UCLA: Securing Your Windows PC






Once connected to the Internet your computer is subject to attack in a variety of forms: worms, viruses, trojan horses, e-mail spam, annoying pop-up messages, spyware and adware. Such attacks might mean disaster to your programs and data or subject your personal identity to theft by others. This guide can help you avoid internet-related catastrophe and keep your computer and your data secure.
Apply Microsoft security patches

Use the Microsoft update Web site to apply security patches: windowsupdate.microsoft.com. Configure your PC to use the built-in Automatic Update feature which will apply the patches for you. Beware of fake updates, Microsoft does not send security patches via e-mail.

Use anti-virus software

A virus is a piece of computer code that attaches itself to a program or file so it can spread from computer to computer, infecting as it travels. UCLA offers Sophos Anti-Virus software for free until 2007. It can be downloaded from UCLA Software Central at www.ats.ucla.edu/software. You can also use commercial anti-virus software such as Norton or McAfee. Make sure to update your computer with the most recent virus definition list which has the latest information on new viruses.

Use a personal firewall

A firewall blocks unwanted access to your computer. Use Windows XP's built-in firewall. This is the recommended strategy. Zone Alarm (www.zonealarm.com) is a commercial product that provides industrial-strength protection. Or, a hardware option is a DSL or cable router with built-in network address translation (NAT) that acts as an impenetrable firewall. This masks your computer’s identity from outside probing and obviates the need for a software firewall solution.
Install a spyware or trojan scanner

Spyware is malicious software that sends data back to a third party without asking the user. Adware is any software application in which advertising banners are displayed while the program is running. A trojan is malicious software that is installed by a hacker so that the hacker can remotely control your PC. The following software should be used if your computer starts acting strange, such as your homepage has been hijacked or there is an increase in the amount of pop-up advertisements. Lavasoft's Ad-aware (www.lavasoftusa.com) offers a free version that detects and removes spyware. Spybot (www.safer-networking.org) is a freeware version that detects and removes spyware. The Cleaner (www.moosoft.com/products/cleaner) offers a trial version on a comprehensive system of software that detects and removes trojans, worms, adware, and spyware. The Cleaner can be used when your PC has been hijacked by hackers. Spyware and adware are often installed through Internet Explorer ActiveX components which give Web sites access to your hard drive. In Internet Explorer, disable ActiveX or set it to ask for your permission to activate ActiveX should a Web site make a request. In that case, you should decide whether or not that Web site is considered "safe."

Avoid spam and dangerous e-mail attachments

Spam is unsolicited e-mail advertisements—basically junk mail. It accounts for 83% of all US e-mail. Use the built-in spam filtering feature in your e-mail software. Don't open unknown e-mail attachments which can be hiding viruses or trojans. Be aware of phishing, messages that seem legitimate but are actually intent on gathering personal information to be used for identity theft. Everyone receives sales pitches, chain letters, dire warnings, and get rich quick schemes in their inbox. They should be deleted since they are actually internet hoaxes, urban legends, or scams.

Security tips

Select a strong password that is difficult to guess. The password should be at least 8 characters in length. The password can be strengthened by including special characters (!@#$%*) and numbers. Do not use easy-to-guess words such as "123456", "abcdef", "password", "secret", or "starwars." Avoid using personal information: daughter’s name, hobbies, pets, phone number, first name, last name, or usernames as the password. Turn off your computer when not in use, so that hackers have less opportunity to attack your PC. Update your computer software frequently to stay secure. Do not store personal data on your home PC. If possible, do not store your social security number and bank account information. If this type of personal data is stolen, it would permit the hacker to carry out identity theft and open credit cards in your name. Make regular backups of critical data. Data can be burned onto a CD for storage. Keep your original system CD's so you can reinstall the operating system, if necessary. Reference: UCLA icompass Web site (www.icompass.ucla.edu/seminars/seminar_2004_02_recap.htm)