Home | Safe Computing Guide | Computer Security Threats | Tutorials
Useful Links | Contact Us | Disclaimer and Terms & Conditions

Safe Computing Guide

Welcome to our Safe Computing Guide which provides basic computer security advice for home users and small businesses. To print this guide simply click the Print button in your web browser or contact us and we will email you a copy in Microsoft Word format or post you a printed copy.

The topics covered here are:

• Why Should I Keep My Computer Secure?
• How Can I Tell If My Computer Has Been Infected?
• What Should I Do If I Think My Computer Has Been Infected?
• Basic Computer Security Advice
• General Tips
• Email
• Instant Messaging
• Internet
• Mobile Devices (including Mobile Telephones, Smartphones and PDAs)
• Bluetooth
• Wireless Networking
• Hard Drive Disposal
• Microsoft Office Documents
• Top 5 Computer Security Misconceptions

Why Should I Keep My Computer Secure?

Today’s viruses, worms and Trojan Horses are much different from the viruses of old which often only caused mild annoyance.

The purpose of many of these security threats today is to allow a hacker to gain access to your computer. The hacker can then:

• Gather your personal and business information such as passwords for accessing your bank account on-line, credit card details (when you enter them into a web page), business accounts, etc.
• Use your Internet connection to spread spam.
• Use your computer for other malicious purposes.

Many computers today have been compromised in this way and their owners are not even aware of it. The problem is so widespread that hackers, aided by the proliferation of Broadband, even hire out "networks" of compromised computers for relaying spam!

How Can I Tell If My Computer Has Been Infected?

If you have an Internet Security program suite such as Norton Internet Security installed on your computer, you should make sure that it is working and up-to-date and then use it to scan your computer for viruses and Spyware. If you have separate anti-virus and anti-Spyware software you should do the same with both these programs.

If you don’t have any up-to-date, working security software installed on your computer but you do have Internet access, you can use an on-line virus scanner. You can try the on-line scanner provided by Symantec (the makers of Norton software) by going to securityresponse.symantec.com/avcenter/ and clicking the Check For Security Risks link.

If you don’t have any up-to-date, working security software and you don’t have reliable Internet access, one or more of these symptoms may indicate that your computer has been infected or compromised:

• Your computer generates one or more errors when it starts up.
• Your computer is very sluggish.
• You can’t update your security software or access certain web sites.
• Your Internet connection is very active when you are not doing anything on the Internet.
• Strange pictures have appeared on your computer desktop.
• When you are browsing the Internet you are continually directed to pages you have not chosen to go to.

In our experience, around 75% of computer problems are caused by virus infections or other computer security issues.

What Should I Do If I Think My Computer Has Been Infected?

If you think your computer may have been infected or compromised, or if you try to remove viruses or other threats from your computer but it is continually getting re-infected:

• Do not use your computer to access bank accounts on-line, to buy anything on-line or to access any on-line accounts that contain your bank account details, credit card details, or any other personal information.
• Disconnect your computer from the Internet or network.
• Shut your computer down.
• Seek professional help (you can contact us for advice).

Basic Computer Security Advice

There are 3 basic steps to keeping your computer safe:

1. Install an Internet Security program suite, e.g. Norton Internet Security, that contains anti-virus, Spyware and firewall protection. (See our Useful Links page for details of where to buy Internet Security suites.)
2. Check for updates for your Internet Security suite every day before you surf the Internet or download email. (To see how to do this view our tutorial.)
3. Check for Microsoft Windows critical updates manually if you have turned off Windows Automatic Updates or if you don’t have broadband. (To check for Windows updates open Internet Explorer, click the Tools menu and then click Windows Update.) You should do this manual check at least once a month.

Following these tips will also help keep your computer secure:

General Tips

1. Use your anti-virus software to scan your computer for viruses weekly. Most anti-virus software will allow you to schedule weekly scans that will run automatically. (If your computer misses its weekly scan, do a manual scan yourself as soon as possible thereafter.)
2. If you have separate Spyware and Adware protection software scan weekly with these programs as well.
3. Take regular backups of your important files. As a general rule of thumb, the more important the information is and the more frequently it changes or is added to, the more frequent should be the backups.
4. Never use a computer to access any web site that has your credit card or bank account details unless you know for sure that the computer you intend to use is completely virus free.
5. Regularly review your credit card and bank statements.

If you are unsure or would like further advice on anything in this guide you can contact us.

Email

1. Never open any email attachment unless you are expecting it and you know what it contains. If you are unsure, contact the sender by e-mail, text, phone or some other method to confirm that what they sent was not a virus.
2. Never click on a link in an email message unless you are expecting it and you are 100% sure of its authenticity. If you are unsure, contact the sender by e-mail, text, phone or some other method to confirm that they sent it to you. Clicking on a link to a web site, amusing video clip, etc can install a Trojan Horse on your computer.
3. Never run any program that is emailed to you, no matter who has sent it to you. "Free" screen savers and games are used to infect computers with viruses, Trojan Horses, Spyware, etc. These screen savers and games can work perfectly well and the infection that they carry may not become obvious for months.
4. Beware of email scams and hoaxes - they come in many forms but you should never respond to any of them. Some pretend to be from your bank or other organization and ask you to click on the link in the email and re-enter your account information, including your PIN or credit card details. Clicking the link takes you to a web site that will look like your bank or other organizations web site but is designed to capture your account details. These details are then used to empty your bank account or charge items to your credit card. Other hoaxes purport to be from Microsoft and request that you click a link in the email to update your security protection. When the link is clicked a Trojan Horse is downloaded on to your computer and installs itself. Remember, reputable organisations like banks, Internet service providers, Ebay, etc who hold details of your bank account or credit card will never email you to ask you to re-enter your account details. And Microsoft never send emails about security updates.

Instant Messaging

1. Be careful downloading files in Instant Messaging (IM) programs such as MSN Messenger and Yahoo! Messenger. Never open, accept, or download a file in IM from someone you don’t know. If the file comes from someone you do know, don’t open it unless you know what the file is and you were expecting it. Contact the sender by e-mail, text, phone or some other method to confirm that what they sent was not a virus.
2. Block messages from anyone not already in your contact/buddy list to prevent spim, the IM equivalent of spam, which is increasingly being used to propagate phishing scams.
3. Never click on a link in IM unless you are expecting it and you are 100% sure of its authenticity. If you are unsure, contact the sender by e-mail, text, phone or some other method to confirm that they sent it to you. Clicking on a link to a web site, amusing video clip, etc can install a Trojan Horse on your computer.
4. Links in away messages can be used by IM worms so it is advisable not to click them.
5. Make sure that you use the most up-to-date version of your IM program so that your computer is better protected.

Internet

1. Be suspicious of every web site that isn’t well known to you. Does the web site address or web site name seem suspicious? Does the site look right? Does it feel right? Things to look out for include predominantly black or very dark coloured web sites, text styles that don’t seem right, information that seems to serve no particular purpose or that doesn’t tie in with the purpose of the site, and so on. If you feel at all uneasy about a web site, leave it immediately by clicking the Back button on your web browser or by closing your web browser.
2. Don’t click on any link that you feel uneasy about or that seems to have no plausible purpose.
3. If you are asked to download and install any Applet, ActiveX Control or anything else, don’t do it! Click the Cancel button or go to another web page immediately.

The four Internet related activities that are almost guaranteed to get your computer infected are music downloading, file sharing, playing on-line games and going to men’s sites. Here are our tips:

Music Downloading and File Sharing – Use well known sites such as iTunes, MSN Music, etc for your music downloads. Don’t download any music software or player that is not from a well-known company. If you see a site advertising unlimited free music beware! The only way to get an unlimited supply of free music is to file share and every computer we have examined that has been used for file sharing has been so riddled with viruses, Trojan Horses, etc that it has greatly degraded the performance of the machine.

On-Line Games – We have seen a lot of cases of computers that have been infected by downloading and installing ActiveX Controls, Java Applets or other software for playing on-line games. We therefore urge extreme caution when downloading anything to play on-line games. Is it worth the risk?

Men’s Sites – Even while you are in the most innocent Men’s portal you can be one click away from a site that asks you to download and install something. And very often that something will turn out to include something nasty. If you are asked to download and install any Applet, ActiveX Control or anything else, don’t do it!

Mobile Devices (including Mobile Telephones, Smartphones and PDAs)

Currently, smartphones using the Symbian operating environment and PDAs with the Windows CE or Palm operating systems are the main targets for these viruses. They are spread by messages sent via Bluetooth or MMS, within programs and games downloaded via MMS or from the Internet, and by infected emails.

Don’t make the mistake of ignoring the existence of these viruses and forgetting about basic security guidelines. They can cause significant damage and inconvenience, e.g. one virus, called Commwarrior, can run up your telephone bill as it attempts to spread by MMS.

Preventative measures that can be taken include:

1. Don’t open suspicious or unsolicited messages.
2. Only download programs and games from the official websites.
3. Use anti-virus software that has been specifically designed for mobile phones or PDAs.
4. Review the Bluetooth section below for Bluetooth security measures.

Bluetooth

1. Consider disabling Bluetooth if you don’t use it.
2. Turn off your Bluetooth enabled device when it is not with you. Thieves are now using Bluetooth technology to scan parked cars for mobile phones, laptops, etc.
3. Consider setting your Bluetooth device to undiscoverable mode which will still allow you to keep your headset connection while not broadcasting your presence. This helps protect against virus transmission and will also protect you from Bluesnarfing.

Wireless Networking

Security problems can arise with wireless enabled devices when they are configured to seek out and connect automatically to any wireless base station, leaving them open to attack and infection.

To help secure a wireless enabled device:

1. Consider disabling your wireless card if you don’t use it.
2. Ensure that your wireless card is not configured to seek out and connect automatically to unknown wireless base stations.

Security problems can also arise when home or small business wireless networks are installed but not secured. If the precautions listed below are not taken, anyone with a wireless device within range of an unsecured wireless base station or wireless Router could connect to the wireless base station/Router and access the other computers connected to it, use the Broadband Internet bandwidth and even re-configure the wireless base station/Router. Additionally, if wireless network traffic is not encrypted the base station/Router can be subject to eavesdropping.

To help secure a wireless base station or Router:

1. Change the manufacturer’s standard login information and Wireless Network Name (SSID).
2. Set up a Wireless Access List restricting the list of computers able to connect to the network to your own computers.
3. Encrypt the network traffic with at least WEP (Wired Equivalent Privacy) encryption and preferably WPA-PSK (Wi-Fi Protected Access Pre-Shared Key) encryption to ensure a better level of protection.

Hard Drive Disposal

In its 14th August 2006 episode the BBC's Real Story highlighted the fact that the bank account details of thousands of Britons are being sold in Africa for less than £20. Old computers taken to local council waste disposal sites are often sent to Africa where the hard drive can be removed and sold. The people who purchase these hard drives can then access the information on them, even if they have been wiped.

Real Story bought 17 hard drives from Nigeria at £15 each and, using a computer expert, found the owners' addresses, bank account numbers, sort codes, passwords and other highly confidential information.

To dispose of your old computer hard drive securely you can use one of these alternative methods:

• Use commercial erasing software to completely erase your hard drive. The best hard drive erasing software is based on Peter Gutmann's algorithm and/or the U.S. DoD's method.
• Pay a computer professional to securely erase your hard drive.
• Sign-up for a recycling service run by your hard drive or PC manufacturer.

Microsoft Office Documents

The average Microsoft Word, Excel, etc document includes hidden metadata with details of who created it, who has worked on it, when it has been amended and quite possibly the text of all those changes as well. Viewing a Word document in a text editor can reveal the metadata in plain text at the start and finish of the document.

You can download the Microsoft Hidden Data tool, by searching at www.microsoft.com for rhdtool.exe, to remove the metadata from your Microsoft Office 2003 documents.

Top 5 Computer Security Misconceptions

Think your computer is secure? Read Symantec’s Top 5 Computer Security Misconceptions.

Home | Safe Computing Guide | Computer Security Threats | Tutorials
Useful Links | Contact Us | Disclaimer and Terms & Conditions

©2007 Computer-Security.Org.UK - All Rights Reserved