Protect Your PC and Data With the Security Checklist

This column often devotes a good bit of space to computer security and online privacy. But the tips have always appeared piecemeal, so it's difficult to remember (even for me) everything you should be doing to protect your PC and its data. This month I've assembled a safety checklist that gives you the big picture. Though it's not the final word on each of the topics presented, it will provide you with an overview of what you need to know and the steps you must take to avoid e-mail viruses, deter snoops, and halt attempts to hack into your PC or network. (For even more information on this broad subject, read the article " Internet Fixes.")

Block Hackers and Viruses

Connecting your PC to the Internet without using a firewall and antivirus software is like leaving your front door unlocked when you go on vacation--if you're lucky you'll come home to find that all is well, but it's still risky.

Install a firewall on every computer: Even if you have a hardware firewall between your PC or network and the Internet, you should still install a software firewall. Although a hardware firewall can be set to block or allow all packets passing in and out through port 500, for example, it doesn't know which application initiated the communication on your system. A software firewall routinely queries you to confirm whether it should let an application communicate over a given port (see FIGURE 1), so you can tell it that MyCoolInstantMessenger.exe is allowed to use the port but NastyTrojanHorse.exe isn't.

Use a bidirectional firewall: The firewall in Windows XP is better than nothing, but not much better. Free firewalls such as Zone Labs' ZoneAlarm 3 and Sygate's Personal Firewall 5 monitor and control both inbound and outbound network traffic, allowing them to block connections initiated on your PC by the aforementioned NastyTrojanHorse.exe or any real-life backdoor program.

Don't skip the antivirus: If you're not using antivirus software right now, stop what you're doing, go get some, and then continue reading after you've installed it. If you use Windows, not using antivirus software is simply irresponsible because of the high volume of viruses that target any version of this OS. Even if you think you know how to avoid viruses, you may eventually get nailed by one that employs a new and unexpected technique. If you get infected, chances are you'll infect the family members, friends, colleagues, and others who are in your address book, too.

If you don't want to shell out for a top commercial package like Symantec's Norton AntiVirus, at least download Grisoft's free AVG 6 Anti-Virus System. AVG isn't great at catching the latest known in-the-wild viruses, according to UK-based antivirus journal Virus Bulletin. Because of this shortcoming, using AVG could be just as bad as having no antivirus protection if you blindly launch every e-mail attachment that slithers into your in-box. However, if you have other prevention methods in your tool bag (such as a script-resistant e-mail program and a healthy distrust of e-mail attachments), it will at least prevent you from being nailed by those viruses that perennially come around. I've been using AVG for more than a year with great success and a minimum of hassle, but it's a period I nevertheless consider an experiment in living dangerously.

Update Everything, and Often

One of the easiest ways to prevent e-mail viruses from exploiting flaws in your programs and hardware is to download and install the regular updates (sometimes called software patches) that vendors provide. Microsoft's Windows Update site (see FIGURE 2) is a great source for fixes to that company's software. For a roundup of vital patches, as well as directions on downloading and installing them, see " Internet Fixes."

Set the Controls for Security

Once you've updated your software with the latest patches and bug fixes, check the applications' security settings. The programs you use every day often offer little-known features that can block viruses, stamp out cookies, and keep snoops off your computer or network.

Block it in the browser: You can download and install a zillion different utilities that corral your cookies and prevent Web sites from doing things on your computer that they shouldn't. But your browser also gives you lots of control over Web content. In my August 2002 column (" Listen to a World of Radio Stations on the Internet"), I offered cookie-crushing tips for Internet Explorer 6, Netscape 6.2, and Opera 6. x, and in the January 2003 column (" Protect Yourself--Clear Your Cookies and History"), I provided instructions for deleting cookies. Here's a brief recap of the steps for IE 6, plus updated directions for Mozilla 1.1 and Netscape 7:

In Internet Explorer, choose Tools, Internet Options and click the Privacy tab. To reject or accept an individual site's cookies, click the Edit button, enter the site's address, then click either Block or Allow. When you're done entering site addresses and settings, click OK to close the dialog box. To block third-party cookies (which are usually related to advertising or marketing), click the Privacy tab's Advanced button, check Override automatic cookie handling, select Block under 'Third-party Cookies', and click OK twice. To view and delete stored cookies, select Tools, Internet Options, then click the General tab, the Settings button, and the View Files button. In the resulting window, right-click a cookie and choose Delete. To remove all cookies stored by IE, select Tools, Internet Options, then click the General tab and the Delete Cookies button.

If you use Mozilla 1.1 or Netscape 7, choose Edit, Preferences, double-click Privacy & Security to open its subcategories, and select Cookies. To block all third-party cookies, look in the right pane and click Enable cookies for the originating web site only. To view and delete cookies, click the Manage Stored Cookies button, select a cookie in the list, and click the Remove Cookie button. Choose Remove All Cookies to wipe the entire cookie sheet clean. If you want to banish an individual site's cookies in perpetuity, check Don't allow removed cookies to be reaccepted later, and then delete the cookie. (Note that the site-by-site cookie controls that you would expect to find when you click the Cookie Sites tab in Mozilla 1.1 and Netscape 7 appear to be under construction.)

Derail e-mail threats: If you prevent your e-mail program from executing scripts and attachments in the messages you receive and keep your program updated to repair newly discovered security flaws, chances are good you'll keep viruses and Trojan horse programs off your PC. The latest versions of Outlook and Outlook Express wisely block all scripts and dangerous attachments by default, by placing any incoming HTML mail in the Restricted security zone (to see your security settings in either program, choose Tools, Options and click the Security tab).

In the June 2002 Internet Tips column (" Stop Those Sneaky E-Mail Viruses in Their Tracks"), I suggested that readers disable their e-mail program's message preview pane to doubly ensure that viral mail remains inert. To disable Outlook Express's preview pane, choose View, Layout and uncheck Show preview pane. In Outlook, click View and deselect Preview Pane. To hide the preview pane in the Mail & Newsgroups program in Mozilla 1.1 and Netscape 7, choose View, Show/Hide, Message Pane.

But several readers wrote to say that they still needed a way to peek into messages with attachments to see what kinds of scripts or files they contain. To do that in Outlook Express without opening the e-mail, right-click the message, choose Properties, click the Details tab, and then click the Message Source button. Now you'll see the exact text of the entire missive, including the names and encoded content of any binary attachments. Maximize the window to make it easier to read. To safely view files attached to a message in Outlook, right-click the e-mail and choose View Attachments (see FIGURE 3). To view a message's plain-text contents (to see the names of attached files) in Mozilla or Netscape, select the e-mail, and then choose View, Message Source.

Use MAC filtering on your wireless LAN: If you have a wireless network, you may want to use multiple security features for maximum protection. In the November 2002 issue (" Lock Out Internet Pests, Lock In Network Security"), I discussed several ways to keep drive-by network hackers at bay. One more security option your wireless router or access point may offer is media access control (MAC) address filtering.

Each network adapter on a LAN--wired or wireless--has a unique physical address that operates at a lower level than its IP address in the hierarchy of network protocols. Many routers, including wireless ones, let you restrict wireless network access to a limited set of hexadecimal MAC addresses. You'll need to get out the router or access point's manual to set it up, then drill down into the network card properties for each connected computer to find and jot down its MAC or physical address (see FIGURE 4). Like IP addresses, MAC addresses are easy to spoof, or falsify. And because it doesn't encrypt traffic, MAC filtering alone won't make your network secure. But it's one more roadblock that could send a hacker elsewhere in search of an easier network to crack.

Download of the Month: Streamripper 32

I often listen to streaming Internet radio stations to learn about new kinds of music not featured on my local stations. Often, I'll purchase the CD of an artist I hear online. Sometimes I realize I really like a song about 10 seconds after it's over. By then, it's too late to see the artist's name and song title in my player.

Naturally, there's a solution. Oddsock.org's free, open-source Streamripper 32 tool takes that audio stream, breaks it up into songs, and saves the individual tracks on your hard disk, embedded ID3 tags (with the track name, length, and artist) and all. It'll even grab only those songs you specify. It's not the second coming of Napster, though, so the RIAA can relax.

Most streaming broadcasts are noticeably less than CD quality, and many cross-fade their tracks or intersperse them with station identifiers, so Streamripper's output is more informational than archival. It does let you identify those tunes you'd like to add to your permanent library by some other means.

Send your questions and tips to nettips@spanbauer.com. We pay $50 for published items.Go here for more Internet Tips. Scott Spanbauer is a contributing editor for PC World.