Find the perfect gift for everyone
The list of PC security products never ends. For every name that drops off, two more jump on. In fact, determining the best security hardware and software is a full-time job. Sometimes, you just want to throw up your hands and take your chances.
Maybe I'm just a cockeyed optimist, but I think you can stay safe without spending all your spare time doing research, installing updates, and generally becoming a PC-security expert. Here are five relatively easy ways to improve your security.
Use the firewall that's closest at hand
In the computer industry, the reputation of a product, service, or Web site is just about worthless. Yesterday's best firewall, ad blocker, spam buster, virus spotter, or spyware cleaner is today's bust.
Maybe the product got bought and the new owners aren't as conscientious about updates as the previous ones. Or the service's management team decides to go for profits and skimp on support, updates, and enhancements. There are lots of reasons why a good product goes sour, and the computer industry has seen nearly all of them.
So if you can't go by reputation, how do you choose a security product? One way is to go with the tools you've already got. Windows' security is roundly criticized, but the fact is, it's better than it used to be, and third-party security products have their own shortcomings.
Last February, I recommended that you use a third-party firewall rather than the one built into Windows. Six months earlier, I suggested that you pass on the third-party tools and stick with the Windows Firewall despite its shortcomings.
So which side of the fence am I on now? The simple side. The fact is, any third-party security tool complicates your setup. It's not difficult to find weaknesses in the Windows Firewall, but it's safe enough for most PC users, and it's much better than using no software firewall at all.
My previous post included links to information on Microsoft's TechNet site providing technical details of the Windows Firewall, tips for customizing the Windows Firewall, and help troubleshooting the firewall in XP and Vista.
Don't hesitate to try another free antivirus program
Just last week, I switched antivirus programs on my XP test system--for the umpteenth time. Something was slowing the system down, and after defragging the hard drive and doing other standard maintenance tasks, the machine's performance didn't improve as I expected it to.
Rather than go through a bunch of diagnostic tests, I simply uninstalled the system's antivirus tool and downloaded a competing package. The old and new programs were both free, and the switch didn't take much time to complete. The topper? The XP machine's performance perked up immediately.
Two antivirus programs that are free for home use and that are currently highly rated are Avast Home Edition and Avira AntiVir. You'll find a list of dozens of antivirus programs for Windows on this Download.com page.
Change your password...again
I hate those "your password will expire in x days" warnings as much as you do, but one of the simplest ways to protect yourself is by keeping your passwords fresh. Last year, I described the Ten Password Commandments, one of which was to devise a password-creation strategy that's all your own.
Just two months ago, I complained about the shortcomings of passwords as our primary security option, though I concluded that there's nothing better, for now. Lots of people swear by password managers such as RoboForm, but then you have yet another third-party app complicating matters.
For me, it's simpler just to devise a new password based on my unique, inimitable password-creation system, which I share with no one. No need to write it down, enter it in an online form, or encrypt it in a master-password file. Temporary amnesia, well, that's another matter.
For secure e-mail, use encryption
You would think that encrypting e-mail would be a breeze, but doing so is anything but. You and the recipient have to deal with digital certificates, public and private keys, and any number of other time-eating preparations and precautions.
The simplest way I know of to encrypt your e-mail is by using the Mozilla Foundation's Thunderbird with the Enigmail extension. Jason Thomas provides step-by-step instructions in this tutorial on the Lifehacker site.
Gmail users can secure their e-mail communications by enabling the service's built-in encryption. To do so, click the Settings button at the top-right of the main Gmail screen, scroll to the bottom of the General tab, select "Always use https," and click Save Changes.
Select "Always use https" under the General tab in Gmail's Settings to encrypt your messages.
(Credit: Google)
Keep your browser up-to-date
Most people will tell you that the Mozilla Foundation's Firefox browser is the safest way to surf, but a recent report from Google Switzerland and the Swiss Federal Institute of Technology found that "(u)sing the most recent version of a browser will lower the risk associated with drive-by-downloads and other Web-based attacks, which start by targeting the browser."
The report cites Google Chrome's silent updates as the best way to ensure that your browser is protected. The researchers also laud Chrome's lack of a way for users to disable its silent-update feature. Some people will object to software being downloaded to and installed on their system without their knowledge, but the fact is, these behind-the-scenes updates are the best way to keep you safe from the Internet bad guys.
Personally, I'm starting to rethink my choice of default browser. But as I mentioned earlier, you can't put any faith in a computer security product's reputation. And you can't be afraid to switch.
I wouldn't give you a nickel for all the system tools that come with Windows. That's because I can replace them with programs that do the job better without spending even that much.
Start with the firewall, which most people would consider an indispensable piece of software. Windows Defender's firewall is better than none at all, but not by much. Of the free alternatives, my favorite is the Comodo Firewall Pro. I described why and how I switched from ZoneAlarm to Comodo in a post from last February.
Since that time, I replaced the Comodo firewall and all my other free security apps with a commercial security suite. For me, the convenience of a single security program is worth paying for.
However, I recognize that many people will gladly put up with maintaining several individual apps if they can save a few dollars. For them, Comodo's a good firewall choice. Popular antivirus programs that are free for home use are AVG, Avira AntiVir, Malwarebytes Anti-Malware, ESET NOD32, and Avast.
Top-rated spyware blockers include Ad-Aware, Spybot Search and Destroy, and Spyware Blaster.
Plenty of better browsers
Internet Explorer 7 has been a big improvement over IE 6, and early reports are that IE 8 will be a big step up from the current release. But Internet Explorer isn't even my fifth favorite browser, trailing (in no particular order) Firefox, Opera, SeaMonkey, Chrome, and Safari.
I acknowledge that some people have to use Internet Explorer--maybe their organization requires it--but the rest of us have no excuse for limiting ourselves to a single browser. The NoScript add-on (donationware) that lets you block scripts in Firefox is reason enough to use that browser. IE has nothing to compare with it.
One-step cleanup tool is the multitasking champ
I'm surprised that so many PC users don't know about Piriform's CCleaner (donationware), which does the job of about a half-dozen Windows applets. Along with a disk cleaner, you get a program uninstaller, a start-up manager, and a Registry checker.
CCleaner clears the clutter from your drive and performs other system tasks with aplomb.
(Credit: Piriform)You have to exercise a little restraint the first few times you run CCleaner, which empties your Recycle Bin, clears your Internet history, and performs other irreversible system chores. Still, I've been using CCleaner for several years and haven't had any problems with the program yet.
A new alternative for shoring up your drive's sectors
In a post from last March, I described the free Disk Defrag utility from Auslogics. My new favorite free disk defragger is another Piriform product, Defraggler (donationware). The program recovered 20GB of lost space on my laptop's 200GB hard drive, though in my unscientific tests it seemed to take longer to complete the defragmentation than it does when using Disk Defrag. This might indicate that Defraggler's doing a more thorough job, but maybe not.
The Defraggler disk defragger provides more info than Windows' built-in defragger.
(Credit: Piriform)You can also defrag from a command prompt. To open a command prompt in Vista, press the Windows key, type cmd, and press enter. In XP, click Start > Run, type cmd, and press Enter. The Vista Forums provide a detailed explanation of the many options you have when you defrag the DOS way.
Some people claim defragging does nothing to speed up your system. Even though my notebook wasn't necessarily low on disk space, I'll take that recovered 20GB any day.
Freebies for inveterate system tweakers only
Sysinternals, which is now part of Microsoft, offers a solid lineup of utilities for digging deep into Windows' darkest corners. Two of my favorites are Process Explorer and its cousin, Process Monitor. Once you get a handle on the information they present, the programs give you as complete a glimpse inside Windows--in real time--as you'll find anywhere.
In Windows 7, the Windows Security Center will be replaced with the Windows Action Center
(Credit: Robert Vamosi/CNET Networks; Microsoft)Since Monday, I have been running a prebeta copy of Windows 7, the next operating system from Microsoft.
At first glance, build 6801 of Windows 7 appears very much like Windows Vista; that's because enhancements to the look and feel part of the operating system typically come late in the development process. Right now, the core programming is being set, and there are already some changes in how Windows 7 will handle computer security.
Gone is the Security Center, introduced in Windows XP SP2. Instead, there will be an "Action Center" that incorporates alerts from 10 existing Windows features: Security Center; Problem, Reports, and Solutions; Windows Defender; Windows Update; Diagnostics; Network Access Protection; Backup and Restore; Recovery; and User Account Control.
Changes to the User Account Control (UAC) may raise an eyebrow or two. While vastly unpopular in Windows Vista, the dialog boxes that pop up whenever a user tries to install new software, among other reasons, served a purpose.
In Windows 7, users can adjust consent prompt behavior using a slider control, if they have administrative privileges. Microsoft says they'll still be protected against malicious software, even if they never see another alert. I'm wondering if that's actually a bad idea: if people never see an alert, they might think nothing bad ever happens to their computer. We lose an element of user education.
Windows 7, which Microsoft unveiled at its PDC 2008 event this week, also introduces something called the Windows Filtering Platform (WFP). The idea is that third parties can take advantage of aspects of the Microsoft Windows Firewall in their own products. Microsoft says "third-party products also can selectively turn parts of the Windows Firewall on or off, enabling you to choose which software firewall you want to use and have it coexist with Windows Firewall."
I mentioned this feature to one major security vendor, which responded by saying it couldn't imagine running its product side by side with Windows Firewall. Also, if Microsoft had a compelling component in its firewall, this vendor said it would just build its own version, not use Microsoft's.
Other security features have been tweaked in the current build of the next Windows operating system. Scrollbars were removed in the configuration settings screen, as has the Software Explorer feature, and real-time protection in Windows 7 has been improved to reduce the impact on overall system performance.
Windows 7 extends BitLocker drive encryption support to removable storage devices, such as flash memory drives and portable hard drives. This means that users can keep sensitive data on all of their USB storage devices.
Biometrics enhancements include easier reader configurations, allowing users to manage the fingerprint data stored on the computer and control how they log on to Windows 7.
And System Restore includes a list of programs that will be removed or added, providing users with more information before they choose which restore point to use. Restore points are also available in backups, providing a larger list to choose from, over a longer period of time.
Returning from Windows Vista are Kernel Patch Protection, Service Hardening, Data Execution Prevention, Address Space Layout Randomization, and Mandatory Integrity Levels.
This information could change, as Microsoft nears the final build. Microsoft still expects to ship Windows 7 "within three years of Windows Vista," which means that it could be available sometime before January 2010.
It slows down your browsing. It makes some Web sites inaccessible for no discernible reason. It doesn't even offer you any xiao long bao or pu'er tea for your troubles. But if you want to know what life behind the Great Firewall of China is like, then the Firefox plug-in China Channel is the cheapest and fastest way to experience using the Internet in China without actually being there.
Tibet.com as it renders under the China Channel...
(Credit: CNET Networks)After installation, getting to experience Web surfing the way the Chinese do isn't hard at all. Users have three ways to activate China Channel: via the China Channel toolbar, a navigation bar button that you must drag and drop onto the bar to get access to, and a status bar button. The buttons function by opening a menu, from which you choose to switch from None to the China Channel. Much like the IE Tab extension, the page will then render as if your IP address is inside China.
The toolbar is interesting for a slightly different workflow that results in a Web page that informs you of your IP address and its country of origin. Choose the China Channel from the drop down, and then hit the big red Go button. With China Channel activated, the page will declare that the plug-in has been activated. Switch back to None and refresh the page, and it changes to reflect your proxy server-free surfing experience.
...and unblocked by the Great Firewall.
(Credit: CNET Networks)The experience drives home the point of just how severe Internet censorship is in China, going beyond government hot-topic issues like Tibet and Tiannamen Square to that hotbed of revolutionaries known as Wikipedia. Even my own innocuous blog was blocked when I was there, although two years later it seems to be free. Or at least it was when I tested out China Channel: while sensitive material seems to be permanently blocked, the 30,000 employees of the Great Firewall appear to apply their censorship in a more arbitrary manner for less topical Web sites.
This is a great experiential plug-in that's worth grabbing just to see how citizens in countries with Internet censorship have to struggle with hamstrung browsing.
Every computer user needs security software to keep him or her safe on the Web. Along with antispyware and antivirus programs, a good software firewall is a must-have to keep hackers away from your data. Firewalls also are useful for determining which programs are making contact with outside sources. If you're looking for a solid software firewall, look no further than ZoneAlarm .
For a quick rundown of how the ZoneAlarm firewall protects your computer, check out this First Look with CNET Download.com's Jason Parker.
Don't let the name fool you, Comodo Firewall Pro is one of the best freeware programs around that can also hold its own against other pay firewalls. Previous user complaints about resource hogging and a confusing interface have been addressed and this application has never been easier to use.
It still provides a smorgasbord of information and options for advanced users, but it's simple enough for beginners, and runs smoothly and silently in the background. When you first install it, the Comodo pop-ups come often as the program "learns" your online behavior, but those soon stop. Summary, Firewall, Defense +, and Miscellaneous tabs provide links to relevant security issues so users can drill down to learn more about how the firewall is performing and what exactly it's doing. The Host Intrusion Prevention System supposedly protects against unknown threats--obviously, it's hard to tell if it works unless an unknown threat gets in, but it didn't seem to affect system performance negatively.
(Credit:
CNET Networks)
As users of the Internet we face security threats every day. Nefarious hackers (not all hackers), viruses, and spyware are rampant when online, and not taking precautions can mean lost data or even worse, identity theft. Frankly, if your computer is unprotected, you are rolling the dice every time you go online. Certainly many users already know this and are already using trusted software, or have other security measures in place to ensure safe surfing. This Killer Download is for those who don't or anyone who has questions regarding their safety online.
Whenever I get a new system or get the call to "fix" a friends computer (which more often than not is infected with some sort of system-slowing malware), I always download software from the security categories I refer to as The Big Three. The Big Three includes an antivirus program, an antispyware program, and a software-based firewall. There are certainly other, even safer methods (like using a secure external router instead of a software firewall), but most people can surf safely with these three program types on their system. At the bare minimum, every Windows user should have The Big Three covered.
There are several applications you can buy to fulfill these needs, but there are plenty of free alternatives which will keep you just as safe. Clearly, if your information is of the national security variety, or the plans for a working time machine, you may want to consider higher-end methods for protecting your data. But if you're just a regular computer user who surfs the Web, plays online games, downloads software, or does some occasional banking and bill paying online, this Killer Download is for you.
I should point out my favorites change as I find and test new applications, and you may have an even better solution to use as one of your Big Three. If so, make certain to let us know in the comments so we can all benefit. Here are my current Top 3 free applications I use at home.
The summary screen lets you know your firewall is up to date and operational.
(Credit: CNET Networks)Comodo Firewall Pro offers solid protection against threats by learning your computing habits and what applications you use. This way, if something out of the ordinary occurs, you'll get a notification giving you the option to block suspicious connections to your computer. The interface is easy to understand and guides you through the setup process to make sure you're protected. It's important to note that you will get a lot of notifications in the beginning as Comodo Firewall learns your habits. However, after awhile a window might pop-up which seems suspicious and you'll be glad you have the ability to lock out a potential threat. As an alternative, the free version of ZoneAlarm Firewall is another solid firewall.
Use the tabbed interface to get to all of this applications features.
(Credit: CNET Networks)Spyware Terminator is my current favorite for antispyware applications. It has a slick interface, performs relatively fast scans, and includes free real-time protection. So many antispyware demos scan, but don't remove malware before you pay the registration, or they do scan and remove, but the real-time protection is locked. Spyware Terminator has all the features of the paid applications, but it's absolutely free. One word of caution: I'm not fully sold on the real-time protection in Spyware Terminator because it seems to notify me a lot, even to the point of repeat notifications. Whether you choose to have real-time protection on or off, if you stick to a scan schedule, this application will keep your system clean. Another great alternative is the ever popular Ad-Aware 2007, but you won't get the real-time protection without paying.
Check this summary screen often to make sure you're up to date.
(Credit: CNET Networks)Avira AntiVir PersonalEdition rounds out my Big Three with solid antivirus protection at no cost. This reliable application quickly scans drives for every form of virus, trojan, and worm, letting you delete or quarantine anything it finds. It lets you focus your search to specific types of scans, and select drives if you have a hunch about a particular problem. This application also offers a real-time guard, so you can stop a virus before it takes root. Like any antivirus program (or antispyware program for that matter) AntiVir will only remain a contender if they keep updating their virus definitions, and so far they are perfect. Your alternative for the third slot of The Big Three is the well known AVG Anti-Virus Free Edition which is definitely worthy of any home computer security system.
If you don't have a program which fits each of these three security types, download and install them now. Though no security system can be foolproof, once you have the Big Three covered on your home computer, you'll be able to surf much more safely.
About five years ago I installed the family version of Symantec's Norton Internet Security software on one of my PCs, rendering the machine unusable. Not only couldn't I get any access to the Internet, it was impossible to uninstall the program. I ended up having to reinstall the operating system and all my applications--except Norton Internet Security. At the time I said I would never again install a Symantec security program on any PC, but about a year ago I bought a PC that came with 90 days of Norton 360, and the program won me over. When the free trial period was over I even coughed up $80 for a year's subscription. Apart from the frequent nags about my need to back up (I prefer to use my own manual backup strategy), I'm happy with the Norton 360.
Now the other side of the coin: I've used CheckPoint's ZoneAlarm firewall--both the free and pro versions--for many years, and on many different PCs. The program would occasionally prevent a legitimate program from performing some operation, but on those rare instances I merely shut the firewall down long enough to complete the task, and then turned it back on. No problem.
Until this morning, that is. I spent four hours trying to update a Web site via ftp, only to be told that access to my ISP's ftp server was denied. I tried using the WS_FTP Pro ftp program, Windows Explorer, Firefox, and even a WYSIWYG Web editor, but nothing could get through to the server. I could access the remote system on another PC on my network, but I wanted to avoid having to move the files in question to that PC to complete the transfer. Just last week I had ftp'ed some files without a problem.
After several calls to my blameless ISP, a tech suggested that I uninstall ZoneAlarm. Not just shut it down (which I had already tried), but completely uninstall the app. This struck me as somewhat extreme, but after spending so much time trying to figure out the glitch, I thought it was worth a try. And what do you know: as soon as ZoneAlarm was off the system, I could access the ftp server without a hitch.
Customize your firewall's ftp access using these settings in the free Comodo Firewall Pro.
I suppose I could try to figure out why ZoneAlarm all of a sudden threw a monkey wrench into my server access, but it's quicker and simpler to rely on another free firewall. My ISP's tech guy said he trusted the firewall built into XP, which he claims Microsoft has improved tremendously. But its protection is one way: it doesn't monitor traffic from the PC to the Internet, just stuff inbound. Instead, I loaded the free Comodo Firewall Pro, which also scans your system for viruses, spyware, and other threats. Since I use a remote-access service to log into this PC while on the road, I chose to review requests for incoming connections rather than to block them automatically, which means I'll have to click through a few more pop-ups. But for me this is a small price to pay for the added convenience of remote access.
After you install the Comodo firewall it starts to train itself.
After you install the program and reboot, Comodo "learns" your system, running through the standard processes and services. It also learns as you open your browser and other network-connecting applications for the first time. Once its training is complete, you can click the Comodo icon in the system tray to view your blocked and allowed connections, as well as other traffic data. You also get a snapshot of your running applications, and your choice of five security and alert-frequency settings.
Get a snapshot of your system security on the Comodo Firewall Pro's summary page.
So what did my morning in tech-support hell teach me? First, that my ISP's tech support staff is worth their weight in gold (even if I did assume at first that it was all their fault). Second, that I'm glad there's a myriad of free options when it comes to PC security software. Third, that things change quickly in the computer world, and it doesn't pay to be glued to your assumptions. And fourth, if a program encounters a problem accessing the Internet, check for a conflict with your security software before you get on the horn to your ISP's tech support.
Tomorrow: tweak Windows XP for optimum performance.
With a new year comes new computers, and that means new security problems. Viruses, spyware, rootkits, hackers--a fresh machine can be susceptible to the most insidious of plots. Lucky for you, here in the CNET Download.com defense bunker, we've devised a list of essential and free top-rated security programs to protect the honor of your computer and ensure that your sanity will last longer than your resolutions.
... Read more
Comodo Firewall Pro gets a major revision from its publisher, upgrading to version 3 with some significant changes. Most importantly, user complaints about resource hogging when version 2 came out have been all but eradicated with the new model.
... Read more
