Over and over again I am asked about securing home and small office/home office (SOHO) computers.  YES!  The answer is YES, every computer that connects in any way to the Internet needs to be secured.  Not doing so allows others to peer into your system and data, lets it get infected at which point it will often infect others that do not take the precautions I will attempt to explain in this article.

Install a firewall.  Many of the viruses, worms, and other nasties could be prevented by stopping them at the gate.  There is no excuse for not having a firewall when there are many free and inexpensive software firewalls available.  I love to enable the pop-up notices when installing a firewall on someone's computer just to see the look of astonishment when they are popping up faster than can be clicked away.  Needless to say these notices get turned off real soon!  Most software firewalls allow  notices of internal activity that attempts to contact the Internet.  Configuring this option allows notice of spyware or even legitimate software trying to contact the Internet.  Examples would be programs that check the company's site for updates and bug fixes.  That isn't necessarily a bad thing, but it is still nice to know. 

Even if there is a router in place to share an Internet connection it is still recommended to have a firewall on the computer.   Routers are often mistakenly referred to as firewalls.  Routers that share broadband Internet connections, such as Cable or DSL, allow one network (the Internet) to communicate to another network (the home or SOHO network).  They will prevent some malicious activity that does not know how to traverse a network gateway and they do stop nuisance traffic but routing is not securing.

Combining a router with a firewall is getting the best of both worlds.  The router can prevent some traffic as explained in the previous paragraph and the firewall will catch what is left.  This also takes the traffic further away from the system being protected.  Software firewalls that are installed directly on the computer meant to be protected means that the network traffic is not getting stopped until it actually gets processed by that computer.  That's too close for comfort if the highest levels of security are required.

Anti-virus software is a must.  No matter  how carefully a router and firewall are configured, legitimate network traffic can carry a nastie as a payload.  The media can print front page headlines about a new e-mail that has a virus attachment, yet it still gets opened by people living under a rock or perhaps carelessly by someone plowing through hundreds of e-mails upon a return from vacation.  Best practice - never open an attachment unless you are expecting it and then only do so if anti-virus software is installed and up to date.

Spyware is not looked upon by many anti-virus companies as a virus, though this perception is changing.  Not cleaning a system of spyware can lead to performance degradation to the point that it may barely be able to boot.  It can also allow your computer usage to get reported to tracking companies so they can sell your information to spammers.  This paragraph will get repetitive of another link at schmahl.net so the discussion of spyware in this page will end here.  Please read the Spyware Info page for more information.

Keep the Operating System patched.  Microsoft OS's are the most widely used by the audience reading this page so we will not get into any OS wars here.  Simply put, Microsoft is the most widely used desktop operating system so of course there is a huge target placed on it.  A lot of blame is placed on Microsoft for the users' lack of diligence.  Some of the recent worms would have been rendered DOA if a patch for a previous problem would have been installed.  In one case Microsoft issued a patch several months before a worm's relentless attack.  All it takes to keep a Windows system patched is to open Internet Explorer, click Tools --> Windows Update and follow the instructions.  XP makes it simple by allowing for automatic updates by opening "System" in Control Panel.  Then, on the Automatic Updates tab, check the box "Let Windows keep my computer up-to-date.  It's that easy!

"Blame not the tool for the incompetence of the carpenter".  Think about it.  All of the tools discussed as well as the time and money spent on them mean little if they are not kept up to date.  Keep your firewall software up to date, keep your anti-virus up to date, update your spyware removal utility, update your OS, keep it all up to date.  It really is not that hard.  Configure the tools to automatically update themselves, make a reminder, whatever it takes, just KEEP IT ALL UP TO DATE!

This link has a great checklist that should be included with every new computer purchased.  Review it, print it, and put it into action.

Useful Links and Further Reading:

http://www.schmahl.net/spyware.php

http://www.schmahl.net/everydaysw.php

http://www.securityfocus.com/columnists/220 - A Home User's Security Checklist for Windows

http://www.teamanti-virus.org/rules.html - Ten Rules of Common Sense Computing and virus defense

http://www.cert.org/tech_tips/before_you_plug_in.html - Before You Connect a New Computer to the Internet

http://www.cert.org/homeusers/HomeComputerSecurity - Home Computer Security

http://www.microsoft.com/security/protect/default.asp - Microsoft's 3 steps to protect your PC

http://www.giac.org/practical/gsec/Andrew_Baker_GSEC.pdf - Connecting Your Home LAN to the Internet

http://www.ultratech-llc.com/KB/?File=PFirewalls.TXT - Personal Firewall options

http://www.personalfirewallday.org - Personal Firewall educational page

http://www.pedestalsoftware.com/products/se/downloads/webscan/index.asp - Online test of your computer for patches and hotfixes

http://secunia.com - A nice one-stop shop of the latest viruses and security advisories.

Click HERE to mail this document to someone.