How to keep my computer safe.
December 10, 2011 2:49 PM Subscribe
What do I *really* need to do in order to keep my computer reasonably save from malware and intrusions?
From security experts, I keep hearing antivirus software et al. were snake oil. If that's the case, what are the requirements for achieving an optimum of security and convenience while using the internet? I'm not looking for a false sense of security - the internet will obviously never be a safe place - just tips to stay out of trouble.
From security experts, I keep hearing antivirus software et al. were snake oil. If that's the case, what are the requirements for achieving an optimum of security and convenience while using the internet? I'm not looking for a false sense of security - the internet will obviously never be a safe place - just tips to stay out of trouble.
Best answer: use a good anti-virus in realtime mode like AVG or Avast.
Use Microsoft Security Essentials. It automatically updates, and it's free, and it doesn't make your system run at the speed of frozen molasses.
But the most important thing of all is to be smart. Most attacks require cooperation of the user. Remember, PEBKAC.
In Windows, you can go a long way towards staying safe by using a non-administrator account most of the time. I usually set up my administrator account so that the screen backdrop is brick red. That way I can't forget that I'm in privileged mode.
posted by Chocolate Pickle at 3:03 PM on December 10, 2011 [9 favorites]
Use Microsoft Security Essentials. It automatically updates, and it's free, and it doesn't make your system run at the speed of frozen molasses.
But the most important thing of all is to be smart. Most attacks require cooperation of the user. Remember, PEBKAC.
In Windows, you can go a long way towards staying safe by using a non-administrator account most of the time. I usually set up my administrator account so that the screen backdrop is brick red. That way I can't forget that I'm in privileged mode.
posted by Chocolate Pickle at 3:03 PM on December 10, 2011 [9 favorites]
To be frank, I think whatever security experts you're talking to are full of it. On my Mac I use Firefox, MozCheck (to ensure that my browser's plug ins are always up to date with the latest patches) and Little Snitch (to ensure that no unwanted processes are attempting to connect to my computer without my permission). In Windows, I use VirusScan Enterprise, SpyBot (to weed out registry edits and spyware), MozCheck, Firefox, and, ultimately, as little of Windows as possible.
Additionally, common sense goes a long way. Don't open attachments unless you know who they're from. Don't download stuff from a site and not have up-to-date VirusScan software installed. Have all your data backed up to an external harddrive. Use complex, varied passwords. These are the best practices I've used, and they're based on the advice provided by the best security expert I know, my dad. (My dad's the network administrator at one of the largest State Universities in California.)
posted by iLoveTheRain at 3:20 PM on December 10, 2011
Additionally, common sense goes a long way. Don't open attachments unless you know who they're from. Don't download stuff from a site and not have up-to-date VirusScan software installed. Have all your data backed up to an external harddrive. Use complex, varied passwords. These are the best practices I've used, and they're based on the advice provided by the best security expert I know, my dad. (My dad's the network administrator at one of the largest State Universities in California.)
posted by iLoveTheRain at 3:20 PM on December 10, 2011
Rather than using a Mac, you can also use alternate OSs like Linux or FreeBSD. Ubuntu Linux is a very popular and pretty easy to use one.
posted by box at 3:35 PM on December 10, 2011 [1 favorite]
posted by box at 3:35 PM on December 10, 2011 [1 favorite]
See the end of my profile and my link to samsara's profile for some great tips.
posted by deezil at 3:38 PM on December 10, 2011 [4 favorites]
posted by deezil at 3:38 PM on December 10, 2011 [4 favorites]
Make backups. There are lots of good backup programs, but probably just making copies of your files to an external hard drive on a regular basis is good enough.
Another thing you might try is making an exact copy of your entire hard drive using Clonezilla. This isn't something you'll do every day -- it's kind of an involved process, so you might do it every couple of months. But then if anything bad happens, you can restore everything on your system to exactly the state it was in when you copied it. Then copy your files over from a backup, and everything's back to exactly the way it was before. I haven't done this myself, but if you have the time and the knowledge it's probably a good thing to do.
posted by miyabo at 4:11 PM on December 10, 2011
Another thing you might try is making an exact copy of your entire hard drive using Clonezilla. This isn't something you'll do every day -- it's kind of an involved process, so you might do it every couple of months. But then if anything bad happens, you can restore everything on your system to exactly the state it was in when you copied it. Then copy your files over from a backup, and everything's back to exactly the way it was before. I haven't done this myself, but if you have the time and the knowledge it's probably a good thing to do.
posted by miyabo at 4:11 PM on December 10, 2011
First, like others say, you have to be careful about what you open and execute. If you have that set already, then you have to worry about attacks that don't need your help: the automatic, "drive-by" infections. Many of these won't be caught by virus scanners, because they're often using new exploits and code that haven't been seen by the antivirus companies yet.
For those, limit the attack surface. The more software that is exposed to the internet, the more chances you have for being infected. Browsers and plugins are huge sources of exploits / infections, and the best thing you can do is harden and limit the surface there:
posted by whatnotever at 4:37 PM on December 10, 2011
For those, limit the attack surface. The more software that is exposed to the internet, the more chances you have for being infected. Browsers and plugins are huge sources of exploits / infections, and the best thing you can do is harden and limit the surface there:
- Keep your browser and plugins and extensions updated, always. Get into a routine of checking these things. Some check themselves, and some don't, so do it yourself to be safe.
- Limit the number of plugins and extensions you have installed. Disable anything you don't really need. Adobe Acrobat Reader regularly has unpatched holes being exploited "in the wild," so I simply don't use the plugin in my browser. If I need to read a PDF, I'll save it and open it myself; I don't need my browser to be automatically opening any PDF it is given. In my browser, the only plugin I enable is Flash, and I use FlashBlock to prevent it from auto-loading content (which can be worked around, but it's better than nothing). NoScript can add an extra layer of protection as well.
posted by whatnotever at 4:37 PM on December 10, 2011
Beyond that, firewalls are nice, but they won't do much to prevent infections.
Aside from allowing a zombie client to communicate back to the server , possibly with your financial information along with it, I would agree with you. Many infections spread via specific ports, by closing off access to such ports via a firewall you limit your risk. Oh, and if someone is penetration/fingerprint testing to see if a live machine is at your IP address (happens 5-100 times an hour to just about everyone connected ) it helps if you have a firewall that stealths your visibility.
posted by Poet_Lariat at 4:43 PM on December 10, 2011
Aside from allowing a zombie client to communicate back to the server , possibly with your financial information along with it, I would agree with you. Many infections spread via specific ports, by closing off access to such ports via a firewall you limit your risk. Oh, and if someone is penetration/fingerprint testing to see if a live machine is at your IP address (happens 5-100 times an hour to just about everyone connected ) it helps if you have a firewall that stealths your visibility.
posted by Poet_Lariat at 4:43 PM on December 10, 2011
Dropbox - and services like it - are great when you have files which you want to avoid loosing. However if you have files which contain sensitive information and consider using Truecrypt to make an encrypted virtual folder. The encrypted folder can be stored on Dropbox, etc if you want to be able to access it from anywhere.
You asked about your computer - but, if you happen to use web based email, then this probably contains a lot of sensitive information also. It is probably a good idea to use a different password from this than for any other services out there.
posted by rongorongo at 4:45 PM on December 10, 2011
You asked about your computer - but, if you happen to use web based email, then this probably contains a lot of sensitive information also. It is probably a good idea to use a different password from this than for any other services out there.
posted by rongorongo at 4:45 PM on December 10, 2011
Best answer: Seconding advice to run Microsoft Security Essentials.
Set your Windows Update to automatically install updates.
Use a browser alternative to Internet Explorer: Chrome or Firefox.
Never open an attachment unless you were expecting it.
Don't download or install software from the non-original site. Nothing found in forums, third party sites, or torrents is safe.
posted by Argyle at 4:45 PM on December 10, 2011
Set your Windows Update to automatically install updates.
Use a browser alternative to Internet Explorer: Chrome or Firefox.
Never open an attachment unless you were expecting it.
Don't download or install software from the non-original site. Nothing found in forums, third party sites, or torrents is safe.
posted by Argyle at 4:45 PM on December 10, 2011
Seconding Microsoft security essentials. It's not installed by default so you have to google it and download it yourself. Turn windows firewall on and make sure you are thinking when it asks to allow programs through it. Use firefox or chrome or anything besides Internet Explorer. Update windows regularly. That should cover most things you'll run into.
posted by grizzly at 7:03 PM on December 10, 2011
posted by grizzly at 7:03 PM on December 10, 2011
Best answer: 'nthing Security Essentials. And they are somewhat right that you should never put your full trust with an AV solution. Optimally securing your PC should involve the following:
- Antivirus
- Reduced rights for the browsing account
- Regular updates for all web related software
- Use a site advisor like Web of Trust to catch many bad sites before they are visited
- Firewall and HIPS
I wrote a guide in my profile with more detail if it's helpful. With about 15 years in the PC field I'm still amazed Microsoft hands out local admin by default. Reigning that back is the best start you can take in making your PC more secure as it helps protect your core OS. The rest is to help protect your files, settings, and identity.
posted by samsara at 9:07 PM on December 10, 2011
- Antivirus
- Reduced rights for the browsing account
- Regular updates for all web related software
- Use a site advisor like Web of Trust to catch many bad sites before they are visited
- Firewall and HIPS
I wrote a guide in my profile with more detail if it's helpful. With about 15 years in the PC field I'm still amazed Microsoft hands out local admin by default. Reigning that back is the best start you can take in making your PC more secure as it helps protect your core OS. The rest is to help protect your files, settings, and identity.
posted by samsara at 9:07 PM on December 10, 2011
Use Firefox with NoScript. I've always been really careful about downloading attachments and going to shady webpages, but in the last year I've gotten viruses twice that were embedded in ads on popular websites that I would've thought were safe. I only went to the webpage (in one case, the MySpace music page of a singer I like), and that was enough to get the virus. NoScript blocks things like that, my anti-virus program didn't.
posted by wondermouse at 9:49 PM on December 10, 2011
posted by wondermouse at 9:49 PM on December 10, 2011
I do use Windows Firewall and keep my OS updated, but really, the biggest thing I've done is to stay in a non-admin account with a secure password that is not the same as the password to the admin account. No anti-virus or malware software of any kind. Just login as a regular user with no installation permissions.
posted by clerestory at 9:57 PM on December 10, 2011
posted by clerestory at 9:57 PM on December 10, 2011
Best answer: Run your browser using Sandboxie
posted by T.D. Strange at 10:21 PM on December 10, 2011
posted by T.D. Strange at 10:21 PM on December 10, 2011
Don't open attachments unless you know who they're from.
Blind trust and complacency are some of the leading causes of infection. Trust no one and scan everything.
posted by squeak at 6:20 AM on December 11, 2011
Blind trust and complacency are some of the leading causes of infection. Trust no one and scan everything.
posted by squeak at 6:20 AM on December 11, 2011
As someone who literally makes a living removing viruses from computers, I recommend you buy a Mac.
posted by richrad at 6:27 AM on December 11, 2011 [1 favorite]
posted by richrad at 6:27 AM on December 11, 2011 [1 favorite]
AVG has saved me and my computer more times than I can count...
posted by lgandme0717 at 7:00 AM on December 11, 2011
posted by lgandme0717 at 7:00 AM on December 11, 2011
I've had to reinstall Windows twice. I like Malwarebytes, Spybot, and Avast.
Ultimately, though, the thing that gave me the single greatest feeling of security was getting an automated online backup service from Mozy - $5.99 a month. Now, if I get infected again I'll be frustrated and have to wipe the thing again, but I won't be the least bit worried about losing my files.
posted by Miko at 8:33 AM on December 11, 2011
Ultimately, though, the thing that gave me the single greatest feeling of security was getting an automated online backup service from Mozy - $5.99 a month. Now, if I get infected again I'll be frustrated and have to wipe the thing again, but I won't be the least bit worried about losing my files.
posted by Miko at 8:33 AM on December 11, 2011
In Windows, you can go a long way towards staying safe by using a non-administrator account most of the time. I usually set up my administrator account so that the screen backdrop is brick red. That way I can't forget that I'm in privileged mode.
Don't mean to thread-jack, but... How do you set this up? I'm using Windows 7 on a laptop.
posted by ObscureReferenceMan at 12:12 PM on December 12, 2011
Don't mean to thread-jack, but... How do you set this up? I'm using Windows 7 on a laptop.
posted by ObscureReferenceMan at 12:12 PM on December 12, 2011
Don't mean to thread-jack, but... How do you set this up? I'm using Windows 7 on a laptop.
There's a few ways, this is how I set up relatives:
1. Right-click My Computer and select Manage
2. Navigate to the Users and Groups section (under System Tools) and click on Users
3. Right-click on the right hand pane and select New User
4. Give this user a name and password. Set it so that "not expire" is the only check selected
(for example the username "Trusted" and password "trustno1" would work)
5. Click on the members tab and add the Administrators group
6. Log out and log in as your new "Trusted" account. Go back to Users and Groups
7. Click on Groups then double-click Administrators. Remove your "main" account
8. Double-click the Users group. Ensure your "Main" account is there, add it if not.
9. Log off "Trusted" and log back into your "Main" account.
posted by samsara at 1:57 PM on December 12, 2011 [1 favorite]
There's a few ways, this is how I set up relatives:
1. Right-click My Computer and select Manage
2. Navigate to the Users and Groups section (under System Tools) and click on Users
3. Right-click on the right hand pane and select New User
4. Give this user a name and password. Set it so that "not expire" is the only check selected
(for example the username "Trusted" and password "trustno1" would work)
5. Click on the members tab and add the Administrators group
6. Log out and log in as your new "Trusted" account. Go back to Users and Groups
7. Click on Groups then double-click Administrators. Remove your "main" account
8. Double-click the Users group. Ensure your "Main" account is there, add it if not.
9. Log off "Trusted" and log back into your "Main" account.
posted by samsara at 1:57 PM on December 12, 2011 [1 favorite]
This thread is closed to new comments.
2. If you're using Windows , use a good anti-virus in realtime mode like AVG or Avast. Make sure it updates regularly (at least every few days). Use the realtime mail scanning functionality of the product .Don't think of using something like Norton or Mcaffee for your anti-virus. They're just crapware these days.
3. Make sure Windows checks for updates every few days.
4. Use a mal-ware scanner like Spybot at least once a week.
5. Do NOT use Windows Explorer. Use a browser that can use good as-blocking such as Firefox with Ad-Block installed
6. Turn on your windows firewall.
Alternatively just use a Mac computer with firefox.
posted by Poet_Lariat at 2:57 PM on December 10, 2011 [4 favorites]