NWA-PCUG Newsletter Article, October 2003
Protect Your PC!
Book excerpt:
Microsoft Windows Security Inside Out for Windows XP and Windows 2000
by Ed Bott

The recent Blaster and Sobig.F fiascos made us realize that not everyone has read our book and heeded our advice!

Like you, we've been besieged by worried readers wanting to know how they can protect themselves from viruses, worms, and hackers. So Ed adapted material from an updated excerpt of our book and created an easy-to-follow, four-step program that should help any user at any level.

—Carl Siechert, co-author, Microsoft Windows Security Inside Out.

Did you get Blasted last month? Did your Inbox overflow with infected e-mail messages? Were you ready to toss your PC into the trash and unplug your Internet connection? If you answered yes to any of these questions, you've got plenty of company.

Last month, the Internet got a loud wake-up call when the Blaster worm (aka MSBlast or LovSan) struck with a vengeance, crashing a million computers and practically paralyzing the Internet.

If you were lucky enough to avoid getting Blasted, chances are you personally felt the effects of the Sobig.F virus, which appeared one week later and had a devastating impact on worldwide e-mail delivery systems, overwhelming individual computers and mail servers with a torrent of infected messages. At the height of the deluge, some security experts estimated that Sobig-infected messages made up more than 70 percent of all e-mail traffic.

Blaster was noteworthy for the speed with which it spread. Sobig.F was noteworthy for the sheer volume of e-mail that it generated. This double-whammy served as a warning for anyone who thought they didn't need to worry about computer security. In the past few weeks, Carl Siechert (my co-author on a couple of best-selling Windows books) and I have been bombarded with questions from friends, family, neighbors, and business associates who want to know how to stop these two bits of nasty computer code and how to protect themselves from the inevitable next wave of attacks. I've personally had to clean up a handful of infected computers. It's not fun. The task is especially unpleasant when the victim doesn't have a recent backup and faces the prospect of losing irreplaceable business documents and e-mail.

Magic? There Isn’t Any
Unfortunately, there's no magic bullet that can protect you against viruses, worms, and other nastiness. Thanks to always-on, high-speed Internet connections, you're vulnerable to attack at any time. Good habits alone won't protect you, either. Blaster, for instance, hopped from computer to computer over ordinary Internet connections. You didn't need to open an e-mail attachment or click a deadly Web link - all that Blaster needed was a Windows computer whose owner had been too busy to install Microsoft critical update MS03-026 and who hadn't bothered to install a firewall.

Protecting your computer (and your network, if you have one) requires a little bit of education, a little bit of persistence, and the willingness to take charge of your own computer's security. You've taken the first step by reading this article. The four-point program we outline here is appropriate for anyone using Windows XP or Windows 2000, and most of its recommendations are applicable even if you're using an earlier Windows version. It's a simplified version of a comprehensive 11-point program in Windows Security Inside Out, which is aimed at power users and network administrators (you'll find the complete list in Chapter 2). We've added some commentary to bring the material up to date and make it even more accessible for people who might be uncomfortable with some of the jargon of computer security.

Here’s What to Do
Each of the items in the checklist below is part of a comprehensive security policy. If you follow this program, you can protect yourself from all sorts of threats to your security and privacy.