Lobo7 "Computer Safety"
Practices & Advise
These are some of my Safety Recommendations
to ALL Windows Systems Users.
Securing your System and developing secure
practices should be one of the first priorities of any System User.
It is very important that you use a Firewall(
Software or Hardware ) . Besides monitoring all incoming and outgoing traffic,
it should also alert you for access permission if such traffic is detected.
It should also have the ability to hide your presence from intruders by
completely blocking access to the ports that are used for the information
transfers. When a choice is given, select the highest security level for
your internet zone and set all programs to prompt you for access. Recommended
Software Firewalls are : ZoneAlarm
, SysGate , Kerio
, Look'n'Stop &
over TCP/IP in your network settings if
you have file sharing enabled on your computer so no one from the outside
can access the contents of your hard drives through these ports. Complete
instructions can be found at ShieldsUp!
- Network Bondage. Consult with a professional if you are unfamiliar changing
Systems Settings. Although it is not something that is difficult to learn,
you do need a basic understanding of network adapters and protocols in
order to correctly remove the appropriate bindings needed to manually disable
NetBIOS over TCP/IP. Testing can be done at Gibson
Use a Virus Scanner,
keep the anti-virus signatures updated (as much as the Worldwide Virus
Situation requires - at least once a week is recommended), enable the "Heuristics"
or "Bloodhound" feature (for detection of virus-like activity of yet-to-be
discovered viruses), and set it to scan all downloads and e-mail attachments.
When possible, use also the settings for scanning ActiveX Controls and
Java Classes for potentially harmful content. Recommended Anti-Virus Programs
Symantec & Trend
When possible, use an E-Mail
Content Filter to scan the received e-mail
attachments. If this is not possible, make sure that your anti-virus software
has the option to scan and quarantine attachments suspected of carrying
viruses or worms when they arrive - before they are opened. Never open
executable programs that you could receive by E-Mail. Some examples of
these files have these endings : *.exe , *.com, *bat , *.vbs , *.pif ,
*.scr . These files ( Programs ) are by choice (Crackers & Trojan Makers
) the prefered transport vehicle for Viruses and Trojans. Recommended E-Mail
Content Filter : GFI - Mail
Do not allow a downloaded
application or any downloaded executable
content to launch on its own.
is great for Internet browsing, but it is dangerous when used for E-Mails.
Please read this very interesting Article
on this issue.
Do not "View
Attachment Inline" unless you are sure
that it is from a trusted sender.
Unless it is signed or comes from a trusted site,
never accept and run an ActiveX Control
or Java Class . Always force the browser
to prompt you for permission.
Do not use E-Mail to send Confidential
Information such as credit card numbers
or your Social Security number. Even if you use encryption, you cannot
be certain that the recipient will protect this information once it is
delivered and decrypted. It will only be as secure and the recipient and
the recipient's system permits.
Use E-Mail Encryption
Software otherwise your E-Mail will be
the equivalent of a Post Card, anybody could be able to see and read the
contents. Visit the PGP WebSite for
more information . Other options are Encrypted WebBased E-Mail : Mute
Mail , MyRealBox
, HushMail &
ZipMail . It is also
an excellent idea to Digitally Sign your E-Mails . For a Digital ID visit
: VeriSign .
Be sure your browser is SSL-capable
(Secure Socket Layer) and the encryption strength, or cypher strength,
is not less than 128-bit. Never submit a secure form on an insecure server.
Be sure that a little "Padlock" appears on the corners of your Browser
. This is the sign that you are on an SSL Line.
Always update your Operating
System and your Internet Browser , in
addition to any service or application that has access to the Internet.
Apply updates and patches as they are released. Your Internet Browser is
one of your first lines of defence . To understand better this concept,
please visit Gemal
DK .To check for Windows Updates, you can always go to Microsoft
Protect your System's
Registry by using software as Greyware
Registry Rearguard or RegistryProt
to protect your registry, startup directories, and startup files from malicious
programs. Incoming trojans can go undetected. They will place a specific
set of instructions in the registry or other system files and will activate
the next time you shutdown/restart your computer. A 'rearguard' will alert
you before the damage is done.
Identify the System
Services and Applications that are known
to compromise security and do not allow them to have open access to the
Internet. When in doubt, set everything to prompt you for permission. Better
Safe than Sorry..!
Do not use recognizable Passwords
such as the names of family members or pets, birthdays, or anniversaries.
Make them as 'cryptic' as possible; and if you must write them down, do
not store them on your computer or any other place where someone may have
access to them. Change your passwords regularly.
Avoid visiting Untrusted
Sites. When not possible, be extremely
Never reveal Personal
Details to strangers.
Always read the Privacy
Policy. It's presence, not mean that a
company won't collect or sell your information. Read it carefully. If it
is vague or unclear, watch out.
Visit Security & Privacy sites frequently. Apply what you learn.
Never respond to Spam
by using their "click here to unsubscribe"
or "follow this link for removal from our
list". The one and only thing this does
is verify that the spam was delivered to a valid e-mail address and confirm
that you saw it. The sender has no intention what so ever in honoring your
request. In fact, by responding you are guaranteed the delivery of even
more spam from the same sender plus those who were sold your confirmed-valid
address. Delete the spam without responding to anything. Anti-Spam Software
can be see at the following WebSites : SpamKiller
, SpamWeasel . Spam
can be reported at the following WebSites : SpamCop
Mail Abuse Org. ,
Spam Abuse Net , CAUCE
Use common sense
when filling out forms or submitting any personal information unless you
are absolutely sure it won't be misused.
Never give your Personal
E-Mail Address to a commercial vendor.
This applies to anything from making a purchase online to responding to
an online survey. Apply for a free Webmail
account and use that address instead. You can always dispose of it
and acquire a new one quite easily if necessary. Never use your personal
e-mail address when posting to message boards or newsgroups. Always use
a Webmail address. Spiders are constantly crawling these places for valid
addresses to use for spam. If you must use your personal address, always
insert some text that the viewer will know to remove when responding to
you. No one will question your intent - this is standard practice. Anonymous
UseNet WebSites : SuperNews
, NewsFeed &
When possible, disable HTML
for E-Mail or choose to view all messages as plain text if your e-mail
client has such options - the better ones do; or use an e-mail content
filter for Web Bugs and embedded content originating from a server other
than the one belonging to the sender of the e-mail.
Set your Internet
Browser for maximum privacy, forcing it
to prompt you for permission for everything possible, from cookies to downloads
(as well as security permissions for Java Classes and ActiveX Controls
as mentioned above). Once you become familiar with a site you can always
add it to an 'approved' or 'trusted' sites list in your content filter
or browser to avoid the annoyance of continuous prompts, but apply some
caution as this is for absolutely trusted sites only. Clear
your browser cache (called "Temporary Internet
Files" in IE) and clear browser history often.
Also be aware that Freeware,
Shareware, and Adware Programs can contain
viruses, or worse - trojans. Be cautious when installing these programs.
Use a Router between your LAN and the Internet to mask your IP address
if you have an 'always-on' connection using DSL, cable, or any connection
where you are assigned a static IP address.
Require a User Name and Password for every computer connected to your Network.
Do not store sensitive files on any computer you use to connect to the
Internet unless those files are encrypted.
For additional Internet privacy protection, use a Web content filter (or
browser filter) to prevent remote site contact through ad banners and embedded
Web Bugs and a Cookie Filter.
Realize you may be monitored at work. Avoid sending highly personal e-mail
to anyone including mailing lists, and keep sensitive files on your home
Test for Security Vulnerablilties. Be sure to include a check for identity
vulnerabilities and port scanning.This Testing can be done with services
supplied by Gibson
Research Corporation or Hacker
Wacker .Examine the results and make adjustments to your firewall and/or
network settings and apply software patches wherever required for maximum
defense. Closed ports are good - stealthed ports are better - but keep
in mind that more often than not, security problems exist with the software
and not with the ports through which they are granted access.
Always Backup regularly all your personal and system files. Backups can
restore lost data in the event your system's security is compromised. Keep
copies of everything you would need for both a simple restore (the replacement
of just one or two corrupted files), and a major restore (bringing your
system back to its original state in the event you need to reinstall your
OS and other programs).