YOU ARE HERE: Home > Tips & Tricks > Online Safety Article

If viruses, trojans, zombie-bots, malformed headers, rtf embedded macros and the like are already part of your everyday vocabulary then you should probably stop here. Otherwise . . . Here are a few simple steps to help avoid viruses and other intrusions: (There is a section at the end of this letter which contains instructions for the settings mentioned in the text. I have included as many different programs as I could find.)

Programs

Anti-Virus:
There are many anti virus programs available. Get one, be sure that it is always running and update it WEEKLY. Viruses on the internet can mutate at least as fast as the biological ones and an out of date virus program is of little or no use. If you have a good, up to date anti virus program then the danger from email attachments is reduced significantly.
Recommended: I use AVG which is available from http://www.grisoft.com. There are two versions, a free one for personal use and a professional one (which is currently available free for NFP organizations).

Firewall:
A firewall serves two purposes. It keeps others from getting into your computer while you are online and it keeps programs on your computer from calling out until you have given express permission for them to do so. If every computer connected to the internet were protected with a firewall then hackers would be denied the opportunity to disrupt this invaluable resource (see zombie bots further down). There are several firewall programs available.
Recommended: I use ZoneAlarm from http://www.zonelabs.com. It's free for personal and NFP use. There are also two more comprehensive versions available.

Precautions

Neither anti virus nor firewall programs can offer complete protection from malicious code running in HTML enabled email or on a web page. Some basic precautions can save you a lot of grief.

Email:

  1. If you are using an email program which has a preview pane (ie you can see part of the message that's highlighted in the mailbox) then turn the preview pane off. Code embedded in an email can be activated in the preview pane and your computer could be infected before you have a chance to do anything about it.
  2. Turn off the HTML enabling in the mail program if possible. Your mail may not look as pretty but it's safer. As a bonus it will make those messages from people who like to use 25pt red, bold, italicised text much less annoying.
  3. Don't click on a link in any email unless you believe the source of the email to be safe.

Attachments:

  1. If you don't know the sender then delete it (if you haven't done b) above then this applies to the email message too).
  2. If you know the sender and weren't expecting anything then ask what it is before opening.
  3. If subject line or body of the message look peculiar in any way then delete it.

Browser programs:(the browser is the program which you use to access the internet)
The subject of browser security is one that tends to get emotional for a variety of reasons. The default security in either of the major browsers leaves you open to a significant number of intrusions. On my own computers I have browser security set to the highest levels. This disables features on some websites but it keeps me safe. If I need to get something more from a site (and I have reason to believe that it's safe) then I can temporarily change the settings.

Program Updates/Patches

It used to be that very limited damage could be done by an intruder because she needed to know a lot about your computer to be effective. That changed with the widespread adoption of Windows in part because setup on computers became more standardized, because Windows is not a secure operating system, and because the computer reached the desktops of millions of users to whom security is an arcane and incomprehensible subject. Each succeeding version of Windows left us more vulnerable. The situation is expected to deteriorate rapidly on 26 December, 2001 when thousands of copies of Windows XP received as Christmas presents are installed on compromised computers ( http://grc.com/dos/winxp.htm for more info). Hackers the world over are salivating in anticipation.

The following remarks address Windows/MS Office. Microsoft is the worst offender primarily because it's the biggest target but also because of its concerted effort to integrate all of its products into the operating system with unseemly haste and without due regard for security. MS products are not the only ones with security problems, just the ones with the most problems and the most available resources to deal with them

Trying to keep MS Office patched is a daunting task as there are dozens of patches and no easy way to manage them*. I strongly recommend that all Office users visit " Woody's Office Portal" at There you can subscribe to "Office Watch" which will keep you reasonably well informed about the latest patches and updates (complete with advice as to whether the cure is worse than the problem as is frequently the case). There is also a lot of good information on making office products work better, several specific newsletters (Excel, PP etc) and a comprehensive user forum called "The Lounge".
Windows 98 and greater and IE 5.0 and greater offer the opportunity to go to Microsoft and automatically update the system. This is better than doing nothing at all but it can produce some unwanted changes.

If you are using WordPerfect there are no significant security problems. Unfortunately there is also no resource like "Woody's". Program updates are available from http://www.corel.com/

IRC Zombie/Bots

You will have heard of "Distributed Denial of Service Attacks". They have been widely if not accurately reported in the mass media and are becoming ever more frequent. The tools necessary to mount such an attack (zombie/bots) are freely available online and no great level of skill is necessary to mount such an attack. They are frequently mounted by children (see http://grc.com/dos/grcdos.htm for a detailed account of the results of a 13 year old in a tiff). What is necessary is a lot of insecure computers attached to the Internet ready to be corrupted and co-opted into the attack.

I won't go into the details here as you can find out more than you ever wanted to know at the preceding link. What follows is an excerpt from that article and a quick check to ensure that your computer is un-corrupted.
Note that a Windows IRC client program (like ICQ, MIRC) running in the PC will generate false-positive reports since these are tests for IRC client programs. So be sure to completely exit from any known IRC client programs BEFORE performing the tests.

All of the IRC Zombie/Bots open and maintain static connections to remote IRC chat servers whenever the host PC is connected to the Internet. Although it is possible for an IRC chat server to be configured to run on a port other than "6667", every instance I have seen has used the IRC default port of "6667".
Consequently, an active connection to an IRC server can be detected with the following command:

c:\windows> netstat -an | find ":6667"

Open an MS-DOS Prompt window and type the bold face command above, then press the "Enter" key. The command prompt (c:\windows>) should return. If, however, you see something like this:

c:\windows> netstat -an | find ":6667"
TCP 192.168.1.101:1026 70.13.215.89:6667 ESTABLISHED
c:\windows>
then the only question remaining is how quickly you can disconnect your PC from the Internet!

A second and equally useful test can also be performed. Since IRC servers generally require the presence of an "Ident" server on the client machine, IRC clients almost always include a local "Ident server" to keep the remote IRC server happy. Every one of the Zombie/Bots I have examined does this. Therefore, the detection of an Ident server running in your machine would be another good cause for alarm. To quickly check for an Ident server, type the following command at an MS-DOS Prompt:

c:\windows> netstat -an | find ":113 "

As before, the return of the command prompt indicates that there is no Ident server running on the default Ident port of "113". (Note the "space" after the 113 and before the closing double-quote.) If, however, you see something like this:

c:\windows> netstat -an | find ":113 "
TCP 0.0.0.0:113 0.0.0.0:0 LISTENING
c:\windows>
then it's probably time to pull the plug on your modem!
If your computer is corrupted then stay offline and get some help to clean it up. If it is not corrupted then be sure it stays that way by installing a firewall.

Resource sites

Gibson Research Corporation (It may be difficult to reach this site as it has become the subject of frequent denial of service attacks, descriptions of which can be found on the site. Note: the subject has been treated in a relatively non technical fashion but it's still techie and very long http://grc.com/default.htm )
Shields Up - test your system to see who can get in https://grc.com/x/ne.dll?bh0bkyd2
Leak Test - see if your firewall is really working http://grc.com/lt/leaktest.htm
Opt Out - find out if you have any adware robots on your machine http://grc.com/optout.htm

An article on security checks with links to other sites http://www.informationweek.com/841/langa.htm

Symantec (Norton) http://www.symantec.com/avcenter/

McAffee http://www.mcafee.com/anti-virus/default.asp?

Sans Institute (very good info but targets IT professionals so it's techie, weekly digest has virtually every known security breach and product patch available to the public. I would advise subscribing to this. The digest format allows the contents to be scanned quickly for reference to any program that you might have) http://www.sans.org/infosecFAQ/index.htm

Settings

Kill the Preview Pane:

HTML enabling in email:

Security Settings (many users will disagree with these choices but they are the safest ones)