Lock Down Your PC
Fortunately, there's no lack of products to help you surf safely. But those defenses won't help much if you don't use them properly, and our results suggest that most people need to look critically at how they use the tools in their arsenal.
Nobody with an Internet connection should be without virus protection. Besides preventing potential catastrophe to your PC and network, an antivirus package can protect your system from worms and security holes that let intruders reach in and pilfer sensitive information such as passwords and financial data.
But antivirus software is only as good as its latest update. While 83 percent of our survey group said they use an antivirus application, only 73 percent update their definition files regularly. You wouldn't pay for a home security system and never turn it on; why run an antivirus app that can't recognize the intruders that it's supposed to protect you from? The number of users taking action against viruses is encouraging; but still, more than one in four of our respondents are ripe for attack.
Also make sure to run a beefy spam filter. Not surprisingly, 98 percent of users say that sending and receiving e-mail is their top activity online (60 percent also use instant messaging), so it's essential to purge the junk. Nor is it just junk: You can eliminate many attempted virus attacks and potential security breaches by letting a trusty e-mail bouncer deflect spam at the door. Check out "Top Utilities for Your Toolbox" for good filters. (AOL users may have to use the company's own spam-filtering software; most third-party tools don't work with AOL.)
It's also crucial to keep up with new software versions and install security patches--a task only about 63 percent of survey takers perform. "Fyodor," a self-described hacker whose Web site, www.insecure.org, contains a wealth of useful security-related information, says keeping software current is one of the best ways to lock intruders out. Go beyond the OS: "Internet-enabled applications like mail readers and Web browsers should also be upgraded on a regular basis," he advises.
Sure, it's bothersome to keep up with Microsoft's patches, but you can simplify the process: In Windows XP, for example, right-click My Computer, select Properties, Automatic Updates, and then check Keep My Computer Up to Date to have Windows grab updates automatically from the Redmond mothership. (For more on patches, see this month's Bugs and Fixes.)
Automatic OS updates bring their own headaches, though. Take last year's Service Pack 2 for Windows XP: SP2 created an instability in Outlook that persisted until another patch was released. Under the Automatic Updates tab listed above, you can customize this feature so you just get notified when a new patch is available, for example. For more, see April's "Internet Fixes."
Another essential tool to keep the bad guys at bay--especially if you're running always-on broadband--is a firewall, used by just 58 percent of those surveyed. Windows XP has a built-in firewall, but third-party apps offer stronger security, better customization, and other worthwhile extras such as cookie managers. Check "Top Utilities" for our favorite firewall.
The fourth cornerstone of online protection is an anti-spyware/-adware app, which 44 percent of respondents use. Spyware and adware programs often slither undetected onto your PC as you surf; and besides serving up annoying pop-up ads, they may report your browsing habits (and who knows what else) back to the source (and who knows where else). You'll notice if you're getting extra ads, but you may never know spyware is there unless it visibly slows your PC's performance. See "Top Utilities" for recommended apps.
- Set automatic updates for your sentinel apps. If you have a weekly meeting, for example, set your antivirus or firewall software to grab updates then. If your schedule is less predictable, have the software check for updates first thing in the morning, while you get your coffee.
- Customize your Windows security settings. (Go to Tools, Internet Options and select the Security, Privacy or Advanced tab, depending on what you want to set.) This step isn't a replacement for the tools discussed above, but you can beef up the basics by disabling file downloads (a good idea if others--especially kids--can access your PC), setting passwords, blocking cookies, and the like. It's generally a good idea to raise your Privacy settings to High, which will block cookies that use personally identifiable information without your consent, among other things. For more customization hints, see September's Internet Tips.
- Periodically purge your Web history. Don't forget to clear cookies and stored temp files from your browser's cache, too. Not only will that keep you more secure, it will keep your PC running more smoothly. (Open IE, select Tools, Internet Options, and use the buttons on the General tab.) Some utilities, such as Webroot's Window Washer make this cleanup a snap. Try to make these periodic purges part of your PC maintenance routine; perform them whenever you back up data or run a virus sweep, for example.
- Configure your firewall to start automatically. Most firewalls also let you select a protection level; we advise setting yours to High, though you may need to flag benign apps so you don't get constant alerts. For more on configuration, see August's Step-By-Step.
Securing Your Net
Bolstering your security is all the more critical if you're running a home or small-business network, particularly if it's wireless. When you don't have an IS department, it's easy to fall behind or make mistakes in implementing security.
Suites such as McAfee's Internet Security Suite 6 ($70) and Symantec's Norton Internet Security 2004 ($80) are good options if you want something that is easy to maintain (see our review of both in this month's New Products). These packages typically include automation features and a full set of tools, from software firewalls to antivirus apps, spam killers, and pop-up blockers. Click here for pointers on securing your LAN.
- Change all default administrative and network passwords. Also encourage (or require) users who share the network to change their passwords every 6 or 12 months, by setting passwords to expire.
- Upgrade your wireless network security. Recently the Wi-Fi Alliance introduced Wi-Fi Protected Access (WPA), a security standard that addresses some holes in the Wired Equivalent Privacy (WEP) protocol. To get WPA, go to your vendor's site and download the new firmware--make sure to upgrade all the parts, from the routers and access points to the cards.
- Test your network's security. You can use free tools with limited functions, such as those at McAfee's HackerWatch.org/checkup, or more robust ones, like GFI LANGuard's Network Security Scanner 3 (starts at $295 for LANs with up to 25 IP addresses), that provide in-depth network analysis, from missing patches to weak passwords. See www.insecure.org/tools.html for more.
- Watch out for disgruntled employees. It's unfortunately true that most network breaches--over 70 percent, according to the ITRC's Foley--come from within. Go to Foley's site for a worksheet that helps companies assess and address this problem.