The news for Internet-connected Windows users keeps getting worse. Just when we got all of our PCs locked down against last summer's Blaster worm, a storm of virus-laden spam assaulted our in-boxes. To top it off, a large chunk of Windows source code--the equivalent of the operating system's blueprints--leaked onto the Internet. Now thousands of virus writers can scan the code for flaws and weaknesses instead of relying on trial and error.
Should you bail out of Windows and get a Macintosh or Linux computer? Not necessarily. Sure, those alternative OSes are targeted by far fewer viruses than Windows is; and they may or may not be fundamentally more secure than Windows. But security is something you do, not something you buy. New viruses and worms continue to wiggle through newly discovered holes in Windows, Outlook, and Internet Explorer. But many of the worst enter through the front door, relying instead on foggy computer users willing to break the cardinal rule: Don't launch executable e-mail attachments.
Microsoft isn't completely off the hook, however, and its lackadaisical approach to software security been justly criticized. Earlier versions of Office were ripe targets for carefully crafted macro viruses and other e-mail attachments. However, the company has made great strides in blocking dangerous attachments within Outlook and boosting the general level of security in Windows and its included Internet Explorer browser. The upcoming Windows XP Service Pack 2 (due out in the middle of the year) will take these steps even further, beefing up the operating system's included firewall.
Microsoft still needs to deliver security fixes faster--serious known flaws can still languish unpatched for weeks or months.
The company is aware that it could do better with security, and it's working on improvements in Windows XP. At a recent security conference in San Francisco, Microsoft demonstrated a new Windows Security Center for the first time. This component of Service Pack 2 provides a single-screen display of essential Windows security settings. In it, a user can see if the system's firewall is on, as well as if antivirus software is installed, operational, and up-to-date. Bill Gates told the conference that it centralizes many security settings previously available in unrelated parts of the system.
Microsoft also demonstrated two other components of Service Pack 2: Windows Firewall (the successor to Internet Connection Firewall) and an enhanced Internet Explorer capable of letting users download trusted ActiveX controls on an site-by-site basis.
But you can't go wrong reducing your risk by adopting overlapping layers of security. Here are some steps you can take to block viruses, worms, and other threats.
Don't Click That Attachment
Antivirus programs and software updates are necessary insurance against the sneaky viruses that litter your in-box. But the best protection is a healthy paranoia about file attachments. The most common include .exe, .com, .bat, .vbs, .scr, and .pif, though there are many others. Document files, such as Microsoft Word's .doc and Excel's .xls, can contain scripts that could damage or infect your PC. A frequently updated antivirus program will block most viruses from launching. But for guaranteed safety, leave attachments untouched and ask your correspondents to send the information to you as plain text within the body of the message.
Update Your OS and Applications
Many of the worms and viruses floating around the Internet take advantage of known flaws in operating systems and applications--notably the Internet Explorer Web browser. Others exploit lax application security; unpatched older versions of Microsoft Outlook and Outlook Express are vulnerable to virus- and worm-bearing e-mail, for example. To even the odds against these threats, regularly download and install the fixes that Microsoft and other companies issue.
To update any version of Windows, Internet Explorer, and Outlook Express, go to the Microsoft Windows Update site. For Microsoft Office updates, go to Microsoft's Office Online page.
Better yet, if you're using Windows 2000 (with Service Pack 3 or later) or Windows XP, you can set your OS to update itself automatically. Microsoft explains the Windows 2000 SP3 steps in its Service Pack 3 Installation and Deployment Guide. To set Windows XP's Automatic Updates feature, right-click My Computer, choose Properties, select the Automatic Updates tab, check "Keep my computer up to date," select one of the three options for downloading and installing updates under Settings, then click OK.
Antivirus Software: Not Just for the Paranoid
It used to be that if you were very careful, never downloaded programs from the Internet, and were extremely cautious about opening e-mail attachments, you could avoid infecting your PC with viruses, worms, adware, spyware, and browser hijacks. Those days are over, especially now that the bad guys know as much about a big portion of Windows' innards as Microsoft does. You need to use a top-notch antivirus program like Norton Antivirus, or Grisoft's free AVG Antivirus. Antivirus applications do a much better job when they're updated, so make sure yours downloads and installs updates automatically, and configure it to do so if it doesn't already. For more on free antivirus utilities, see PC World's January 2004 Internet Tips column.
Firewalls: Take Two, They're Free
Many Internet security utility suites include a firewall, but you'll do just as well with Zone Labs' free ZoneAlarm or another free firewall. See PC World's December 2003 Internet Tips column for a list of freebies and information on how to install a firewall. Home network routers and even some broadband modems provide an additional layer of security: In addition to including a firewall to protect your local network from the Internet, devices that include Network Address Translation (NAT) hide your PC's true IP address from remote attackers. I recommend using both types of security: a firewall with NAT on the router or gateway device, and a software firewall running on each PC.
Tighten Up Your Browser
Internet Explorer, the Web browser built into Windows starting with Windows 98, is convenient and fast. However, many viruses and worms take advantage of its features and security flaws. You can avoid running dangerous browser-based programs by keeping the program up to date, declining mysterious downloads that ask your permission to run, and keeping IE's security settings sufficiently high. PC World's September 2003 Internet Tips column offers more tips.
Better yet, use an alternative browser such as the free Mozilla or ad-supported Opera. Neither supports the potentially dangerous ActiveX controls that IE users must beware of. Few Web sites (besides Microsoft's Windows Update) require IE's ActiveX, so switching shouldn't cramp your surfing style.
Uncover Spyware
The downside to some free programs, especially leading peer-to-peer file sharing tools, is that they often contain stealthy programs that shower you with ads and pop-up browser windows, hijack your browser, or worse. There are many programs that detect and remove adware and spyware. I recommend using two free programs with complementary features, Lavasoft's Ad-Aware and PepiMK Software's Spybot Search & Destroy.
Regardless of whether you use one of these tools, you can minimize adware and spyware on your PC by forgoing unnecessary free software and reading software licenses and install options carefully when you do download freebies. Many licenses alert you to the existence of snooping add-ons, and you can often choose to keep the unwanted software from loading during installation.
Taking these steps won't guarantee 100 percent safety online, of course. As you read this, someone, somewhere is looking for new ways to break into and take control of Internet-connected PCs. But applying multiple layers of security will put you in the high 90s. If you do nothing else, be sure to keep your software updated, install and update a reputable antivirus program, and use at least one firewall to block malicious programs from phoning home. It's up to you: No one else is going to protect your PC.
PC World Contributing Editor Scott Spanbauer writes the magazine's Internet Tips column.
Ad Choices