Securing Your Windows Computers from TCP/IP Threats

Get PC Help From Support.com. Immediate Troubleshooting Solutions. Instant Diagnosis! Optimize Your PC.

No matter what flavor of Windows you may be running there are people in the world who have nothing better to do than to unleash all manner of hostile programs designed to take over control of your computer, damage your files or operating system, invade your privacy with spyware and popup ads - and/or steal personal data, recruit your computer as a zombie to be used in Distributed Denial of Service (DDoS) attacks, and most recently, to plant software on it which turns it into a spam relay. So, what is a body to do to prevent these hostile programs from getting in to do their nefarious deeds?

Here is a checklist of things to do to secure your computer against Internet threats:

1. First and foremost, install and learn to configure a hardware firewall (ex: a broadband router with a built-in configurable firewall), and/or a software firewall, like ZoneAlarm, to block all unnecessary incoming connection attempts.
2. If you have Windows XP and don't want to mess around with an add-on firewall, you should enable the Windows Firewall that is included with your operating system (Control Panel > Security Center > "Manage security settings for" > Windows Firewall > General tab > On). It is especially important to block all incoming requests to TCP and UDP port 135, and TCP ports 137, 139, 445, 1026 and 1027, among others that are commonly used to take over vulnerable computers. Note that the Windows XP Firewall blocks all incoming connection attempts, including filesharing and instant messaging programs, so you may need to create exemptions for certain applications on your computer to allow incoming TCP communications ("Manage security settings for" > Windows Firewall > Exceptions tab).
3. If your computer has any version of Windows from Windows 95 OSR2 onward it is equipped with a start-menu item called "Windows Update." Use it regularly! It only takes a minute or so to check for security patches, service packs and driver updates using Windows Update, time well spent that could plug holes in the system that a hacker is about to exploit, such as the MsBlaster Worm. Microsoft released a patch on Windows Update, a month before the Worm was released, to plug a code loophole that allowed hostile programs to be uploaded to victims' computers, crashing hundreds of thousands of Windows XP machines around the world, as they attempted to spread the Worm to others. Of course, the machines whose owners had applied the patch did not participate in the Blaster mayhem, nor did the computers with firewalls that blocked incoming TCP connections.
4. Subscribe to Microsoft Technet Security Newsletters and bulletins, which alert you when a new patch has been posted. Or, do the next step:
5. If your operating is Windows 98 or newer, and has had Internet Explorer upgraded and secured, it is capable of obtaining Automatic Updates from Microsoft while it is online. If you are not comfortable with fetching the manual Windows Updates, learn to activate the Automatic Updates (Control Panel > Automatic Updates, or Security Center > Automatic Updates) feature and accept the license terms to apply the patches.
6. Purchase and install a major anti-virus program which offers automatic live updates. Let it download new anti-virus definitions in the background, but remember to manually check for program updates that cannot be applied via the auto-update feature. Then set your task scheduler to run full virus scans every week. Also, check the options to ensure that it is always running in the background to auto-protect you against opening infected files from downloads, CDs, or floppy disks. Most current anti-virus products also scan incoming and outgoing email for Viruses, Worms, or Trojan Horse programs.
7. DO NOT OPEN EMAIL ATTACHMENTS, unless they have been scanned, with current virus definitions, and found to be clean, AND are expected. Always be ultra suspicious of unsolicited attached files, even if they appear to have come from someone with whom you have had prior email contact. Many many Worms are programmed to search your Windows Addressbook for names that are then inserted into the To and From fields of the emails they send out.
8. If you are not expecting to receive any email attachments, and are using Outlook Express as your email client, and it has been upgraded to version 6 or later, it has an checkable option to disallow downloading any email attachments. Furthermore, Outlook Express should have its security setting set to the Restricted Sites Zone.
9. I personally use a separate program to screen all incoming mail, as it sits on the mail server. This program has options to check the source of the email against various spam blacklists, has a feature to add any piece of mail to either the Friends list or Blacklist, or ditto for the entire sending Domain. It offers user configurable filters to detect spam or viruses by subject, body, From or To field, or the entire headers, and can hide them from being displayed. This program marks spam for blacklisting, deleting and even bouncing and can automatically delete previously identified spam messages off the server, so you never see or download them. This shameless plug is for Mailwasher Pro, from Firetrust Limited in New Zealand. I am an affiliate for this product and I absolutely swear by it. If you purchase Mailwasher through my link and have questions about configuring it, feel free to contact me and I will try to help you out. I have an extensive writeup about Mailwasher Pro, here.
10. Beware of "Social Engineering" in emails which try to fool you into either activating an attached file, or clicking on a link to their website, where hostile code may compromise your computer, if you haven't applied ALL of the patches for it. Some old and new users ("newbies") are so far behind with patches and updates that they can be tricked into allowing viruses, Trojans, or Worms in by simply previewing a specially crafted email or hostile coded website. Some of these exploits were patched by Microsoft over two years ago and are still being used against people who don't think it could ever happen to them.
11. Beware of freeware programs, like certain well known filesharing programs, that may come bundled with (spyware) programs from other companies, which may spy on where you surf the web, note what ads you view or click on, and which may cause popup and popunder windows to appear out of nowhere, while you are online, or create new (red or yellow) text links to their own advertisers while you view a website like this one, which is actually stealing possible revenue from the website you were visiting, if they run affiliate ads (like I do).
12. 
    There are some excellent spyware immunization, detection and removal programs on the Internet. I personally use and recommend Spybot Search and Destroy, Spywareblaster and Windows Defender. My Links page has descriptions of these products and links to their home pages, under the Security Links section. I also have notices about updated detections for some of these programs on my blog. I recommend running Spywareblaster once a week, after using the Update button to check for and install new definitions, then Spybot Search and Destroy, again after running the updater. You'll be amazed at some of the crap that may have been snuck onto you 'puter, while you were happily browsing the Internet (or sleeping with you always-on cable or dsl modem). Think about some of those little popunders that you might have clicked on OK, just to get rid of them. BIG MISTAKE BUBBA. Install, update and run an anti-spyware program as soon as possible!
13. A word of warning is in order here regarding the nature of some purported anti-spyware programs. Some of them are wolves in sheep's clothing! If you are offered an anti-spyware program via a popup window be suspicious. If you find a mysterious new icon in your system tray that offers to scan for - and finds X number of spyware programs, but will only remove them if you pay a fee, it is probably on this rogue/suspect anti-spyware products and websites list. Be safe and do a lookup on the Rogue list before investing in such a program. The same website also has reviews of authentic spyware-adware removal programs.
14. If you use a fileswapping program to download program files, don't be surprised if some of them contain Trojan Horse programs, or viruses. Many current Worms are spread through the shared folders of people who use Limewire, Kazza, and BitTorrent filesharing clients. If you download anything from anybody, anywhere, anyhow, scan it for viruses before double-clicking on it!
15. You can ward off almost all of these Internet threats by running your daily browsing account as a Limited User (Windows 2000, NT, XP, and newer), instead of as a computer administrator. Viruses, worms, trojans, backdoors, browser hijackers and rootkits cannot fully install without Administrator account privileges. By reducing your system privileges you limit the damage that can be done by any threat that infiltrates your defenses. See my article about user privileges, here.

I could go on forever, but I believe that if you implement these suggestions, including turning on Automatic Windows Updates, keeping your anti-virus and anti-spyware detection programs updated automatically and running weekly or nightly scans, plus blocking all unsolicited incoming TCP and UPD traffic with a firewall, then you will enjoy a more secure computing environment.

You may feel paranoid taking all of these security precautions, but it's not paranoia when they really are out to get you!

Windows 9x security holes:

Windows 95 and 98 are consumer level operating systems granting full administrator level rights to anybody who can gain access to the computer - either directly or remotely. Windows 9x computers also have a default networking setup that is very insecure. This is due to the so-called "bindings" which are created when networking is installed, whether it is for dialup Internet access, or a LAN (Local Area Network) with Internet access from a broadband gateway device. These "bindings" are a group of file transfer protocols, such as TCP/IP, NetBeui, IPX/SPX and NetBios. Windows 9x default installations tend to bind all protocols to all adapters, which include your dialup adapter and your network card, if one is installed.

There is a detailed explanation about networking protocols and unbinding protocols here.

While there is nothing wrong with any of these protocols in of themselves some of them can be used to infiltrate your computer from the Internet. If NetBios is installed and if File and Print Sharing is enabled, your machine is like a broadcasting station, announcing its wide-open name and presence to any hackers who have automatic port scanners operating, when you are online. The longer an unprotected machine stays online, the easier it is for these scanners to map your internet ports, and to transfer, unknown to you, a "Zombie" program on your hard-drive (via the file sharing port you left enabled). In addition to Zombies (used in coordinated attacks on networks), a machine with open ports and file sharing enabled can have its files read by internet snoopers, using hacking tools to read the contents of their victim's computers. If you do business on your computer and have sensitive data stored onboard, you should worry about this.

Security software resources:

Learn how a firewall can protect your computers against this and similar attack vectors.

Join 75 million virus free users worldwide - Download Kaspersky Anti-Virus Personal 7.0 now

Save $10 Download ZoneAlarm Security Suite

Complete identity protection. Anonymizer's Total Net Shield encrypts all transmissions to and from your computer.

Protect your identity & surf anonymously. Get your FREE Anonymous Surfing Trial here now!

Read about current viruses and computer security vulnerabilities on our security alerts page.

Back to our main FAQs page

---