PC security: Your essential software toolbox
Mobile malware is getting lots of attention these days, but you can’t forget about your PC’s security—after all, you probably still use it to pay bills, shop online, and store sensitive documents. You should fully protect yourself to lessen the chance of cybercriminals infiltrating your computer and your online accounts, capturing your personal information, invading your privacy, and stealing your money and identity.
You need to guard against viruses, of course, but not all antivirus programs catch all threats, and some do better than others. You have to watch for many other types of threats, too: Malware invasions, hacking attacks, and cases of identify theft can originate from email, search engine results, websites, and social networks such as Facebook. They can also come in the form of links or advertisements for phishing and scam sites. But with some education on the topic, and the right tools, you can identify such scams and avoid falling victim.
If your children use your computer, you must also protect against inappropriate content such as violent games and adult sites, and you should monitor communication on social networks. Although the best approach is to keep a close eye on your kids while they use the computer, you can employ tools and services to filter content and monitor their Web usage when you’re not around.
Protecting your data from computer thieves and from people who tap in to your Wi-Fi signal is also important. Encrypting your computer is the only way to ensure that a thief cannot recover your files, passwords, and other data. And unless you password-protect and encrypt your wireless network, anyone nearby can connect to it, monitor your Internet usage, and possibly access your computers and files.
Here are the security threats you should watch for, and the tools you can use to protect against them.
Viruses and other malware
Viruses, spyware, and other types of malware are still prevalent, and cybercriminals are constantly finding new ways to infect computers. Although adult sites and illegal file-sharing sites have a reputation for harboring malware, you don’t have to browse the shady parts of the Web to become infected.
Installing a good antivirus or Internet security program should be your first step. However, not all are created equal. While no single antivirus product can protect against all of the millions of malware variants, some packages detect (and successfully remove) more threats than others do. For strong PC security, choose one of the top performers from our 2012 antivirus product-line reviews, such as Bitdefender Internet Security, Norton Internet Security, or G Data Internet Security. And in the future, be sure to check back for our more up-to-date reviews.
Although an antivirus package is your primary weapon for fighting malware, you might wish to add other tools to your arsenal for extra security.
OpenDNS provides content filtering that blocks many malware-infested sites and phishing scams. You can enable this online service on select computers, or on your router to protect all connected devices. The free OpenDNS FamilyShield automatically blocks malware, phishing sites, adult content, and proxy sites that try to bypass the filtering, and it requires only a simple setting change on your PCs or router. The OpenDNS Home and Premium DNS offerings filter malware and phishing sites, and let you make a free or paid account to customize the filtering and other features.
The freeware utility Sandboxie lets you run your Web browser—or any other application—in a safe mode of sorts to protect against damage from downloaded viruses or suspicious programs that turn out to be malware. It does so by running the browser or selected program in a virtual environment (also known as a sandbox) that isolates the program from the rest of your system. Some antivirus or Internet security packages come with a sandbox feature, but if yours doesn’t (or if it doesn’t allow you to run programs in the sandbox manually), consider using Sandboxie when you’re browsing risky sites or downloading suspicious files.
Intended to complement the defenses you already have, Malwarebytes works alongside most regular antivirus programs. It may catch malware that your regular antivirus utility misses, or remove threats that your standard package can’t. The free version does on-demand scans (you manually open the program and run a scan), whereas the paid version has real-time monitoring just as regular antivirus software does.
In addition to installing antimalware utilities, you can take other steps to help prevent attacks.
Enable automatic Windows Updates: This action ensures that Windows and other Microsoft products regularly receive the latest security patches. You can adjust Windows Update settings via the Control Panel. For best protection, choose to have Windows download and install updates automatically.
Keep non-Microsoft software up-to-date: Don’t forget to update your other software, too. Some popular programs and components (such as Web browsers, PDF readers, Adobe Flash, Java, and QuickTime) are bigger targets than others, and you should be especially mindful to keep them up-to-date. You can open the programs or their settings to check for updates, but most will automatically notify you when an update is available—and when you receive such notifications, don’t ignore or disable them.
Hacking and intrusions
Malware-caused PC problems aren’t the only thing you have to worry about. A determined cybercriminal can get inside your PC by directly hacking into it, and some malware can steal your data and passwords, sending the information back to home base.
This is where a firewall comes in handy: It serves as a gatekeeper, permitting safe traffic (such as your Web browsing) and blocking bad traffic (hacking attempts, malware data transfers, and the like).
Windows includes a firewall, named (appropriately enough) Windows Firewall. It’s set by default to block malicious traffic from coming into your computer, but it isn’t set to watch the data that’s going out, so it will likely not detect any malware attempts to transmit your data to cyberattackers. Although you can enable the firewall’s outgoing protection (in Windows Vista and later versions), that isn’t easy for the average user to set up or configure.
For the ultimate in PC security, you should use a firewall that protects your machine from both incoming and outgoing malicious traffic by default. First, find out whether your antivirus utility or Internet security package has a firewall component, and whether it offers full protection. If it doesn’t, consider a third-party firewall such as ZoneAlarm Firewall or Comodo Firewall Free.
Phishing and scam sites
One method that cybercriminals use to steal your passwords, money, or identity is commonly called phishing (a play on the word fishing). Attackers try to get you (the fish) to hand over your information or money. They do so by hooking you with an email message, IM, or some other form of communication (the bait) that looks as if it came from a legitimate source such as a bank or an online shopping site.
Phishing isn’t a new tactic, but people still fall for it. Here are some precautions that you can take to keep phishing scams from reeling you in.
Don’t click links in email: Scammers often put links to fake login pages in email messages that look very convincing in an attempt to steal your personal information. With that in mind, if an email ever asks you to click a link to log in to a site and enter your username and password, don’t do it. Instead, type in the real website URL of the company directly into your browser, or search Google for the site.
Check for SSL encryption: Before entering sensitive information online, make sure that the website is using encryption to secure the information while it’s moving over the Internet. The site address should begin with https instead of http, and your browser should show some kind of indicator near the address bar. If a site isn’t using encryption for a screen in which it asks you to enter sensitive data, it’s most likely a phishing site or scam site. SSL encryption isn’t a guarantee of safety, but you ought to make a habit of looking for that lock icon.
Use a Web browser add-on: Many Web browser add-ons out there can help you identify phishing scams and other dangerous sites. Typically these plug-ins use badges or some other indicator to show whether a site is safe, unsafe, or questionable. Most antivirus programs offer these types of browser add-ons, but if yours doesn’t or you don’t like it, consider using Web of Trust, an independent site-reputation tracking service.
Social network safety
Facebook, Twitter, and other popular social networking sites have given cybercriminals additional avenues to try grabbing your personal data. For example, scammers might create a malicious Facebook app that attempts to harvest your information for their financial gain, spreads tainted links, or hijacks other people’s profiles. Below are a few measures that you can implement to protect yourself on social networks.
Tighten your security and privacy settings: Although security and privacy features vary across social networks, they can help to protect you and your account data. You must set them up, however, for them to work effectively. For instance, both Facebook and Twitter allow you to encrypt your connections so that other people can’t hijack your account when you’re connecting from public Wi-Fi hotspots. And Facebook offers a feature to monitor and track the computers and devices that log in to your account, to help identify unauthorized logins.
Be careful who you “friend” or “follow”: Before you add someone as a Facebook friend, or follow them on Twitter or Google+, ask yourself whether you really know the person. Cybercriminals often set up fake profiles just to spread spam and malicious links.
Watch for phishing attempts, scams, and hoaxes: If something sounds fishy or too good to be true, it probably is. Two widespread Facebook scams, for instance, promote links or apps that claim to tell you who has viewed your profile, or that promise to change your Facebook profile layout or theme—even though neither capability exists. Think before you click on these types of links or apps, as they could steal your information, hijack your account, send spam to your friends, or cause other damage. To learn more about social network security and to discover scams as they develop, follow sites such as Facecrooks or PCWorld’s own security topic page.
Check app permissions: If you’re thinking of giving a Facebook app permission to access your profile information, first check out the types of information it wants. If you think a particular app should not be able to access certain details, don’t allow it. Also, periodically check the apps you’ve authorized to see if any of them look suspicious.
Twitter lets apps access account information, too. Be sure to review which apps and services can access your profile. If you no longer want to use a particular app or service, you can disable it from this page.
Use apps to help detect malicious activity: A number of apps can tell you if your social network accounts are vulnerable to attack, or if you’re sharing too much personal data. For starters, they can filter and moderate your feeds and comments for malicious or inappropriate content, and detect fake profiles set up to flood your feeds with spam.
Two good antiscam apps are Bitdefender Safego for Facebook or Twitter and MyPageKeeper for Facebook, both of which monitor your profile's feeds and comments and alert you and other users to any malicious links they encounter. For more details on how each utility works, see "Lock down your social media with essential security add-ons." And if you operate your own Facebook Fan Page or blog, consider using a service such as Websense Defensio, which filters comments for spam messages, malicious content, and profanity.
If children use your computer, you should look at ways to block inappropriate content and online predators. Even if children aren’t searching for unsuitable content, they could still stumble across it in searches, find it via links or advertisements, or even access it directly by mistyping a site address.
Enable Parental Controls in Windows: With the parental controls in Windows Vista and later versions (accessible through the Control Panel), you can determine when your kids can use the computer, which games and applications they can run, and the types of websites they can visit. The feature also provides activity reporting, so you can keep an eye on their computer usage.
Activate OpenDNS for Web filtering: As I mentioned earlier, OpenDNS is an online service that offers content filtering. But in addition to stopping malware and phishing sites, OpenDNS can block adult-oriented sites and other online material that may be inappropriate for children.
Even if you use the built-in Windows Parental Controls, OpenDNS is worth trying since it provides a second layer of protection. OpenDNS can also safeguard all computers and devices on your network when you configure the service on your router. You can use the free OpenDNS FamilyShield service without even creating an account. And if you wish to selectively block certain content categories, you can create a free or paid account with the OpenDNS Home or Premium DNS service.
Enable search engine filtering: Since children can encounter all sorts of inappropriate content in searches, consider enabling search filtering for the popular websites. You can do so in the preferences screens for Google and Yahoo. For YouTube, click the Safety Mode link at the bottom of any page.
Use SocialShield for social network monitoring: Avira’s free SocialShield service helps you keep an eye on your children’s Facebook, Twitter, Google+, and MySpace accounts. It analyzes their public and private posts, photos, friends, and so on to alert you to anything that might compromise your children’s online safety.
Device and data theft
Not all security risks come by way of the Internet: You never know when a thief might try to steal your equipment. Although this is obviously more of a concern for laptops and mobile devices, theft is one of the simplest, yet most damaging, threats.
Even if you have set a Windows password, thieves might still be able to access your personal files and passwords, as well as other bits of sensitive data. They could remove your Windows password (which isn’t difficult) and log in to your Windows account, boot your computer into Linux (which bypasses Windows completely), or remove the hard drive and connect it to another computer.
Encrypting your drive will prevent those types of attacks. A thief could still delete your data from an encrypted drive, but the crook wouldn’t be able to access it. If you’re using an Ultimate or Enterprise edition of Windows Vista or later, you can use Windows BitLocker to encrypt your drive. If you’re using another version or edition of Windows, check out the open-source DiskCryptor utility.
An alternative to encrypting your entire hard drive is to encrypt only your most sensitive files, such as financial reports and confidential work documents. You won’t be able to protect some data (such as saved browser passwords) under this scheme, but taking this approach is better than doing nothing. If you’re running a Professional, Business, Ultimate, or Enterprise edition of Windows, you can use the built-in Encrypting File System feature, which you can turn on through the properties of a file or folder. If you’re on a Home edition of Windows, or if your computers do not all run the premium editions, you might turn to TrueCrypt to encrypt the files or folders you want to protect.
Wireless and mobile security
Outside of your PC, you can take other steps to keep your data safe.
Turn on Wi-Fi encryption: Most wireless routers don’t turn security on by default. Enable encryption to prevent snoops from entering your network and perhaps capturing your traffic and passwords. For a home or small office, use at least WPA2-Personal (PSK) security, in which you create a password on the router and then enter it into computers and devices when connecting. For a larger business, choose WPA2-Enterprise security, which uses an authentication server or hosted service and requires users to have unique usernames and passwords.
Use a strong Wi-Fi security password: Even if you decide to set up WPA2-Personal (PSK) security on your wireless router, you're still at risk if you make a weak password that can be cracked. To ensure that malicious parties can’t break into your Wi-Fi, use a complex password. You can use up to 63 characters, including lowercase and uppercase letters, numbers, and symbols. Don’t use any recognizable words or phrases; gibberish like a8F#wM1(C9*!q$JyP@i^ is ideal. And so you don’t forget it, you might write it on a sticky note and attach it to the bottom of your router, or save it on your desktop PC in a Word or plain-text file.
Password-protect your smartphone and tablet: Don’t forget about the security of your mobile devices. Losing your smartphone or tablet can cost you money, time, and privacy. Your first line of defense should be to set a lock-screen PIN or password on your phone or tablet so that other people can’t use it if you lose it. And if your smartphone or tablet supports encryption, you should turn the feature on so that a thief can’t retrieve your personal data from the device without considerable effort.
Install security apps on your phone and tablet: No-cost, easy-to-use security utilities such as Avast Free Mobile Security, AVG Mobilation Anti-Virus Free, or Bitdefender Mobile Security can help you locate and secure your smartphone or tablet if it is lost or stolen. Most of these security apps let you log on to a website where you can see the location of your lost device on a map, make it scream or sound an alarm (useful if you lose it in between couch cushions), lock it in case you don’t have a PIN or password currently set, and even wipe the data if you think you won’t be getting it back. These apps also have antivirus features to help block mobile malware, an emerging threat.