Unbreakable Windows

Life

 
Online dangers are completely exaggerated. I haven’t got any anti-virus software, my computer’s running fine and why should I bother with a firewall? There’s nothing on my PC which could interest a hacker anyway.

An awful lot of people still think like this, if the letters reaching our editorial office are anything to go by.

It’s a dangerous line of reasoning, though, as just the spare processing capacity of a PC is enough to interest attackers who construct huge networks of compromised network hosts (known as botnets) to send out viruses and spam. Other attackers sniff out your personal information to be misused in further attacks and, on your supposedly safe computer, there could be more than 200 viruses and 1,000 items of adware or spyware – this threat is not an exaggeration; it’s an everyday reality.

In this feature, we will outline the latest and most important security trends, and offer some valuable tips and guidelines to help you make your computer secure enough to repel the attacking hordes so you can protect yourself effectively.

Everyone’s at risk

Potentially, anyone who uses their computer online could be at risk of attack, but the dangers for both home and business users are still greatly underestimated, according to a report from the National Cyber Security Alliance (NCSA) (www.staysafeonline.infonewssafety_study_v04.pdf).

This study discovered that 84 per cent of the respondents stored sensitive data on their PCs, 72 per cent used that sort of data online and 77 per cent of the online users felt themselves to be safe or very safe, but their line of defence is actually very thin. Two-thirds have either no up-to-date anti-virus software or none at all, and just as many, 67 per cent, don’t have a firewall either.

Of those few who do use a firewall, in seven out of 10 cases it is wrongly configured and leaves some ports wide open. The situation for wireless LAN (WLAN) users is pretty alarming: 12 per cent of respondents were using WLANs, but not a single one had enabled WPA encryption. Some 62 per cent had an insecure WEP (Wireless Encryption Protocol) but the rest had left their WLAN unprotected.

Every fifth PC in the survey (19 per cent) was infected by viruses – on some PCs there were as many as 213. The situation was even worse for spyware and adware, as over 80 per cent of the computers were infected by these pests, with an average of 93 and, in the worst case, 1,059 spy tools.

“Computer users should always make sure that they keep their anti-virus software up to date,” advises Christoph Hardy, security consultant at security company Sophos (www.sophos.com). In November 2004 alone 1,379 new viruses emerged and in the first half of the 2004 there were 4,500, five times more than in the same period of 2003. In total at the end of 2004 there were nearly 98,000 viruses in circulation, and by the end of January 2005 this had already risen to 100,000.

Real threats

The main danger is posed by just a few items of malware. Netsky-P and Sober-I account for almost half of all infections, but if you are protected against Bagle, Mydoom and Zafi as well, you’re well placed to avoid 90 per cent of virus attacks. Further details about individual viruses can be found on sites like the McAfee Virus Information Library at http://vil.nai.com.

Apart from e-mail, peer-to-peer (P2P) file sharing and IRC (Internet Relay Chat) are the main routes for spreading malicious code. And the risk is increasing as nasties like Bagle and Gaobot spread on their own and spawn new variants.

Since 1998 the number of trojans, which sniff out passwords and personal details as well as spreading spam or carrying out DDoS (Distributed Denial of Service) attacks, has doubled.

Trojans working hard

In 2004, about 25,000 trojans appeared. By the end of 2005 this is predicted to have risen to more than 50,000. Particularly active are SD Bots. These are powered by trojans which open a connection to an IRC server, wait for attack commands and then work through firewalls to train botnets (robot networks).

At the beginning of 2004, experts estimated that just 2,000 PCs worldwide were being used as part of one or more botnets, unknown to their owners. This has now mushroomed to over 30,000 a day. A botnet links multiple infected computers together under the control of an attacker to send spam or launch DDoS attacks. Botnet operators have now started renting their capacity to organised criminal gangs. The potential damage, especially to the e-commerce sector, runs into millions of euros. Botnets can also be used to spread malicious code very rapidly.

Blended threats on the rise

Over the past year, there has been a large increase in the distribution of blended threats. This term includes multiple rather than single attackers, worms, trojans and viruses which work together rather than alone, combining multiple distribution and damage mechanisms to exploit security loopholes.

A worm exploits a security loophole to spread a virus, the virus loads a trojan, the trojan opens a backdoor and the infected PC becomes like a remote-controlled zombie. Examples include Plexus, Mydoom and other variants.

The loophole conundrum

Currently the interval between a security loophole emerging, whether in the operating system, the browser or a standard application, and the first exploit (threat) appearing is about six days. However, the time which users have to plug the holes is continually reducing – there is already talk of flash worms and zero-day exploits, which instantly attack new security holes via networks and the Internet on the same day they’re discovered. Malicious code like this, for which there is not yet a patch, can spread around the globe in seconds (as in the case of Mydoom-AH).

In 2004 around 3,000 software vulnerabilities were uncovered. For most users, some of them posed little real threat, but of the 1,237 which security specialist Symantec registered in the first half of the year, 70 per cent were easy to exploit and 96 per cent were moderate to serious threats. Unsurprisingly, most of the loopholes were found on unpatched Windows systems and in Internet Explorer. Malware which executed code on the PC and took over control of it was particularly widespread. Users are unlikely to realise this is happening – their online connection speed may drop, but that could easily be put down to overloaded servers. While this is going on, your data is being stolen, unnoticed.

Fight for survival

During 2004 it was clear that the virus writers were battling among themselves. Apart from their own payloads, some worms and viruses contain functions for removing rival malware. Netsky, for example, cleans up Mydoom and Bagle, drastically increasing the constant flood of new variants.

Investigators and prosecutors are also more on the case. Last year several malware authors who were responsible for Sasser, Netsky, Agobot, Phatbot and Lovesan were arrested.

The root of the problem is that spam has become more than just a source of unwanted advertising. Billions of spam e-mails are used as carriers for worms, viruses and trojans.

According to e-mail security provider MX Logic (www.mxlogic.com), an incredible 93 per cent of the emails processed by its software are spam, while Frontbridge, which provides ‘message management solutions’ (www.frontbridge.com) puts the figure at 82 per cent. As both companies are anti-spam specialists, the figures are probably on the high side. However, it’s estimated that by 2007 about 70 per cent of all worldwide e-mails will be spam.

The prediction is that in 2005 at least 35 billion e-mails will be sent – in theory, 24.5 billion could be spam, potentially carrying malware.

Annoying and costly spam

The cost of lost productivity worldwide as a result of the tide of spam is estimated at $20b for 2004. For a firm with 5,000 staff, the cost of dealing with spam is over $4m a year.

A particular trend in 2004 was the growth of phishing – e-mails requesting you to visit bogus, but authentic-looking, websites and ‘verify your details’ by entering bank or other account details, passwords and PINs. An estimated 1.4 million people have fallen victim to this kind of identity theft which has cost banks and credit card issuers around $1.2b in direct losses. Private individuals have probably lost as much again.

According to the Anti-Phishing Working Group (www.antiphishing.org) 1,142 phishing websites were online in October 2004, with a monthly growth rate of 25 per cent. Phishing attacks are quick – the average phishing site is only online for about six days.

What will the future bring?

The security experts are all in agreement: 2005 will bring us noticeably more of the irritants evident in 2004. Existing trends that will continue to grow include:

• Attacks on web-based applications

• Automated mass mailings, spam, trojan and DDoS attacks

• Viruses with new harmful payloads and their own defence mechanisms

• Targeted attacks on security tools such as anti-virus programs, firewalls and routers

• More intelligent and larger botnets as ISPs crack down on simple botnets

• More backdoor attacks

• Social engineering attacks.

There will also be totally new forms of attack. We had a taste of this in 2004 with Cabir, the first mobile phone worm, which was really just a proof of concept, like Duts, the first backdoor trojan to hit Pocket PCs. Mobile devices and WLANs will come under heavier fire in 2005, because their increasingly widespread use and lack of proper security precautions make them a tempting and worthwhile target.

Today, 12 per cent of online access is via Wi-Fi (projected to be 50 per cent by 2009), so we can expect more use this year of ‘war trucking’ and ‘spam vans’. These techniques involve hackers driving around in cars or vans full of high-tech gear to sniff out open WLANs, steal data, infiltrate backdoors and trojans to set up botnets for use as spam relays.

The future of security tools

There will be a trend towards more integration of protection systems in 2005. “Standalone programs will eventually disappear from the market and give way to comprehensive security suites,” thinks Richard Zwienenberg, senior analyst at anti-virus and firewall vendor Norman (www.norman.com).

The basic concept is that users will no longer have to train themselves to become security administrators but will be able to obtain “security out of the box”. But the disadvantage of such software bundles is that they will never have the best tool in every security category. For example, manufacturer A might include the best firewall in its security suite, but manufacturer B might have the best anti-virus solution and manufacturer C the best anti-spam tool.

But Toralv Dirro, security lead at McAfee says: “Purely reactive anti-virus software has had its day. Combinations of desktop firewalls and intrusion prevention systems (IPS) are now making the running. In 2005 a big theme will be solutions which check networks for security gaps and look for distributed patches.”

The aim of an IPS is to ward off malicious code before it reaches the operating system. However, even a smart IPS can do nothing about the worst security risk – users who click first and think later. After all, most attacks require you to click a button or run an attachment to unleash them.

Securing Windows XP and Internet Explorer

In order to protect yourself against the wave of attacks, you need to prevent the execution of malicious code on your PC. Effective protection isn’t hard, as any hackers who wish to break into a system or take control of a remote system have to overcome three barriers. First, they have to get their files onto the target PC, then they have to persuade either the user or the operating system to run the code and, finally, they don’t want to divulge their own identity. Here we’ll explain which basic PC security rules you need to stick to and show you how to defend your PC and the data it holds from attacks.

Caution: your most powerful weapon

If you get e-mails from unknown senders with offers of wealth if you illegally transfer money, they can be deleted unread, along with ads for things like

cut-price medication.

However, if the messages in your inbox have photos of pop stars or refer to attached documents, curiosity might override common sense: one click and you have enabled the hacker to get over the first two barriers in one go.

The first and most important rule of PC security is to never open an unsolicited attachment. If in doubt, check with the sender to see whether or not they really did send it.

You should also check whether or not the mail provider uses its own virus scanner on outgoing mail. In addition, always keep your own anti-virus program up to date and set it to check archived and compressed files too. Set your firewall to the highest security level – this is the only way to secure your PC against trojans and remote access tools.

Install Windows XP Service Pack 2

Even though Service Pack 2 can’t guarantee that Windows XP will be secure, you should still install it. On the one hand, it irons out lots of problems and plugs several security holes, on the other it extends the operating system with new security-focused features such as the Windows Security Center (see screenshot 1).

A system running SP2 has fewer weak points compared to a system running Windows XP with SP1, as is shown by a glance at the Windows Security Bulletin Summary for October 2004 (www.microsoft.com). If you’re using XP and have not yet installed Service Pack 2, you can download it from the Windows Update site or order a CD.

Five essential utilities

Just as important as Service Pack 2 is a mixture of well-chosen supplementary security software. You should at least have a virus scanner such as Panda Antivirus Titanium, (EUR*40) and desktop firewall, such as Sygate Firewall Pro (€40). These should preferably be combined with a router-based firewall.

It’s worth using spam filters, either standalone tools such as Mailwasher Pro 4.1.9 (EUR*30) or a plug-in like Spambully (EUR*22). A secure deletion tool will help rid your PC of the last traces of malicious code. We recommend O&O Safe Erase 2 (EUR*50); alternatively you could use the free Eraser 5.7 (www.heidi.ie/eraser).

The absolute minimum

The minimum level of protection is provided by the Windows firewall included in SP2. If you are going to use it, first of all you need to find out which ports are in use by other software.

Do this by using the XP shell command netstat.exe. Start the program to be tested and carry out the necessary steps to make it access network resources. Open a command prompt (Start> Run> cmd) and then enter:

netstat -ano >c:ports.txt

followed by the Return key. Windows will then write a list of all open ports to the file ports.txt which it saves in the root of drive C.

After this, enter:

tasklist>tasks.txt

and press Return. This will make XP send a list of all currently running tasks to a file called tasks.txt. Open the tasklist.txt file and look in the list of descriptions for the program whose port usage you wish to check and make a note of its Process Identification Number (PID).

In the ports.txt file, look for this PID; the port in use is in the Remote address column and the protocol used is listed in the Proto column. Alternatively you could find out this information by using the freeware program TCPview 2.34 (www.sysinternals.com) (see screenshot 2).

Be selective about sharing ports

As a general rule, you should only allow a few trusted programs to go online without asking for permission first. You can view the Windows firewall exception list by opening the Security Center and clicking on the Firewall settings. If you want to open a port in the Windows firewall, choose Start, Run and enter:

firewall.cpl then click OK. On the Exceptions tab, click on the Add Port button to open the Add Port dialogue. Next to Name, type the name of the program and add the port number in the field of the same name. Specify the protocol the program uses and click OK.

Microsoft offers exhaustive information on working with the Windows XP SP2 Firewall and group policies online (www.microsoft.com/downloads/details. aspx?

familyid=4454e0e1-61fa-447a-bdcd-499f73a637d1&

displaylang=en).

Finding security holes

Once you have installed SP2, the next item on the agenda is checking the system. Ideally you can do this using the free Microsoft Baseline Security Analyzer 1.2.1 (MBSA) (www.microsoft.com/downloads/details.aspx?FamilylD

=b 13ebd6b-e258-4625-b0a3-64a4879f7798&

displaylang=en-us) (see screenshot 3). Further alternatives for checking system security are listed in the ‘Check your security box’ section.

The MBSA’s security audit pokes around the operating system and typical Microsoft applications, such as Office and Internet Explorer, looking for known weaknesses and suggests possible solutions. If asked, the audit can be carried out across a range of IP addresses, in order to check all the clients connected on a local network. You’ll need to have administrator privileges on all the machines to be checked. Depending on the type of check to be carried out, you can decide, after starting the program, whether to analyse a single computer or several.

If you have chosen the first option, select the computer to be tested in the next dialogue and click on Start Check to begin. To start the network check, either select a domain name or enter a range of IP addresses to scan, such as 192.168.0.0 to 192.168.0.10, then click on Start Check.

Security audit on a network

If you are a network administrator and have a local Software Update Services Server (SUS), you need to change the analysis settings. Enable the Use SUS Server option and enter the relevant URL. Instead of performing a network-wide check looking in the complete list of available security updates (saved on the Microsoft website as mssecure.xml), MBSA checks the clients for missing security updates which are stored and allowed on the SUS server. All the updates marked as allowed by the SUS administrator, including superseded patches, are checked and registered by the MBSA. A system check carried out using SUS server support does not currently include updates for the SQL Server, Exchange or Office products.

Fixing problems

The result of the MBSA check is presented in a clear security report in which critical problems are marked with a red X and non-critical ones with a yellow X. To fix a problem, click on Procedure for fixing this problem and follow the instructions.

We advise you to fix all the problems reported by the MBSA as soon as possible and then run it again. This is the only way to ensure the system complies with the latest Microsoft security guidelines.

Made-to-measure Windows updates

You really can’t avoid automatic Windows updates any more, as they are the only way to get operating system security patches as soon as they are available. This is more important than ever because of the rise of zero-day exploits.

However, you should only allow Windows to download patches to your computer and not to install them, since you can’t be sure that Microsoft will only install things that you need.

To set this option, open the Control Panel in XP and double-click on Automatic Updates. Next, enable the ‘Download Updates for me, but let me choose when to install them’ option (see screenshot 4). This setting means that Windows will look for new patches on its own and, if it finds any, will download them straight away.

During the download, Windows adds an icon to the system tray, informing you that updates have been found. Click on the icon to view the download status. If you don’t want to install one of the downloaded updates immediately, choose Details and uncheck the box next to that update’s description. Windows will remind you that you have a download but you haven’t installed the update on your computer. You can choose to install this when you like.

The latest news

PC Live! recommends that all XP users subscribe to the Microsoft Security Bulletin. To do this, go to http://register.microsoft.com/subscription/subscribe

me.asp?ID=135 and then enter your e-mail address, country and preferred language before sending your request by clicking on Submit. You will then get a confirmation e-mail, with a link leading to a web page where you can complete your registration. As soon as a new update, patch or hotfix is available for a known security problem, all interested users are informed in a newsletter that they can download the software.

System administrators who have to be up to speed on security issues, ought to additionally subscribe to the Bugtraq security mailing list at www.security focus.com/archive/1, and renowned expert Georgi Guninski concentrates on new Internet Explorer exploits at www.guninski.com.

Windows services: less is more

Installing SP2 by default turns off the Messenger service, which is often abused by spammers, but there is a whole series of further XP services Windows users ought to turn off for security reasons.

The problem is that there is no definitive list of less important services. For example, on PCs using Internet Connection Sharing (ICS) you need to enable Shared use of the Internet connection in the Windows firewall. But if you don’t use ICS and use a third-party desktop firewall, then you can turn off the service.

To adjust the start-up behaviour of the 80-odd services to match your own IT infrastructure requires in-depth experience of the system.

Safe surfing

The more multimedia-rich the Internet becomes, the greater the dangers for surfers. In order to make pages as attractive and user-friendly as possible, designers are using more and more active content relying on ActiveX or Javascript, but these elements can also be misused to install viruses, trojans or diallers.

To prevent this you can either use Firefox as your browser or adjust the Internet Explorer configuration. Choose Tools*Internet options, then check the Internet icon on the security tab and click on Default level.

For more security control, click the Custom Level button. Scroll down the settings list to the ActiveX controls and Plug-ins section and disable all the ActiveX options, except for ‘Download signed ActiveX controls’ to keep harmful web content off your PC (see screenshot 5).

Now scroll down to the Scripting section. On one hand, scripts based on Java or Visual Basic provide functionality on many sites, but on the other it’s just this sort of content that can be dangerous. This is why most security-conscious users turn off all three settings.

If you are still using Internet Explorer 6 SP1 you will have to turn on the High Security option in the Java Settings section of the Microsoft VM.

The disadvantage of these increased security precautions is that a large number of websites rely on the use of ActiveX controls and scripts and, without them, they will not appear properly, or sometimes at all, in your browser.

Configuring security zones

Although Internet Explorer does have a zone system which offers more security than pop-up blockers, cookie and add-in managers, only a few users make use of the Trusted sites and Restricted sites content zones.

You can find a detailed introduction to the zone principle in the documentation for the Resource Kit (www.microsoft.com/resources/documentation/ie/6/all/

reskit/en-us/ie6rkit.mspx).

You can get help in determining the restricted sites from the tool IE-Spyad (https://netfiles.uiuc.edu/ehowes/www/resource.htm). The restricted sites list contains thousands of URLs which are known to be potentially dangerous. Websites listed in this zone can still be displayed, but are subject to rigid restrictions which render damaging routines useless.

Two versions of this tool are available – IE-Spyad and IE-Spyad 2. IE-Spyad only installs its website blacklist for the current user, while IE-Spyad 2 blocks these sites for all users on the computer. You have to log in as an administrator to install IE-Spyad 2.

You can also customise the security levels for sites you trust by adding them to the Trusted Sites zone, but this isn’t recommended unless you’re sure the site is safe.

Test your PC

Once you’ve secured your PC against attacks, you can test the system to see how well protected it is using security audits. Home users can use one of the many online security tests, while network administrators usually opt for a software solution.

Check browser security online

There are numerous websites you can use to check your browser’s security. We recommend Symantec Security Check (security.symantec.com/ssc) or Sygate Security Scan (http://scan.sygatetech.com). Online audits use scripts, such as PHP, Perl, Javascript and ActiveX controls, to work out how secure your browser is, which data it is giving out and which ports are open.

Some even check whether ActiveX controls could be used to rename the Windows directory, restart the system or format a hard disk.

Other useful places for checking your online security include Security-Check (www.security-check.ch), GFI (www.gfi.com/emailsecuritytest) (see screenshot 6) and Shields Up (https//grc.com/x/ne.dll?bh0bkyd2).

Virus and system scans

You can also check online whether a system is already infected with viruses, trojans or spyware. Among others, Trend Micro (www.antivirus.co.uk), Kaspersky (www.kaspersky.com/scanforvirus) and Panda Software (www.pandasoftware.com/activescan) offer free online virus scans.

Three free system checks are offered for home and business users by www.securityspace.com (see screenshot 7). Your PC is checked for over 5,600 individual security holes and more than 1,500 service ports are scanned. A desktop audit costs $10; the first complete audit for business users is free, but subsequent audits cost $10. You can set up your system to perform automatic weekly audits.

Panel:

Physical security

Lock and bolt

The best firewall or the most complicated password is useless if data thieves can still get at your PC and even remove complete hard disks. Solutions such as biometrics or locks to create physical barriers will put off opportunist thieves.

Data theft

Physically securing your PC is something which is often overlooked, particularly in businesses. Data thieves can find masses of important information, particularly on a workplace PC, from details of contracts and sales leads, to personnel records and project plans.

Industrial espionage has never been so easy: wear a business suit, get into an office, wait until people are at lunch, boot the PC using a copy of Knoppix on a USB stick and quickly copy a few files, or go in at night dressed as a cleaner with access to all areas and copy as many files as you want.

It’s easy to sabotage company data in the same way with viruses, trojans and spyware, which can be invisibly introduced to the local network.

You should at least encrypt important data on your hard disk. On Windows XP Pro you can do this with NTFS: right-click on the folder to be encrypted, choose Properties, click Advanced on the General tab and enable the Encrypt contents to secure data option.

If you want to sell your old hard disks – on Ebay for example – you should securely erase them first. One product you can use to do this is the free Eraser 5.7 (www.heidi.ie/eraser).

Screws for more security

To ensure that your data is really secure, you shouldn’t just rely on software-based security measures.

If anyone is going to steal or remove a hard disk without permission, they will need to open the PC. To make this more difficult, you can get lockable case screws, which are available from companies such as PC Guardian (www.pcguardiananti-theft.com) or Kensington (www.kensington.co.uk). And so that the PC or notebook doesn’t go walkabout, you can secure them with steel cables and locks.

There are lockable screw mountings for steel cables (EUR*50). Alternatively you can buy special mountings which attach straight to the case with a special adhesive (EUR*15). If there aren’t any suitable anchor points in your office, you can mount anchor rings on the wall.

Seal your interfaces

To prevent unauthorised access to the PC you should also seal off the interfaces. Floppy, CD and Zip drive locks (available from Rubin Software (www.rubin-software.de) and Kensington) are useful for this. There are not yet any USB port locks, so you will have to deactivate them using the Bios or physically remove them altogether.

The future of PC security belongs to biometric systems, which store unchangeable details such as iris patterns and fingerprints and can achieve hardware and software-based security on smartcards. You need both the smartcard and the correct eye to get into the office and then to access the data on the PC.

At present, fingerprint sensors such as the Identix Bio Touch USB200 (www.identix.com, EUR*109) and iris cameras such as the Panasonic BM-DT 120 (www.universalsecurity.ch, EUR*300 approx) present a real hurdle for data thieves.

Panel 1:

The most secure operating system in the world?

The security holes in Windows XP are numerous and many users question whether it would make sense to move to a more secure operating system.

Linux advocates often argue that the open-source OS is more secure than Windows, although naturally Microsoft counters that the opposite is true.

The bottom line, however, is that there is no such thing as a completely secure operating system, as it would have to be 100 per cent bug-free — impossible for such a complex piece of software.

Operating systems that have security as their primary function are not common on desktop PCs. Referred to as “the world’s most secure operating system”, Open BSD (www.openbsd.org) is a free version of Unix. Apart from special source code checks, its most important characteristics are an integrated memory-protection mechanism and integrated cryptography functions.

Changing from Windows to an alternative operating system is not worthwhile if your only concern is security — Linux and Mac OS in no way obviate the need for protection and regular updates. Microsoft intends to introduce an improved security concept with Longhorn, the next version of Windows XP.

The current debate is whether or not secure environments can be achieved in Longhorn using virtual machines. The advantage of virtualisation is that a client operating system is run on a secure ‘virtual PC’ isolated from the real system hardware, thus making it much more difficult to infiltrate.

Panel 2:

Check your security

Computer Emergency Readiness Team

News, reports and statistics.

www.cert.org

Wildlist

Information on the most active current virus threats.

www.wildlist.org

Symantec

Information and removal tools for current online threats.

Securityresponse.symantec.com

Community for Network Security

Information, tools and forums

www.whitehats.org

Panel 3:

Tips and tricks: how much protection do you really need?

Your first step towards better security for your PC should be to use all of the operating system’s built-in features: install the latest patches and updates and configure the operating system and browser securely.

You don’t necessarily have to bother with expensive adware and spyware scanners or anti-trojan utilities — a good anti-virus program offers better protection than any trojan scanner. If you must have a separate anti-trojan tool then we’d recommend a product such as the freeware version of the Ewido Security Suite (www.ewido.net). The same goes for protection from adware and spyware: in principle a good virus scanner is sufficient, although for added peace of mind you can also use a combination of the free programs Ad-Aware (www.lavasoft.com) and Spybot Search & Destroy (www.safer-networking.org).

As well as anti-virus software, you will need a good firewall. Even if you only have two computers it is a good idea to use a router with a built-in firewall, preferably one that uses stateful packet inspection (SPI) to ensure maximum protection from rogue applications.

In addition you should install a good anti-spam tool to get rid of as many junk emails as possible and avoid the dangers of clickable links.

One of the best tools, if you use Outlook or Outlook Express, is Spambully (www.spambully.com). It is fully configurable and blocks up to 98 per cent of spam e-mails — well worth the investment of $22. Another very effective program that works with any e-mail client is Mailwasher (www.mailwasher.net), which costs $37.

Panel 4:

Top 10 guidelines to protect your PC

Too many users still underestimate the necessity of protecting their own computer, according to a study by AOL and the National Cyber Security Alliance (NCSA) (www.staysafeonline.info/newssafety_study_v04.pdf). Around 67 per cent of the users questioned had no virus scanner or had a PC with out-of-date definitions. A massive 90 per cent of the PCs were infected by spyware and 63 per cent had no firewall.

Ask yourself these questions to be on the safe side:

Do you have an up-to-date virus scanner?

Do you have a firewall and is it configured correctly/activated?

Do you make use of all the options for keeping Windows and Internet Explorer safe (automatic updates and security zones)?

Do you have anti-spam measures and take care not to click on hotlinks in e-mails/pop-ups?

Are your passwords personal enough so they can’t be guessed; do you have multi-user systems configured with user accounts?

Have you downloaded software from dubious websites which could introduce spyware to the system?

Do you take the threat of viruses and hackers seriously?

Is your wireless LAN unprotected, for example because WPA encryption is not running?

Are there any unrequired or unchecked operating systems running on your PC, potentially exposing security holes?

Do you encrypt data or e-mails and make backups of images?

Panel 5:

Holes in the firewall

Certain Windows Firewall configurations allow others to access shared files and printers, because the firewall includes file and printer shares in the PC’s built-in interfaces. There isn’t yet a patch, so to be on the safe side you should deactivate the File and Printer Sharing option on the Exceptions tab in the Windows Firewall section of the Security Centre.

Panel 6:

Protection from phishing

A growing danger is posed by phishing attacks. The aim of these is to lure you to a bogus web page and to divulge your sensitive personal details. There are three basic rules to protect yourself:

No information: ISPs, online traders and financial institutions will never ask for your PINs, passwords or account details.

Ignore links: if you really want to follow a link embedded in an e-mail, don’t click on it but type the URL into the address line of your browser by hand. This will prevent you being diverted to a bogus site.

Checking things costs nothing: check the URL is spelled correctly. If in doubt, check with the support department of the company concerned to verify the original message is genuine.

Panel 7:

Secure your hardware

In general, your PC is well secured if it requires more effort to steal the data it holds than the information is worth. Below is a helpful checklist.

The building: are the PCs in lockable areas? Are the offices always locked if computers are left unattended?

Paper: are printouts of sensitive data always shredded or just thrown in the waste?

Network printers: are confidential documents sent to a printer in a public area? Can anyone remove the printouts?

Theft: could visitors carry out PCs or bypass your security?