Continued from page one
To continue surfing safely, security patches must be installed as soon as they are available from vendors. Microsoft releases patches on a predictable cycle: mark your calenders to check for Microsoft patches the second Tuesday of each month. Apple doesn't have a predictable schedule, check for Apple security updates weekly. If you use Firefox, check for Mozilla Firefox security updates at least weekly.
Use antivirus software and keep it up to date. Allow the antivirus software to update as often as it requests. (Update schedules vary widely among vendors - look for a product that updates at least daily). For those on a limited budget or those older PCs with limited system resources, free antivirus software can provide good protection. However, these free products don't offer robust adware and spyware detection. For solid antivirus and adware/spyware protection, McAfee VirusScan 2006 is an excellent choice. (Older versions of McAfee do not include robust adware/spyware protection).
Use a personal firewall. Internet security suites generally include a firewall. If you are not using an Internet security suite that comes with a firewall, install the free, and superb, ZoneAlarm firewall. Don't rely on the built-in firewall that comes with Windows XP - it's trivially easy for attackers to disable it and it doesn't offer the more secure permission-based outbound protection offered by ZoneAlarm.
If your budget will allow it, use a router in addition to installing a personal firewall. Most routers include network address translation (NAT) that will automatically block unsolicited inbound communication attempts. Routers are very inexpensive and have the added benefit of allowing you to easily share an Internet connection with other PCs in your home.
Laptop Users Beware
If you use a laptop, check out "Using Your Laptop at Starbucks: Is It Safe?" for important additional security steps you need to take to prevent compromise.
An additional note for laptop users: If you use Google Desktop ensure that the "Search Across Computers" feature is disabled. (And if you've already enabled it, make sure you clear the contents from Google's servers. Otherwise, if your laptop is lost or stolen, the finder (or thief) may gain access to any Microsoft Word documents, Microsoft Excel spreadsheets, Microsoft PowerPoint presentations, PDF files and Text files located in the My Documents folder on your main PC.
Don't Forget the Basics
Regardless of how much protection you have in place, or whether you use a laptop, a PC, or a Mac, all the standard security precautions apply.
Don't open attachments received unexpectedly, no matter who sent them. Email worms routinely spoof the From sender. Don't click links in email or IM unless you are absolutely certain of who sent them. Most of today's IM and email worms impersonate the sender - so that IM from CrazyJoe might really be sent from a virus. Before you click, take a moment to ask CrazyJoe if *he* really sent it. Don't click links in "Away" messages. Many IM worms change the user's "Away" message to include links to miscreant websites that download and install malicious code. Don't use P2P networks. Copyright issues aside, P2P networks such as Kazaa, Bearshare, Gnutella, Morpheus, etc., are virtual breeding grounds for malicious code. In terms of increasing security, avoiding P2P networks entirely is second only to patching in importance. Don't download files from unfamiliar sites, particularly those resulting from pop-up ads. Adware and spyware is frequently disguised as an alert pop-up warning of infection or claiming your registry needs repair. Stick with tried and true security vendors.
Opt for Security Over Convenience
Don't allow web sites to store your login ID and password - and don't let your browser do it either. Opt out when web sites offer to remember your login credentials and disable AutoComplete in your browser. See "Tips for Securing Your PC for a wide range of other suggestions for improving your online - and offline - security.