Protecting Home Computers and Networks

1. Use Anti-Virus and Anti-Spyware Software

It is imperative that all users on the Internet run and maintain anti-virus (AV) software. Installing AV software alone is not sufficient; users also have to use the option to run the software at all times (sometimes called auto-protect) and to routinely update the AV signature files. There are well over 75,000 known virus signatures today and that number continues to grow; AV software vendors generally update their signature database file at least weekly. If your software has the option, consider having the software automatically check the vendor's Web site for update and automatically download and install new signature files when they are available (sometimes called live update). Note that although the vast majority of viruses target Windows operating systems, Mac, Unix/Linux, and other operating systems are not immune.

Users on the Internet also need to be protected from spyware — software that tracks where you go on the Internet and what you do, and sends that information to marketers and nefarious users. Like AV software, anti-spyware software needs to be run frequently and kept up to date.

There are many vendors of anti-spyware software, some of which are listed below; costs vary but US$35-50 is a rough estimate. Anti-spyware software often comes bundled with AV software:

2. Employ a Personal Firewall

If you are on the Internet, you should use some form of personal firewall. Personal firewall software runs on your computer and protects against attempts by outsiders to break into your computer. If you have a LAN at home, a hardware firewall might make more sense both economically and practically; most home hardware firewalls also double as a LAN hub/switch and personal firewall software might block local peer-to-peer networking which you want. You will need one copy of personal firewall software for each machine that you want to protect, while a single hardware firewall can protect all systems on the local network.

3. Keep Your Operating System Patches Up-To-Date

The version of any operating system that came installed on your computer is already out-of-date; new vulnerabilities have been found and exploited. If you are using Windows, then the Windows Update feature should be employed so that you can stay up-to-date on all patches. On a MacOS system, use the Software Update feature to maintain currency.

You should consider installing patches even for software that you might not use. Many attacks on computers exploit vulnerabilties of software omponents in non-obvious ways.

4. On Windows Systems, Display File Extensions

By default, Windows Explorer and other Microsoft applications do not show the extension of files if the extension is "known" to the operating system. This is potentially dangerous with the many viruses that are distributed today with a so-called "double extension"; e.g., a file named foo.jpg.exe. This is an executable file because of the .exe extension. If extensions are hidden, however, the user will only see the name foo.jpg and might open this, mistaking it for a JPEG file.

Showing file extensions in Windows XP.

5. Do Not Use an Administrator Account for Everyday Work

Windows systems have an Administrator account that can be used for installing software and hardware, and making other modifications to the system. MacOS and Linux computers have a root account for the same purpose. Much of today's malware assumes that the user has one of these privelged accounts and takes advantage of the access that the account provides in order to do its damage.

Users should use the administrator/root account only for those tasks that require elevated priveleges. For everyday work, users should use a "normal" account with regular user privelege.

6. Be Careful Opening E-mail Attachments

E-mail attachments are the most common way in which viruses are propagated on the Internet. You should never open an e-mail attachment unless it comes from someone you know and you are expecting it. An attachment coming from someone you know is not sufficient proof that it is ok to open; most of today's viruses and worms use a compromised address book to find new targets.

As a side note, some e-mail software (e.g., Outlook) might automatically execute some attachment types when you preview a message; this feature should be turned off, if possible. Outlook and Outlook Express are among the worst offenders in this regard; consider using another e-mail client if you can.

If you have a wireless home network, be aware that anyone with a wireless network interface card (NIC) within a few hundred feet of your house might be able to hop on to the Internet via your access point (AP) — and, possibly, look at any open shares on your home network since the intruder is on your home network.

To provide some basic security for your home wireless network, consult the manual for your wireless access point (AP) and:

1. Change the Service Set Identifier (SSID) — also referred to as the network name. The default SSID is usually the name of your AP vendor (e.g., linksys or d-link).

2. By default, most APs come with encryption disabled. Use the following encryption methods, in preference order, if available:

1. Wi-Fi Protected Access, version 2 (WPA2)
2. WPA
3. Wired Equivalent Privacy (WEP)

Using encryption will require configuring your AP and all of the wireless NICs attached to your network. It will also prevent others from accessing your network and using your Internet service.

3. Turn on medium access control (MAC) address filtering. To use this feature, you will need the MAC (or hardware) address of every wireless NIC on your home network.