How to Secure Your Windows PC Using Free Software
What You Need to Know
Most IT professionals use Windows for their desktop operating system. Yet few of us really know how to secure it. We trust that to our support staff, or if it’s our personal PC, we buy a name-brand security product and assume we’re done.
A few years ago, when “script kiddies” were the major threat to your PC , this approach worked fine. Today, the situation is drastically changed. Organized crime is the driver behind the momentous increase in malicious software, or “malware.” Spyware, RATs, trojans, rootkits, keyloggers, botnets, adware, Web-bugs, viruses – these threats are designed to steal your data and identity, track your behavior, and more.
Remember the good old days, when hackers just wanted the thrill of penetrating your system? Today, their goal is financial gain by manipulating vulnerable PCs.
Recent studies highlight how serious the problem has become. IBM found that security attacks increased by 50 percent in the first half of 2005. A Pew Research study claims that 43 percent of all US Internet users – 43 million people – have malware on their PCs. Mentioning these numbers, a recent article in MIT Technology Review concludes that “The Internet is Broken.”
Think your company protects your PC? As a contractor, I visit IT sites that follow “industry standard practice” – yet their PCs are still penetrated. Even with enterprise protection, Windows PCs require add-in tools for complete security.
This article gives you a quick course in how to protect your PC. It doesn’t cover all the threats out there, just the high priority ones. Its recommendations protect almost all PCs adequately. It’s simplified a bit, but that’s on purpose. This article is your one-stop shop for learning what you need to know to protect your PC and data.
Learning about PC security is a nuisance. It would be much nicer if we could all just ignore the problem and concentrate on our real jobs. But there is a golden lining to this cloud: All the software you need to secure your Windows PC is free. There is no need to buy anything. You just have to know what free software you need, then download and install it. Presto! Problem solved. Let’s get started...
Firewalls stop unauthorized communications from entering or leaving your PC. You need a firewall running on your PC even if your company has a corporate firewall on its network. I’ve seen IT sites sustain needless damage to PCs that were not running their own firewalls when the corporate firewall was breached. If you use a portable laptop, you’ll also use your machine outside the corporate network. Never turn off your firewall when connected to the Internet, not even temporarily. A Windows PC without an active firewall can be penetrated in minutes.
You might be wondering – “doesn’t Windows come with a built-in firewall?” Newer versions of Windows come with a bundled firewall called the “Internet Connection Firewall” or “ICF.” But ICF only stops incoming communications to your PC. It does not prevent unauthorized programs from sending data from your PC to the outside world. If spyware gets installed on your PC, ICF will not stop it from sending out your data.
If you use ICF, combine it with ZoneAlarm or some other free product. Two personal firewalls working together are highly effective in eliminating unwanted incursions and secret data theft. Just remember that if you ever have trouble with a legitimate program getting through the firewalls, you have two of them to override.
If your PC already runs a commercial anti-virus program like McAfee or Symantec/Norton, you’ve got this base covered. Otherwise, you need a free anti-virus program. Grisoft’s AVG (7.1 for Workstations) and avast! are two excellent choices. I’ve been using AVG for years on a dozen PCs and have found it highly effective.
Free anti-virus programs are especially useful when you have to protect multiple PCs (like your laptop and your desktop, or the several PCs your family uses). Free is also great if you run multiple operating systems on a single PC. With commercial products, you have to buy a separate license for each operating system instance you run. Free software means you don’t have to worry about licensing product for each PC you own or every operating system you run.
Programs that protect against spyware differ from anti-virus programs. Some anti-spyware programs work in real time to stop spyware from being installed. I use Javacool Software’s SpywareGuard. Pest Patrol and WinPatrol are other good choices.
Other spyware detectors scan your hard drive, just like anti-virus programs, to detect malware in the Windows registry or on disk. I recommend Ewido or Ad-aware (SE Personal Edition). Spybot Search and Destroy is another popular program but it is less frequently updated.
Just like your anti-virus program, you have to update the data “signature file” for your spyware detectors. Keeping all your PC security software up-to-date is essential. At regular intervals, you should update your PC’s:
- Anti-virus product database
- Spyware product database
- Windows operating system
- Other key applications you run on the PC (like Internet Explorer or Outlook)
You can use Window’s built-in Scheduler to automate these updates. Look up how to use the Scheduler in Windows Help if you are not familiar with it. Or use the built-in schedulers that come with the free software products.
Experts agree that no one spyware program protects you against all the malware out there – you need to install and run more than one. I’ve had excellent results by coupling Javacool Software’s SpywareGuard for real time protection with either Ewido or Ad-aware (SE Personal Edition) for scheduled batch spyware scanning, along with my anti-virus scanner, AVG (7.1 for Workstations).
Watch your online behavior
How you use your PC makes a big difference in how vulnerable you are. Want problems? Visit hacker havens or sexually-oriented sites. Download free games, wallpaper, screen savers, and clip art. Install free music or other peer-to-peer file sharing programs. Install free toolbars for your Web browser. Open every email that comes your way (or do the equivalent by having Outlook’s “preview” feature turned on).
Avoid these behaviors and you’ll secure your PC. Access only professional IT Web sites or other brand-name Web sites, be careful about what software you install, and selectively open emails. The number of problems you face will plummet.
Encrypt sensitive data
I recommend encrypting sensitive files that reside on any Internet-connected PC. This goes double for portable laptops that could be stolen from cars or hotels.
Windows XP has built-in encryption. To create an “encrypted folder,” right-click to select the Folder’s Properties, then choose the Advanced button on the General tab. Then check the box for Encrypt contents to secure sensitive data.
That’s all there is to it. If you want to read the details on how Windows encryption works, click here. Or look up “encryption” in Windows Help.
If your older version of Windows does not support data encryption, the Web site The Free Country offers a number of free encryption/decryption programs. These programs can automatically encrypt and decrypt individual files, entire folders, or entire disk partitions.
Erase files completely
Windows does not erase a file when you delete it. It only removes the operating systems’ directory pointer to where the file resides on the disk. The files themselves are randomly over-written as disk space is re-used. With simple free tools, anyone has a good chance to read a file you recently erased.
Secure your data by deleting files with free programs like Eraser. After installing Eraser, you just highlight the file name, right-click the mouse, and select Erase from the pop-up menu to overwrite the file and make its contents permanently unavailable.
You can also overwrite all “unused” disk space to ensure no recoverable information is left from when you used Windows’ delete. Use this feature when you dispose of the PC! I worked with a charity that recycles donated PCs and nearly every PC donated came with readable data of a sensitive nature. We soon learned to run a “wipe disk” program as part of our standard acceptance procedure.
“PC forensics” is the art of learning about someone, their work, and their data by reading the tracking information Windows keeps on all users. Most users have no clue about the voluminous data Windows retains on their behavior. I can’t cover everything here, but this list gives you a start. It recommends free-software solutions:
Disk cleanup: All versions of Windows have a built-in “Disk Cleanup” utility that eliminates obsolete temporary files and empties the recycle bin. Browsers like Internet Explorer and Firefox also have cleanup options to eliminate temporary files, cookies, and history. Schedule these utilities to run at regular intervals to eliminate data in cache and other temporary system files. This is important because hackers know to look in Windows “temporary work areas” to find sensitive information.
Review your browser settings to make sure they reflect your security and cookie-handling preferences. If you let the browser run “ActiveX controls” and “Active Scripting,” you’re allowing Web sites to run programs on your PC.
Erasing Web and email traces: Windows tracks the Web sites you visit and the email addresses to which you send emails. This information is kept in special files that you cannot erase. Windows does not prune all these files; they just grow larger and larger, for as long as you use your PC. You can view this hidden tracking information through the free program Index Dat Spy.
The Free Internet Windows Washer from Eusing Software cleans up much of this information. Thorough alternatives are the commercial products PurgeIE (for Internet Explorer users) and its companion product, Purgefox (for Firefox users). Download either for a 15-day free trial and see the history Windows keeps on your behavior – and doesn’t tell you about. Purchase price for either product is $19.95.
File “properties”: Create a Word or Excel file, and Microsoft’s software saves your name in the document’s Properties. Edit an Office file, and you’re added to the list of those who have edited it. Office files also contain embedded identifiers called “Globally Unique Identifiers,” or GUIDs, that uniquely trace files back to your particular copy of Microsoft Office and your PC.
Secure government sites and security-conscious companies object to having this tracking information automatically and involuntarily embedded in their files. Microsoft documents procedures to eliminate this information, but they are manual and unworkably cumbersome. You really need a program to manage this for you. Free programs like Doc Scrubber and ID-Blaster help eliminate this information.
The open source Open Office suite that competes with Microsoft Office gives you greater control over what information is embedded in files. I’ve used the Open Office word processor and presentation graphics programs for two years and found them to be fully compatible with Microsoft Office files. (For comparisons of the free Open Office and Microsoft Office, look here and here.) For secure sites that really care about the tracking information Microsoft embeds in all Office files, I recommend they use Open Office instead.
MRU lists: When you open a Microsoft Office product, you’ll notice that the File drop-down menu lists your “Most Recently Used” (MRU) files so that you can conveniently open them. Products like MRU-Blaster eliminate the data contained in these Most Recently Used lists. If you’ve never done this before, you will be astounded to see the thousands of MRU items that track your behavior. The afore-mentioned Ad-aware (SE Personal Edition) also includes an MRU eraser.
One last threat to discuss – rootkits. Rootkits gain superuser (Administrator) rights to a PC. With this power, hackers can then do whatever they want to your PC. Once your machine is penetrated, you can never be sure you can trust it again, since security has been completely compromised. RootkitRevealer and Rootkit Detector CD (RD-CD) are two free batch scanners that detect rootkits.
This article tells you what you need to know to secure your PC. Follow its suggestions and you can rest easy about your system’s security.
After you’ve secured your PC, go to Gibson Research Corp. to take your “final exam.” Their tool called ShieldsUP! will test your PC’s ability to withstand outside penetration. It also displays the information your PC gives to any Web site you visit.
As with any technical topic, you can delve much more deeply in Windows security. For example, you can learn how to turn off unnecessary or insecure Windows Services and how to surf the Web anonymously.
Learn a lot more about threats to Windows and how to secure it by visiting these free software sites and reading their product summaries:
If you’re too busy in your “real job” to explore these Web sites, no problem. Just follow this article’s basic recommendations and you’ll be safe.
Contributors : Howard Fosdick
Last modified 2006-08-21 04:20 PM