Personal Computer Security on the Internet

Computer Viruses are spread either through email, or like the hackers, they can scan computers for openings. Once on your computer a virus will start sending itself out to other computers. Some viruses are written purely to see how far they will spread, others are written to deliver a political message, or cause damage, but the most common use of a virus now is to install software that hands over control of the computer to the virus writer either for their own purpose or so that they can sell that access.

The biggest problem affecting Windows computers today is Spyware and Adware. Spyware is software that runs on your computer without you knowing and collects information about you. It can look at many things including how much you use the computer, what programs you use, what web sites you visit, what adverts you click on, and many other items of interest to the software writer. The spyware reports back with all of this information to the company that installed it. Adware is similiar software that runs in the background, but as well as collecting information, it displays extra advertisments to you. These are often in the form of pop-up adverts over the web page that you are looking at, or even embedded in the web page. Sometimes they are related to the page you are looking at, or for a competitors product. More often they are advertising pornographic web sites.

How does Spyware get on my computer?

Spyware and adware are most commonly installed through Microsoft's Internet Explorer either when the user clicks on an advertising banner masquerading as a fake computer message, or completely automatically when the web browser loads a page that links to the software. Internet Explorer makes it very easy for this software to install itself without the knowledge of the user through systems called "Active X" and "Browser Helper Objects."

Adware is also often added to your computer when installing free software. The adware makers pay the free software writer a fee to include their software. In these cases the license agreement for the software usually states what is being done, but very few people read these agreements. Please note: the vast majority of free and open source software does not include spyware or adware. Please don't take away the idea that it is not safe to install free software - as you will see at the end of this article, some of the best defences against these problems are free!

But why do they want my computer?

Once malicious software is installed on your computer it can have several objectives:

• To spread to other computers. This is the primary aim of viruses.
• To form part of a Denial of Service attack. This is where a hacker will use your computer as one of many to deluge an organisation's internet servers with requests for information until they break because of the overload. This may be done for political purposes or for extortion.
• To give control of the computer to the software author. Once they have control they may use it for the purposes below, or they may sell the access to someone else for a profit.
• To send spam. (Unsolicited Commercial Email.) Spammers would prefer to use your computer rather than theirs so that they can send their messages for longer without getting shut down.
• To sell information about you and your habits to advertisers. Spyware provides very profitable information for marketing companies to use or sell.
• To show you advertisments - either extra pop ups over your web browser, or in web pages. Many programs will set your web browser home page to a different website in order to accumulate advertising fees.
• To get your computer to dial premium rate numbers. Many web sites install software that hangs up your modem and reconnects the computer to the internet through a premium rate number. This is very profitable for the web site and extremely expensive for the user.
• To gather personal details for identity theft.
• Finally, they may simply steal your financial details such as credit card numbers or bank account details. Software installed on your computer can see a credit card number even if you are typing it into an encrypted web page.

What will they do to my computer?

The computer will start up more slowly because of all the malicious software that it is required to load when it is turned on.

The computer will run very slowly and crash more frequently because of the large amount of malicious software taking up memory and processor power. Spyware and adware from competing manufacturers have even been known to fight over computers! This inevitably causes more crashes.

The internet connection can become unusable because a large portion of it will be taken up with outgoing viruses and spam emails that are being sent to other computers. Browsing the web can also be appallingly slow because the information is being re-routed through the spyware companies servers so that they can record it.

Many advertisments will be displayed while browsing the internet, often inappropriate, or pornographic. Sometimes the quantity of adverts is so overwhelming that the user gives up using the internet.

Sometimes the flood of viruses, spyware and spam can so overwhelm a computer that the user gives up the computer as broken forever. The slow starts, random crashes and strange behaviour may seem like a physically broken computer but often it is really just a software problem. This happens far more frequently than people think and in fact their broken computer could have been fixed with one or two hours of work on the software rather than buying a whole new computer. If no preventative steps are taken then the new computer will be in the same position within a few weeks.

Scary stuff

A recent survey by AOL found spyware and adware on 80% of computers polled, with an average of 93 items per computer! This problem is huge and the general public is oblivious to it apart from occasionally wondering why their computers are slower than they should be or why they see so many adverts.

Some people even think that they must accept spyware in order to use a modern computer. This is a dangerous position to take as companies that use spyware are not particularly ethical about what they do with the data. There will always be alternative free software that does not require the installation of spyware to work.

The average time for a windows computer not protected by a firewall to be infected is now down to four minutes, and spam distribution from the hacked computer starts within ten hours. Source: USA Today study

What can I do about it?

A computer running Windows must have the following:

• Firewall hardware (best) or software, or both.
• Regularly updated Windows software, either automatically, or manually at least once a week.
• Anti virus software, updated daily, scanning daily.
• Spyware removal software, updated at least monthly, scanning at least weekly. This could be relaxed slightly if not using Internet Explorer.

It is highly recommended (See the links below) to switch away from Internet Explorer to a more secure web browser, such as Mozilla Firefox or Opera. This will prevent most spyware from installing on your computer.
Sources:
CERT (US Computer Emergency Readiness Team) recommends using a different web browser
Penn State Tells 80,000 Students To Chuck IE
Finnish government tells citizens not to use IE
Slate (Microsofts own online magazine at the time!) recommends Firefox
NY Times article on Firefox

There is a very simple rule for reducing infections by computer viruses: DON'T CLICK ON EMAIL ATTACHMENTS! OK, so that is a little over the top and sometimes you have to open an email attachment, but stop and think first. The most common way that a virus will get on to your computer is through an attachment in an email. How does it get from the email to your computers memory? Usually, it is because someone clicked on it.

If you receive an unexpected email from someone and it contains a program, don't open the program, even if you know the sender. First check that you were supposed to recieve the program, that you really need the program, and that your virus scanner thinks it is OK. Sometimes even a seemingly innocuous attachment such as a picture may really be a virus. Because of a bug in Microsoft Outlook and Outlook Express it is possible for a program file which should end in .exe or .vbs to look like it is a picture that ends in .jpg and in this way it can fool the user into opening it.

If you use either Outlook or Outlook express then you can make things much more secure by turning off the preview function and HTML mail. This will prevent Outlook from opening web pages that are sent to you inside emails. If you do not need the calender or groupware functions of Outlook then I recommend Mozilla Thunderbird as a better email program.

Recommended software

In order to beat malicious software I recommend that all users of Microsoft Windows download and install the free software listed below. See my step-by-step guide for full instructions on how to install and use all of this.

The first thing that you should install is a firewall. If your network is not protected by a hardware firewall (a physical box between your computer and the internet) then you need a software firewall. I recommend Zone Alarm Personal from www.zonelabs.com (Click on "Free Download" to get the personal version.)

If you are running Windows XP then instead of installing Zone Alarm you should install Service Pack 2 as soon as possible. Service Pack 2 is a set of updates from Microsoft that include a firewall and many other enhancements that significantly improve Windows defences against malicious software. You can download service pack 2 from windows update but it is a very large download. If you do not have broadband then you can get Service Pack 2 on CD free of charge from computer shops such as PC World, from magazine cover disks, or you can order it for free from Microsoft.

No matter which version of Windows you are using, you should next make sure that it is up to date by visiting windows update. After you have done this you should open the control panel on your computer and turn on automatic updates, or at least automatic notification of updates. If you do not do this then you should check the windows update site regularly.

To remove spyware and adware I suggest that you use either Spybot Search and Destroy from www.spybot.info
or Ad-Aware Personal from www.lavasoft.de Sometimes you may need to use both if you have particularly stubborn spyware.

To protect your PC from viruses you can use AVG Anti-Virus Free Edition www.grisoft.com

To prevent spyware from installing itself through your web browser I recommend that you use Mozilla Firefox from www.getfirefox.com. After installing Firefox you may need to update your plugins such as Java, Flash, Quicktime and Real Player.

Mozilla Thunderbird from www.mozilla.org/products/thunderbird/ is the companion email program to Firefox. Once installed you should configure it to filter out junk email and turn off the automatic diaplying of HTML mail, this will prevent spammers from tracking your reading of their emails.

Return to homepage.