Internet Security for Normal Users

Do you use the Internet every day? Do you surf the web, or just go to specific web sites that you already know? Do you check out web sites that someone's recommended to you? Or, do you skip all the web stuff and just do emails, mainly with family and friends?

If you answered yes to any of the above questions, you're at risk. That's right — we're all at risk when we deal with the Internet.

Most sites on the Internet are perfectly legitimate. Most emails you receive are, too — unless you're so unlucky that you get more spam emails than you get that are really from your family, friends, business associates and companies with whom you do business. But sometimes legitimate web sites get hacked, and sometimes spam emails appear to be sent by friends and family.

Over the last few years, the dangers of the Internet have changed, mostly changing because we (you and I) are using better and better protection tools. Even Microsoft has finally woken up to Internet Security as an issue.

Tech Tip
In the Windows XP and earlier versions of Windows, there were no built-in firewalls. With Windows XP Service Pack 1, Microsoft added a one-way (inbound only) firewall — and turned it OFF by default. As of XP SP2, the one-way firewall was turned on by default. Microsoft bought Giant Antispyware and used it as the base for Windows Antispyware, later called Windows Defender. With Windows Vista, Microsoft woke up to the one-way vs two-way firewall issue, and finally installed a two-way firewall. Of course, it exempts those programs Microsoft doesn't want to control...

What's the purpose of all these attacks? The answer is very simple, today — money.

Today's Internet attacks assume you have a firewall, at least one that blocks attempts to attack you from elsewhere. Of course, that's not to say that the old attacks are not still running; I mean that today's new attacks are more sophisticated.

In today's world, it's all about getting you to install the malware.

Whether you go to a web site that auto-installs an Active-X program (misleadingly called an Active-X "control"), or the kids (or grandchildren) do it because the web site said it was needed, or whether you click on an executable program attached to an email, or, today's trick, where they hid the malware in a zip file that they sent attached to an email, the goal is to install some piece of software onto your system.

They might be trying to record your personal information, like user IDs and passwords for web sites (including banks, paypal, etc.).

Or they might be trying to scare you into buying their product — one of the common malware items today claims to be an antivirus program. When you install it, it claims to find more and more malware on your system, all the while trying to get you to buy the "Pro" version of the program.

Most of the time, the initial malware is a special program called a "downloader," whose function is to call home and then download and install whatever programs the bad guy wants to install. Some of the bad guys make their money by installing and operatinng downloader networks; they'll get paid by other bad guys to install the other guy's malware on the computers they've managed to subvert.

Accidentally install a downloader, and what can happen? Your computer may become one of those spewing spam, may be used to host obnoxious and/or illegal images, maybe used as a base for attacks on individual computers or against web sites, may try to steal your credit card data when you purchase goods over the Internet, may try to get access to your bank account, or control your computer to do about anything else you can imagine.

So, what's a person to do?

That's where I recommend the "belt and suspenders" form of protection.

First, if you have a cable or DSL connection, or a fiber connection or any other kind of high-speed connection (sorry, dialup users), get a router. Even if you only have one computer, get a router. A router is a first line of defense from attacks from the outside world. Nothing should be able to initiate a connection to your computer though a router. However, a router assumes that anything coming from your computer, or in answer to a packet sent from your computer, is legitimate and let's it through. By the way, I'm talking about YOU having a router that services YOUR computers only.

That same assumption is the biggest problem with the Windows XP firewall — it does not control anything that is outbound from your computer or received in response to the outbound connection. The automatic approval of Microsoft's programs (and some others) is a lesser issue.

In addition to the router, and including the dialup users who don't have the benefit of a router, you should have a two-way firewall program running on your computer. A two-way firewall controls outbound connection attempts as well as inbound connections. On a program-by-program basis, you authorize the outbound connection one time and can tell the firewall program to remember the answer.

Tech Tip
Dialup users — and those who have high-speed connections but don't use their own router — don't even think about connecting to the Internet without having a firewall program running. If you have to turn off your firewall program for something, you should disconnect from the Internet in order to do it. A few years ago, the attacks were prefaced by searches to find vulnerable computers by IP address. Then, the bad guy attacked the computers that he had found. Today, the attacks are automated and occur immediately, so the relative safety that dialup users used to enjoy because their IP address always changed, now, no longer exists.

In addition to having a router (except for dialup users) and running a two-way firewall program, you should be running three more always-running programs: an antivirus program, an antispyware program and an anti-spam program.

In the early days of antivirus programs, even the paid versions were run-on-demand only. In other words, the infection would occur, then the program would try to remove the infection. In the next stage of antivirus evolution, the paid versions became always-running and the free versions ran scans only; very quickly, the free versions became always-runnning also. The free versions usually have a paid "Pro" version also, which offers additional features. More importantly, the paid versions tend to have more frequent program updates and, even more important, earlier antivirus signature updates.

Today's Antispyware programs are in the interim stage — there are paid versions that run all the time, but I don't know of any free versions that run all the time. All the free ones of which I am aware will only scan on demand — they let the infection occur and then try to remove it when you remember to run the scan. That can leave you vulnerable for an extended period of time.

Finally, the last type of security program that I recommend is the anti-spam program. Since the bad guys are sending emails that are crafted to persuade you to open them, or to open their attachments (see my article Examining a Malware-bearing Email (Trojan email) in this week's online issue), an anti-spam program is a great tool to help you spot faked emails.

Which programs do I use? Read my recommendations in this week's online issue. The programs that I recommend are the ones that I like and I use.