Securing Your PC

Updated 12/11/03

Securing a PC can be quite a feat, and there are many programs out there that claim to do the job (or at least part of it). While I can't claim to be a PC security expert, I have done some extensive research into locking down a PC. What follows are not recommendations per se, but they are the programs that I use to secure my PC, so I find them all to be very reliable.

Most of the programs listed here are available to use completely free of charge, except as noted. Many of these programs, in my experience, end up working better than some of the so-called professional commercial security tools, although they may not have quite as flashy of a user interface. Securing your computer can be done without a huge amount of cost, or if you're determined, any at all.

Note: Many of these programs also list MD5 checksums with their downloads. I would recommend, first and foremost, that you download a hashing program, so that you can verify these checksums. If a downloaded file matches the checksum posted for it, there is a very good likelihood that you have downloaded an authentic file. This is an important step, because verifying the files ensures that they haven't been contaminated with virii or trojans that could compromise your data. For more information, see the section on hashes below.

- If you're looking for a completely free virus program that works fairly well, check out AVG Antivirus (freeware). This is the virus program that I currently run on my PC, with no problems (although it dodn't catch the Blaster worm).

-There are many commercial trojan scanners out there, to get rid of the more insidious programs an antivirus program won't catch,  Agnitum's TauScan (commercial) is the trojan scanner I've used for a while - it has frequent database updates, and has been able to detect a high number of trojans in a number of tests (although it did miss one on my computer). Another one to consider is TrojanHunter, which is more featureful and catches a few more types of malicious files, albeit at a higher price.. I have yet to come across an absolutely ideal freeware alternative, but ProPorts by the Digital Underground scans for some common trojans, as well as monitors outgoing connections on popular ports for Trojans to exploit, and is also one of my top security tools.

-One thing to note is that even the software you use to browse the web can be vulnerable. If you use MIcrosoft Internet Explorer or Outlook Express, there are many known vulnerabilities - IE especially can download malicious spyware or adware directly to your computer simply by surfing the net. Mozilla is a free, open-source web service suite that also does HTML editing, email, newsgroups, IRC chat, and more. Not only is it immune to IE security holes, it has built-in popup blocking, tabbed browsing for easier web navigation, and many more improvements. Also available are standalone web browsers and email clients that are not as vulnerable to Microsoft security holes. If you still absolutely have to use IE, though, the next couple of entries can help you catch programs that attack through IE before they can do serious damage.

-To get rid of spyware, I use Spybot Search & Destroy (freeware). This free program has been indispensable in eliminating all manner of spyware inadvertently collected (and even snagged the trojan library that Tauscan missed). If you use IE as your browser, this is an must.

-If you're really interested in stomping drive-by downloads (ActiveX controls that download malware without your knowledge) from IE and spyware in general, check out the Javacool suite of security tools, including a program that immunizes your browser against hijackers and spyware (SpywareBlaster), and a program that gets rid of windows tracking items (MRUBlaster).

-I also use the Sygate Personal Firewall, which is free for noncommercial use.  I used to recommend the Zone Alarm personal firewall, but negative reviews of certain intrusive features by a number of security experts (SpywareInfo among them) have caused me to no longer recommend them. Even though I also have a hardware firewall, a software firewall is used to prevent unauthorized programs from initiating web connections - another excellent way to keep viruses and trojans from compromising your system and sending your personal info to remote servers.

-Another great way to nail trojans is to use Mike Lin's Startup Monitor. This checks for programs setting an executable to run at startup, and pops up a window allowing you to decide whether to enable the program or not. ProPorts also has a similar feature, but I find that this one, along with Startup Control Panel, do a more complete job. Both programs are freeware.

-As one last measure, I ususally leave SysInternals' TCPView running in the background. TCPView is a connection monitor, and it can be set to show all current internet connections (i.e. security holes) on your computer. If an app you don't know is accessing the internet unexpectedly, there's a good chance you should be suspicious.

In addition, here are some things to check out if you're interested in improving your privacy in addition to simply securing your PC:

-If you're planning on unloading your old PC to other family members, a charity, or on eBay, it's probably a good idea to wipe your personal data files off of it first - and no, dragging the files to the trash won't get rid of them (people can even extract data easily from a hard drive that has been zero-formatted - if you're technically inclined, click here to see why). To combat this, you can use a program called Eraser, which can delete files in a number of formats, including the only proven secure-delete method, Gutmann. Eraser can also erase all of the free space on a drive, to permanently obliterate all traces of your previously "trashed" files.

-One way to stymie hackers is to encrypt your important files, so even if they are accessed, they will be unreadable without your password. For encryption, I use MaxCrypt and Pretty Good Privacy for my encryption needs. PGP comes in a freeware version, or a paid version with more features - MaxCrypt is freeware. PGP, of course, is a full-fledged public-key encryption system for secure email - I also like the PGPDisk that comes with the paid version, as well as PGP encryption for the Palm OS (although there are other programs that encrypt disks and disk images, the ones I have seen either cost money or have been discontinued). If you want to use the open-source version of this, GPG, check out WinPT - it's almost as easy to use as PGP, and is free. Maxcrypt, on the other hand, is an automated encryption system that encrypts your critical files with a password when you logout - so even if someone hacked your login, your files would still be encrypted.

-The Proximitron is an excellent web proxy - that is, it intercepts and reformulates webpages before they hit your browser, removing ads, spyware, malicious scripts, even bad formatting, as well as send modified headers to web servers to avoid "compatiblity" problems with certain webpages. it's incredibly customizable, and goes a long way towards making web browsing safe, and bearable, once again. Note that this program still works, but is no longer supported - for my current use, I've moved to Privoxy, another freeware web proxy that's even easier to configure, albeit slightly less featureful.

-I would be remiss to have a complete security discussion without mentioning hashes. Hashes, simply put, are algorithms that produce unique strings of characters based on the contents of files - every file has a different hash, and even changing one bit in the file changes the hash value. Hashes can be used to check the integrity of downloaded files in many cases, and also can be useful for two-factor authentication schemes. If you want to try a wide variety of hashes, check out the DAMN Hash Calculator. This program can use a variety of differnet hashing algorithms - everything from the standard MD5 and SHA-1 hashes to the more exotic HAVAL, and also includes CRC32 for very quick integrity checking. Simply drop a file onto the program window to get its hashes. Or, if you want even more convenience, there's digestIT 2004, a Win32 shell extension that lets you get MD5 and SHA-1 hashes of files just by right-clicking on them, as well as verifying the file directly against a checksum string (digestIT's installer is also PGP-signed to verify its authenticity). For a wide range of hashing programs, you might want to check out this page.

This setting may be considered for some as overly paranoid, but if you want a safe PC, especially with a broadband connection, it's good to have the tools to know what's going on, and who's accessing your computer.

One set of utilities that I should probably mention are the Extreme Power Tools, a large suite of programs put out by Radsoft that cover some of the applications discussed in this document. Since I was provided with a complimentary copy, I don't feel that it is ethical for me to give my opinion on it as an impartial review, but feel free to take a look at the site and decide for yourself (Note: this suite is not freeware - it is $145).

Happy Secure Computing! A page for Mac OS X security programs is now available, with a variety of (mostly) freeware programs for locking down your PC.

If you have any other freeware security programs that you think deserve a mention, email me and I'll give them a try.

- David Kibrick

Download Signed Version of this Page