The Internet is a hostile place to be an undefended computer. Put a computer with a fresh install of WindowsXP on the net without patches or a firewall and it will be infected with virii and spyware within minutes without you even loading a web page. In order to protect your computer in such a hostile environment you have to construct a mulit-layer defense for your system. Each layer serves to protect your computer from specific attack vectors and back up the other layers should they be compromised. Lets take a look at each layer.
The Outer Layer - the Firewall.
A firewall is a device or piece of software that monitors network traffic. It then decides whether or not to allow that traffic onto your computer. Firewalls can be divided between being hardware or software. A hardware firewall is a physical device separate from you computer. In the home it is often a home router. A router is a device that direct packets through different segements of a network. Specifically the home router bought at your favorite big box computer shop is used to allow multiple computers in your home to access the Internet with the single IP address assigned by your ISP. To do this your router uses a process called Network Address Translation (NAT). It works like this. When you connect your computer to your ISP's modem it is assigned a public IP Address. A router sits between the ISP modem and your computers and assumes that IP address. It then assigns a private IP address (the difference between public and private addresses is that a private is taken from a range of addresses that are not allowed to travel over the Internet) to each computer. When you access a web site your computer sends out a packet of data with the private address on it so the website knows where to send the webpage to. Your router intercepts that packet, strips out the private address and replaces it with the public address. The router sends re-addressed out over a port and keeps track of which private address is associated with traffic over that port. When the website replies it directs the return packets to that port and the public address. When the router detects a return packet it checks to see if it is expecting a packet from the IP address the packet comes from. If the router is expecting a packet from that IP address it strips out the public IP address and replaces it with the private IP address associated to the port it was received on. By assigning different ports to different streams of traffic multiple computers can share the same public IP address.
Now I'm sure you thinking "How neat, but what does that have to do with firewalls and keeping my computer secure?". What keeps your computer safe is the NAT function of the router. On the Internet computers infected with virii and spyware are probing IP addresses for open ports. When the router receives a packet from an unexpected IP address the default action is for the router to drop unexpected packet and the hostile computer never even knows your there.
While there are other types of hardware firewalls for the typical home user a router is sufficient, cheap, and easy to implement. The advantage of a hardware firewall over a software firewall is that as separated device all the computers go through it protects your entire network. Since it is not running on an client computer it is more difficult to next to impossible for a malicious program to shutdown. The disadvantage it is easy for a hardware firewal to keep malicious programs from getting out once they are on the network.
If your a geeky type of person with an old computer lying around you may want to build your own hardware firewall. All you need is an old computer with two NIC's in it. You then install a software package such as Astaro or Smoothwall on it, connect it up between your modem and switch, and you have your own firewall device. The advantage is that it gives you a greater level of control over your network traffic. The disadvantage is it requires considerably more electricity to run an old computer than it does a router. While it is kind of a fun project (if your into that sort of thing) for most users it is overkill.
A software firewall is a firewall program that runs on your computer. It inspects the network packets and decides whether to allow it or drop it based on its management rules established by the user. All modern operating systems come with a software firewall built-in and on by default. You may want something better than the built-in firewall though. Kerio is highly recommended free firewall from Sunbelt Software. There is a paid version that offers more advanced funcitonality but the free version is sufficient for most users need. Another recommended free firewall is Comodo. Software firewalls have an advantage over hardware firewalls in that they can monitor outbound traffic and prevent unauthorize programs from getting out on the net. Software firewalls have two big disadvantages. The first is they can be quite chatty. Especially when you initially set them up they pop up messages for every little thing to see if you want to allow it or not. Since most people do not even know how to identify what shouldn't be allowed they fall into a fatigue just allowing everything and negating their advantage. The second disadvantage is because the reside on the computer if a virus gets on there the virus can shut the software firewall down.
Now your probably asking should I have a hardware firewall or just a software firewall or why not both? Personally I recommend just using a router as a hardware firewall. The job of the firewall is to keep stuff out and the router is supremely good at that. The ability of a software firewall to block outbound traffic a debatable benefit in my opinion. It is great if I'm looking for something. However, if I'm looking for something that probably means my system has already been compromised and a good chance the firewall is being bypassed. I don't see a value in spending CPU cycles and memory to run a software firewall if I'm already behind a router. The only time I run a software firewall is when I am travelling and placing my computer on a strange network. Even then I just use the firewall built into WindowsXP.
If your interested in seeing how good a job your firewall is doing check out Shields-UP at GRC.com. Shields-up will probe your public IP address and report if it finds any open ports that leave you vulnerable to attack.
The Middle Layer - Software
All right you've put your computer on the Internet and you have protected it from the flood of malicious traffic with a firewall. Great your computer is now secured on the Internet. Well so long as you don't actually do anything on the Internet. Wait you say you want to surf the web and read your email. Well make up your mind do you want a secure computer or to surf the web. BOTH?!? Boy, you just want it all don't you. Well, ok here is the problem with email, surfing the net, chat, whatever else - your now bringing down code to be run on you computer and not all of it is friendly. The trick is making sure legit code can run while preventing malicious code from running. There are two types of software that is involved in this: applications and immunization software.
I'm first going to address the applications. This is the software that is actually to let you interact with the Internet. For most people this consists of the web browser and maybe an email. For most people that means Internet Explorer and Outlook Express. The main reason that you do not want to use these as your main application is because they are so widely used. The malware business is big money and if you want make the most you focus you efforts on cracking what most people are using. So, if you want to protect yourself use something else.
Moving on to the email client. Again I turn to Mozilla. Much for the same reasons you want to use Firefox that I recommend you use Thunderbird. Thunderbird is an email client designed to replace Outlook Express. It takes a number of steps to protect you while reading your mail. First it prevent remote images from loading. Second it has built in learning filters to remove spam. Third it will attempt to warn you if it thinks your clicking on a link that may be a phishing site or some other form of scam.
By using Firefox and Thunderbird we reduce vulnerability while surfing the web. That said it is still possible for malware to get on to your system. There are many exploits that do not care what browser or email client you use. For that matter there are many other applications you probably want to access the Internet with. Perhaps a chat client like Pidgin . Maybe there is a program you want to download. All of this can be a vector for allowing malicious code on to your system. The next application I'm going to recommend is designed to be a safety net for just such an occurances. The name of the program is Sandboxie. Sandboxie sets up a virtual environment called a sandbox for you to run your applications from. Basically when a program is run in in the sandbox that program is able read information from your hard disk but it writes changes into the sandbox. If you think you may have done something that has compromised your system all you so is delete the sandbox and start new one. No changes have actually been made to your system. The problem with using a system like Sandboxie is you have two systems to keep track of. This could be confusing for some and result in data loss if your not careful.
Another way to surf more safely is to use a program like DropMyRights. Most WindowsXP run as an administrator. This means they can do whatever they want with the computer. It also means the programs they run can do whatever they want as well. DropMyRights is a program that lowers the access an Internet-facing program (a browser, email client, chat client, etc) has to your system. Lowering the access often prevents malware from being able to do what it needs to do in order to harm your system.
Using these programs can greatly reduce the chance that something may get on your system where it can do any harm. However, that doesn't mean it is impossible. This is where immunization software comes in as your next line of defense. Immunization software is software that functions like your bodies immune system that it is designed to watch, inspect, detect, and prevent malware from getting on the computer and remove it if it does. The two primary types of software in this category is anti-virus software and anti-spyware software. To be honest there is very little difference between the two types of software except for what it looks for. They both operate on the same prinicple of looking for signatures to identify a file as possibly being infected with the type of malware it is looking for.
What should you look for in selecting an anti-virus program? First you want a program that is a memory-resident real-tme scanner. That means when you boot up the computer it loads into memory and inspects files as they are loaded and executed. Second you want a program that has an email scanner. Basically when you receive email it should be scanning that email as it comes in. At the very least you want it to scan the attachments you open. Third you want it to automatically update its signatures. New virii are found every day. If your signatures are out of date then you are vulnerable to ever evolving new threats. The biggest factor in choosing anti-virus software is whether to pay or use one of the many free versions out there. The truth is the best anti-virus software are the paid software. They have a higher detection rate and better support. Personally I recommend Nod32. It is a light resource yet very effective program. Another highly recommended for-pay antivirus package is Kapersky's Antivirus .
Ok, you may be wondering why if commercial programs provide the best protection would you use the free product. I'm cheap and it is free. They are also nearly as good at detection as their commercial brethen. So what do I recommend? Personally I like AVG Free from Grisoft. Another popular free anti-virus is aVast. Now it is a fact that neither of these programs are not as effective as commercial programs in detection. One way to cover for this is to regularly use an on-demand scanner. A program recommended for this purpose is BitDefender Free. What makes BitDefender an ideal application for this task is that it does not have a memory-resident monitor. Basically you only want one anti-virus package actively running. Trying to run more than one will cause trouble that can crash your system. Since BitDefender is only for on-demand scanning it makes it a good secondary defense screen. You can of course use any anti-virus package for this purpose but make sure you disable the memory-resident components. Another option for on-demand scans is to visit the websites of anti-virus vendors who will do online virus scans. Here is a list of online virus scanners .
Like antivirus software the best antispyware programs are commecial products. Highly recommended commercial products in this category CounterSpy from Sunbelt Software, Webroot SpySweeper, and Spyware Doctor .
Like antivirus software you can create a nearly as effective defense by combining a free real-time scanner with the use of free on-demand scanners. For a real-time scanner I use Microsoft's Windows Defender. Descended from Giant Antispyware it provides reasonable real-time protection from spyware. It can be a bit resource heavy but it shouldn't be a problem for relatively modern machine. I haven't tried it but Spyware Terminator is reported to do a better job of spyware detection than Windows Defender. It has the advantage of not subjecting you to a Windows Genuine Advantage check and will work on versions of Windows down to the 9x series. It is reported to still cause a resource hit on your system but not as bad as Defender.
Recommendations for an on-demand spyware scanner include two old guard programs and one relative newcomer. Ad-aware and Spybot Search and Destroy are two programs that have a lot of history and one time were the two best in the field. Unfortunately, they seem to have lost a step or two and are no longer considered the top-tier packages. That said long as their signatures are kept up to date they are still excellent choices for on-demand scans. Relatively new to the field of antispyware is AVG Antispyware . I say it is relatively new because AVG Antispyware is actually the latest incarnation the up and coming eWido Antispyware which was bought by Grisoft a while back. Since they are free I recommend periodically running them all from time to time. Like antivirus software though you only want to run one real-time monitoring program.
The Inner Layer - Protecting the OS with Patches
The firewall protects your system by keeping malicious traffic off your network. By using safer applications and immunization software we reduce the chance of malware from getting on your system. Although this goes a long way to protecting your system, malware writers however are constantly developing new methods of getting past these defenses. If they can get past your defenses then they are looking for a specific vulnerability in your OS to exploit. This is where patching comes in. When the OS maker identifies and fixes an exploit they release a patch. For Microsoft Windows this happens the second Tuesday of every month. It is important to apply a patch almost as soon it is released because malware writers often learn about the vulnerability by looking at what was patched. They then release malware based on catching people who have not patched their systems.
Forntunately it is pretty easy to keep a system up to date with patches. For Vista and WindowsXP all you have to do is turn on automatic updates . Once turned on Windows will automatically keep you up to date with the latest patches and updates.
Unforntunately, the OS isn't the only thing that needs patching. As it becomes more difficult to attack the OS, hackers are turning their attention to popular application like the Adobe Reader, iTunes, and Office. It is important to keep all your software up to date especially if it is an Internet active program. The Secunia Personal Software Inspector (still in beta, you may want to just use the Secunia Software Inspector online scanner) will check your applications and let you when know when new updates are available.
The Key to it All - You
All right, your computer is protected by a firewall keeping out malicious traffic. Using safer applications and immunization software reduces the chance of malicious code from getting on your system. Patching your OS and applications eliminates known vulnerabilities malware might exploit. Surely your covered and your system is safe now. Sadly, there is still one major vulnerability just waiting to destroy your system - YOU. Yep it is your behaviour on the Internet that presents the biggest threats to your computer system. The truth of the matter is that many computer experts use IE, don't run antivirus or antispyware. do not use a software firewall and never have an infection. So, what is it they are doing that you are not that keeps their systems malware free? Basically they all follow some variation of the following rules:
1) Keep your system up to date . We've already discussed this and it is something everyone should do.
2) Be careful where you surf. Most infections start by visiting a strange websites. Consider using the plug-in from McAffee Site Advisor which will append a safety rating to search results.
3) Only download software from trusted sources . Avoid downloading plug-ins from strange sites. Just because a pop-up says you have to install something doesn't mean you do. Only do it is a trusted reputable site.
4) Only download attachments or click a link in email if you are expecting it . Did your bank send you a link for you to log in with? Did you friend send you pictures of a nude Anna Kournikova? Probably not. If it has come from out of the blue do not click or download.
5) Do not install a program unless your sure it is safe. Even if the program comes from a friend on a USB key consider having it uploaded to a service like JOTTI or Virus Total which will scan it with multiple anti-virus scanners.
6) Always use a Firewall - at home I advise using a router even if all you have is one computer. When travelling make sure you turn on a software firewall before connecting to a strange network.
Following these rules will do more for keeping you safe than almost anything else in this article. That said I do recommend following all that I have laid out. Like I said the layers are meant to cover and reinforce each other. If one layer is compromised then the other may still protect you. In the case of you if forget a rule then at least you have chance of the rest of your system protecting you.