Email: not available
In answer to this question, someone once directed me to this Web Page. Although isolating your computer from the rest of the world is the only true way to ensure security, that option is not truly realistic for the average individual. So the next best thing is to reduce your risks. AV (Anti-Virus) software is a good backstop, but it CANNOT replace common sense and good operating practice. I am connected to the Internet 24/7 without a firewall, I have never used AV software, and I have never had a viral infection. But my situation cannot be considered the norm, as network security is part of what I do.
So what can the average individual do to reduce the risks associated with staying connected?
1. Use AV software. It is a good backstop, but don't rely on it entirely.
2. Limit local access to your PC. This is not always possible, but the more people that access your computer, the greater your risk.
3. ALWAYS, ALWAYS, ALWAYS use the login security provided by your operating system with reasonable passwords.
4. Limit network access to your computer. Use a firewall. Do not leave open shares. Keep up to date. Do not leave unused ports open. This last one is particularly important. For information on how to limit Windows XP, see: Hardening XP
5. Use conservative security settings. This one can be a very daunting task for the average user, because an out-of-the-box Windows installation with all the defaults is full of holes. I am not anti-Microsoft. On the contrary, the Internet is where it is today largely because of the frontier pushing efforts of Microsoft. But Microsoft's "Look What We Can Do" corporate attitude causes it to invoke features that should not be turned on for the average user because they are too risky. The biggest single problem is Internet Explorer itself, regardless of the version. I got so tired of trying to make IE safe that I finally switched to Mozilla Firebird. The one single thing that makes IE safer to use, is to turn off active scripting, or at least change it to prompt.
6. Internet Explorer is only risky when you initiate action to visit a malicious or virus infected Web site. But because of OutLook/Outlook Express's "Do It All" design, and because of the fact that it depends so heavily on IE, it is many times more unsafe than Internet Explorer itself. This is because email is initiated from the outside, and you have very little control over what is sent to a valid email address. DON'T use Outlook/Outlook Express, or at the very least turn off HTML. As fast as Microsoft plugs the holes in these programs, new ones pop up. HTML DOES NOT BELONG IN A MESSAGING SYSTEM.
7. Use an Email server that provides good Anti-Virus and Anti-Spam protection. The Postini service that Yellowhead-Dot-Com provides is highly acclaimed, and Postini's virus filters are updated far quicker that your own.
8. Think twice before installing new software or plug-ins. Every piece of software that opens up a port for listening becomes a potential back door to your computer. If you must use an Instant Messaging service or a P2P service, make sure that it doesn't install a back door or spyware (News Groups are a good place to get feedback on these applications). Having said that, everyone finds themselves in a postion now and then where they want to get rid of something they didn't really want in the first place. HiJackThis is an extremely useful tool for getting rid of unwanted auto starts.
See this page for a more verbose explanation of Safe-Hex.
These are generalized recommendations for common workstation installs. There is no single cookbook recipe for setting up a computer, so don't ask.
J.A. Coutts
Systems Engineer
MantaNet/TravPro
Email: not available