MinimalDesktopSecurity

From MissionTechWiki

Intro

These days it isn't enough just to have a virus scanner on your PC. There are many other threats out there to your computer. These threats don't just affect Christian missionaries, so this is pretty generic stuff, and you can probably find other useful references on the net.

This is not going to be a step-by-step guide. The aim is to help you understand the minimal requirements for securinng your desktop in a mission environment. If you need that I suggest you get some help from someone who knows what they are doing. You want this stuff to work. However I will try and explain why we need to install these tools and suggest which ones to use etc.

Talk to your organisation's computer folk to find out what your standards are.

Unfortunately all this software is going to slow down your computer a bit, hopefully not too much. But that is the price of security in today's connected world.

Malwhat?

Malware is a term used to describe a whole lot of nasties, including software viruses, trojans, worms, spyware, popups etc. Some you get in email, like viruses. Some you pick up by installing software (including those helpful programs that ask to be installed when you visit a site so you can search better...). You can avoid getting them to some extent by being careful where you go on the web, but if you aren't protected you will get infected Never install software unless you are sure you know where it comes from and that they are reputable.

Some of the more expensive virus scanning software now will scan for these sort of programs, and if that is the way you want to go, fine. However if you are on a budget, then there are some free programs which are useful.

Keep your system patches up-to-date

If your computer is managed by computer staff in your office talk to them first before enabling automatic updates. They are responsible for managing your system.

If you are responsible for your own machine (at home, on the field or your own laptop), then enable automatic updates for your operating system and major software. This will mean that you get the latest updates from your vendor including fixing security problems.

For MS Windows

Windows Update: [1] Office Update: [2] If you are not on a broadband link and you need the XP SP2 bundle then you probably want to request the free CD from [3]

Dealing with Malware

AntiVirus

A good virus scanner is mandatory. It is best to get one that scans your email as well as files. Your organisation will probably have a corporate license with one, so find out who and how much you will need to pay (possibly nothing). It is best to use the standard one for your organisation so that you can get support from your organisation.

The "big three" in freeware anti-virus scanners are AVG, AntiVir and Avast. All of them work reasonably well. I use AVG (the paid version) on my own machines, and have no problem recommending the free version. I haven't played much with Avast, but it has a good reputation. For AntiVir, I've played with it a little bit, and it seems to work fine, but it's not great on lower-end hardware. AntiVir tends to be popular among German-speakers, because it originates in Germany, and has good German support (including user interface).

If you are still looking for one, and you need to use a free one then AVG is free for personal use. ^Anti-Virus FREE Edition is for private, non-commercial, single home computer use only.AVG Anti-Virus FREE Edition is not intended for non-profit organizations. They have discounts for non-profits.^

virusprotectio.html avast also provide a free virus scanner for home users that do not use their computer for profit.

Make sure that you respect the licenses of these products and pay for licensed products if necessary.

Also ensure that once installed that you:

1. Keep the virus signatures up-to-date
2. Run regular scans of your disk.

If you are really pedantic you might want to have multiple virus scanners so that viruses that one doesn't detect may be detected by the other. But that is usually unnecessary.

As a general thing, it's good to not try to look for an all-in-one product that's good against both viruses and spyware. They're different classes of threats, and expertise in one area doesn't mean expertise in another. To this end, I generally discourage use of suites, including Norton Internet Security, and ZoneAlarm's suite. In the same way, Kaspersky is a very good anti-virus, but its spyware scanning is only so-so, and frequently scares non-technical end users by reporting spyware infections as viruses.

Norton's tools have a bad reputation for causing performance problems on machines and being hard to remove, and then not finding all problems. Go with best in class rather than suites.

Spyware

Spyware generally includes

• trojans, which provide remote access to your computer,
• key stroke loggers which copy your keystrokes and send to someone
• general spy software that watches wher eyou go and reports to someone, even for fairly harmless research,
• popups - programs that generate ad popups (some of these just happen anyway when you surf the web, but these are more problematic and aren't really web site related). Some of these sell themselves as helping you search the web, and maty be affiliated with less well know search engines.

As stated above, some virus scanners are starting to deal with spyware in the paid versions, but there are also a number of free tools out there (with paid for upgrades). The popular ones are:

• SpyBot which is a scanner that will seekout and repair spyware. This includes having to change the Windows registry at times. The free version can run continually but you must run scans manually. It will automatically check for updates. The teatimer monitors running processes so can detect new spyware starting.
• Likewise Ad-Aware (not to be confused with Adware) also scans your systems and removes nasties. You will need to manually look for updates for this one.

Install 'both Spybot and Adaware' and regularly run scans. They will pick up different spyware.

In a case of a machine with lots of infections, the route I would go is with a tool called Hitman Pro -- Hitman is distributed by a Dutch site, and when you install it, it downloads virtually every freeware and demoware spyware scanner that there is. Thus, by running everything available, you get the most thorough possible spyware scanning.

One freeware tool that's effective, but not necessarily something for non-technical end users is Merijn's Hijack This -- it's good at finding (and logging) extreme problems. Another Merijn tool is CWShredder, which is a defense against a particularly insidious group of spywares (there's a number of variants) called "Cool Web Search" (or CWS). CWS is primary a browser hijacker (which sets your browser home page to CoolWebSearch.com), and is especially difficult to remove.

Once you've gone through all the possible variants on spyware scanning (and cleaning), things that can help to prevent reinfection:

• Microsoft's anti-spyware tool. This one is based on the same code as is used with Sunbelt Counter-spy. Although it does some cleaning of spyware (and among paid products, CounterSpy is one of the best), it tends to be better at preventing spyware from installing. The primary reason I don't use the Microsoft tool is that it requires that Windows Genuine Advantage be installed, and I don't want that on my machines.

• Spyware Blaster. Blaster keeps a catalogue of known sources of spyware, including domains, and names of Active/X scripts that are known to deliver spyware. Blaster places these in the restricted areas of Internet Explorer configs. Blaster also prevents use of tracking cookies. If you use a Mozilla browser, Blaster is still useful on tracking cookies, even if Active/X scripts aren't a problem.

Fix Internet Explorer

You need to update your security options so that all actions to load ActiveX are disabled, and trusted sites include the microsoft download site. See this guide to find out how.

Better still use a web browser that is security aware such as Firefox.

Spam

Ahh, what to do about Spam. This is a bit more optional. Hopefully your mission will provide you with an email address which is already filtered for spam. That will be great. If not, then I suggest Popfile which is a Bayesian filter which will learn what you consider spam and what you don't. In fact it can learn what email you consider to be work, or family or whatever.

Firewalls

Another necessary piece of software to run on your laptop or desktop, 'especially' if you ever are connected to the big bad internet directly by phone, wireless or broadband, is a personal firewall. You should also have the latest patches for your operating systems (Windows) applied to your computer, which will minimise the ways that attackers can get into your computer.

A firewall will essentially block hackers from attacking your system. Personal firewalls generally alert you when something strange happens (in fact they won't tell you when you get probed or scanned, because that happens 'so often'). They also usually note which programs are running and ask permission to let a new program access the internet (in case it is spyware). They can learn what you allow out.

I generally use ZoneAlarm Free Edition for personal use. Note that there used to be an issue with Norton AV email scanning and ZoneAlarm 5.0, but they seem to have fixed that. Alternatives are:

• Agnitum Outpost Free
• Kerio Personal Firewall Free for personal use.
• Sygate Personal Firewall - free for personal use.

Do you really need a personal firewall?

Do you need a personal firewall if you are always connected to the internet via a firewall? It probably isn't quite as necessary, but is still helpful (and if you are using a laptop then you will need a personal firewall, otherwise why do you have a laptop?). If you are connected to broadband using a cheapish router with NAT firewall, it is still technically possible to sidestep the NAT firewall, so having a personal firewall on you machine will give you added protection. If you work in an office then you will also protect your machine from any attackers who may get into your network (other staff??). BUT if you have computer staff in your office 'please' talk to them first. You will need to make sure that file shares etc are available as required.

Basically a personal firewall will help protect you for silly misconfiguratons of your computer (and other firewalls). It ill stop the world seeing everything on your computer if properly configured.

However, since personal firewalls are still software packages on your computer, they can be circumvented.... If you have a broadband connected invest in a good SPI hardware firewall router.

Links

Some helpful web pages that useful when fixing or preapring to deal with Malware

• Spyware/AdWare/Malware FAQ and Removal Guide
• Majorgeeks Spyware Support Forum

Original page: http://www.missiontech.info/wiki/MinimalDesktopSecurity
from the MissionTech Wiki created by the International Conference on Computers and Missions