10-Step Security

Illustration: Stuart Bradford
Each new wave of computer viruses, spies, and spam may have you ready to dust off your typewriter, but PC security can be effective without being a chore. To keep your computing safe from current and future threats, we've distilled our security advice down to the basics. These ten quick and easy tips will help protect your hardware, software, and data.

1. Patch automatically: Ensure Windows is set to update itself. In XP, click Start, Control Panel, Security Settings (if you're in Category view), Automatic Updates. In 2000, choose Start, Settings, Control Panel, Automatic Updates. In both versions, verify that 'Automatic (recommended)' is selected. You can also have Windows notify you before it downloads an update, or you can install the update manually. (The steps and options are only slightly different in Windows 98 and Me.)

2. Don't wait for Windows: If your PC has been off for more than a few days, don't wait for Windows' automatic update to kick in. Make the Windows Update site your first Internet stop. Also, there may be a lag between when a patch is available and when Windows Update pushes it to you. Microsoft releases Windows patches on the second Tuesday of each month, so to be safe check for updates manually every couple of weeks. And don't forget to set your antivirus and anti-spyware tools to update automatically (or check weekly for updates yourself).

3. Use XP's security monitor: Windows XP Service Pack 2's most welcome addition is the Windows Security Center, which alerts you when your PC's firewall and antivirus protection are disabled or out of date. Still, XP's own firewall protects you only from inbound pests; it doesn't alert you to suspicious outbound traffic (see "Tweak Windows XP SP2 Security to Your Advantage" for more). We recommend that you disable the XP firewall and instead use Zone Labs' (ZoneAlarm) or another third-party firewall program that protects both ways.

4. Make your file extensions visible: Some viruses masquerade as harmless file types by adding a bogus extension near the end of their name, as in "funnycartoon.jpg.exe," in hopes your system is set to hide such extensions (the default in Windows XP and 2000)--you see '.jpg' but not '.exe'. To make these troublemakers easier to spot, open Windows Explorer or any folder window and click Tools, Folder Options, View. Ensure that the option 'Hide file extensions for known file types' is unchecked.

Bonus Tip 1: To get the most complete picture of your Windows setup, check Show hidden files and folders and uncheck Hide protected operating system files (Recommended).

Bonus Tip 2: Click here to play Microsoft's video guide to Windows XP security settings.

Add site URLs to Internet Explorer's Trusted Sites list to avoid unnecessary security warnings.
Add site URLs to Internet Explorer's Trusted Sites list to avoid unnecessary security warnings.
5. Keep Internet Explorer safe: Many people find IE 6's Medium security level too obliging to ActiveX controls and other small programs, or scripts, that the browser runs on your PC. ActiveX and JavaScript enable such useful Web features as order forms and security scans, but they also may run malicious code and give attackers access to your system. To make IE safer, click Tools, Internet Options, Security, Custom Level, select High from the drop-down menu at the bottom of the Security Settings dialog box, and click Reset, Yes, OK.

Unfortunately, setting IE to the High security setting can lead to the browser's unleashing a fusillade of warnings and permission pop-ups every time you visit a site. The solution is to add the sites that you access often to IE's Trusted Sites list: Choose Tools, Internet Options, Security, click the Trusted Sites icon, and then click the Sites button. Enter the Web address, click Add, and repeat as necessary (see the Trusted Sites screen below). Be sure to uncheck Require server verification (https:) for all sites in this zone. When you're finished, click OK twice.

Block JavaScripts site-by-site in the Firefox browser via the NoScript plug-in.
Block JavaScripts site-by-site in the Firefox browser via the NoScript plug-in.
6. Make Firefox more secure: The only way to block JavaScripts on a site-by-site basis in the Mozilla Foundation's free Firefox browser is to download and install the NoScript add-in that was created by Giorgio Maone. NoScript places a warning bar at the bottom of all the Web pages you visit that use JavaScript. Click the bar to see options for allowing scripts on the site (permanently or temporarily), blocking scripts, and other operations (see the NoScript screen below). The program can also stifle Flash animations and other Firefox plug-ins, but keep in mind that going Flash-less means you'll be missing out on some of the Web's richest content (along with all of those great dancing ads). Although NoScript is freeware, the author does accept donations at www.noscript.net.

7. Handle e-mail links with care: If a virus infects your PC, chances are good it arrived piggybacked on e-mail. To reduce your risk of an e-mail-borne infection, don't click links in suspicious messages (the text in the message may mask the actual Web address). Instead, enter the URL in your browser's address bar manually, or go to the site's home page and then navigate to the page in question.

8. Scan attachments for viruses: Run each of the e-mail attachments you receive through your antivirus software before you open them. Rather than double-clicking the attachment to open it instantly, save the file to a drive on your PC, open Windows Explorer, right-click the file, and choose the option to scan it for viruses. (Better yet, set your antivirus software to scan incoming and outgoing e-mail automatically.)

9. Close the preview pane: Some maleficent messages need only be opened in your e-mail program's preview window to do their dirty work. That's why we recommend that you close the preview pane in all of your inboxes. In Microsoft Outlook 2003, click View, Reading pane, Off. In Outlook Express 6, click View, Layout and verify that 'Show Preview Pane' is unchecked. In Mozilla Thunderbird, click View, Layout and confirm that 'Message pane' is unchecked (or press <F8> to toggle the preview pane on and off).

10. Read your mail in plain text: Since many e-mail pests rely on HTML code to achieve their nefarious goals, you can stop them in their tracks by viewing your messages as plain text. In Outlook 2003, click Tools, Options, Preferences, E-mail Options and check Read all standard mail in plain text. In Outlook Express 6, choose Tools, Options, Read and click Read all messages in plain text. In Mozilla Thunderbird, select View, Message Body As, Plain Text.

Security Tool Kit

A well-stocked PC security toolbox goes beyond the basics of firewall and antivirus software to include protection from phishers and snoops as well. Bolster your system's defenses with these security utilities.

Firewall: ZoneAlarm, free (for individuals and not-for-profit charities), Zone Labs

Antivirus: AVG Anti-Virus System, free (for noncommercial use), Grisoft

Anti-spyware: Spy Sweeper 4, $30, Webroot Software; see review in "Best Defenders"

Antiphishing: Anti-Fraud Toolbar, free (currently in beta), Cloudmark

Encryption: PGP Desktop 9, $199 or $70 annual subscription, PGP

Wireless Safety

Encrypt your Wi-Fi network: When you install a wireless network, it's tempting to keep the vendor's default network name and leave the network unencrypted. But doing so is an open invitation to your neighbors and anyone else within range to help themselves to your Internet connection. Open your network's configuration program to rename your network and apply Wi-Fi Protected Access (WPA) encryption. And check the maker's Web site regularly for driver and security updates.

A PC World Special Report

The New Security War: See the Complete Special Report
Best Defenders and Spy Sweeper Leads the Field (chart)
The Hidden Money Trail
Privacy in Peril
Is the Net Doomed?
Threat Alert: Spear Phishing
Threat Alert: Antivirus Killers
Threat Alert: Instant Messaging Attacks
10-Step Security
Security by the Numbers
More Security Resources on the Web

Also See Our In-Depth Online Series
Web of Crime

Senior Associate Editor Dennis O'Reilly edits the Here's How section.

Subscribe to the Security Watch Newsletter

Comments