Pengdows

We want to bring awareness to the fact that computer security is now essential to maintaining your privacy. With that in mind here are some things that the normal user can do. We will focus on windows users.

• Make sure you have a good antivirus; here are some really good ones. If you have any question about your antivirus, start by running a test on it with the EICAR test file, in all its formats, if it fails any of then you can forget that Antivirus being any good. 
• • Nod32 also detects spyware as well.
  • Kaspersky also detects spyware as well.
  • TrendMicro
• Make sure that you have a hardware firewall.  This prevents a good deal of unwanted intrusions.
• Use a software firewall. A secondary software firewall sounds like overkill, but it will prevent programs that shouldn't be accessing the internet, or at very least let you know.  Programs with additional privacy features like ZoneAlarm Pro can also help unwanted programs from being loaded to your machine by websites. Here are a few examples.
• • Kerio
  • ZoneAlarm Pro
  • Windows XP also has a firewall built in once you have upgraded to service pack 2
• Make sure that all patches are applied to your system.
• • Microsoft Baseline Security Analyzer
• Make sure that you have an antispyware tool loaded.
• • CounterSpy
  • Nod32
  • Windows Defender (formerly Microsoft AntiSpyware)
• Use Antiphising tools
• • Netcraft toolbar
  • Trustbar Still in ALPHA, if you don't know what that means, then don't use this tool.
• Check your web settings
• • Third party cookies are evil, check your browser settings and make sure to keep them from being delivered. Experience has shown that IE is best configured to "prompt" for ALL cookies.
  • research the rest of your settings and tighten the settings as much as you can
  • Block ALL pop-ups. All modern browsers have pop-up blockers built in, no extra software is required, and this is a common method for delivery of malware, everything from tracking cookies, to spyware and viruses are delivered using pop-ups. Hold down the control key for the pop-ups that you want.
  • Firefox has a nice feature to block cookies that you remove, and never let them be set again, use it.
  • Limit Javascript, unfortunately the Web 2.0 movement means that javascript is necessary for some functionality. Some sites don't work AT ALL without it. But a good software firewall will allow you to block it on a per-site basis.
• Encrypt your Instant messages. By default all instant messages are sent in plain text. There are several options for doing this, but unfortunately they aren't compatible, so if you are using one of them, make sure the other party is using the same thing.
• • Simp-Lite, Simp Pro, and Simp Server, allow encryption of messages and file transfers for MSN and ICQ, but only encryption of messages for AIM and Yahoo
  • OTR(Off The Record) messaging, is available as a plug-in for GAIM (see below) and as Proxy. The Proxy is only available on windows and is sorely lacking, starting with the fact that it will only encrypt AIM conversations. The plug-in version of OTR is great tool and will encrypt over any instant messaging network the GAIM client supports.
  • PGP, older versions of PGP had a plug-in to encrypt ICQ messages, the current version no longer includes that but it does allow encryption of AIM messages.
  • Certain protocols like Jabber and SILC have support for encryption; in fact SILC flat out requires it. Jabber requires that both uses have clients that support the protocol, but since the protocol is standardized, the clients can be using different clients.
  • Certain messengers have support for encryption that requires both users to have the same client. Trillian is one such client.
• Encrypt your emails. Again all info sent over the internet is sent in plain text, you might as well be sending your data on a postcard.
• • X.509 Certificates, fairly easy to setup, and friendly to end-users. Persona validation can also be done so you are reasonably sure that the person, whose name is in the certificate, is indeed the person you think it is. Persona validated certificates are available for free from
  • • StartCom
    • Thawte
  • PGP great encryption but no persona validation. Great for anonymous and pseudo-anonymous communication.
  • • PGP
    • GnuPG
• Backup your data. Recovery from hardware or software failings, virus attacks or whatever is very important. Ideally you would keep your backup storage encrypted, encrypting your backups prevent exploits like this
• • Backup for One/Backup for Workgroups
• Encrypt as much of your data as you can. Ideally at the disk level
• • TrueCrypt
  • PGP
  • GnuPG
  • Windows Encrypting File System This one can be very dangerous because of its key management system, or more precisely, lack of a key management system.
• Check for and use SSL encryption as much as possible on your software. This will protect the data as it is transferred down to your system. Email clients are a perfect example, but not all servers support it, you have to look. Here is a short list of email service providers that do support it.
• • GMail(Google)
  • Jabber not available yet, but it is coming soon.
  • AIM/AOL only available on the 5.9 version (NOT on Triton) and only Microsoft Windows®.
• Other things you can do is use non-standard software.  A good portion of the threats out there are written to take advantage of the most common programs.  Why? Because they are the most common.  As market share decreases so does the profits to be had from exploiting the software, thus so does the likelihood that hackers will spend the time to exploit it.
• • Alternate Instant Messengers
  • • Trillian
    • GAIM
  • Alternate Browsers
  • • Firefox
    • Opera
  • Alternate email clients
  • • Thunderbird
    • The Bat!
• Use least privilege
• • Do not use an administrative account to do normal activities such as playing games or web browsing.
  • If you find a game, or program that doesn't behave properly when used with a normal user account, let the manufactuer know. The only way these problems will be solved is if they feel the pressure from the public.
  • Assign services that do not need admin access to specific user accounts. Microsoft SQL Server is a good example of a service that doesn't need admin privileges and should not have them.
  • NEVER EVER give admin access to your machine to children, or unqualified people, for that matter even qualified people that you don't know and trust.
• Protect the children
• • Find a good content filter, ideally one that integrates with your hardware firewall.
  • Do NOT give them admin access. This is especially important if you are using a software content filter, admin access would allow them to disable it. If you are using wireless network they COULD bypass your parental controls if they have admin access.
  • Monitor their activities online.
  • If they have their own computer, make sure you have admin access to it, to be able to monitor what they are doing.
  • Make yourself familiar with technology to protect the family, many internet service providers offer sites to help, like Net Smarts Kidz, and Take Charge.