No. of Recommendations: 54
Safety tips for home Windows computers Part 1

Backing up

What would you do if your hard drive became completely inoperative right now? Could you get your system running again? Could you get your documents and other data back? How about if your computer was destroyed in a fire, or stolen? What if a virus erases everything? (Even a virus that doesn't erase everything can be so difficult to remove, it's easier to restore your system from a recent backup — if you have one.) Backing up your data can be one of the most important steps you take.

There are two main types of backup programs. One type makes an “image” of your hard drive, and the other type are more general backup programs that back up just the files on the drive.


Image programs
Programs that make an image are a bit specialized, and they have specific uses that you may find appealing — you may want one in addition to a general backup program.

An “image” type program creates a complete copy of the entire hard drive (or, if your hard drive has more than one partition, you can make a copy of each partition). The copy is called an “image file”. The image file can be restored, thus recreating the entire contents of the hard drive (or partition) at the time the image was made. This is useful if you replace the hard drive (with one the same size or larger), or if your system becomes so trashed you want to put everything back to a known-working state.

The two most popular programs are Norton Ghost by Symantec http://www.symantec.com/sabu/ghost/ghost_personal/ and DriveImage by PowerQuest http://www.powerquest.com/driveimage/

I'll have a bit more to say about these in the next section.

General backup programs
Most backup programs can make three types of backups: “full” which backs up all the files, “differential” which backs up files that have changed since the last full backup, and “incremental” which backs up files that have changed since the last full or incremental backup. Differential and incremental backups must be used in conjunction with full backups (and don't mix differential and incremental, use one or the other). The idea is to save time. A full backup may take quite some time to perform, and you may want to do it on a weekly or monthly schedule. A differential or incremental backup will be much faster; if you're doing weekly full backups you can do these daily, or with monthly full backups you can do them weekly. (And of course you don't have to use a schedule, but you may find it helps you remember to keep your backups up-to-date.) The difference between differential backups and incremental backups is that once you have completed a differential backup, you no longer need any previous differential backup (you DO need the previous full backup). With incremental backups, you must save every incremental backup you make along with the full backup.

Personally, I find that differential backups are preferable to incremental. Although incremental backups can be a little faster, the hassle with saving every backup (and restoring them in the right order) isn't worth it.

You can make your backup to a variety of removable media. Tape and CD-RW are the most popular choices, and rewriteable DVD's should become popular soon. I find that I'm more likely to do regular backups if it is really easy to do. One thing that discourages doing backups is tedium from swapping discs. For example, if you can do your backup to a single 10GB tape rather than to fourteen 700MB CD-RW discs, you're more likely to do it. You can start the backup to tape and go off to dinner, instead of popping in all the time to swap in the next CD-RW. Also, if you can do your backup to a single tape (or other media), you probably don't care much how long it takes (you can let it run overnight if need be), and so you can set your backup program to also read the backup after it's finished. This insures the backup is good, and that your tape or CD-RW hasn't worn out.

You may want to do your full backups and differential backups to different media, for example a full backup to tape and a differential backup to CD-RW. You can also backup to a hard drive on another computer using a home network (see the FAQ for my posts on setting up a home network).

It's a good idea to have more than one set of media for backups. For example, if you do a full backup to tape and you only have one tape, what would happen if something should fail while you are making your backup? Your old backup is partially erased, and your new backup isn't finished — neither are usable. It's best to at least have two sets and switch back and forth.

Win98 and Win2000 both come with simple backup versions. The backup that comes with Win2000 is a scaled-down version of Veritas Backup MyPC, now sold by Stomp http://www.stompinc.com/bump/bump-retail.phtml?stp (and formerly called Backup Exec Desktop). You may find that the version in Windows is all you need, or you may like some of the features in the full version.

Note that if you need to do a restore to a non-working system (say, after a hard drive dies), most backup programs require you to install Windows before you can restore your backup. This can take some time, and can even be a problem if you wind up with a mix of the Windows you have on CD and the Windows you were running when you made the backup (with updates and patches downloaded in). There are two ways around this. One is to use one if the “image” type programs (mentioned above) to make an image of your computer after you have Windows all properly set up (and make a new image after any major download upgrade). Then you can easily restore the image, and go on to restore your backup. The other is that some backup programs (like Backup MyPC) make bootable floppy disks that allow you to restore a backup without having to reload Windows first.


Virus Control


Use an up-to-date anti-virus scanner on your email and downloads.
Why? By far the most likely security problem for your Windows computer is getting a virus program (also called trojans [as in Trojan horse] and worms). You will occasionally see news stories about a new virus causing problems, or an old virus popping up again. And the most likely places to get a virus are in email and in files you download from websites (or FTP sites). Nearly all viruses in emails are in attachments that are harmless until they are opened, so not opening attachments is actually a pretty good way to avoid getting a virus. But most people get attachments that they do need, or want, to open. And there are some viruses that function without the user opening an attachment (usually due to bugs in Outlook Express or Outlook). So an anti-virus scanner is highly recommended. You can also get a virus from a floppy disk, zip disk, CD-R, or any other media given to you by someone; but it is more common to get them over the Internet via email or downloads.

There are several popular anti-virus scanners. One of the most popular is Symantec's Norton AntiVirus http://www.symantec.com/nav/nav_9xnt/ Other popular programs are Trend Micro's PC-cillin http://www.trendmicro.com/en/products/desktop/pc-cillin/evaluate/overview.htm and McAfee's VirusScan http://www.mcafee.com/myapps/vs7/default.asp

Note that all of these products rely on a database of known virus characteristics. Therefore, besides buying and installing the program, you need to frequently update the database. Of course brand-new viruses will not be detected until (a) they are added to the company's database, which for major viruses usually happens in a matter of hours, and (b) you download the updated database, which will depend entirely on how frequently you download. Some anti-virus programs look for things that are so suspicious it might be a good idea to warn the user, even if nothing is detected using the database (like a .vbs file attachment in an email — that's more likely a virus than something you really wanted).

Typical users need an anti-virus program that will scan incoming email (preferably before it reaches your email program, in case you're using Outlook Express or Outlook, especially with the preview pane enabled), and any files you download. You should also scan all the files on any removable media you receive (like floppies). It doesn't hurt to occasionally scan your entire hard drive (especially after you update the database), but it should not be necessary to scan every file read from the hard drive (which some anti-virus scanners do).

Personally, I find Norton AntiVirus to be overly “intrusive”. And most Norton products do not uninstall cleanly, and generally seem to be prone to causing system problems by doing non-standard (and, again, intrusive) things. However, it is probably the most popular.

McAfee was at one time very highly regarded, but since McAfee himself sold the company and moved on, there have been reports that the quality has suffered. I personally haven't used the program since McAfee left. There have been many reports that customer service from McAfee is now non-existent or nearly so.

TrendMicro's PC-Cillin is a nice, basic anti-virus scanner. It is relatively unobtrusive, limiting itself mainly to scanning incoming email (which it does before your email program gets it) and files being downloaded. You can also scan any drive on command. It can be set to scan your hard drive automatically (say, once a week) and to download database updates automatically (say, once a day). TrendMicro claims one of the features of the program is that the database updates and the most compact of any major anti-virus program, meaning they load very quickly.

Don't hide file extensions
Why? Because virus attachments in emails can use that to hide. For example, an email attachment named “FREE XXX SITES.TXT.pif” will show as “FREE XXX SITES.TXT” which you might think is a safe .txt (text) file when it is really a .pif file (Program Information File, used by early versions of Windows as part of an executable program). The word “extension” refers to the “.txt” or “.pif” part of the file name. [Although, get real — any attachment named FREE XXX SITES might as well be named THIS IS A VIRUS.EXE. Use a little common sense!]

It should come as no surprise that by default Windows is set to hide file extensions. To solve this, double-click on My Computer, then click on View, then Folder Options, then on the View tab. (In Win2000, click on Tools, then Folder Options, then on the View tab.) Make sure the box next to “Hide file extensions for known file types” is not checked. Click OK to close the dialog box.

Open attachments in emails carefully
Why? Because virus attachments in emails can be tricky. As just mentioned, an email attachment may be named “picture of my dog.jpg.pif”, where the length of the name is chosen so it shows as “picture of my dog.jpg....” in Outlook or Outlook Express. That makes it look like a .jpg file when it isn't.

Instead of double-clicking on an attachment to open it, right-click on it and choose “Save As...”. In the “File Name” box, you will now be able to see the full name of the file. If it looks OK, you can go back and double-click it to open it, but a safer method is to go ahead and save it in a folder you've set up for this purpose. Then open it from the folder. This will give you a chance to verify the icon as well. It also gives anti-virus scanners that monitor all hard drive access another chance to spot it.

Remember: a file with two extensions is ALWAYS a virus, no one does this in normal circumstances. Any file extension you don't recognize should not be opened. Any file that you recognize as an executable extension (like .exe, .com, .bat, .pif, .vbs, .vbe, .scr) should not be opened unless you are really sure about the file.

Also remember: most viruses spread from an “infected” computer by emailing to email addresses found in the address book or emails on that computer. So when you receive a virus, it will probably be from someone you know. Also, some viruses pick subjects and/or attachment filenames from text found on the computer, so the subject or filename may be familiar to you. In fact, it may even be something you've recently discussed with the person the email appears to be from. So if you receive a file attachment from someone you know, that does NOT mean it isn't a virus.

Some viruses pick two names from the address book, one to send the virus to and one to pretend the virus is from. So when you receive an email with a virus, remember that it may not actually be from the person it says it's from. You'll have to use some judgment on whether or not you want to email that person back and warn them their computer is infected. Likewise, if someone sends you an email saying your computer has a virus, it may be that you were picked at random from an address book to be the “from” address.

Set Word and Excel to check for Macros
Why? Because some viruses are macros inside a Word (.doc) or Excel (.xls) file.

Enable Macro Virus Protection in Word and Excel. The procedure varies depending on the version, so check under “virus” in the Help text, or try Tools | Macro | Security.

Use “Windows Update” to install the latest security patches from Microsoft.
Why? Because people keep finding security faults in Microsoft's products, and Microsoft puts out their feeble attempts to solve them. Unfortunately, Microsoft often frequently introduces new problems in their updates. So you really need to gauge for yourself whether you want to immediately download an update as it becomes available, or wait a while and see if there are complaints from the people who did jump in.

Generally you will find Windows Update when you click on Start. You can also browse to http://windowsupdate.microsoft.com/

Put Outlook/OutlookExpress in Restricted Zone.
Why? To limit what HTML email can access. This is a really, really good idea, and it stops a variety of serious problems (including most viruses that activate when you read or preview the email, without even double-clicking the attachment). Note that if you are already using Restricted Sites in Internet Explorer, you need to think about how you want things to work, because the settings are shared with Outlook (and possibly other programs).

In Outlook, click on Tools | Options… and click on the “Security” tab. Under “Secure content” “Zone:” select “Restricted sites”. Then click on “Zone Settings…” and make sure everything is set to the safest settings (click on “Custom Level…” to see the settings). Usually the “safe” settings are “disable” or “prompt” (assuming you know when to say no to those prompts). Click “OK” as many times as needed.


Hacker Control


“Hacking” is the unauthorized use of a computer. [“Hacking” at one time referred to certain types of skilled programming, and so those who were once called hackers object to the terms “hacking” and “hackers”, preferring “cracking” and “crackers”. But in reality the language has moved on and that's just the way it is now, tough.] There are two main types of hacking: in person, and remote. To hack a computer in person, you show up where the computer is located, usually breaking in or at least accessing an area you're not authorized to access. For home users, this is not usually a big concern, and I'm not going to cover it here. To hack a computer remotely, the computer must be connected to a network, and the hacker accesses it through the network. Of course the most popular network these days is the Internet.

Prior to the NT/2000/XP series of Windows, computers running Windows were pretty secure from remote hacking. There's still never been a well-documented case of anyone remotely hacking a standard Win95 or Win98 system directly through the operating system (without first planting some sort of trojan program for access). Microsoft changed all that with a particularly glaring error in XP that basically gave everyone on the Internet remote access to every computer running the standard version, installed the standard way. Since that time, additional errors have been uncovered in XP, as well as in NT and 2000.

Use a firewall
Especially if you're using NT, 2000, or XP, you should use a firewall to protect your computer from remote hacking. XP includes a simple firewall, but personally I think it's absurd to use Microsoft code in an attempt to protect yourself from errors in Microsoft code.

There are two main types of firewalls: hardware and software. Both are designed to limit what information passes between your computer and the Internet.

Hardware firewalls
With the advent of cable modems and DSL, routers which allow more than one computer to share one of these high-speed Internet connections have become very popular. Because a router already controls the flow of information between the LAN (the little network connecting the computers in your home together) and the WAN (the Internet), it is easy to also make the router function as a firewall.

Popular models include the Linksys BEFSR41 http://www.linksys.com/products/product.asp?prid=20&grid=5 and their model that includes a wireless LAN access point, the BEFW11S4 http://www.linksys.com/products/product.asp?prid=173&grid=5 the SMC SMC7004ABR http://www.smc.com/index.cfm?sec=Products&pg=Product-Details&prod=67&site=c and their wireless version, the SMC7004AWBR http://www.smc.com/index.cfm?sec=Products&pg=Product-Details&prod=63&site=c and various models by D-Link http://www.dlink.com . New models are introduced all the time.

Personally, I recommend the SMC products. I have had very good results with them, and they often include features not found in other brands. For example, the SMC7004ABR can be used with a dial-up modem, which the Linksys BEFSR41 cannot. Even if you're using cable or DSL, the dial-up feature can be handy in case of a service outage on the cable/DSL. I used to recommend Linksys as well, but lately every product I've gotten from them has had problems. Presently, I recommend avoiding Belkin, because they created a router that purposely discarded one of your web-page requests, and substituted a Belkin advertisement web-page instead. This could cause all sorts of problems, particularly if you were clicking on “Submit Order” at the moment! More info at http://boards.fool.com/Message.asp?mid=19831865

These routers-as-firewalls are particularly good at isolating your computers from the Internet. Why? (And I'm simplifying the technology here to make it understandable.) You know you can have, say, 2 different windows of Internet Explorer open and viewing different websites at the same time. How does this work? You may also know that, while you're using the Internet, you have a unique address called the IP (Internet Protocol) address. Let's say your IP address is 64.94.26.1 (IP addresses are traditionally written as four numbers from 0 to 255 separated by periods.) In one window you go to the Fool's home page, and your computer sends “hey, Motley Fool, this is 64.94.26.1 window 1, please send me the home page”. Meanwhile in the other window you go to Yahoo, and your computer sends “hey, Yahoo, this is 64.94.26.1 window 2, send me the home page”. When the Fool replies, it sends the information back to 64.94.26.1, marked for window 1. That's how it winds up at the right computer (yours) and in the right Internet Explorer window (the one that's browsing the Fool).

OK, now connect two computers to one of the routers mentioned above. The router takes on the 64.94.26.1 address, and assigns semi-arbitrary addresses to the two computers, like 10.1.1.1 and 10.1.1.2. Let's say computer-1 has 3 windows open with Internet Explorer, and computer-2 has 2 windows. The router is going to make that look like one computer that has 5 windows open. Say on computer-1 you use the 3rd window to access the Fool, and on computer-2 you access Yahoo with the 1st window. Computer-1 sends the request to the router as 10.1.1.1 window 3, and the router changes that request to 64.94.26.1 window 103; computer-2 sends the request as 10.1.1.2 window 1, and the router changes it to 64.94.26.1 window 201. When the Fool responds to 64.94.26.1 window 103, the router changes that back to 10.1.1.1 window 3. And the Yahoo response to 64.94.26.1 window 201 is changed to 10.1.1.2 window 1. As far as the Internet is concerned, your two computers seem like one computer.

Now let's say a hacker sends a query to the Telnet port at 64.94.26.1. The router is not expecting this query, and it does not know which computer to send it to. So, it just ignores the query. Your computers become “invisible”. (What if you wanted to run Telnet? You'd have to tell the router which computer to send Telnet queries to.)

Hardware firewalls are really good at protecting your local, non-Internet, data as well. For example if you are using file and printer sharing over NetBEUI, a hardware firewall will not pass any of the NetBEUI data on to the WAN. In fact, it can't — NetBEUI does not use IP addresses, so there's no way to send the data over the Internet. Even if you use file and printer sharing over TCP/IP, most hardware firewalls are set by default not to pass any data over the NetBIOS ports to (or from) the WAN. People on the Internet will not be able to access your files using NetBIOS.

Software firewalls
Popular software firewalls include ZoneAlarm by ZoneLabs http://www.zonelabs.com/ and Norton Internet Security http://www.symantec.com/product/

Generally speaking, software firewalls provide less security than hardware firewalls. The biggest problem with a software firewall is its vulnerability to a virus (trojan). Many of today's viruses automatically disable popular software firewalls (especially ZoneAlarm and Norton) once they infect your computer. Of course, you should be using a good anti-virus program and keeping it up to date. But if a virus should get past (say, a new virus that doesn't have an anti-virus database entry or that you haven't downloaded the entry for yet), then your software firewall is useless.

To date, there are no reports of anyone remotely compromising a simple hardware firewall (there have been reports of compromising the big commercial firewalls, that run complicated operating systems and are much more vulnerable).

ZoneAlarm has an interesting feature where it examines what program on your computer is trying to send data over the Internet. Hardware firewalls cannot do this, because the TCP/IP data does not identify which program is the source. This feature is particularly useful in combating “Spyware””. Spyware is software that sends information gathered from your computer to someone else. See the section below on Spyware for more information.

You can, if you wish, use both a hardware and a software firewall. Note that with any software firewall, you also run the risk that it interferes with normal operation of your operating system or other applications. That's not a problem with hardware firewalls.

Is having an “always-on” Internet connection or a static IP address an additional risk?
You will often see articles claiming that having an always-on connection, like DSL or a cable modem, is a reason to PANIC because it is SO MUCH more dangerous than dial-up. This is nonsense. First of all, there's no risk anyway, if you just follow all the instructions in these posts. Second, the risk (if there were any) comes from how long your computer is connected to the Internet, not the method of connection. A computer that's turned on an hour a day but is connected with DSL is far less vulnerable than a computer that has its dial-up link active 12 hours a day. The reason is, the longer your computer is on-line, the more likely its IP address is to be selected at random (or in sequence) by a hacker.

OK, now for the shred of truth. It's true that if you've made a bunch of blunders and you're running file and printer sharing over TCP/IP with no firewall and you have shared folders, a hacker could try to guess the password for those folders. If you're not online very long, and if you're using a system where your IP address is assigned each time you connect, then the hacker has to manage to guess it and do his dirty work during that session. If you have a permanent (aka static) IP address, the hacker can keep guessing whenever you're online, and do his dirty work at his leisure (again, some time when you are online). This is very rare, unless you've pissed off some hacker and he's out to get you (also very rare). So before you go pissing off hackers, make sure you've got your system security properly set up.


Spyware and Malware


Spyware occupies kind of a gray area. The worst spyware is so nasty that it's perhaps more properly categorized as a virus, and indeed will be detected and countered by anti-virus software. More moderate spyware isn't considered as dangerous, and thus isn't caught by most anti-virus programs, but none-the-less you might not want it on your computer. And at the other end of the spectrum, some spyware is willingly accepted by consumers, often in exchange for special deals.

As an example of Spyware, it has been reported that RealNetwork's RealJukebox program maintained a list of every song you played, and occasionally sent that list to RealNetworks. A common allegation is that there are programs that keep track of every website you visit, and send that information periodically to some company. In some cases, a program like ZoneAlarm can be used to detect spyware when it tries to access the Internet to send the data. In other cases, like the RealJukebox example, it may not, because in order use RealJukebox at all you have to tell ZoneAlarm to let it access the Internet.

“Malware” is also vaguely defined. Generally, it means software that isn't nice (hence the “mal”, which is Latin for “bad”) — software that does things other than (or in addition to) what you got it to do, or does annoying things like changing Windows settings without your permission, and so forth. Browers are particularly susceptible to Malware, with sites or programs changing your home page setting, popping up extra windows, or redirecting you to porn sites.

There are a number of good programs for dealing with Spyware and Malware. Probably the most popular is AdAware http://www.lavasoftusa.com/ Others include Spybot Search and Destroy http://spybot.eon.net.au/ and Spyware blaster www.wilderssecurity.net/spywareblaster.html

One small problem with these programs is there's not really a good definition for Spyware or Malware, so their idea might not match yours. For example, I like AdAware, except it identifies a bunch of “tracking” cookies which I would consider harmless. So when I scan a computer with AdAware, it might come up with 1400 files, 1399 of which are cookies and 1 of which is something worth looking into. But this is a small annoyance compared to the overall value of AdAware.


Text continues in the next post, Safety tips for home Windows computers Part 2
Print the post  

Announcements

What was Your Dumbest Investment?
Share it with us -- and learn from others' stories of flubs.
When Life Gives You Lemons
We all have had hardships and made poor decisions. The important thing is how we respond and grow. Read the story of a Fool who started from nothing, and looks to gain everything.
Contact Us
Contact Customer Service and other Fool departments here.
Work for Fools?
Winner of the Washingtonian great places to work, and Glassdoor #1 Company to Work For 2015! Have access to all of TMF's online and email products for FREE, and be paid for your contributions to TMF! Click the link and start your Fool career.