Let's start with the scanner problem addressed on the Computer Disaster Prevention page. Steve Gibson of Gibson Research has a computer career that spans decades. His name is well known among computer professionals and I highly recommend running the free tools you can find on his Gibson Research web site. The ShieldsUP! utility will test your vulnerability and provide a report.
I strongly encourage you to read his articles that accompany the ShieldsUP! utility, especially #3 Am I in Danger?, but all of them will provide an excellent understanding of the need for security.
If you do not have a firewall on your computer, or don't even know what that is, you need one. Firewalls will close the vulnerabilities mentioned previously that scanners look for. It allows you to run stealth mode on the Internet so you are virtually invisible to attackers.
To learn more about firewalls, I would again direct you to the Gibson Research web site.
Most people seem to understand the concept of physical security really well. Locking doors, hiding valuables, changing locks when someone should no longer have access, and not leaving your keys in the ignition, these are things we all live with and consider normal.
Logical security, and the threat posed by technology, is not as well understood. Your attitudes and understanding of the issue are an important part of defending yourself. You need to think of computer security with the same attitude as the precautions you take in the physical world.
Unlike the physical world where you leave the lights on to discourage a thief, cyber attackers can get in during “broad daylight” unnoticed. They can use the equivalent of a battering ram, which in the real world would attract attention for the noise alone; but in the cyber world, we can remain oblivious to it. This is a world where a thief can walk up, grab your wallet, take anything they want, give you back an empty wallet, and you never realize they are there, nor do you usually notice the missing contents from your wallet.
It helps to understand the reasons for taking certain precautions. These precautions are the cyber equivalent of taking the keys out of the ignition. Most of us are so accustomed to doing this that we seldom stop to think of what a pain it really is. You have to dig in your pocket or purse, fumble through them to find the right key, and put it back in the ignition next time you want to start the vehicle.
We all understand the risk of leaving keys in the ignition, but when it comes to computer security, most users opt for convenience and make themselves far too vulnerable to those looking to exploit their lack of precaution. The problem seems to be the “out of sight, out of mind” principle. Changing your attitudes, and understanding that unseen cyber threats are just as real, will help you realize that precaution is worth the effort.
If you read Steve Gibson's articles, you will recognize this next point. I feel compelled to include it here because of the importance to security.
I am recommending you do something that is not fun, it is even a nuisance, but it is wise to use passwords. Passwords are the keys for the ignition. Then be careful to protect those passwords. Here are some principles to remember about passwords:
Passwords must NOT be something you can find in the dictionary. Software called password crackers can break simple passwords in a matter of minutes while you don't even realize an attacker is there with a battering ram breaking the door down to get in.
Passwords with characters next to each other on the keyboard (e.g. QWERTY12345 or !@#$%^&) are not secure either. Password crackers will automatically check these.
Use a combination of letters, numbers, even symbols and make your password at least 8 characters long. Letters used in a password should be both UPPERCASE and lowercase.
Use passwords that are easy for you to remember, but difficult for anyone to guess. Do not use pet names, birthdays, or other information that is too obvious.
A formula for passwords will help you remember them easier. Suppose you had a dog named Sam who ran away when you were 4 years old in 1965. Your password could be Sam!4dog1965. In case you're wondering, no, I do not use that as a password for anything.
Use different passwords for different purposes. It is OK to categorize them and use a few of them more than once for low security purposes, but using the same password on everything can be a huge security risk. All “high security” areas such as bank and credit card accounts should have unique passwords. For your email, and computer/network logon, these passwords should be completely unique and used ONLY for that purpose.
Do not put your passwords on a sticky note attached to your monitor, taped inside the top drawer of your desk, or underneath your keyboard. This is like hiding your house key under the welcome mat.
Change your passwords regularly, but not too often. Frequent password changes have resulted in users having less secure passwords. It is better to use good passwords that are secure for longer periods of time, than to change them too often with weaker passwords.
Notice I address security breaches that come from inside as well as outside. Unfortunately, the Internet is not the only source of risk. Disgruntled employees, prying eyes, dishonest personnel or visitors, even the seemingly harmless passerby, might steal your vehicle if you leave the keys in the ignition.
The best course of action is to take steps that keep attackers from gaining access to your computer. Firewalls and passwords are a good start. Network operating systems allow you to maintain tight control over who can access what, and what they are allowed to do once they access resources and files. I mention this as a reason to use network operating systems rather than to broaden the scope of this page to cover network security.
Even though the goal is to keep intruders out, there is no harm in taking a few precautions just in case they get in. Some intruders attack for the sole purpose of causing damage to your system. If they get in, good backups are your only defense. You can kiss your computer as you now know it, and anything not backed up, goodbye.
The most dangerous attackers have already been mentioned. These are the ones whose sole purpose is to commandeer your computer to frame you for their crime. They will make it look like you did it. This could range from the annoying practice of Spam, to something serious where you could be investigated. A firewall is your best defense, and I cannot overemphasize how important it is to have one.
Other kinds of attackers are looking to either steal, or just simply snoop to satisfy their curiosity. For these, your best defense is to apply password security on all files and folders which are sensitive. Backups can be password protected too.
In addition to password protecting, hide the files. Choose names for both the files, and the folders they are in, that are uninteresting. Avoid names like “My Swiss Bank Accounts.”
For this reason, you may want to reconsider using the My Documents folder which many programs will save files to by default. Use the Help files within the program to learn how to change the default folder it saves files to. This beats the tedious process of manually selecting the folder every time you save.
You can also rename the My Documents folder. In most cases, the programs set to use it by default will still find it after you rename it.
This next advice may not be as easy for you to accept, but it is a good habit to get into. Avoid putting all your shortcuts on the desktop. I am not referring to the program shortcuts, those are OK, they only launch your programs. Shortcuts to all the files and folders where you store your important stuff is a nice convenient access point. But what is convenient for you is all too convenient for an intruder as well.
If you are taking the precaution to hide your important files, don't undo your efforts by placing a shortcut on the desktop.
Don't let the recent documents list come back to haunt you if you are working on something sensitive. I am referring to the wonderful shortcut located on the Start menu that lets anyone launch a recently accessed file without having to know where it is located.
To clear this list, hit Start, then Settings, then Task Bar & Start Menu. Select the Start Menu Programs tab in the Taskbar Properties window and click the Clear button in the Documents menu section.
If your computer is in an environment where it can be easily accessed by unauthorized users after an authorized user has stepped away, a simple adjustment can require that a password be used to gain access after the screen saver has activated.
Right click anywhere on an open area of the desktop. Choose Properties from the popup menu and select the Screen Saver tab on the Display Properties window. Activate the Password Protected checkbox and select the appropriate number of minutes before a screen saver kicks in. Once the screen saver kicks in, the only way to gain access to the computer is to enter a password.
As mentioned above, the ShieldsUP! utility from Gibson Research is a great tool to test your security.
For antivirus and Internet security, check out Avast. A basic antivirus is free and provides effective virus protection. For added security, including a firewall as outlined above, the Internet Security option is a great choice.