Most casual PC users find it daunting to
mount a fully effective online defense. It's
not clear to them what's required, and how
to go about it. Many just "poke and
hope" -- adding an antivirus program
and maybe a firewall and assuming they're
protected. The false sense of security they
have may be more dangerous than doing nothing.
There's a better way -- follow a structured
approach. There are several things to do,
but tackled one at a time they aren't hard.
If you follow the precautions in this "Level-1"
defense plan, you'll end up with an adequate
online defense. Even if an attack succeeds,
you won't have much to lose under this plan.
At worst you'd have to restore Windows, and
reinstall any special software that you use.
An antivirus program alone is no longer adequate
Virus attacks are on the decline. Don't let
that fool you though. Hostile software writers
have moved on to more detrimental attacks,
such as Trojan-horses and spyware. The number
of these attacks has increased sharply. It's
now important to be wary of popup windows,
fake Web pages and hostile email messages
-- not just attachments. You also now need
a firewall to fend off hackers and worms.
This introductory article describes how the "Information Superhighway"
has become the "Wild Wooly Web"
and outlines the defense plan you need now.
The plan below is only a checklist. The links
in each item lead to the essential details
for putting the plan in action. Don't try
to do it all at once. Take it one step at
a time, and check each item off as you go.
This multi-layer defense plan won't help
much unless you follow all the steps all the time. You also need to understand the hazards
you face, as suggested in the first three steps of the Overview, if you expect your defense to be effective.
- Enable the Internet Connection Firewall if you're running Windows XP. Strongly consider
installing a firewall if you're running Windows 95 or 98. I recommend
- Install an antivirus program if you don't already have one: Don't rely
on it as anything but a backstop
- Update your virus signature files at least once a week. And don't forget to update them when you
return from that two week cruise. The latest
crop of viruses will be there waiting for
- Gain a better understanding of the hazards
online and how defenses work.
- Learn about the nature of malacious computer code.
- Learn how attacks work.
- Learn about the defense tools that are available.
- Be wary of scams, fraud and hoaxes online: There's a higher percentage of con-artists
online than in real life, because it's so
easy to hide online. Virtually all spam contains a scam of some
- Limit what you put at risk: Never keep critical personal information on your computer -- information like sensitive
passwords, account numbers or your social
security number -- and never send it online
without strong encryption. Use good password protection practices as well. If you want to do things like online banking
pick a higher level defense plan.
- Backup everything you can't replace or would
hate to lose: Digital pictures -- the book you're writing
-- recipes -- genealogy records
- Set up your email program to avoid the hidden
perils of HTML messages: That way, you can safely examine each message before you actually open any
of them. Don't rely on your anti-virus program --
use it as backstop only.
- Examine all email messages before you process
them further: Your own wits and common sense are your
best peripheral defense against bogus email.
Discard any messages that look at all suspicious
-- even messages from someone you know.
- Never open an email attachment unless you're
99.999% sure it's OK: Be suspicious of any attachment you were
not expecting -- even if it's from someone
you know. Check with the sender first before you open
it and even then be cautious. Be doubly suspicious
of forwarded attachments, or attachments
from someone you don't know. You can improve your online security by 10
to 1 if you're always careful with email
- Never download any files unless you know
you can trust the source: Unfortunately, that advice includes pictures
and music. It's good practice to scan any file for viruses
and malware before you open it -- no matter what the
- Don't go to risky Web sites -- gothic, warez,
crackz, gamer, cheat code, tres equis and things of that ilk: And be doubly suspicious
of any unsolicited Web page -- pop up windows -- unexpected
requests to "log on again,"
- Don't use instant messaging or IRC (Internet
Relay Chat), or download files from P2P file-sharing
networks, such as KaZaa or Morpheus. If you want to use these services, you need
a higher level defense plan than this one. [details]
I recommend that you add additional elements
from the Level-2 Defense after you have this Level-1 defense in place.
Start with "Patch (update) Windows, Internet Explorer
and Outlook Express" and add one element at a time.