Safe Computing in Under an Hour

.... or the Battle of the BOTS*
*Automated internet malware programs

Yes, that's right. You too can secure your PC in under an hour simply by following the guidelines below.

These days 95% of your risk of malware infection comes from the Internet and the rest from removable media such as infected CD's and pendrives. People are always asking us what we recommend in terms of protection and then how best to set it up. Even amongst freeware the choices are as varied as the people making them but the quality is often as good if not better than many of the commercial alternatives. No one mix of applications is going to suit everybody but for performance and ease of use there is a starting point which anyone would do well to consider. On this basis I've put the following list together with some added comments and descriptions.

Please remember the golden rules for PC security.

1] The best protection will come from programs you can understand and configure to their best potential, no matter where they might appear in someone else's "test" chart. (From the software recommended on this site).
2] 95% of all infections are caused by poorly configured software or other forms of user error.

OK, lets start this battle by sending in some front line troops without even considering our main army at this stage.

1] The Front Line

Whenever you connect to the Internet and type "Softpedia" into Google. a request is sent via a DNS (domain name) server which converts your request into the page you want and doesn't present you with Porkys Uncovered instead! This system, like everything else on the Internet, is open to abuse and of course targeted by criminal elements seeking to do just this. Some of the most unsafe servers (and sometimes the slowest too) are those provided by your ISP, but not always. You can change your default DNS server settings very easily and use an external free service like OpenDNS or Comodo. Both have a slightly different approach to achieving the same thing but offer protection against phishing and malware sites. OpenDNS is currently more configurable and offers content filtering as well. One recent entrant is Norton ConnectSafe.  which is a little more aggressive with its ratings.

Check them out and choose which one suits your needs best. Parents or guardians with children may prefer OpenDNS because of it's content filtering options. If you can't understand how to set it up from the website instruction then ask in the forum here and we'll help you out.

Right, having secured the road for the troops lets now find them some transport.

2] Troop Transport

You can say what you like about Microsoft but the fact remains that several other browsers offer better security overall than Internet Explorer. Try to resist the temptation to install six because you can only use one at once. Anyone who must have a choice though can always pick Lunascape which is the biggest thing in Japan since Datsun started cloning western cars! It has the rendering engines of IE, Firefox and Chrome/Safari so you can choose whichever options suits. Currently though plugin support in English is highly limited (like there's just one for Twitter!) so from a security point of view this is not ideal, although still better than IE. There are nearly 200 skins available for Lunascape and being of oriental origin many must seem quite "unique" to people outside this region. That said, if you want your browser to look like a pink fairy at Halloween then look no further!

My own recommendation for this category is Firefox, not because I think it's the best browser but because this list is all about getting people onto the net safely and in a way they can understand. Firefox on it's own needs a little help so after installing the program choose the following extensions from the list available at Mozilla.

Public Fox (Block downloads, lock down bookmarks/addons/downloads with a password)
Ghostery  (Chrome users click here)
NoScript  (Chrome users can add the NotScripts extension)
Adblock Plus  (Chrome users click here)
Webutation  (Chrome users click here)
WOT  (Chrome users click here)
Dr. Web link scanner  (Chrome users click here)
BetterPrivacy (handles flash cookies)
WebFilter Pro - excellent selective category filter. (Chrome users click here)

Respected vendor Trend Micro have also appeared on the scene with a freeware product called Browser Guard. Browser Guard has zero-day vulnerability prevention and protects against malicious JavaScript using advanced heuristics and emulation technologies. This will work on XP, Vista and Windows 7 including x64 bit but unfortunately only supports IE V6.0 or higher (click the System Requirements link on their product page for full details). Although not updated for a while, this is still a very useful addition to your security tool kit.

3] Forward Defenses

OK, so now the troops are on the road and heading for the front line. Now we need to provide some forward defenses and heavy artillery.

Firewalls cause more issues for users than any other type of software. Mostly this is hyped by the various vendors to suit there own ends and has nothing much to do with a program which just filters your connections traffic. Some of course have extended functions of varying degrees of complexity.

For the purpose of this exercise, please ask yourself these questions.

1] Am I capable of, and do I wish to learn about network ports and firewall rules configurations?
2] Will I be able to answer correctly lots of alerts about the things in question 1?

If your answer is no then stick with the firewall provided with Windows, end of story. If your answer is maybe then look at TinyWall, Comodo or Privatefirewall.  TinyWall utilizes the existing Windows firewall filtering platform and does not install any additional drivers. Privatefirewall and Comodo on the other hand include a sophisticated HIPS component. This makes it more difficult to manage effectively, but will give more protection to a system where the user has this level of knowledge. You can disable the HIPS component and run either as just a filtering firewall but this doesn't make much sense when there are HIPS free firewalls already available. Comodo also provide a full internet security suite, including antivirus. Be careful during the Comodo installation process to avoid the bundled components.

There are other firewalls offering greater functionality and a bit more in terms of protection. You can always change to something else with more buttons later on when your learning curve begins to straighten out! As with everything here, we are more than willing to help individual users via the forum but not at the expense of becoming a help file substitute. Please try to at least read through this before posting a support request.

4] Heavy Artillery

Right, now the forward troops are engaged in battle so lets give them some support.

The choice for an antimalware program is not so easy as it was before when Avira led the freeware field and others followed. This is down to two main reasons. First, malware is evolving at such a fast rate that traditional signature scanners just aren't updated often enough to keep pace. This then places more reliance on heuristic and other detection methods which inevitably leads to false positives. Second, in the race to keep market share vendors are rushing out semi-unfinished products complete with bugs and other issues. Currently, my own preferences are for FortiClient  or Bitdefender Free,  All three offer simplistic management and more than adequate protection as part of your security setup. Another one worth checking out is the latest version of Ad-Aware Free. I ran this myself for quite a while on Windows 7 and was impressed.  It's not suitable for low powered machines but resource use is comparable with others of its type.

Specifically for users engaged in P2P, another consideration comes into play. The very nature of this medium requires you to connect to a variety of other computers, bringing with it greater exposure and higher risk. You can reduce this risk considerably by using an IP address blocking program like BotRevolt. The program comes with a choice of default lists for things such as spyware and ads or you can add your own depending on what you consider to be your main areas of risk.

5] Clean-up Squad

After any battle there's always some mopping up to be done. Hopefully, you won't need this if you follow our advice above but just in case this is the guy to have around. The *free version of Emsisoft Anti-Malware  has two malware scanning engines with an outstanding detection rate across a broad spectrum of threats. Just be aware that it also has a fair rate of false positives which are safe files wrongly identified as malware. Care needs to be taken after scanning not to delete files which your operating system or other programs need to function (black screen - no bingo!). If you're unsure about your scan results then post a screenshot in the forum and we'll either direct you to a dedicated source to check them out or offer another alternative. If you're not sure how to post a screenshot then we'll help you with this too. Don't worry too much about letting your scanned nasties back out into your computer because the scanner will catch them again for you next time round.

*When downloading, you'll get the full version including all protection features for 30+3 days for free. Afterwards the unpaid software switches to a limited freeware scanner mode that allows you to scan and clean your PC whenever you want, but does not include the protection features against new infections.

Another option is HitmanPro. This is an outstanding cloud based antimalware which allows you to remove anything it finds for 30 days. After that you must purchase the program to retain this function, but the scanner remains fully operational indefinitely.

6] SUMMARY

Following the advice above and what follows should keep you malware free, certainly from serious infection anyway.

1] Always ensure that your operating system and security software is updated with the latest signatures and patches. Try to use an automated function for this where one exists.
2] Never enter a site rated "Red" by WOT or LinkExtend. There will be 100 other safe alternatives to choose from.
3] Only make downloads from trusted sources and still scan the link first with Dr. Web.
4] If you need an email function use Thunderbird, a safe address like me@gmail.com and never open any attachments unless you are sure of the source and scan them first. Another alternative is to switch to either Opera Mail or Seamonkey which contains an integrated mail client. Seamonkey now accepts many of your favorite Firefox addons too.
5] Never run software from borrowed removable media without scanning the content first.
6] If you lend yours to someone else check it when it comes back!
7] If it looks like the offer of a lifetime then yours (online) is about to end!
8] Cracked software is only for cracked heads or people dumb enough to think differently.

[node:2490 body collapsed]