Top 30 security tips for your PC

1. Shred ‘emMost of the major anti-spyware tools, including Windows Defender, do a great job of eradicating malware objects that may already be present on your computer. Some pests are more complex than others, however, and you may need to turn to dedicated removal tools to dislodge them. A great example is the CWS browser hijack. If this is present on your system, try removing it with CWShredder.
2. Scan regularlyMost anti-virus programs scan for threats in real-time, but it’s still important to scan your entire system for pests at least once a week to root out any threats that may be buried in your system.
3. Second opinionSeek out a second opinion by scanning with an alternative anti-spyware program. A tool such as Spybot S&D offers the chance to find spyware that your primary program may have missed.
4. Online scansMost security software vendors offer online scanning tools that enable you to check for pests via your web browser. Consider these tools if you think you’re infected and want to find out more.
5. Dedicated removalIf you get caught without antivirus software and end up infected, try using a free tool such as McAfee Stinger to detect and remove it.
6. Email protectionUse an anti-virus program that scans all incoming and outgoing messages for viruses. Most AV programs do this automatically, but check your settings to be sure that your messages are being scanned for better protection.
7. Rogue anti-spyware programsThere are a number of fantastic anti-spyware programs available from different vendors. But before you install any such tool, check out the list of suspect anti-spyware tools available on the Spyware Warrior website. Many tools that purport to remove spyware actually install various malware objects themselves. Be especially wary of tools advertised in pop-up ads that suggest your computer may already be infected.
8. Two-way streetFirewalls may most commonly be associated with keeping the bad guys out of your PC, but you should increasingly be worried about communications leaving your computer as well. Spyware programs and worms are notorious for using your internet connection to propagate or send your personal information to hackers’ servers. A firewall with the ability to manage both inbound and outbound connections will alert you to these attempts.
9. Minimise warningsSome people find the warning boxes displayed by firewall programs intrusive. Check the ‘Remember this setting’ option when making the choice to either allow or deny communications and the same alert won’t be displayed again.
10. Test for leaksDoes your firewall monitor outbound communication attempts? You can test to be sure by running the LeakTest utility.
11. Scan portsHelp your firewall keep the bad guys out by periodically scanning to ensure all of its ports are closed. You can perform port scans online at www.grc.com or www.auditmypc.com.
12. Double upThere’s generally nothing wrong with having a hardware firewall (which is included in most home routers) and firewall software running at the same time. It effectively doubles your PC’s protection factor.
13. Windows UpdateWindows XP’s Automatic Updates feature will download and install critical security updates and service packs only. To obtain non-critical updates, use IE to visit the Microsoft Update website.
14. Avoid shady websitesThere’s no shortage of websites that are designed with no other purpose than to try to trick you into installing spyware. A common technique these sites use is to suggest that you need to install their site’s ActiveX control in order to gain access to some type of ‘special’ content. If you encounter such a website, especially those that seem to provide access to free content that’s just too good to be true, always proceed with caution.
15. Block pop-upsThere’s no need to install separate pop-up blocker software with Windows XP. Just head to Tools > Pop-up blocker to configure Internet Explorer’s pop-up settings.
16. Disable GuestXP’s Guest user account was designed with occasional users in mind, but it’s best to leave this account in its default state, which is disabled.
17. Choose strong passwordsA weak password (such as using ‘password’) is almost as bad as not having one. Choose an eight-character password (minimum) that includes letters, numbers and symbols.
18. Gone phishing?If you receive an email message from an online retailer or payment system asking you to confirm your username and password, delete them. Legitimate businesses never collect information in this way.
19. Encrypt your data If you have important information stored on a removable drive it’s a good idea not only to have a back-up but also to encrypt it. You can learn more about this in our great feature in issue 71, on sale April 15, 2007.
20. Choose passwords wiselyDon’t use the same password for all of your user accounts, such as those associated with online auction sites, banks, web-based email services and so on. If you only use one password and someone manages to obtain it, you effectively grant that person access to multiple accounts, not to mention sensitive personal information. If you’re having trouble remembering different passwords, consider using a program such as Access Manager to keep them safely stored away.
20. Switching ISPsSome ISPs offer free routers with a hardware firewall to entice new customers. Check the minimum length of your current contract. If you’re still covered by that contract, you can’t switch.
21. CancellationSome ISPs impose a cancellation fee, to offset the cost of providing equipment and setting up your account. Check you current provider’s terms and conditions – or you might find yourself paying around £80 for a used modem.
22. Beware of WPAIf you decide to implement WPA encryption on your wireless network, ensure that everything you connect to your network is compatible with this standard. It won’t apply to PCs with Service Pack 2 installed, but beware of anything else. This especially applies to non-PC wireless devices, such as media streaming hardware. The large majority of new kit is compatible, but it’s incredible just how recently this wasn’t the case. Check the specifications on new kit, too, just to make sure. If in doubt, use WEP, even though it will be gradually phased out.
23. Forward portsAll routers are configured to enable outbound connections to get through while blocking inbound ones. However, you might want to enable certain users to access your network. To do this, you need to open a port in your router’s firewall. And that’s where things get more complex because how you can do this depends on the manufacturer of your router. You also need to specify the IP address of the computer to which you want the connection to be forwarded. This is a complicated procedure, but you can get help –check out www.portforward.com for more advice and detailed walkthroughs.
24. Better browserOne of the easiest ways to avoid falling prey to phishing (online fraud) is to switch to a browser with anti-phishing capabilities. The latest version of Internet Explorer (version 7) includes just such a feature, warning you when phishing attempts are detected. You can download IE7 here.
25. Toolbar plug-insIf you’d rather stick with your existing web browser, you should try searching online to see whether there’s an anti-phishing component available for it. For example, Microsoft has developed a Phishing Filter component for its MSN Toolbar, and you can download if for free.
26. Anti-spam softwareMost anti-spam programs automatically recognise messages that appear to be phishing attempts and will relegate them to your junk mail folder. Install an anti-spam program such as eTrust Anti-Spam (a free trial is available from www.qurb.com) and your exposure to phishing scams should be reduced dramatically.
27. Privacy programsInternet security suites, such as the various ones available from McAfee, now include privacy components that enable you to enter sensitive personal details, such as credit card or bank account numbers. When any program tries to send this information over the internet, it is blocked and you are alerted.
28. Understand the enemy One of the best ways to protect against identity theft scams is through good old-fashioned education. A variety of resources is available to keep abreast of the latest privacy threats, including sites such as the Home Office’s Identity Theft page and the Privacy Rights Clearinghouse.
29. Parental controlOne of the best ways for parents to help ensure a safer online environment for their children is through the use of parental control software, such as K9 Web Protection. K9 enables parents to block access to sites with unsuitable content, as well as those known to engage in phishing attempts or the distribution of spyware. K9 only filters web browsing activities, however. If you want a more comprehensive online protection tool, consider a solution such as Spector Pro.
30. If all else failsThe best way to guard against threats to your privacy and identity is to use common sense when venturing online. Reputable sources never ask you to provide sensitive personal information in an email or on a website. Always be suspicious of anyone asking you for this information, regardless of the medium. If your instincts tell you that something doesn’t seem quite right, then it usually isn’t.