Windows XP/Security Software

From Wikibooks, open books for an open world
Jump to: navigation, search

Antivirus[edit]

The cyberworld is full of threats to computer security. Among the most common are computer viruses.

Broadly speaking, a computer virus is a program that when executed attempts to "infect" other programs by modifying them (embedding a copy of themselves in the code) or by changing their execution path system-wise (so that a request to run program X causes the viral code to be executed too). Usually it stays active in memory, infecting programs run by the user.

Being self-replicating is damaging enough (they tend to clog the system's resources) but since virus writers are mostly malicious, they often include a payload - a damaging action triggered by an event the coder decided upon. The payload may cause data loss, damage to Windows' integrity and/or leakage of valuable information (passwords, email addresses, credit card numbers).

An active antivirus is a necessity when connected to the Internet, since some modern viruses (in the like of Sasser, MyDoom, etc.) try to exploit known security flaws (hopefully patched with a Windows security update... eventually) to remotely infect a computer without any user interaction.

Windows XP does not include built in antivirus functionality, but many products, free and commercial, exist to protect your computer in real time. Here is a short list of software that does the job.

Has an incremental update feature, ideal for slow Internet dialup connections
Bundled on many OEM PCs. A rather heavyweight suite of programs.

Trend Micro™ also offers a free web-based scan.

Keep in mind however that all antivirus products essentially do a best-effort attempt to recognize and remove "code patterns" in an executable that resemble known viruses (some also use heuristics and behavioral analysis to guess if viral activity is taking place). Therefore:

  • The viral definitions must be updated regularly for the software to remain effective
  • They cannot detect all possible viruses, so always use caution with unknown executables (consider the circumstances: e.g. if emailed to you from someone you know ask the sender anyway before opening them)

For more information on the various Antivirus products, and for test results by independent bodies, visit: AV-Comparatives and/or AV-Test. Also check the Sunbelt blog periodically, where clearly summarized results from AV-Test.org are published regularly.

Firewall[edit]

A firewall basically monitors and filters network activity directed to and from your computer. It is first of all a security concept which involves a security policy, software and/or hardware components.

  • By filtering Ping ICMP requests from the Internet (that mean "Is anybody there?") your computer will stay silent and hidden from hackers.
  • Malformed messages may cause undesirable behavior if, as usual, there are known glitches in the software to exploit.

The main feature of the personal firewalls (e.g. Norton, McAfee etc.) is to block open ports so that they cannot be accessed from the Internet. This allows you to deny suspicious requests. The (very basic) Windows XP firewall does this too, and versions after the Service Pack 2 update should be sufficient to protect most home users with basic needs.

Since software firewalls also check outbound traffic, they should in theory prevent Trojan horse programs that have breached the system from sending data to their creator. Unfortunately certain advanced malware is capable once in control of disabling specific firewalls (and antiviruses).

A hardware firewall is a physical device that interfaces two network segments. Most routers have one built-in that is sufficient for most home networks when used in conjunction with a good software firewall. If you need better security a dedicated firewall can be used (like Cisco Pix if the budget allows it) or for instance a Linux-based firewall system run on a older computer (e.g. IP-Cop).

Most hardware firewalls also support VPN (Virtual Private Network) connections and are capable of NAT (Network Address Translation), a feature that hides the real IP addresses of your network's computers from the outside world.

Some personal firewall programs (software firewalls):

Comodo's firewall has come to be regarded as one of the best free firewalls available by many experts. Having said that, it is more suitable for advanced users as it is highly configurable and produces more frequent warnings - which requires more decision-making by the user than other firewalls. Also included with the comodo firewall are a Host Intrusion Prevention System (HIPS) and a feature called "Clean PC Mode", which profiles a new PC and its applications and registers the existing applications as safe. From then on, only applications that are specifically allowed by the user, or those listed on Comodo's white-list of trusted applications are allowed to be installed on the PC.
  • Zone Alarm (Free. Commercial "Pro" version also available)
The Zone Alarm firewall is relatively easy to use, but it has become slightly bloated over time with tutorials, wizards, et cetera. It is an improvement over the Windows XP firewall though. Update: The Zone Alarm firewall now comes bundled with the Ask toolbar. This toolbar has been rumoured to border on spyware, and is produced by InterActiveCorp (IAC), which is a company with a dubious past. Although the former is open to debate, the option to install the ask toolbar is pre-checked during the installation of Zone Alarm, which in any case renders the ask toolbar foistware in many security analysts' view.

Unfortunately, these personal firewalls implement some features in a highly ineffective way (e.g. "stealthed ports") and some other security measures employed by them can be avoided quite easily, like ZoneAlarm's privacy protection.

Anti-Spyware[edit]

The term spyware refers to a relatively new breed of malicious software (that first came under scrutiny around 1999) that focuses on stealing personal information and valuable data for unsavory purposes like identity theft. (Adware is a slightly tamer version of spyware that tracks your web surfing and sends you targeted advertisement, usually in the form of popup windows.)

Spyware typically installs on a computer without the user's informed consent, either bundled with another program or by exploiting one of the many bugs of Microsoft's Internet Explorer (the mammoth web browser bundled with Windows) to perform a "drive-by download" on visiting a specially crafted web page.

Antiviruses and firewalls have a hard time with these programs. Once compromised the computer may be instructed to download more spyware. The user will then experience massive slowdowns and system instability.

To cut a long story short, prevention is the best strategy. The point is to try reducing your computer's "window of exposure." A passable, free solution could consist in the following programs that complement each other:

  • Ad-Aware (Commercial, free "Personal" edition)
Can fix most spyware issues. To enable preemptive blocking you would have to buy the payed-for version.
  • Spybot S&D (Free program distributed under a "Dedication License")
Slightly glitchy. Detects known malware using heuristics. It has several features (mostly accessible in "Advanced mode"). Useful ones are the 'Immunize' function, the download-blocker BHO, and a blacklist of "bad" URLs that can be added to your HOSTS file.

Note: to minimize the hassle of updating you can insert the following commands into a batch file (.bat or .cmd extension) (replace %SBPATH% with the installation path):

@echo off
CD %SBPATH%
SpybotSD.exe /taskbarhide /autoupdate /autoimmunize /autoclose

Consider also trying Microsoft's Windows Defender (freely downloadable if you use a "genuine copy" of Windows).

If you discover that you are heavily infected (with "advanced spyware" that self-repairs and/or kills known anti-spyware products), also consider if making a backup of your files, erasing your hard drive and reinstalling a clean version of Windows would be less time-consuming than trying to recover a completely compromised system.

Note[edit]

Beware of "rogue" security applications! Rogue security applications are programs that pretend to clean and protect computers from malware, when in reality they are themselves malicious. Visit Wikipedia's Rogue Software Article for more information on rogue applications. For a frequently updated list of rogue programs, visit: Spywarewarrior and Wikipedia's list of fake anti-spyware programs. As a general rule, stick to well-known and trusted security applications such as the ones mentioned in this wikibook.