A firewall is a software program or hardware device
which blocks remote access to your computer. It does this by closing all ports
to data unless the communication is initiated from inside the firewall first. So
you could, for example, surf this page without problems through a firewall since
your computer sends the request for data to our web server first.
The firewall would note the Internet address that
your request was sent to, and allow return communications from that specific
address back through the firewall. However, anyone trying to scan a range of IP
addresses for vulnerable computers would turn up a blank for your address, since
the firewall blocks all unsolicited communication from the Internet.
Almost
all home Internet sharing devices include firewalls, so if you are using a
router to share your Internet connection within your home, you are likely
already protected. Otherwise you need to use a software firewall. Windows XP
comes included with one, though you need to activate it. Several free
third-party software firewalls are also available, most notably Zone Lab's
Zonealarm.
To
activate the Windows XP firewall go to 'start/control panel/network and Internet
connections/network connections' then right click on your Internet connection
and select 'properties'.
Go to the 'advanced' tab and check the 'internet
connection firewall' box.
The windows XP firewall is now active and will
block most non-requested data from entering your system.See PCSTATS Beginner's guide to Firewalls and Internet
security for more details on configuring the XP firewall.
If you have installed Service Pack 2 for Windows XP, the firewall works
a little differently. Unless you have another form of firewall software
like Zonealarm installed, the XP firewall should be active by default. To
check this, go to 'start\control panel\windows firewall' and ensure
that the firewall is set to the 'on (recommended)' position. The
'windows firewall' icon in control panel is only available to Service
Pack 2 users, so if it's not there, simply follow the directions given
in the last paragraphs.
Step 3: Using an antivirus software package from a
reputable manufacturer like Symantec or MacAfee provides an effective defence
against viruses. You should scan your system for viruses once a week at
least, and use the software to examine any email attachments you are unsure
about. Many packages, like Norton Antivirus, come with auto-protection
features which will scan any files entering or leaving your system for
viruses.
While this is fairly self explanatory, a couple of
extra tips: if you're going to buy and install anti-virus software, do it
now, before you get infected with a virus, rather than waiting until your system
starts to act up. The reason for this is that many viruses have components
that can disable or subvert popular antivirus programs like Norton's and
MacAfee's software. So if your system is infected before you install the
antivirus software, it may not be able to help you.
Secondly, make sure you keep the program
updated. Antivirus software manufacturers are constantly creating new sets
of virus definitions to keep up with new threats. Without updated
definitions, the software will not stop newer viruses from infecting your
PC. Most reputable antivirus programs will update themselves automatically
when you are connected to the Internet, but it doesn't hurt to make sure you
have the latest update before you scan for viruses.
Step 4:Spyware and Adware programs can
quickly infest your PC, compromising privacy and performance.Fortunately, certain individuals have devoted a lot of time
and effort to create free software which is specifically aimed at removing these
(legal) pests from your system. One software system we tend to use
is Ad-Aware, freely available from the Lavasoft website as it is the most popular and
frequently updated removal tool. Ad-Aware functions much like any antivirus
program, so it should seem instantly familiar to most users.
Use the 'check for updates now' function to make
sure you have the latest updates. Hit the 'start' button and choose 'next' to scan
your system with the default options.
Once the scan is complete, you will be shown any
suspicious files, registry entries or cookies detected. You can now delete
or quarantine these files.
If Ad-aware found and removed malicious software,
you should empty your recycling bin and restart your computer and scan again to
make sure it is completely removed. Make sure to rescan your computer
weekly.
Step 5:Windows XP includes an automatic updating feature
which will periodically check Microsoft for updates and download them to your
system, ready for installation. To use automatic update, right click on 'my computer' and select properties,
then choose the 'automatic updates' tab.
If it is not already, check the 'keep my computer
up to date…' checkbox to enable automatic updating. 
Now run Windows update from 'start\all
programs\windows update' to make sure you are fully patched for now.
Windows update will now periodically check
Microsoft's site for updates and download them to your PC. You will be
prompted with an icon in the task bar when new updates are available.
Advanced security steps: The following five procedures will provide you with
an extra blanket of security to complement the essential changes you just made
to your system.
Step 6:Renaming the administrator account adds an extra
layer of security by removing the standard user name 'administrator' which any
malicious user will try first when attempting to gain access to your PC.
Make sure
you are logged in as a user with administrative privileges -
the first user created during the XP install process has these,
as does the administrator. Right click on 'my computer' and select 'manage.' Expand
'local users and groups' then 'users.'
Highlight the 'administrator' account and right
click. Choose 'rename' and change the account to a name of
your choosing.
Step 7:Unless you are in a business environment, it is
unlikely you will have a need for the hidden shares. Disabling them will
considerably reduce the danger of your data being compromised remotely.
You will need to edit the Windows registry using
REGEDIT in order to carry out this step. Please ensure that you backup
your registry to a file before editing it.
To
disable the hidden shares first start REGEDIT ('start\run' and type 'regedit') and then
navigate to:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\lanmanserver\parameters
Add the Dword value 'AutoShareWks' with a value of '0' and restart your computer.
Step 8:By default, Internet Explorer will
run certain content, including small programs embedded in the code of a
website. An example of this sort of thing would be a pop-up ad asking you
whether you wish to install so-and-so's software. Say yes and you may
have just saddled yourself with a spyware problem. Certain malicious
software may not even have the courtesy to ask before it has its way with your
browser.
Fortunately, IE can be set to a more restrictive
level of security. At this setting, the browser will not run certain types
of content found on websites. This includes potentially malicious ActiveX
code. Of course, this can also change your web browsing experience, as it
will cut off certain content from safe websites also. To get around this,
you can add known safe sites that you regularly visit to Internet Explorer's
'trusted sites' list.
To raise IE's security level:
Open Internet Explorer, go to the 'tools' menu and
select 'Internet options.' Now select the 'security' tab.
Set the Internet zone to the 'high' security
setting. This will ensure that IE will not run activeX instructions, the
means by which most browser hijackers get access to your computer. You can
place trusted websites that you regularly visit into the 'trusted sites'
Internet zone.
Site addresses that you enter here will be mostly
unrestricted, allowing them to display their content properly.
Step 9:If you are using Windows XP Professional, you
should password protect and disable the guest account. This will force any
intruder to use one of the user accounts you created or the administrator
account, both of which should now be secure if you followed the above
procedures.
Make sure you are logged in as a user with
administrative privileges (the first user created during the XP install process
has these, as does the administrator).
Right click
on 'my computer' and select 'manage.' Expand 'local
users and groups' then 'users.' Highlight
the 'guest' account and right click.
Choose 'set password' and provide the account with a
secure password. Now right-click the guest account again and choose
'properties.'
Check the 'account is disabled' box.If
you are using Windows XP Home, you cannot truly disable the guest
account, as it is used as an integral part of the file sharing system.
You can password protect it though… Bring up the command prompt
(start/run and type 'cmd') and type 'net user guest password' where
'password' is the password you want to use to secure the account.
Step 10:There are several free browsers and email clients
available that can easily replace IE and Outlook Express. The trick is to
get used to using them. By not using IE and OE, you considerably reduce
the danger of infecting your system with a virus.
Some examples of alternate browsers and mail clients include;Mozilla the makers of this popular browser also offer Thunderbird, a free email client.Opera. Eudora which
is an ad-supported mail client with a long and successful history.
Leave a Comment
Benito at 8:07pm on Mar. 3, 2008
about 1 year ago
Great tips, links, and pics. Some better formatting would make your article easier to read (like a summary of your points), since it's lengthy. Also using bold words really helps me get the info I want a lot faster. Reply...