# Five things to do keep your computer secure



## VeraLenora (Jul 31, 2011)

I could make some security suggestions but I'm not an expert.

What do y'all out there think that the 5 basic steps are to keep your computing secure? Write recommendations as if to a small stupid child.

Oh heck, here are my five.

You must delete one of these to add one of your own ("Off with their heads!" cried the Red Queen.)

1.) Use a Macintosh only.

2.) Always have a well reviewed security system in place, and up to date. Your choice, but at least 3 favorable, reputable reviews.

3.) Don't download porn. (I've heard a lot of porn carries a lot of virus. Makes sense to me!)

4.) Run computer scans for rootkits, virus, etc., regularly -- don't just depend on the security software to keep the baddies out.

5.) [blank]


----------



## Elvandil (Aug 1, 2003)

This is not a request for help and should not be posted in the technical forums.

Moving to "Tips".


----------



## Stoner (Oct 26, 2002)

VeraLenora said:


> ......................
> 
> 1.) Use a Macintosh only.
> ......................................


A windows computer can be made relatively secure.....but at the same time, no computer can be made 100% secure.
Apple computers have security updates, too.....so there are vulnerabilities with them also.

Replace #1 with browsing the Internet using a sandbox.


----------



## jiml8 (Jul 3, 2005)

Wow. I don't follow any of these recommendations, and my computers never get infected with anything.


----------



## VeraLenora (Jul 31, 2011)

Stoner, a little edgy are we today?

Jimi8, What do you do to stay pure?


----------



## valis (Sep 24, 2004)

Common sense. Same as everyone else. I don't have a mac, am all over the web, never run scans. I do update pretty regularly, but I'm also using a way out of date FF browser, and I still don't get infected.

Just common sense. That's probably about 95% of all the AV anyone needs, right there.

And as for Apples, we ended up putting some mac mini's out on one of our vessels for work, as the ships crew are ALWAYS getting the PC's infected. Blew those minis up faster than they ever did a Windows box.


----------



## jiml8 (Jul 3, 2005)

Oh, I'm definitely not "pure". Definitely not. 

My computers, however, are all completely free of infestations of any sort.

How? Well, first I run Linux for my main environment, and I stick with the default Linux security model. This goes a long way toward protecting the system, but is by no means the definitive answer.

I do not run any anti-virus software on my Windows installations; I don't need it. Note that I do NOT recommend this for any but the most technically savvy of users, but my Windows installations don't get infected either.

To keep free of infections and malware, do ALL of the following.

1. Only connect your machine to the internet through an NAT router, and disable the remote configuration port on that router. If that router has wireless (it probably does), turn the radio off if you don't need it. If you do need it, make sure your connections are encrypted and configure the router to only allow specific machines (as defined by the MAC address) to connect.

2. Use a software firewall on EVERY computer. If that computer runs Windows, use a firewall OTHER THAN the Windows firewall. 

There is nothing wrong with late-version Windows firewalls, except that they are provided with Windows and are therefore part of the Windows monoculture - which is very widespread and commonly attacked. By using a third-party firewall, you are stepping outside the monoculture and decreasing the likelihood that any malware which gets onto your system will work as intended. 

On my Windows 2000 Pro and Windows XP Pro systems, I personally use Zone Alarm firewall Release 4. I specifically do NOT recommend any release later than Release 4 of ZA; it became bad later on. On my Windows 7 Pro virtual machine, I use Online Armor free edition, and it works well. Third party firewalls will alert you to outgoing connections, and this can be annoying. But if you know your system, then you know what is running in it and can train the firewall to be quiet except when it has something legitimate to say. Then, when it does say something, pay attention!!!

3. Disable all HTML and scripting on your email client. No email is to be able to execute ANYTHING AT ALL, and no email is allowed to access the internet for ANY PURPOSE. It helps if your email client makes it easy to turn on HTML and scripting on a case by case basis so that, for instance, you can easily read your NewEgg purchase confirmation email. But there is almost never ANY reason for your email to EVER access the internet; just don't allow it.

4. Don't use Outlook Express. See above comments about "Windows Monoculture". Outlook and Outlook Express are no longer the gigantic security holes they used to be by default, but I don't believe that even now they make it easy to turn on scripting for individual emails while having a default "disable" policy. Someone correct me if I am wrong on this; I have not used those clients for years.

5. Download, install, and USE Privoxy. This is a "privacy proxy" that lets you take full control of the pages and scripts that are arriving on your computer and it runs on pretty much every platform out there. The default settings will keep you out of most trouble, and you can configure it on a site by site basis as required. It can be used by anyone, though it requires a fair amount of technical smarts to make full use of it. At a minimum, Privoxy will protect you from annoying ads, will go a long way to prevent tracking you on the web, and will simply remove scripts that fall into a large number of "malicious" categories.

6. Don't use Internet Explorer. I understand that the latest versions of IE are now much more secure and much better at spotting rogue websites, but this is only part of the problem, and not the biggest part. See above comments about monoculture. Also, I don't think IE makes it easy and convenient to have a default "scripts disabled" policy, while permitting you, on a case by case basis, to enable those scripts that are needed in order to browse a site you want to browse.

7. Use a browser such as Firefox with the "noscript" plugin. ALWAYS keep the noscript default to "block all scripts" then only allow those scripts that you need to have running in order to view a webpage. You will find this to be a bit annoying to use, but you'll get used to it and it is the single most important tool in the arsenal to prevent malware from reaching your system via your browser.

8 NEVER, EVER allow ANY script in a PDF file to run. Turn off and disable ALL that crap in Adobe Acrobat, or in whatever third party PDF viewer you use. Those scripts don't need to be there, Adobe has done the entire community a massive dis-service by allowing that sort of crap, and it is very very unlikely that you need that capability. If you are one of the few who DOES need it because some moron has put up a PDF file, such as an application for employment, that you have to fill out by filling in the blanks, then enable scripting long enough to do it and then disable the scripting again.

You do these things, and you won't get infected even if you don't keep up with security patches. You will find your browsing to be a bit more difficult; you'll have to enable scripting case by case to view some sites and there are some videos out there you just won't be able to watch. Fox News, for instance, will break on videos with these settings. However, CNN works once you enable scripts for CNN and for Turner.

If I really need to see the content, I copy/paste the URL from the browser I'm using into another browser that isn't locked down nearly so tight, and I view the page on that browser. I NEVER browse with that browser; I only watch specific pages on specific sites where I really want to see it and where my ordinary security settings are a problem and I can't seem to get the configuration right within my security framework. However, I generally take the attitude that if I have to turn off my security to view their site, then I don't need to view their site. 

And none of my systems get infected, ever.

Then, of course, there is the advanced topic of how to retain privacy and anonymity while browsing the internet. But that's not what we are talking about here.


----------



## valis (Sep 24, 2004)

jiml8 said:


> Then, of course, there is the advanced topic of how to retain privacy and anonymity while browsing the internet. But that's not what we are talking about here.


Indeed.........and Stallman, IMO, is The Dude when it comes to that.


----------



## Stoner (Oct 26, 2002)

VeraLenora said:


> Stoner, a little edgy are we today?
> 
> Jimi8, What do you do to stay pure?


Not edgy at all, just not interested in joining in your come-on for a flame war of Windows versus Apple.
You asked for replacements in your list and a sandbox is a good one.


----------



## jp1203 (Jul 21, 2005)

valis said:


> Common sense. Same as everyone else. I don't have a mac, am all over the web, never run scans. I do update pretty regularly, but I'm also using a way out of date FF browser, and I still don't get infected.
> 
> Just common sense. That's probably about 95% of all the AV anyone needs, right there.
> 
> And as for Apples, we ended up putting some mac mini's out on one of our vessels for work, as the ships crew are ALWAYS getting the PC's infected. Blew those minis up faster than they ever did a Windows box.


Yup, same here...I have automatic updates on (but they go a long time before actually being installed since I almost never restart my desktop), I have MS Security Essentials installed (but never run scans, and I seriously doubt there would ever be anything for it to catch anyway). Other than that I just avoid shady sites.


----------



## dotty999 (Feb 3, 2006)

Stoner said:


> Not edgy at all, just not interested in joining in your come-on for a flame war of Windows versus Apple.
> You asked for replacements in your list and a sandbox is a good one.


agreed, and you're never edgy, you've just got the edge


----------



## Cheeseball81 (Mar 3, 2004)

JStergis said:


> Yup, same here...I have automatic updates on (but they go a long time before actually being installed since I almost never restart my desktop), I have MS Security Essentials installed (but never run scans, and I seriously doubt there would ever be anything for it to catch anyway). Other than that I just avoid shady sites.


Sounds like me


----------



## daniel_b2380 (Jan 31, 2003)

some EXTREMELY GOOD *common sense* posted here, 


> ....Just common sense. That's probably about 95% of all the AV anyone needs, right there....


:up: :up: :up:

some VERY outstanding points posted by jiml8, and ALL in one post, don't have to run all over the place to get them together 

but jim,


> ....Also, I don't think IE makes it easy and convenient to have a default "scripts disabled" policy, while permitting you, on a case by case basis, to enable those scripts that are needed in order to browse a site you want to browse....


actually, you had these options even in ie6, and i never found them to be to difficult to use, but then, how many people don't want to bother to even SEE the 'log-in' window - versus setting up the acounts and actually doing the 'log-in' stuff - just tooo much bother - and WOW, just think about all that time they would be wasting - but then spend how much time here on the forum trying to get rid of some virus, malware, whatever....oh well....


----------



## jiml8 (Jul 3, 2005)

daniel_b2380 said:


> actually, you had these options even in ie6, and i never found them to be to difficult to use, but then, how many people don't want to bother to even SEE the 'log-in' window - versus setting up the acounts and actually doing the 'log-in' stuff - just tooo much bother - and WOW, just think about all that time they would be wasting - but then spend how much time here on the forum trying to get rid of some virus, malware, whatever....oh well....


I have used IE6 a small bit in order to make sure my website worked correctly with it, but I cannot claim to know a great deal about it, or any IE since about IE3 because I take my own advice and don't use it.

But, IIRC, you have to pop a requester and navigate through some tabs or other requesters or some such to find a place where you can place this particular site in your "trusted sites" zone, then scripts on that site can run.

Compare this to Firefox with noscript, where there is a pop-up menu that you get when you click on the gadget in the status bar on the bottom of the window. This pop-up lists all scripts that are presently being blocked, and you can choose to allow this one, but not that one, or these but not those. Very convenient. You also can allow these scripts temporarily or permanently.

Is a similar option available in IE, with similar convenience? I've never seen one, but then, as I say, I make very little use of IE at all.

It's actually quite enlightening. I've visited many sites where 30-40 or more scripts were blocked from all sorts of third-party sites, while only one or two needed to be enabled for the site to display properly. For example, on this site, I am showing that I am allowing scripts from techguy.org and from tgstatic.com, but I am blocking scripts from google-analytics.com and from scorecardresearch.com.


----------



## sidbub (Sep 8, 2002)

Jiml8, reading your reply of 10/10 RE: Zone Alarm4. What happened to ZA releases after V4? Would like to know what went bad on it. I am using a much newer version on my XP pro machine. Haven't had any problems.


----------



## Deedledum (Oct 16, 2011)

VeraLenora said:


> 3.) Don't download porn. (I've heard a lot of porn carries a lot of virus. Makes sense to me!)


Replace or add to this with downloading horror movies. Apparently notorious for downloading viruses and trojans.... Pity I forgot about this last Xmas when drunk with my sister.... Could this be the root of all my lap top's evils of late!!!!!


----------



## Deedledum (Oct 16, 2011)

jiml8 said:


> Oh, I'm definitely not "pure". Definitely not.
> 
> My computers, however, are all completely free of infestations of any sort.
> 
> ...


Good grief I feel like a proper newbie reading this phenomenal post. Understanding all of this will be my benchmark for coming of age as a proper geek! Will revisit your post. Thanks Jim. :up:

Any thoughts on open source in relation to security? Considering OpenOffice


----------



## jiml8 (Jul 3, 2005)

sidbub said:


> Jiml8, reading your reply of 10/10 RE: Zone Alarm4. What happened to ZA releases after V4? Would like to know what went bad on it. I am using a much newer version on my XP pro machine. Haven't had any problems.


See here and here. I don't know at which version ZA went bad, but I would assume it happened sometime after ZA stopped being a really good firewall and started trying to be a whole security suite. Version 4 is the last version I am aware of that is just a firewall, and by the most recent versions, it is bad.


----------



## indiefan (Oct 29, 2011)

no pc is secure, be it mac or windows, running linux , using firefox, etc etc,if it broadcasts over the net its crackable, sorry, 
all we can do is run as much security etc as possible, and learn as much as we can about trying to prevent attacks,:up:


----------



## Jesse2002 (Oct 29, 2011)

I know there are plenty of really savvy users out there who can turn the settings inside out and back again but I read this post to see if I could pick up some new tricks.
For the non technical people reading this thread I suggest the use of secunia PSI or file hippo.
There are others out there that will help you patch but these are fairly simple and in the case of secunia a lot is done by auto update for you.
I keep my secunia score at 100% and have trained all the people whose PC's I look after to run secunia.
I have the odd occason they get stuck and need assistance and sometime I have to go to the forums for solutions but I look after over 30 PCs and none have had a virus since I started following this patching policy.


----------



## Deedledum (Oct 16, 2011)

Jesse2002 said:


> For the non technical people reading this thread I suggest the use of secunia PSI or file hippo.
> .


Hi Jesse. I'm one of those. I have been getting regular messages about not doubling up on security because of incompatabilities between security packages. HAving just got Norton Internet for the next year or so, I am wondering if it would be a bad idea to install Secunia.

I am not familiar with the term 'patching'. WHat exactly is that? How does it compare with eg a 'Firewall' Thanks D


----------



## Jesse2002 (Oct 29, 2011)

Deedledum,
Sorry still getting used to how tis forum works.
Patching = updates released by software manufacturers to patch (close) a vulnerability in their software that can be exploited.
I liken it to a dam - when the dam is first built it holds back the water with no leaks. If you carry out no maintenance (never update any software) or limited maintenance (only update using windows or ms update or whichever operating system being used) then cracks will start to appear which will allow water to trickle through. If these cracks are left without being addressed the gaps get bigger and so more water leaks through until the dam is useless. 
Without patching software from all vendors your PC will leave gaps that can be exploited.
More attacks have been against Adobe products such as Flash Plater and Acrobat Reader.
Many people are running versions prior to the ones the look to see if updates are available such as Adobe Reader 7. Also vulnerable are old installations of Java so you get the idea.
I know I do not have the time to go around every software vendor checking for updates and you have to be savvy on the version you already have. For this I use Secunia PSI which examines the software I have on my PC and compares it to the database to see if I have the latest versions.
The old version used to present the software to me to apply the new version actually applies patches for you auomatically. There was a fail recently where I think it was Flash player had what it called SH1 (I think checksum) did not match so I had to manually intervene but there are links to the forums on each identified problem so you can share your knowledge or get assistance from people who have solved the problem if it comes up.
Secunia is not an anti virus or firewall but an update assistant so should not present any problem with running with other problems. It will slow your PC down for approximately 10 minutes per week as it does the scan dependingon the speed of your PC.
A patched computer is more secure as it lets your anti - virus /firewall function to the best of its ability and reduces the openings for hackers and virus writers to exploit.
I hope this has made it clearer.
Regards
J


----------



## Deedledum (Oct 16, 2011)

Wow! Thanks for a really clear explanation of the whole thing. Food for thought... I'll be coming back to your messages and this forum when back on top of sorting basic c..p out after a reinstall. 
What was interesting was the 'diversification' of software you refer to ... pretty organic sounding : D I don't like monocultures lol.

Also, interesting about Adobe. News to me. funny thing is for a few moments I did consider looking at other software when I was reinstalling. my brain has been overloaded with learning new techy stuff since working with a few people on here, so for now...Adobe it is... but one day, when I grow up as a proppa geek, am going to come back to you and seek advice. At the moment I hardly understand the capabilities of Adobe yet... Something I always wanna look at and never quite get around to.

Thanks again. Great post Jesse:up: D


----------

