the online zone
 

Computer privacy matters to everyone - lock up now!

3: Home security - the quick fix

The Fix - Quick

These updates we have just made have prepared your browser and email client to be more robust when connected to the Internet. There's a little bit more you can do to help both the email and browser side of things. While they might not appear quick, these steps will take only about half an hour of your time, will cost you nothing and will provide a basic barrier to unwelcome intrusions in your computer.


 

For Windows 7 and Vista firewall suggestions, click here.

First, get a firewall. What is a firewall? On your PC, it isn't something that stops fires, and unlike the real bricks-and-mortar firewall it has to let something through (or you wouldn't have any connection to the Internet). Better is to think of it as a door security guard at the end of your internet connection. Simple software firewalls perform only packet filtering (looking at the origins of each "packet" of data and blocking the packet if it is an unauthorised entry), while hardware firewall (usually routers in a home setup) will offer more in-depth security. In either case, a firewall is aiming to stop unwanted traffic from reaching your computer or from leaving it (in the case of spyware or Trojans resident in the PC itself). As I mentioned earlier, you should consider a firewall add-on even if you are running the firewall included with Windows XP, as that firewall blocks unwanted inward connections only, doing nothing to check any program within your computer  sending information outward without your knowledge.

In recent years, blocking outbound connections has become equally as important as inbound, for the simple reason that many computers are already infected with stealthy, Trojan programs which use the machine as an "open proxy" to send email and other messages the user is utterly unaware of. Only a detailed study of network traffic would disclose this activity - a solid firewall will alert you to it sooner. Some programs you can download for free (like Comet Cursor, Gator, Gozilla, Hotbar, Grokster, Surfsaver and thousands of others) include embedded components which connect to a central server to transmit personal details about your Web-browsing. They may use this information for their own statistics, or to send you advertising banners they think you might be interested in.

One of the best software firewalls for home users is completely free. It is called Comodo Firewall Pro, and is available here - a 7.6MB download. Even if you are running an older machine with limited memory, you will probably be fine with this firewall as it uses fewer system resources than other firewalls. I have used it succesfully on a Windows 2000 machine having 128MB of memory and a 400MHz processor. In fact, the Comodo firewall proved better than most paid-for firewalls in recent tests. In these same tests, the once reliable free Zone Alarm firewall scored a dismal 11% to Comodo's 100% (April 2010). The PC Tools' Firewall Plus shared top place in the tests.

Users with Windows XP SP2 will also have the system's "Windows Firewall" running (it is turned on by default if you have Service Pack 2 installed, but it gives only incoming protection), but it's a good idea to switch it off before you install another (Comodo will prompt you to do this). Here's how:

1. Click on Start and then Control Panel.
2. You will have one of two control panels. Click on the Security Centre icon.
3. Click on the Windows Firewall icon beneath the status updates.



4. Click Off (not recommended) and then click OK.



5. After turning off the Windows Firewall, you will get the following balloon tip popping up. This will continue to pop up in the system tray until you tell Windows that you realize the Firewall is turned off. To do this, continue to Step 6.



6. Click on the balloon, or on the red shield in the system tray, and you will get the screen below. Click on the Recommendations... button.



7. Place a check in the "I have a firewall solution that I'll monitor myself" box. This will stop Windows from popping up alerts that you are at risk. Click OK.
8. After you click OK, you will get a screen saying that Windows will not monitor your firewall settings. Just close the window, and you are done.

Now install the Comodo firewall you just downloaded. For personal use it's free, and it should configure itself to work with common applications already on your computer. The status summary screen is the first thing you will see after install:

Any new piece of software has some learning curve, and firewalls have the highest level of frustration potential, coming as they do between you and your email, online banking sites, favourite websites, music download sites... So it's best to read the documentation before you blow a fuse if the firewall doesn't work quite as you might want it to - here's the Comodo firewall manual. There are also support forums to ask about any intractable installation or operation difficulties with the firewall.

At the top left of the firewall window you'll see some boxes labelled "Summary, Security, Activity." Click on Security and then on "Application Monitor" at the side. You'll see this screen:

Should there be a program whose icon you don't recognise in there, it is possible either to remove it or deny it access to the Internet. Use the firewall for a month or so in "Learning mode" (you don't need to do anything here - the firewall runs this way to begin with), then switch the "Component Monitor" (side menu again) to ON. You will have the best protection then against unknown application components trying to pass themselves off as trusted ones.

For the first few days of using it (and with any firewall), Comodo will pop up alerts for you to handle. This is a typical one:

You might be baffled by exactly what "svchost.exe" is, and why it's trying to connect to the Internet or act as a server (this means it wants to send and receive), but the Security Considerations section of the alert below the Details box should help you. Do not authorise anything for connection (and especially not as a server, which is the most privileged access) until you are absolutely sure it is a trusted application. If necessary, deny it access this one time (that is, do not tick the box "Remember my answer..." and search on Google for the name of the application in question.

Another possible alert is shown below:



In the example here, the application is Internet Explorer (a trusted application), but the parent is a Trojan program (tooleaky.exe) trying to operate through it - if you had this alert after using the firewall for some time, you wouldn't be needing to authorise IE to connect to the Internet, so your suspicions should be raised when it suddenly asks for permission. If unsure, you can submit the alert to Comodo (a nice feature), or decide yourself using the "Security Considerations" advice, which in this instance strongly recommends you do NOT permit connection.

"Leak-testing" is a way of emulating the very sophisticated methods used by Trojans as they attempt to worm their way out of your PC. As the link I gave previously shows, many firewalls are just not serious about securing your outbound connection (placing the emphasis on inward traffic monitoring), and earlier firewalls simply did not extend their armour to secure against the DLL injection, process injection, recursive requests, OLE automation, direct data exchange, or other methods modern trojans use. If you are interested in testing your present firewall for leaks, download the leak-test package of software here - but be careful, your anti-virus software may well mark the download as containing multiple viruses (it does not, just benign programs which emulate Trojan activity)!

Windows 7 firewall suggestions

Using Windows 7 or, indeed, Windows Vista? The firewall in these operating systems is fairly competent on its own (in Windows 7 it is the industry-class firewall used with Windows Server 2008) with one big hitch - it isn't by default configured to block anything outgoing. If you wade into the firewall configuration rules yourself, you'll waste a lot of time or just be plain baffled. Sphinx Software produce a little application called Windows 7 Firewall Control, which piggy-backs on the Windows' firewall outgoing alerts and can create and modify firewall rules. There is a free version which performs the most basic function of allowing or disallowing outgoing requests; it's only 2MB to download and seems light on system resources.

I found Windows 7 Firewall Control helpful, but not as full-featured as a complete firewall package. Addtionally, there is no easy way to save or export your firewall rules - very useful when migrating your settings to another computer, or performing a restore on the same one. On one occasion Firewall Control would block an application I'd previously authorised to connect - rather irritating behaviour, and one I found no way to modify with that particular application (a Usenet reader). After a little searching on forums, I settled on PC Tools Firewall Plus as my Windows 7 firewall. The free version is 10.4MB to download, and recently achieved joint top place (with the Comodo firewall) in the Matousec.com firewall leak tests. Its only "advertising" (often a problem with free software) is the button on the left menu and a line in the status panel offering an upgrade - something sufficiently non-pestering that I felt I could live with it. The installer will automatically deactivate your inbuilt Windows firewall.

One common exploit hackers employ is to run a script without your knowing or authorising such a thing. Such a script can do a surprising number of things on your machine: copy the contents of your email address book and send it to someone else, format your hard-drive, encrypt your personal files (and then demand a ransom for giving the password to decrypt them). The script can be hidden in an email message (see also the page 2 section labelled "For Outlook users" if you use this client for your email), or on a Web page you visit. There are many scripts and all can be turned to hack you. So get Script Defender (not a firewall, but a program which blocks certain actions on your operating system unless you give the all-clear) from here and you'll get a warning whenever a script tries to run on your system. Script Defender is free (would I be telling you about it if it weren't?) and a 220kB download.

Firefox users should know about the excellent NoScript add-on, which can configure JavaScript permissions and a lot more (like blocking web-bugs, those 1-pixel, gif-images sites may track your surfing with) on a site-by-site basis. If you use Firefox or SeaMonkey browsers, you shouldn't be without it.
 

Now let's try and improve email protection. The best way to avoid getting infected with a Trojan horse or virus in an email is to delete that message before it is downloaded into your inbox. A program called Mailwasher does just that: it allows you to preview the email as it is on your service provider's server, and delete it right then and there if it isn't addressed to you or seems to be carrying an attachment you weren't expecting.


(the free version of Mailwasher is slightly different)

You can only use the free MailWasher on a single POP3 email account - but a multi-account plus Hotmail, "Pro" version is available for around thirty €uros. The Pro version also has a useful "learning" function which recognises over time the types of mails you think are junk or friends. Once installed and set up with your account details, MailWasher gives information about whether the mail is sent to you or not (thus identifying "Spam" or junk email), whether it has attachments and how big the mail is. By right-clicking on the message you can preview it before you download it. If you don't like it you can delete it then and there, or "bounce" it back to the sender, so it looks like your address is incorrect (however, this last feature is less useful these days because many spam emails use forged sender addresses). Heartily recommended, and a great price. Get MailWasher (a  1.5 MB download) from here.
 

You have, if you've followed all these tips to here, added a lot to your computer's resistance against today's online threats. Check again with one of the security testing sites here to see what's improved.

I'll finish with possibly the second most important privacy aid (after a firewall like Comodo) that you can install. This is called Ad-Aware, and is an 871kB download available here or here.  Ad-Aware scans your computer for any snooping components added from your online activities. These components are often collectively called "spyware," and can be acquired, in many cases, simply by visiting a rogue website. They may not be files as such, merely hidden strings in your Windows registry (your computer's conscious and unconscious self) which would be impossible to find if you didn't already know what you were searching for.

Ad-Aware is updated regularly and the scans take just a few minutes on the default setting, so it's a useful tool. However, as I point out on the next page, you'd be misinformed if you relied on it as the only defence against spyware and Trojans on your computer - look at the suggestions I make there and add some more tools to your spyware defences.