Home PC Firewall Guide

A personal computer connected to the Internet without a firewall can be hijacked and added to an Internet outlaw's botnet in just a few minutes.

A firewall can block malware that could otherwise scan your computer for vulnerabilities and then try to break in at a weak point. The only way to make a home computer 100% secure is to turn it off or disconnect it from the Internet. 

The real issue is how to make one 99.9% secure when it is connected. At a minimum, home computers need to have personal firewall and anti-malware software installed and kept up-to-date to find and remove viruses, spyware, Trojans and other malware. A home network that uses a wired or wireless router with firewall features provides additional protection.

Utilising your computer to threaten websites

Some viruses allow your computer to be controlled in order to create a DDOS attack. This is where a website (or even a country's whole domain e.g. Estonia's .ee domain) is closed down due to simulated use by billions of simulataneous users. This can be for political reasons, ransom, to close down competitor sites or just for 'sport'.

Many of the people whose computers cause this are unaware it's happening, as viruses are controlling their web connections. This site was hit by just such a DDOS attack, the irony being some of the people who were denied access for three days could've been contributing to the closure themselves with hidden viruses on their system.

Only download software from trusted websites

If you're looking for a piece of software, find out who makes it first and then go to its site to get it.

For smaller free/shareware programs, try using big sites rather than just getting them from anywhere that shows up. If you're using torrents, avoid .exe files wherever possible, and if you must tempt fate, make sure they're thoroughly scanned first.

Don't open unknown email attachments

The majority of web crime still happens via email, so be on guard when checking yours. Don't open any attachments you're not expecting, or click any random links you find in the text (see the Phishing article).

If you're unsure of a site's veracity, whack the link into Google and see what comes up; it may be listed as a bad 'un.

Switch off your computer

Switching your computer off when you aren't using it doesn't just save energy, it stops others accessing it while you're away. At the very least you should disconnect your broadband when you don't need the web.

While your PC's on and after you've been browsing is a prime time for malware attacks, so this is a good preventative measure.

Protect your online

With more and more of us using the web to bank online and do other sensitive things, coming up with solid passwords is more important than ever.

It may seem obvious, but don't use the same login for lots of sites, because then if one falls into the wrong hands, your whole online life is up for grabs. 

It's a nightmare to remember lots of different ones, so a good idea's to take one and just add a few letters to it related specifically to each site you're logging into. Also, ensure you frequently change your passwords.

Keep your software up to date

These days most computers come with a decent level of protection off the shelf, yet since threats change daily, it's imperative you keep it up to date or else it's useless. 

Windows users can grab updates from Microsoft's dedicated website, but it's easier to set your computer to download them automatically - just go to Control Panel and click the 'System' icon, then go to the Automatic Updates section where you can toggle the latter on or off. 

The same goes for dedicated anti-virus software (see the top free protection below); keep it up to date, and do a full system scan once a week.

Users of Apple Macs (and Linux) have slightly less to worry about in terms of viruses, as there still aren't so many floating about for them. Nonetheless, it's still recommended that Mac users grab anti-virus software too.

Protect Your PC

Your home is your castle, and your virtual home--your PC--should feel just as secure. However, protecting both requires vigilance against a multitude of intruders ranging from the merely annoying to the truly dangerous. 

Just as you must guard against miscreants breaking into your house or office to vandalize and plunder it, you must repel viruses and hackers trying to slip into your PC to wreak havoc and filch valuable personal or company data. And just as telemarketers can disturb your dinner, stealthware-laden downloads and endless spam e-mail can ruin your appetite for going online.

You can protect your PC as you do your home or office, with a combination of strategy and the right tools. In this article we report on the dangers threatening your system and recap the results of our extensive performance testing and hands-on evaluations. 

Our findings will help you choose the best utilities for your PC-protection tool kit: antivirus, firewall, and antistealthware programs that lock out intruders; and antispam software and services that deflect the slings and arrows of outrageous e-mail marketing tactics.

BlackICE PC Protection

IBM Internet Security Systems has announced the End of Life for BlackICE PC Protection (formerly known as BlackICE Defender) and BlackICE Server Protection (formerly known as BlackICE Defender for Server). The End of Sale date for these products is September 19, 2007. You will not be able to purchase BlackICE products after this date. We will update and support BlackICE products until September 29, 2008. These products will not be supported after September 29th, 2008.

BlackICE PC Protection by Internet Security Systems prevents intruders from accessing your computer, and that's the main job for a firewall. BlackICE PC Protection lacks the extra features that our top-ranked products offer; these give you added protection from Trojans, adware and intrusive cookies (data stored on your computer by websites you visit).

Firewall Features: 

BlackICE PC Protection has some unique features, including the ability to block or trust a visitor. This tool allows you to block for an hour, a day, a month or forever—we liked the flexibility this offered.

BlackICE has some powerful filtering features. You can specify the exact type and duration for each rule you create and you can make these rules specific to a given port on your computer. Without getting into much networking terminology, you can block a certain kind of message from entering or exiting a given location on your computer. This tool helps you fine tune your filtering. You can also turn application control and communication control on or off.

With BlackICE PC Protection, you can customize your firewall to record all of your computer's interactions. But to use these records (logs) to track data to its origin you'll need to buy trace file decoding software.

Additional Security Features: 

The BlackICE screen is not as simple to use as screens in other firewalls. BlackICE PC Protection has a good control panel and a useful history screen that lists past events and network traffic, but improvements would help push this firewall higher in the rankings.

Ease of Use: 

BlackICE PC Protection's installation takes longer than other products. First, you must decide whether to install the firewall with the AP (Application Protection) on or off. Installing with AP on adds an extra 10 to 20 minutes to your install time, but installing with AP off is simple and fast. However, you will not have application protection until you turn AP on, so be certain to add this after you install.

PC Security Shield

PC Security Shield’s antivirus function is powered by BitDefender technology, so this internet security suites software offers all of the antivirus features that BitDefender does including realtime, scheduled, manual and heuristic scanning. Everything involved with this program is reminiscent of what you see in the other programs in this category. The manufacturer of this product has the opportunity to add their own twist to distinguish it from the program on which it is based. In the end, we could find no compelling reason to purchase this product over the original.

Antispyware: 

The antispyware features in PC Security Shield internet security suites software are rolled into one under the Security tab. It's hard to tell what the program does specifically in terms of antispyware because it's rolled in with the firewall, antispam and antiphishing settings in the program. We encourage consumers to purchase computer security software that clearly enumerates its capabilities. This program, on the other hand, may or may not be good at scanning for spyware. You're never going to know until you hit the Scan button. It would be nice if the program's functions in this area were well defined.

Antivirus: 

In terms of antivirus, this internet security suites software is powered by BitDefender technology, which is a powerful program that offers superior, up-to-date protection. BitDefender technology is at the top of the industry for a reason. It does a better job than pretty much any other type of antivirus technology on the market, but it should be reserved for products from BitDefender. Ultimately, we believe that the best way to buy BitDefender protection is to purchase programs from the original publisher.

Firewall: 

PC Security Shield internet security suites software provides a good two-way firewall, meaning not only can it "hide" your computer from the internet, but it also manages outbound connections. This security software has a good set of default settings or you can set your own permission protocols. The difficult thing with the firewall in this program is finding out what it's actually capable of doing. In real-world use, you have to make your choices then run the program to see if it satisfies your particular needs.

Recently, Wi-Fi access protection has been added to PC Security Shield. This is an important step since wireless networking has become so prominent. It reduces the likelihood that your computer can be accessed by predators via a wireless vector.

Other Security/Features: 

PC Security Shield offers password protection and it updates hourly, so you can be assured that your system is protected against the latest threats. Instant messaging encryption has been added as has a file vault feature which can keep protected files safe from theft or unauthorized alteration.

Ease of Use: 

We ran into little trouble working with this security software suite, and it comes with embedded support should you need it. PC Security Shield has a clean-cut, easy-to-understand interface and helpful default settings.

PC Security Shield is easy to install and comes with an easy-to-understand set of default setting, which is great if you want to have your system protected right away without having to worry about complex configuration. You can download your copy of PC Security Shield from the internet and you can order a back-up CD copy if you desire.

What is Malware?

Malware is an abbreviated term used to describe a "malicious software" program. Malware includes things like spyware or adware programs, such as tracking cookies, which are used to monitor your surfing habits. It also includes more sinister items, such as keyloggers, Trojan horses, worms, and viruses.

A keylogger is just what it sounds like. It is a program that logs every keystroke you make and then sends that information, including things like passwords, bank account numbers, and credit card numbers, to whomever is spying on you. A Trojan horse may damage your system, and it may also install a "backdoor" through which to send your personal information to another computer. These forms of malware are commonly used for perpetrating identity theft.

A virus or a worm replicates itself and may hijack your system. These types of malware may then be used to send out spam or to accomplish a variety of other unsavory activities, and you may not even know it. Viruses usually attach to other programs, while worms are self-contained. Both can cause severe damage by eating up essential system resources, which may lead to your computer freezing or crashing. Viruses and worms commonly use shared files and items like email address books to spread to other computers.

Any type of code or program that is used for monitoring and collecting your personal information or disrupting or damaging your computer, may be referred to as malware. In fact, malware can be any type of malicious code, even if it has not yet been identified as a worm, Trojan, etc. Good anti-virus programs can be configured to scan email for any type of malicious or suspicious code, and alert you to its presence, even if it is not currently recognized malware.

Antivirus XP 2010 removal instructions:

1. Click Start->Run (or WinKey+R). Input: "command". Press Enter or click OK.

2. Type "notepad" as shown in the image below and press Enter. Notepad will open.

3. Copy and past the following text into Notepad:
       
         Windows Registry Editor Version 5.00

         [-HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command]
         [-HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command]
         [-HKEY_CLASSES_ROOT\.exe\shell\open\command]

         [HKEY_CLASSES_ROOT\.exe]
         @="exefile"
         "Content Type"="application/x-msdownload"

         [-HKEY_CLASSES_ROOT\secfile]

4. Save file as "exefix.reg" (without quotation-marks) to your Desktop.
NOTE: choose Save as type: All files

5. Double-click to open exefix.reg. Click "Yes" for Registry Editor prompt window.

6. Download Spyware Doctor or an automatic removal tool below. Update Spyware Doctor and run a full system scan.

If you can't complete the above steps then please use another PC to download an automatic removal tool and exefix.reg (Right Click (Save Target As)) to download file. Copy these files to USB flash drive or any other external media and transfer them to infected computer. Launch exefix.reg file first and then install Spyware Doctor.

Remove Antivirus XP 2010. Description

Antivirus XP 2010 is a rogue anti-virus application that claims to scan your computer for malware, but in reality it only imitates legitimate security software and tries to trick users into thinking that their computers are badly infected. The goal is one - to trick as many people as possible into purchasing the so-called "full" version of the program which obviously doesn't even exist. 

Antivirus XP 2010 is "pushed" through the use of bogus online scanners and fake video/warez websites. When running, this parasite will flood your computer with fake security alerts and notifications stating that the system is compromised. It will even impersonate Windows Security Center. 

The worst thing about this virus is that it blocks almost all programs, not to mention security software, anti-virus and anti-spyware programs are blocked in the first place. It also blocks Task Manager, Regedit and other Windows functions. Antivirus XP 2010 removal guide written below will show you how to remove this virus from your computer once and for all.

Trojans

Trojans, another form of malware, are generally agreed upon as doing something other than the user expected, with that "something" defined as malicious. Most often, trojans are associated with remote access programs that perform illicit operations such as password-stealing or which allow compromised machines to be used for targeted denial of service attacks. One of the more basic forms of a denial of service (DoS) attack involves flooding a target system with so much data, traffic, or commands that it can no longer perform its core functions. When multiple machines are gathered together to launch such an attack, it is known as a distributed denial of service attack, or DDoS.

While purists draw a firm distinction between viruses, worms, and Trojans, others argue that it is merely a matter of semantics and give the virus moniker to all viruses, worms, and Trojans. To satisfy both parties, the term malware, a.k.a. malicious software, was coined to collectively describe viruses, worms trojans and all other forms of malicious code.

Malware can be defined as any program, file, or code that performs malicious actions on the target system without the user's express consent. This is in contrast to Sneakyware, which can best be described as any program, file, or code that the user agrees to run or install without realizing the full implications of that choice. One of the best examples of Sneakyware was Friendly Greetings, a greeting-card trick that exploited users' willingness to say Yes without reading the licensing agreement. By doing so, they were blindly agreeing to allow the same email to be sent to all contacts listed in their address book.

What Is a Virus?

In 1983, Fred Cohen coined the term "computer virus", postulating a virus was "a program that can 'infect' other programs by modifying them to include a possibly evolved copy of itself." Mr. Cohen expanded his definition a year later in his 1984 paper, "A Computer Virus", noting that "a virus can spread throughout a computer system or network using the authorizations of every user using it to infect their programs. Every program that gets infected may also act as a virus and thus the infection grows."

Using that explanation, we can see that viruses infect program files. However, viruses can also infect certain types of data files, specifically those types of data files that support executable content, for example, files created in Microsoft Office programs that rely on macros.

Compounding the definition difficulty, viruses also exist that demonstrate a similar ability to infect data files that don't typically support executable content - for example, Adobe PDF files, widely used for document sharing, and .JPG image files. However, in both cases, the respective virus has a dependency on an outside executable and thus neither virus can be considered more than a simple 'proof of concept'.

In other cases, the data files themselves may not be infectable, but can allow for the introduction of viral code. Specifically, vulnerabilities in certain products can allow data files to be manipulated in such a way that it will cause the host program to become unstable, after which malicious code can be introduced to the system. These examples are given simply to note that viruses no longer relegate themselves to simply infecting program files, as was the case when Mr. Cohen first defined the term. Thus, to simplify and modernize, it can be safely stated that a virus infects other files, whether program or data.

In contrast to viruses, computer worms are malicious programs that copy themselves from system to system, rather than infiltrating legitimate files. For example, a mass-mailing email worm is a worm that sends copies of itself via email. A network worm makes copies of itself throughout a network, an Internet worm sends copies of itself via vulnerable computers on the Internet, and so on.

antivirus program

A utility that searches a hard disk for viruses and removes any that are found. 

Most antivirus programs include an auto-update feature that enables the program to download profiles of new viruses so that it can check for the new viruses as soon as they are discovered.

What is antivirus software?

Antivirus software is a computer program that detects, prevents, and takes action to disarm or remove malicious software programs, such as viruses and worms. You can help protect your computer against viruses by using antivirus software, such as Microsoft Security Essentials.

Computer viruses are software programs that are deliberately designed to interfere with computer operation, record, corrupt, or delete data, or spread themselves to other computers and throughout the Internet.

To help prevent the most current viruses, you must update your antivirus software regularly. You can set up most types of antivirus software to update automatically.

For on-demand protection, Windows Live safety scanner allows you to visit a Web site and scan your computer for viruses and other malicious software for free.

Legitimate software

                     Legitimate software which includes programs based on legitimate business models that incorporate features with flawed user privacy protections. Generally the problem relates to the unnecessary inclusion or inappropriate use of a unique program ID, which creates the potential for user tracking.
 

                    Of course, the lines between the three categories we present here can be fuzzy and it is sometimes difficult to tell which group any given application rightfully belongs in. Our concerns about the security and privacy is one basis for our preference for general baseline privacy legislation as a response to spyware. Also, until such legislation arrives, we whish to alarm general public to become more aware of this ever growing security and privacy threat.

Adware

                     Software in the second category installs itself covertly, generally by piggybacking on another, unrelated application or by deceptive download practices. These programs start-up on their own and make unauthorized use of users’ computers and Internet connections, in many cases transmitting information about the user or it’s computer back to a central location. They often resist uninstallation. 

                     They usually do not capture keystrokes or screnshots. In part because applications in this second category fall into a legal grey-zone, they have recently been the focus of a great deal of attention and concern.

Spyware programs

                         Programs in the first category, which are sometimes called “snoopware”, are typically stand-alone programs installed intentionally by one user onto a computer used by others. Some capture all keystrokes and record periodic screen shots, while others are more focused, just grabbing websites visited or suspected passwords. 

                            These programs have legal uses (e.g. for certain narrow kinds of employee monitoring) as well as many clearly illegal ones. The best known spyware programs are Trojans which are mostly used by hackers. 

                             They enable them to capture important data from victims’ computer – keystrokes, e-mail addresses, screenshots, passwords, download files…

What is spyware?

                        The term “spyware” has been applied to everything from keystroke loggers, advertising applications that track users’ web browsing, web cookies, to programs designed to help provide security patches directly to users.  

                         More recently, there has been particular attention paid to a variety of applications that piggyback on  peer-to-peer file-sharing software and other free downloads as a way to gain access to people’s computers.  Many of these applications represent a  significant privacy threat.

            There are at least three general categories of applications that are described as spyware. They are:

• Spyware - key stroke loggers and screen capture utilities, which are installed by a third party to monitor work habits, observe online behavior, or capture passwords and other information;
 

• Adware - applications that install themselves surreptitiously through “drive-by downloads” or by piggybacking on other applications and track users’ behaviors and take advantage of their Internet connection;
 

• Legitimate software - legitimate applications that have faulty or weak user-privacy protections.
 

                  It is in the first two cases that the spyware label is the most appropriate. In the third case, it is not.

Cloud antivirus

                In current antivirus software a new document or program is scanned with only one virus detector at a time. CloudAV would be able to send programs or documents to a network cloud where it will use multiple antivirus and behavioural detection simultaneously. It is more thorough and also has the ability to check the new document or programs access history.

                  CloudAV is a cloud computing antivirus developed as a product of scientists of the University of Michigan. Each time a computer or device receives a new document or program, that item is automatically detected and sent to the antivirus cloud for analysis. 

                  The CloudAV system uses 12 different detectors that act together to tell the PC whether the item is safe to open.

Effectiveness of antivirus software

               Traditional antivirus software solutions run virus scanners on schedule, on demand and some run scans in real time. If a virus or malware is located the suspect file is usually placed into a quarantine to terminate its chances of disrupting the system. 

                Traditional antivirus solutions scan and compare against a publicised and regularly updated dictionary of malware otherwise known as a blacklist. Some antivirus solutions have additional options that employ an heuristic engine which further examines the file to see if it is behaving in a similar manner to previous examples of malware. A new technology utilized by a few antivirus solutions is whitelisting, this technology first checks if the file is trusted and only questioning those that are not.

                  Independent testing on all the major virus scanners consistently shows that none provide 100% virus detection. The best ones provided as high as 99.6% detection, while the lowest provide only 81.8% in tests conducted in February 2010. All virus scanners produce false positive results as well, identifying benign files as malware.

System and interoperability related issues

             It is sometimes necessary to temporarily disable virus protection when installing major updates such as Windows Service Packs or updating graphics card drivers. Active antivirus protection may partially or completely prevent the installation of a major update.

               Support issues also exist around antivirus application interoperability with common solutions like SSL VPN remote access and network access control products. Often, these technology solutions have policy assessment applications which require that 1. an antivirus is installed 2. that the product is running and 3. that the application's signatures are up to date. 

                If the antivirus application is not recognized by the policy assessment, whether because the antivirus application has been updated or because it is not part of the policy assessment library, the user will be unable to connect. Interoperability testing and certification for antivirus applications is offered by the OESIS OK Program.

Problems caused by false positives

                   A false positive is identifying a file as a virus when it is not a virus. If an antivirus program is configured to immediately delete or quarantine infected files, false positives in essential files can render the operating system or some applications unusable. 

                   In May 2007, a faulty virus signature issued by Symantec mistakenly removed essential operating system files, leaving thousands of PCs unable to boot.  Also in May 2007 the executable file required by Pegasus Mail was falsely detected by Norton AntiVirus as being a Trojan and it was automatically removed, preventing Pegasus Mail from running. 

                   Norton anti-virus has falsely identified three releases of Pegasus Mail as malware; Norton anti-virus can delete the Pegasus Mail installer file when this happens.  Spotify has been flagged as a false positive by Symantec and McAfee products. Even when the false positive is rectified by an update, users may have to re-install Spotify.

Rootkit detection

         
           Anti-virus software now scans for rootkits; a rootkit is a type of malware that is designed to gain administrative-level control over a computer system without being detected.

          Rootkits can change how the operating system functions and in some cases, rootkits can tamper with the anti-virus program and render it ineffective.

         Rootkits are also very difficult to remove, in some cases requiring a complete re-installation of the operating system.

Heuristic-based detection

         Many viruses start as a single infection and through either mutation or refinements by other attackers, can grow into dozens of slightly different strains, called variants. Generic detection refers to the detection and removal of multiple threats using a single virus definition.

        For example, the Vundo trojan has several family members, depending on the antivirus vendor's classification. Symantec classifies members of the Vundo family into two distinct members, Trojan.Vundo and Trojan.Vundo.B.

        While it may be advantageous to identify a specific virus, it can be quicker to detect a virus family through a generic signature or through an inexact match to an existing signature. Virus researchers find common areas that all viruses in a family share uniquely and can thus create a single generic signature. 

         These signatures often contain non-contiguous code, using wildcard characters where differences lie. These wildcards allow the scanner to detect viruses even if they are padded with extra, meaningless code. Padded code is used to confuse the scanner so it can't recognize the threat.

Signature based detection

                  Antivirus software heavily relied upon signatures to identify malware. This can be very effective, but cannot defend against malware unless samples have already been obtained and signatures created. Because of this, signature-based approaches are not effective against new, unknown viruses.

 

                  Because new viruses are being created each day, the signature-based detection approach requires frequent updates of the virus signature dictionary. To assist the antivirus software companies, the software may allow the user to upload new viruses or variants to the company, allowing the virus to be analyzed and the signature added to the dictionary.

                  Although the signature-based approach can effectively contain virus outbreaks, virus authors have tried to stay a step ahead of such software by writing "oligomorphic", "polymorphic" and, more recently, "metamorphic" viruses, which encrypt parts of themselves or otherwise modify themselves as a method of disguise, so as to not match virus signatures in the dictionary.

Identification methods

          There are several methods which antivirus software can use to identify malware.

Signature based detection is the most common method. To identify viruses and other malware, antivirus software compares the contents of a file to a dictionary of virus signatures. Because viruses can embed themselves in existing files, the entire file is searched, not just as a whole, but also in pieces.

Heuristic-based detection, like malicious activity detection, can be used to identify unknown viruses.

File emulation is another heuristic approach. File emulation involves executing a program in a virtual environment and logging what actions the program performs. 

          Depending on the actions logged, the antivirus software can determine if the program is malicious or not and then carry out the appropriate disinfection actions.

History of Antivirus

        Most of the computer viruses that were written in the early and mid 1980s were limited to self-reproduction and had no specific damage routine built into the code. That changed when more and more programmers became acquainted with virus programming and released viruses that manipulated or even destroyed data on infected computers. It then became necessary to think about antivirus software to fight these malicious viruses.

        There are competing claims for the innovator of the first antivirus product. Possibly the first publicly documented removal of a computer virus in the wild was performed by Bernd Fix in 1987.

Fred Cohen, who published one of the first academic papers on computer viruses in 1984, started to develop strategies for antivirus software in 1988 that were picked up and continued by later antivirus software developers.

         Also in 1988 a mailing list named VIRUS-L was initiated on the BITNET/EARN network where new viruses and the possibilities of detecting and eliminating viruses were discussed. Some members of this mailing list like John McAfee or Eugene Kaspersky later founded software companies that developed and sold commercial antivirus software.

Antivirus software

           Antivirus software is used to prevent, detect, and remove malware, including computer viruses, worms, and trojan horses. Such programs may also prevent and remove adware, spyware, and other forms of malware. This page talks about the software used for the prevention and removal of such threats, rather than computer security implemented by software methods.

            A variety of strategies are typically employed. Signature-based detection involves searching for known patterns of data within executable code. However, it is possible for a user to be infected with new malware for which no signature exists yet. 

             To counter such so-called zero-day threats, heuristics can be used. One type of heuristic approach, generic signatures, can identify new viruses or variants of existing viruses by looking for known malicious code in files. 

             Some antivirus software can also predict what a file will do if opened/run by emulating it in a sandbox and analyzing what it does to see if it performs any malicious actions. If it does, this could mean the file is malicious.