Security on the Internet

There are simple steps you can take to strengthen the security of your computer while you are attached to the internet. The information on this page is primarily for a single computer which is not connected to a network - other than the internet. If your computer is networked, you will probably need to take other measures rather these - your networking guru will be the one to consult about security measures on your network. Oh, and that sign at the top of this page - where ever you go on the 'net, you can be tracked - no, I'm not tracking you, but you never know who might be. Everytime you visit a website, you provide information about who you are via the HTTP headers. The User-Agent header provides information about your browser, operating system and language.

  1. Stop using Internet Explorer
  2. Check Your Plugins
  3. Tune your Operating System
  4. Tighten Security in your Browser
  5. Restrict scripting in MS Outlook Express
  6. Install a Firewall
  7. Install an Anti-virus Program
  8. Install Anti-spyware Protection
  9. Outfox E-mail Worms
  10. Don't Run Insecure Programs
  11. Recognize fraudulent email when you see it
  12. Use TCPView to keep tabs on your system

Replace Internet Explorer with a more Secure Browser

Internet Explorer is the most popular browser in use today. That has its advantages and its disadvantages: There have been a number of articles written in the last half of 2004 strongly suggesting that using Internet Explorer is not a good idea. If you really want to make your computer more secure when browsing the internet, you should switch to another browser.

The browser I'm currently using is Firefox from the Mozilla Organization. It's quite good, very stable, noticeably faster than Internet Explorer, and much more secure. I strongly urge you to stop using Internet Explorer as your primary browser and switch to Firefox. But don't just take my word for it; see the following:

Of course you will still have to keep Internet Explorer around for the badly done sites (like that only work using Internet Explorer.

After you have installed Firefox, check this link for info on how to set your options to secure Firefox: Configure Firefox's settings to strengthen security.

Tune Your Operating System

Choose from the following based on your operating system:

Internet Security for Win/ME

I don't have access to a Win/ME system, but I suspect it is much like Win/98. See if you can turn off "Windows Scripting Host" just by following the directions in the Internet Security for Win/98 section. Then follow the instructions for Internet Security for Win/95/98/ME.

Internet Security for Win/98

Turn off "Windows Scripting Host"

Microsoft's Windows Scripting Host is a VERY insecure Accessory to have installed on your system - it's what e-mail viruses (and worms) such as Melissa and The Love Bug use to do their damage. You are much safer with it uninstalled - which you can do in Win/98.
Now continue with Internet Security for Win/95/98/ME

Internet Security for Win/95/98/ME

This section explains simple steps for protecting your Win/95/98/ME computer from viruses and hacker attacks while you are connected to the internet.

Avoiding e-mail script viruses and worms such as Melissa and The Love Bug

If you don't use Microsoft Outlook Express or Outlook for your email, you are much less vulnerable to email scripting virsuses and can skip this paragraph. Avoid using MS Outlook (AKA LookOut!) if possible - besides, Mozilla/Netscape has a much better built-in e-mail program and Thunderbird is superior to both of those. Then you don't have to worry so much. If you do use Outlook Express, start it and
  1. Click Tools
  2. click Options
  3. click Security
  4. Set the Security Zone to Restricted.
  5. Click Apply.
  6. Then click the Connection tab
  7. Click Change
  8. Click Security on the next dialogbox
  9. Click Restricted Sites
  10. Click Custom Level and:
  11. Click OK all the way out.

Note: You will have already done steps 8 - 11 if you followed the instructions for Tightening Security in your Browser for Internet Explorer, step #1. For a complete picture of what your Restricted Custom Level should look like, click here.

Avoiding hacker intrusions

Assuming your Win/95/98/ME computer is a stand-alone one, these 2 measures will make your system much less vulnerable to security breaches that come from a hacker who might use your connection to the internet to gain access to your computer. Before beginning, you might want to visit Gibson Research Corporation's website and click on the Shields Up link just to find out how insecure you currently are. They after you've taken the measures suggested below (and rebooted), visit again and see if you feel safer. These 2 simple measures will go a long ways to protecting you from a hacker attack. After the Reboot, visit Gibson Research Corporation's website and click on the Shields Up link to see your level of security now.

If you connect to the internet via a dialup modem, this is probably all you really need to do to protect yourself.

You must also install a firewall, see the info on A personal Firewall below.

Internet Security for Win/NT

Go to Steve Gibson's NT Unbinding Page and follow the instructions to unbind your NETBIOS from the internet. Also make sure you have disabled file and printer sharing.

You must also install a firewall; see the info on A personal Firewall below.

If you use Microsoft Outlook as your e-mail program, see the info on Restrict scripting in Microsoft Outlook above.

Internet Security for Win/2000

The following should be done if you have a stand-alone Window/2000 system; if you are on a network, talk to your networking guru: On the Desktop, right-click the "My Network Places" icon, click Properties on the menu that appears. For each connection icon (not for the "Make New Connection" icon), right-click the icon, then click Properties.

You must also install a firewall; see the info on A personal Firewall below.

If you use Microsoft Outlook as your e-mail program, see the info on Restrict scripting in Microsoft Outlook above.

Internet Security for Win/XP

I don't have access to a Win/XP system, so I don't know. You might try following the Win/2000 instructions and see what makes sense. I suspect that Outlook Express in Win/XP is configured by default to use the Restricted Zone, but you will still need to Tighten Security in your Browser for this to be fully effective.

A Personal Firewall

If your computer connects to the internet and doesn't have a firewall, your computer will be taken over by some nasty program in approximately 20 minutes - yes, in less than half an hour, you are "owned." Steve Gibson has a wealth of good info on his website. I've installed ZoneAlarm from Zone Labs. It's FREE and it seems to work. It's fairly easy to set up, and when a program of yours (your browser, email, etc) trys to communicate outside for the 1st time, you get a warning and can then easily reconfigure ZoneAlarm to allow that program to communicate.

A note on configuring ZoneAlarm: You should not check the Allow Server - Internet checkbox for any of your applications. Doing so opens several holes in your firewall! If you have to perform a function where you need to allow your system to act as an internet server, check the box, do the function, uncheck the box.

After installing a personal firewall, visit Gibson Research Corporation's website and click on the Shields Up link to see your level of security now.

Anti-Virus Protection

Given the incessant nature of attacks by viruses, worms, trojans, etc., you are crazy to try to connect a computer to the internet without adequate protection (just like you'd be crazy to have unprotected sex!). There are a number of anti-virus vendors - but many of their programs all will cost you money. has reviews of various offerings in their Antivirus section. They also have a list of on-line virus programs, but these are no substitute for an up to date programs running on your system.

Lately, however, the big boys - Norton, McAfee, etc. - have started acting like they own your computer and their anti-virus suite is the most important thing on your computer. They seem to enjoy cloggin up your internet connection and intruding on your work. The number of false positives I've encountered lately makes it seem that these products ARE the virus. I strongly recommend you ditch the big boys and go with AVG Anti-Virus Free. The price is right, it's not intrusive and it's adequate. Just make sure you

  1. Download the AVG products first
  2. Disconnet from the internet
  3. Uninstall any current Anti-Virus programs (Start > Settings > Control Panel > Add/Remove Software)
  4. Install the new Anti-Virus program(s)
  5. Reconnect to the internet
Trying to run 2 anti-virus programs at the same time can totally trash your computer!

If you don't have a good anti-virus program, get one - it's just part of the cost of computer ownership, just like condoms are part of the price you pay for sex if it's not all "local".

Anti-Spyware Protection

Did you know your computer might be spying on you?!? Yep, that cute little program you just downloaded might contain a package that lets others track your every move on the internet. There's names for this stuff: "Adware" "Spyware" "Scumware". The use of this stuff, which skulks onto your hard drive and can invade your privacy online, has proliferated as companies become more desperate for your money.

There wasn't much anyone could do about adware until Lavasoft created Ad-aware, a simple, free program that scans your computer for the telltale files that adware plants on your system--and deletes them. Ad-aware regularly offers users fresh reference files that enable the program to find the latest spyware to invade their system, much as virus definition files help antivirus software clean up Windows. Ad-aware does its job quickly and efficiently (much to the chagrin of spyware makers), and it has become an indispensable tool in the fight for online privacy. Get it, install it, run it once a week.

As good as Ad-aware is, it doesn't catch all the spyware and there are some spyware programs that are devilish hard to remove. To be really safe, get all of the following and run them periodically:

Keep an eye on what programs are talking to the 'net

TCPView is a free Windows program that will show you detailed listings of all TCP and UDP endpoints on your system, including the local and remote addresses and state of TCP connections. On Windows NT, 2000 and XP TCPView also reports the name of the process that owns the endpoint. TCPView provides a more informative and conveniently presented subset of the Netstat program that ships with Windows.

Of course just having TCPView's list of programs won't do too much good unless you know what those programs are. You can right click on each line and check a program's properties - if they has any. You can also look programs up on the WinTasks Process Library web page.

 Gibson Research Corporation
 Zone Labs for the ZoneAlarm Firewall
 Lavasoft to download Ad-aware for removing Spyware
 Spybot Search and Destroy - Much like Ad-aware but catches things Ad-aware misses.
 CWShredder - Removes the variants of CoolWebSearch (a particularly nasty piece of work).
 Spywareblaster - Prevents some spyware from installing in the first place.
 Analyze Your Internet Privacy
 Configure Firefox's settings to strengthen security
 View your User-Agent header
Back to Leigh's Home Page Site Map                   Site Search 

Permalink [] Hosted by
Leigh Brasington / / Revised 28 Feb 14