configure it for regular updates, at least weekly. You should also configure your e-mail software to block or quarantine potentially dangerous attachments.
Finally, bookmark authoritative sources of information about viruses and virus hoaxes. These are some of our favorites:
- ICSA Labs' Virus Alerts
- CERT Coordination Center Computer Virus Resources
- Symantec Security Response and Symantec Hoax Alerts
- F-Secure Security Information Center
- McAfee Security Virus Information
No version of Windows includes virus protection out of the box. For that, you have to find third-party software solutions. In Windows Security Inside Out (see: http://snurl.com/insideout_secure), we include a list of 12 leading makers of antivirus software from all over the world. Some are free, others are subscription-based, and still others make products that are priced for corporate use.
How do you know that a particular piece of software actually does what it's supposed to do? Look through the list of certified antivirus products compiled by ICSA Labs, a leading independent tester of this class of software. To earn certification, a program must detect 100 percent of all known in-the-wild viruses and 90 percent of in-the-lab viruses.
4. Create a Backup: Accidents happen. Even the most security-conscious Windows user can fall victim to a power failure, a hardware glitch, or an attack that slips through a newly discovered security hole. Regardless of the cause, it's crucial that you have a reliable current backup at all times so that you can quickly recover data that's been damaged or destroyed. (In Windows Security Inside Out, we devote an entire chapter to preventing data loss.)
Your backup plan doesn't have to be complicated. If you have a Zip drive or a CD burner, all you need to do is copy your crucial files once every week or two and store the backup disks in a safe place. The entire chore shouldn't take more than 10 minutes, and it's no more difficult than rolling your trash can to the curb every week. But backups are only effective if you remember to do them regularly. So we'll say it one more time:
Make a backup plan, and then make a backup.
Adapted from Microsoft Windows Security Inside Out for Windows XP and Windows 2000 (Microsoft Press, 2002), by Ed Bott and Carl Siechert. (c) 2003 by Ed Bott. All rights reserved. Reproduced with permission. Article reproduction coordinated by Steve Bass, Pasadena IBM Users Group (and author of PC Annoyances: http://snurl.com/annoyances).