• The Importance of Good Backups for Your Data

• Avoiding Malware
  • Switch to a Different Browser
  • Switch to a Different Email Client
  • The Importance of Firewalls
  • Spyware Tools
  • Browser Popups
  • Antivirus Programs
  • Windows Patches
  • Monitor Your Startup Programs

• Practice Safe Computing

• Don't Fall for Hoaxes

• A Few Words About Passwords

• SPAM

The number one thing you must learn to do is back up any valuable data on your computer. You may think that your computer itself would be painful and expensive to lose if its hardware fails, if it gets lost or stolen, or if it gets destroyed in a fire. The cost to replace your computer will be a fraction of the pain, time, and expense it will cost you to recreate your valuable data.

There are many ways to backup your data. The best method for you depends on how much data you need to protect. In increasing order of the amount of data that needs to be protected, I recommend floppy disks, CDRom, DVD, external hard disk, or high capacity tape drive. Whatever method you choose, store the backup physically separate from the computer (backups do no good if they burn up along with the computer). If you have an office, keep your backup copy of your home computer at your office.

The frequency with which you make backup copies depends upon how often you update your critical data and how much data you can stand to lose. I backup my data daily.

Practicing techniques to avoid malware is no substitute for having backups, but nonetheless are extremely useful. In no particular order, here are a number of tips that I recommend:

If you don't mind switching to a different browser, I believe you will have far fewer problems if you do not run Internet Explorer. Many of the malware exploits work only on IE. The recent Firefox release is excellent, and the transition from IE to Firefox is made quite painless because Firefox imports all of your IE favorites. Firefox is available (for free) from

Microsoft Outlook (and Outlook Express) are by far the dominant email clients in use. Naturally, hackers who want to write exploits for an email client will focus on Outlook. Unless you are wedded to Outlook you can prevent most of these attacks by using a different email client. I have used (and recommend) Eudora for many years. Eudora is available in a free (advertising supported, but the advertisements are not very intrusive) version from :

If you decide you like Eudora but don't want to put up with the advertising, there is a Paid Mode that gets rid of it.

The same people who make the Firefox browser have also recently introduced an email client. I haven't tried it so I can't personally vouch for it, but it has received good reviews. It is called Thunderbird, and it is available at:

http://www.mozilla.org/products/thunderbird

If you have a broadband (always on DSL or cable) connection, a firewall is an absolute must. Firewalls prevent unsolicited data from entering your computer - that is, a hacker is prevented from accessing your machine. There are two kinds of firewalls - external hardware firewalls and internal software firewalls. Firewalls are so important that I run both a hardware and a software firewall simultaneously.

If you have to choose only one, I much prefer hardware firewalls and recommend them - the Netgear FR114P has worked well when I have recommended it. (Some hardware firewalls also function as a wireless access point - if you need wireless for your application the FR114P is not for you.) The key features to look for in a hardware firewall are Network Address Translation (NAT) and Stateful Packet Inspection (SPI). Look on the side of the box you are considering purchasing and it will tell you whether it supports both NAT and SPI. Low end firewalls frequently do not have SPI - avoid them. A good hardware firewall is available these days for under $100.

An excellent software firewall is Zone Labs' ZoneAlarm. A free version is available at

ZoneAlarm can be a little geeky to setup. Perhaps you have a computer-literate friend who can help you. ZoneAlarm Pro ($49.95 plus yearly updates) will hold your hand a little more.

If you have a dial-up connection, then I strongly recommend that you install a software firewall.

You can avoid a lot of spyware by not using Internet Explorer and by being careful about what you click on. If you are visiting a website and you get a popup box that asks if it can install something the answer you want is most probably NO. However, it is inevitable that some spyware will creep into your machine. Much of it is fairly innocuous and will do little harm other than stealing a few CPU cycles now and then.

If you think that spyware has been installed on your system, one of the first things you can do is go to your Control Panel and use Add/Remove Programs to check if anything suspicious has been installed. If you don't recognize the name of something that has been installed try going to www.google.com and typing the name in the search box. You may be able to find out if the program is something useful or is spyware. If it turns out to be spyware, uninstall it.

At least once per week you should run a spyware cleanup program. There is a very capable program named Spybot Search & Destroy. Like many of the tools I recommend, it is free. Download it from:

Some people really like a different spyware cleanup program named Ad-Aware. I have had better results with Spybot - I find it runs faster and finds more spyware. However, those are things that can change from release to release. A free version of Lavasoft's Ad-Aware is available at:

http://www.lavasoftusa.com/support/download

Microsoft has recently jumped into the game with their spyware program. It's currently in beta release. I have not tried it, and philosophically I prefer a non-Microsoft product to guard against spyware. Otherwise it's too much like the fox guarding the henhouse. If you want to try it, it's a free download at:

http://www.microsoft.com

Spyware cleanup programs are after-the-fact tools - they get rid of junk that accumulates. To prevent some spyware and browser hijacks (programs that change the way your browser operates) in real time there are two excellent free programs available. The first is called Spyware Guard, and the second is called BHO Demon. Spyware Guard seems to be a little better at blocking hijacks while BHO Demon is better at reporting what hijacks may already be present. I run them both simultaneously. You can download them at:

To prevent all of those annoying browser popup windows modern browsers can be configured through their preferences to stop popups. Either use this feature or install a separate popup blocker. My favorite popup blocker (Popup Killer) has, alas, been discontinued.

Viruses are different from spyware. Even if you have good protection against spyware, viruses can still get in. Viruses are among the most destructive things to inhabit your computer. It is absolutely essential that you have good virus protection. You might be able to get away without having spyware protection, but it is inevitable that you will have a serious problem if you do not install and run antivirus software.

In my opinion, there are no free antivirus programs to recommend. I think that Norton AntiVirus is the cream of the crop, and I recommend it to everyone who asks. If you prefer another antivirus vendor, such as McAfee, by all means buy their software but make sure you USE IT!

Norton AntiVirus sometimes comes bundled with a firewall (Norton Internet Security). I prefer the free ZoneAlarm listed above. Norton AntiVirus also comes bundled with some other tools in a package called Norton SystemWorks. I use some of the SystemWorks so I buy that package, but the standalone Norton AntiVirus is probably sufficent for you. It is available at your local computer retailer or at:

Make sure you keep current on the Windows security patches available from Microsoft. Novice computer users are probably best off configuring Windows to automatically install packages. More seasoned users should at least configure their computers so that they receive notifications automatically when a patch is present. Windows Update can be started manually from the Start Menu. If for some reason you are unable to find out how to start Windows Update, you can click on this link:

Unfortunately, Windows Update requires that you are running Internet Explorer when you access it using the link above. So even if you decide to switch to a different browser (see the hint above), you still have to have IE around if you want to run Windows Update manually.

Make sure you have an antivirus program running when you are downloading these patches! There has been at least one case of a Microsoft patch containing a virus.

Many programs try to install something on your machine to be run everytime you restart the machine. This may be something you don't want run! There is a very nice (and free) program called Startup Monitor that does one thing and one thing well. It watches for attempts to install a program to run at startup, notifies you if that happens, and asks you if you want to allow it. If you say no, it blocks it. Get it here:

Even if you install all of the security measures above, you still won't be safe if you do stupid things. Here are a few recommendations for safe computing:

1. Never click on email attachments or links present in emails unless you are absolutely sure it is safe to do so. Do not trust attachments or links from your friends unless you are confident that your friends are computer literate enough not to send you anything problematic.
2. Don't run file sharing programs such as KaZaa. You may think they're neat, but they are an open invitation for trouble.
3. Never reply to spam, especially never use those links that say something like "to stop receiving this email, click here". All "click here" does is confirm to the sender that you have a valid email address so he can continue to spam you.
4. Lately there has been an epidemic of email of a type known as "phishing". These emails look like they come from banks, eBay, PayPal, or some such similar entity with which you may have an account. (If you don't have an account, it's pretty much guaranteed to be a phish.) They ask you to confirm identity information. Although the web sites they take you to look very much like the real thing, they are not - they are all methods for stealing your identity. Be extremely careful responding to this kind of email. I would never click on any such links - if I thought the account problem was legitimate I would contact the vendor through some known good method (like a phone call) and check it out. One thing you can do to check phishing email is to hold your mouse over the link to be clicked without actually clicking - your email client should show you the Internet name or address that the link refers to. If the name is not exactly the same as what you would expect, or if the name is just four numbers separated by periods, this is a sure sign of a phish.

No doubt you have received an email that tells you never to click on an attachment of a particular name. Sometimes these emails tell you to check for a particular file on your system to see if you are infected, and if so to delete that file. Unfortunately, many of these emails are hoaxes and if you delete the file you are actually deleting a good file that your computer may need. Before you follow the instructions received in any email like this, make sure you check if it is a hoax. You can check for hoaxes at several sites on the Internet. Here are a couple:

You can find more sites at which you can check up on hoaxes by going to www.google.com and typing "email hoax" into the search bar. If you suspect you have a hoax, you might want to see if you can verify it at more than one site so that you aren't fooled by a "hoax the hoaxers" site. I believe the above links to be accurate, though.

Do check whether that email you just received is a hoax before you forward it to everybody in your address book and create more problems!

If you follow the recommendations above to protect yourself against viruses and spyware, then you should always hear about a potential problem from your protection software long before someone else emails you a warning about it. In all likelihood you can simply ignore any such warnings.

Picking a weak password is inviting hackers to steal your information. Weak passwords include words in the dictionary, the name of your pet, your birthday, and other information that is easily guessable. Other people have written lengthy essays about how to choose a good password. Instead of writing another essay here, I'll just refer you to a good one at:

Eric Wolfram's Writing: How to Pick a Safe Password

More advanced computer users may wish to investigate using PassPhrases instead of PassWords. A PassPhrase is what it sounds like - a much longer phrase used as a password instead of the traditional short password. A good article on PassPhrases can be found at:

Diceware Passphrase Home Page

It's also a bad idea to use the same password or passphrase for all of the logins on the many websites that require you to remember a login. So, how are you going to keep track of all the passwords you have? Both Internet Explorer and Firefox browsers will optionally remember passwords for you. If you would like a heavier duty tool, one that will allow you to fill out forms including such data as credit card numbers securely, I use and recommend RoboForm. There is a free version of RoboForm that you can try, but it is limited in amount of information it will remember for you. RoboForm can be found at:

RoboForm Home Page

Spam comes last because it is in a little bit different category than the other issues on this page. Spam is not dangerous, it's just a doggone nuisance.

Modern email clients are beginning to include antispam features. I recommend that you explore your client's antispam feature before considering other solutions.

If you want to use a spam filtering program external to your email client, I recommend the excellent SpamPal program. SpamPal will work with any POP3 email client. That should cover just about everybody except perhaps AOL or HotMail clients (perhaps the newer AOL or HotMail clients use POP3 - if anyone knows for sure, drop me a line). SpamPal is available (for free) at:

http://www.spampal.org

The following people have given me feedback that has improved this web page: Aaron Spindel, Stuart Liss.