The antivirus company Sophos reported last week that it sighted 959 new viruses and worms on the Net in May. Some of them, like the Sasser worm that infected a million or so computers, connect to idle home desktops, rather than arriving as e-mail attachments. Others aren’t viruses but sneaky “spyware” that’s bundled with popular programs like KaZaA. Sophos also claims that up to a third of spam is sent by PCs that have been infected with remote-control programs that can turn a computer into a spammer’s zombie slave.
Figuring out how to secure your PC from these threats can be daunting even for serious gear-heads. Magazine articles like “78 Ways To Bulletproof Your PC” are 75 more than you should have to deal with. Tech blogger Dave Winer—a software architect who was tinkering with computers before most virus writers were born—proved that the problem afflicts more than newbies last month when he accidentally zapped himself with spyware, then spent days documenting his attempts to get rid of it. The costs add up fast, too. No one program protects against everything, so it’s easy to spend more than $100 on second-rate software and still get infected.
So I whittled the world of options down to three steps that, on most PCs, can be done in less than 20 minutes. (Once you’re done, you’ll need to run some programs that take longer than that, but there’s no need to sit and watch.) Just as important, they’re all free, thanks to a mix of promotional offers and hacker idealism. Some of these instructions might seem obvious, even dumb, but I was surprised to find that many of my friends’ PCs had missed one or another of them. Any computer user who got hit by the Sasser worm hadn’t bothered to do the second step. Do all three, and you’ll be protected against the most common infections and still be left with time and money for lunch.
1. Set your browser and e-mail security. Nowadays, the most common Web browser and e-mail clients—Microsoft’s Internet Explorer, Outlook, and Outlook Express (Disclosure: Microsoft owns Slate)—are configured by default to be secure. But if someone else has used your PC in the past, or if you’ve idly poked at the configuration menus, you may be automatically downloading viruses without realizing it. All three programs contain features that automatically download and run software on the Windows operating system, including viruses.
Internet Explorer is easy to fix. Start the browser and select the Tools menu. Click on Internet Options, and a dialogue box will pop up. Click the tab labeled Security. Select the content zone labeled Internet, then click the button marked Default Level. Most likely it’s already set that way, but this will ensure that your browser won’t download and install any programs from Web pages without prompting you for permission first. I can’t think of a single downside to this.
To make virus attachments in your e-mail easier to spot, follow About.com’s simple instructions to set your computer to display file extensions. (If you’re doing this on an office computer, don’t be surprised if your system administrator has already done it.) Hiding file extensions was meant to make file names less daunting for novices: Instead of “report.doc” and “installer.exe,” they’d see “report” and “installer,” with the different file types designated by graphical icons rather than jargony file names. But virus writers quickly figured out that if they named an e-mail attachment “report.doc.exe,” though, it shows up onscreen as “report.doc.” Showing the full file names outs the two-extension trick.
These settings make viruses and spyware easier to spot, but they don’t kill them. You can still click your way to an infection if you’re not paying attention. The MyDoom virus used extra-tricky file names like “document.htm (lots of spaces here) .pif.”
2. Get Microsoft’s security updates. Most viruses and spyware take advantage of security holes in the Windows operating system. Microsoft has set up an automated security upgrade site at microsoft.com/protect that will guide you through three ministeps of its own to fix the most gaping holes in the company’s software. You can print out the instructions, but unless you want to learn more about how your PC works, take the automatic route: Tell the site to reach across the Net and configure your PC for you.
If you have Windows XP, the upgrade will turn on your built-in firewall, a program that works as a sentry to block most malicious attempts to connect to your computer. If your computer is on an office network, or if you’ve set up a home network for several computers, you probably already have a firewall running on a router or gateway between your local network and the rest of the Internet. In that case, don’t turn on XP’s firewall. It may prevent you from sharing files and printing between computers, as detailed in this tutorial.
If, like most PC users, you aren’t running XP, the site links to special discount offers on firewall software. Choose Computer Associates’ free 12-month trial of the company’s EZ Armor program, which works more or less as well as any of the others. One caveat: The EZ Armor firewall may block some legitimate connections you use, particularly P2P applications. You can usually find instructions to fix this by Googling for “bittorrent firewall port,” “KaZaA firewall port,” or “[whatever the name of your file-sharing program is] firewall port.”
Next, the site will enable Microsoft’s automatic upgrades for all currently supported Windows versions. (Windows 95, 98, and NT are excluded.) Many people, including me, turned this feature off on XP a couple of years ago because it seemed like Microsoft was installing new game software or some other frivolous application every week. Microsoft’s upgrades are less frequent now, and they’re more focused on plugging security holes.
Finally, the site will direct you to a list of special offers on antivirus software. If you didn’t take the free year of EZ Armor already, take it now for the antivirus software bundled with that firewall you might not need. PC Magazine reviewed EZ Armor and found plenty of shortcomings, but for free it’s hard to beat. It’ll meet your basic needs for the next year, giving you time to shop for other alternatives if you’re so inclined (or to wait for another free offer from a newer and better application).
3. Check for spyware. Spyware programs (alternately called “trojans,” among other names) aren’t usually built to spy on you but to serve you targeted ads as you work. But some trojans can pilfer personal information or set up remote access to your PC for spammers or crooks. EarthLink recently reported finding a shocking average of 28 such programs installed on a random sample of its customers’ machines. No one antispyware program catches them all, but a combination of Ad-aware and Spybot Search & Destroy makes for a pretty thorough sweep.
That’s it, you’re done. These three free steps won’t make your computer 100 percent attack-proof, but they’ll protect you from most of the annoying infections already out there. They would have protected you from all of this year’s worst viruses—SoBig, MyDoom, Sasser, and its upcoming variants—as well as most of the spyware hiding in Web pages and software packages. What’s more, their automatic upgrades will protect you against newcomers in the future. When the cable networks start blaring about the next virus or worm, you can confidently turn the channel.
