Monday, November 2, 2009

Computer Security for the Home User

At work, where you have a "full-time" paid employee handling your computers, they have the luxury of  time and knowledge to set up a secure environment.  However, those of us at home either don't know enough about security, or don't have the time to research and figure out what to do.  Or, perhaps we most likely don't even know we have a problem.

So, what is meant by security?  Many different things - some of which are products we install, some of which are behaviors which we exhibit.  I think at a gut level we all "know" that we need to be careful with our computers.  However, it is often not at the forefront of our thoughts - until it is too late.  The computer is crashed, or perhaps someone steals your identity and runs up charges in your name.  All of these happen way too often.

Why would you need to secure your computer?  Well, think about what is on it.  If any one of these apply to you, you need to do something to protect yourself - or become a victim.

  • E-mail with personal information, like address, phone number, user names, maybe even passwords
  • Contacts in your e-mail
  • Financial documents, like Quicken or QuickBooks accounting files, or tax calculations, bank account info
  • Passwords and logins
  • Medical information
  • Personal information you don't what just anyone finding out
The good news is, some of this is just "common sense".  My mother always used to say, "If it sounds too good to be true, it isn't."  This is a good rule of thumb.  Let's look at all of the ways in which we use computers, and the different ways in which they are vulnerable to attack - and what we can do to protect ourselves.

In this article, I discuss:

1. Viruses, Spyware and Malware

Malware is simply a generic term for little software programs that do bad things (mal=bad), and comes in 2 major forms.  Computer Viruses are similar to real viruses.  A computer virus is a program that installs itself (or gets installed) on your computer, and does one of two things.  It copies itself, perhaps to other areas in your computer, or to other computers via your e-mail  contacts or your network.  It also does somehthing malicious.  Where do they come from?   There are thousands of people out there who make these for fun, just to cause people trouble.  Some are tinkering around teens and pre-teens, learning computer programming by playing.   Some are criminals looking to make money.  And some are idealogues, thinking they can fight the Western infidel capitalists by attacking their computer systems.  What kinds of bad things can they do?  They can do simple things like slow down your computer, pesky things like make your mouse not work, or really nasty things like crashing your hard drive and wiping out data.  Typically, they do it sneaky so you can't detect it until too late.

Spyware is software that, while perhaps not as intentionally damaging as a virus, is perhaps just as bad.  Typically it does not "reproduce" and spread itself like a virus.  It is so-called "spyware" because it is usually installed along with something else, like that cool little utility you downloaded because it did something you need.  But then, it "spies" on you, either hijacking something on your computer (like your web browser, forcing it to display advertisements from somewhere), or perhaps even trying to find personal information to help criminals make money off you.  A lot of "spyware" comes bundled with other software, and is simply undesirable because it slows down your computer or makes it do annoying things.

Note that for Macintosh users, there are currently no known malware for Mac OS X.  However, it probably would be courteous for you to get some protection software, to at least scan the files and e-mails you send to those less-fortunate PC/Windows users you communicate with!!

So, how can you protect yourselves?  There are several free and paid software packages that help.  But, keep in mind that no one package is the end-all be-all solution.  It is better to have several tools in your shed.  Understand some VERY IMPORTANT facts:

  1. These software packages have to keep up with the new stuff that comes out, so
    you may need to configure them to
    automatically download updates every day.  Every day is recommended.
  2. Each software package has a different way of fixing the problems, some may be more effective than others with various malware.  So you should have several of these.

  • McAfee Virusscan ( is offered free to Comcast subscribers, and works OK.  However, it sometimes may be just as bad as some malware, as it may slow your system down.  It typically protects from viruses pretty well, but not so great at spyware.
  • Norton Antivirus ( is similar to McAfee - same advice.  If you have access to either, at least have that installed!
  • Avira Antivirus ( is a free antivirus software that gets good reviews, however the free version displays ads constantly - can be annoying.

The above 3 packages both offer a scanning solution that looks through your system periodically, and cleans viruses, as well as a real-time protection that identifies files and e-mails that are bad as soon as you get them, and prevents them from getting to your system.

  • Malwarebytes ( has a great (and free) software that removes malware, and especially spyware.
  • Spybot Search & Destroy ( is also free, and not only removes spyware, but also has a real-time protection that helps prevent spyware infection by checking and preventing the kinds of bad things spyware does to your system.
These are the software I use on a daily basis on all of my PC's.  For my Mac, I have iAntivirus, which does tend to slow down the Mac, so I don't keep it running - only when I want it to check certain things I send out to PC users.

2.  E-Mails and E-Mail Contact Lists

Some e-mails are just annoying - either because you get bombarded with meaningless ones, or because they are scammers trying to take your money, or perhaps because they lead you to viruses or other malware.  Remember:  IF IT IS TOO GOOD TO BE TRUE, IT IS NOT TRUE.  Messages from some diplomat in Africa who will pay you $250,000 to move his $4 million into another account - yes, you guessed it - a scam.  Believe it or not, a lot of elderly people fall for this scam, according to MSNBC and the FBI.

But, beware!!!  These scammers are getting very clever.  We had one hit our company recently, where they sent a message supposedly from our e-mail administrator, saying that the system would be upgraded over the weekend, and to click a link to verify your password information.  IF YOU EVER GET AN E-MAIL THAT ASKS YOU TO VERIFY A PASSWORD, THAT YOU DID NOT SOLICIT, IGNORE IT, OR AT LEAST CONTACT THE ORGANIZATION.  For example, if you forget your password on a web site and click the "forgot password" link, then you should expect to get an e-mail from them.  Otherwise, especially if it looks like it is from a bank, you should contact the company immediately.  Banks and other financial institutions do NOT conduct account information over e-mails - they do it by mail, or by phone.

So, getting the software I recommend above, or other similar software that provides real-time protection from viruses and spyware, is essential to protecting yourself from the occasional e-mail that you fall victim to.  An EXCELLENT resource for many e-mails you may receive claiming to warn you about some dire emergency or terrible luck that will befall you if you don't
forward "this e-mail to everyone you know", is's Urban Legends division
( pays people to research these, and expose them as bogus hoaxes or authentic notices.  You can type in the subject line into the search, or some key words in the e-mail.

TRUST ME, BEFORE you forward an e-mail you got telling people to be careful not to use your cell phone while the charger is plugged in because it will catch on fire (or some other such warning, like Microsoft will track all the e-mails you forward), look it up on's Urban Legends and see if it is true before you look like the fool for passing it on.

3.  Web Sites and Web Surfing / Browsing

There are many web sites out there that trick you in various ways.  "Phishing" is so-called because they fish for you by giving you bait - if you mistype in a popular web site, like a banking web site, they set up one that looks "just like" the one you thought you were logging into, until you already have entered your personal information.  If you have been stung by this, immediately call the organization you were "phished" from (like your bank) and let them know, they can take measures to protect you.  Meanwhile, to prevent this, you should activate the "Phishing Filter" in your browser.  Internet Explorer ( has such security, so does Firefox (see  That should handle most of the browsers out there - the other relatively popular ones being Safari, Opera, and Google Chrome.  However, I would say to stick with the top 2 - Firefox being the more secure and faster one, the better choice (and they have it on
the Mac).

Another popular trick is to get you to click on a link to a web site, which then either gets personal information from you, or downloads malware to your machine.  Just be very careful what you
download and install - if you have the real-time protection installed (Spybot and McAfee/Norton), you will be better off but not still 100% protected.

Finally, popup windows have been a nagging hazzard for many years - there are still no really good preventative measures for these, as web developers always find ways around these, but beware of popup windows.

4.  Network Security at Home

Now, here is an area most people ignore or are unaware of.  One really easy way for people to hack into your system and get personal information, is to hack into your  network.  You don't have to be a computer guru to take some simple precautions.

Do you have a wireless network at home?  If so, then you have what is called a Wireless Router (or WiFi Router).  This is a box (maybe with an with antenna sticking out) and blinking lights connected to your cable modem, DSL router, or other Internet connection.  Pretty much all Wireless Routers have some administration built in, and they come from the factory with default settings like a default address and default login and password.  If you have never followed the instructions that came with your router, and changed your administration password, then it will take hackers about 2 seconds to hack into your network and have whatever they want.  At the very least, follow your router's instructions for setting up the password.  Typically, you connect to your router with a wire, and go to the router's address, which is usually, and log in usually with a blank login and "admin" as the password, or "admin" as the login and no password.

If you lost your router's manual, you can simplay go to Google, and search your router's make and model (for example, my router says "Cisco" on it, and on the bottom of the unit is the model number).

Do that at least!  Another thing you can do that will add a double-layer of protection, is to enable secure access (which of course is not enabled by default).  This will lock down the communication between your router and its wireless "clients" (laptops, your Wii, your cell phone, whatever other device uses your WiFi).  You create a password, and then use that password to connect your devices to the WiFi.  If you don't have the password, you can't get in, and it takes a lot more effort to hack in and get your password - probably too much effort so any hacker will simply give up.

Follow the instructions in the manual to turn on Wireless Encryption - WEP is the recommended protocol to use (there are others, like WPA, and more).  Use WEP, and you get to enter any password you choose.

Hopefully you learned something new, and these simple measures will
help to keep your computing safe.  Good luck, and feel free to
comment below.

No comments:

Post a Comment