Reader note: Links to download all the programs mentioned here can be found on this page.
First, we have to recognize that every version of the Microsoft Windows operating system is inherently insecure. Later versions are slightly less insecure, but the basic design is still loaded with openings that invite nasty things to happen. This is because it is one of the most convenient systems to use. Convenience and security are generally opposites in most things we do in life. For example, chances are, even in your own driveway you lock your auto at night and take the keys. It's a minor inconvenience, but the risk of theft has become quite high over the past few decades.
So it is with personal computers. In their original design, they never connected to anything but printers, for example. When the Internet became popular, the people at Microsoft predicted it was just a passing fad. This was about the time the first popular version of Windows was coming out. There was nothing in Windows 3.1 enable easy Internet connections. Folks who wrote software programs found ways to make Windows work with the Internet and it turned out to be quite a bit more than a passing fad.
In it's infancy, the Internet was all about simply getting computers all over the world to communicate reliably. There were a few pranks, but the original users had no intention of doing damage to other computers; they wanted to share information. Security hardly a concern. So both the Internet and the most popular PC operating system were inherently insecure. No one could have imagined the criminal element that today tries to control every computer connected to the Internet. It's not just some kid playing geeky games anymore -- the number one threat on the Internet comes from major criminal organizations seeking ways to take more money, and the second greatest threat comes from governments that want to control the whole thing.
We can't do much about governments, but we can do some things to prevent most criminal attacks. The main threats to your Windows PC are:
Windows was written to be convenient and easy to use. The only way to do that very well was to make everything wide open. In the old days, MS-DOS was a little complicated, but as open as any computer operating system could be. Windows 3.1 ran on top of DOS, and the next three versions of Windows never really left it behind. It was designed primarily to make your life easy and productive, with Internet use secondary. In the old days when only colleges and government could afford to run the huge hulking mainframe computers, there had to be a way of making them usable to lots of people without letting one person ruin things for another. Each user had to logon and could only do certain things allowed by the administrator. That administrator could do anything with any part of the system. When you run Windows up and including Windows ME, you are running as the administrator. It was not really designed to keep users from having any access to things that could make trouble. All the software written for Windows assumes you have that power, and won't work well without it. Even today with Windows XP, too many programs require administrator rights to work properly.
If someone slips in a nasty and harmful program, it will run with whatever power and rights that user has. If you are running as the administrator, that program can wipe your whole system, or do other kinds of damage. The greatest source of danger from sneaky, hidden programs is entertainment. If you like lots of games, screensavers, and other cool multi-media stuff, expect your computer to have lots of trouble. The people who offer all this stuff free or cheaply do so because someone pays them sneak in some nasty software that won't do good things for you. The second greatest danger source is e-mail, as you probably know. Too many e-mail programs just assume you want to run everything that comes attached to your e-mail messages. The third danger source is the Internet connection itself. Let's look at things you can do to prevent these threats.
Before you connect your Windows PC to the Internet, there are two things you absolutely must have for security: and anti-virus (AV) program and a firewall. By now, it's a rare computer user who hasn't heard about anti-virus software. Way back in the days of DOS, it was already a problem. You need to run software that does nothing but keep an eye on the parts of your system that get changed when a computer virus invades. The AV program keeps a list of known virus types and looks for them, prepared to stop them from working, making changes, and sometimes simply blocks it from even coming onto your system. There are several companies offering this software for a decent price, some for a high price, but a surprisingly large number offer it for free. I recommend Grisoft's AVG Free Edition. For older, less powerful systems, you might consider F-Prot, which runs as a tiny DOS program in the background. Both are frequently updated with new virus definitions, and are about as good as anything else you can get, free or otherwise. That takes care of threat #1 above.
Still before you connect to the Internet, you need a firewall. This takes care of threat #2. The hardware of a computer is prepared to talk to other computers over some 65,000 channels or "ports" depending on what sort of communication it is. Each of these ports is designated for a specific form of communication (a "protocol") such as passing e-mail (port 25), asking for and reading webpages (port 80) and so forth. The problem is that Windows computers are designed to listen on all 65,000 channels and not keep anything out. A firewall is software that tells Windows not to listen on those ports, to "close" them and ignore any signal that wasn't already expected, such as a response to a signal you sent out. Otherwise, another computer can simply slip in a signal you don't even notice and simply take over control of your computer. The best firewall for Windows has a free version: ZoneAlarm.
To deal with #3, we have to have some more software. Some cheap game packages will have secret programs "bundled" in that get installed with the games. This includes games you buy at a store, and games you download from Internet sites. These programs often do nothing more than make sure you see all sorts of advertising you really don't want. Do I have to explain advertisers don't care what you want; they only care what they can manipulate you into buying? When these advertisements are being displayed on your computer, they take up power and resources. They also can get in the way when you go online, by hogging the connection and downloading all sorts of more advertisements, opening popup windows, etc. We call these programs "adware." Some are really nasty, because they keep a secret log of everything you do, everywhere you go on the Internet, all the ads displayed on various webpages, etc. Then it sends that information back "home" to whoever wrote the little background program. We call these "spyware." Some are really criminal, and keep a record of all the keystrokes you make, especially to capture your passwords and such. If you install good spyware checkers like SpyBot Seach & Destroy and AdAware, they will find most of this junk and allow you to delete it. If some game you bought won't work without the spyware, take it back and demand a refund. It's bad enough that the later versions of Windows "phone home" without your permission; you don't need a bunch of crooks snooping on your computer habits.
Another way to block viruses and spyware is to avoid using the built-in web browser and e-mail software. I've already mentioned both are designed to make life convenient, and are likely to leave you open to every threat out there. Sadly, most people just can't resist the temptation to use Internet Explorer, because it allows all that cool multimedia Internet stuff. If your computer is really important, you'll have to get over it. I recommend Mozilla, or its cousins FireFox browser and Thunderbird e-mail. I wrote a guide to installing and configuring Mozilla, and most of the instructions apply to the other two programs. If you want to spend a little money, you can get the Opera browser, which is a much smaller package, is a little faster, and is probably a little bit more secure. It costs around $40 (US currency) to get rid of the little advertising box that is built into the browser window-frame. Otherwise, the free version works just the same.
Problem #4 is mostly a problem for parents whose kids are still home. If you are running any version of Windows before Windows 2000, there's not much you can do. Windows 2000 and Windows XP have a way for educated computer owners to create accounts for other users without a lot of power to mess things up. While Windows 95, 98 and ME have ways to create user accounts, they just do not have the structure to enforce login permissions completely, because there are too many ways a sharp kid can get around it. Unless you have really tight control over how others use your PC, do not rely on these older versions of Windows. In fact, even with all the protective software installed that have been mentioned, these versions of Windows are still likely to have some vulnerabilities that allow some kinds of attacks to succeed.
For that reason, I highly recommend folks learn how to run some version of Linux or Unix, especially on older machines, because they are much less vulnerable to any of these threats. For example, there are now some 80,000 known viruses that run on Windows, but only a paltry 60 or so that run on Linux (mostly obsolete), and a mere 6 that run on Unix. Since almost everybody out there is running Windows, almost no one bothers to send out viruses for Linux or Unix. Oh, and firewalls are actually built into Linux and Unix, and there's no spyware that works on them.
Ed Hurst
13 May 2005
COPYRIGHT NOTICE: People of honor need no copyright laws; they are only too happy to give credit where credit is due. Others will ignore copyright laws whenever they please. If you are of the latter, please note what Moses said about dishonorable behavior -- "be sure your sin will find you out" (Numbers 32:23)