The availability of always-on connections to the Internet exposes home PCs to a variety of potential problems from malicious parties worldwide. Rogue programs designed to damage the computer, steal confidential information for a 3^rd party or attempt to extort money all exist in the wild—and possibly on a computer near you. These rogue programs are referred to as viruses or Trojans.  All types of computers are vulnerable to these problems, but the discussion will focus on computers running a Microsoft operating system like XP or Vista. The only computer that is totally safe is one that is disconnected from everything and powered off.

How could someone gain access to your machine? It is possible for a skilled individual to break in through the network by exploiting a variety of known program bugs. In urban areas unprotected home wireless networks can be accessed by outsiders, but this is not much of an issue in rural areas.   Most virus infections occur when you surf on prepared web sites or download a virus through your email.  Advertising on popular social websites is a common vector for spreading malware.  Some viruses are spread by otherwise innocent downloaded programs that have become infected on their distribution site, spreading the infection when installed on the home computer. Unfortunately these are often music sharing programs – like Limewire, for example. There have also been reports that links on social sites like Facebook and MySpace are being used to attack home machines and divert unsuspecting users to infected web sites.

Most web pages and email rely on content formatting performed on the user’s machine by the web browser or mail client — this reduces the size of the network transfer.  The web page or email is really a list of instructions (called hypertext markup language or HTML) to display colors, text and images from other locations on the screen. Web pages may use browser add-ons like Flash to show animations, for example. These helper programs are downloaded by the browser and automatically installed. Web pages may be written in a programming language called Java; many bank websites use this (or its close relative Javascript) to provide very easy to use web forms.  A side effect of all these functions is that it becomes depressingly easy for the hacker to install malware (a virus or Trojan) on the home computer.

What could the hacker do with this infection?  At one time simple destruction of the target machine was the only problem—or just user irritation. However, malware writers have become more skilled and what they can now do to your computer is much more harmful.  For example, the hard drive could be encrypted by the rogue program and a ransom note displayed demanding that money be paid to an outside website to get the machine unencrypted. More commonly a Trojan would be installed to steal information when the user went to specific web sites.  The Trojan would capture the information typed into a web page and send it off, making it possible for someone else to get access to your bank or credit card accounts. Or the Trojan may produce fake errors and attempt to force users to an external website to buy a “cure”.  “Storageprotector” is one of many extortion products that are sold by virus infections.

Email by itself can be a source of infection. The technology used to produce web pages is used in email messages for “stationery” and various fancy letters and attached pictures. We all get plenty of these from our friends and relatives. Unfortunately email html can be a carrier for malware through exactly the same pathways as regular web pages. This can be a serious exposure for any home email programs that download their email from a server, but much less of an issue with web-based mail services like Hotmail or Gmail.

Like our physical mailboxes, email is a source of junk mail called SPAM – messages offering well-known programs at bargain prices, well-paying no-work jobs, miraculous body enhancements and so on. Most of these are not intrinsically malicious but just clutter. There is a lot of this advertising and it can be very profitable for someone—last year it was estimated that 90% of all email worldwide was SPAM.  Most mail programs have features to help filter it out.

Another variant of SPAM, known as a “phishing” message (fishing for suckers), is a fake email pretending to be from a bank or online merchant site claiming that there has been a purchase to approve or an online account to re-enable. When you click on the embedded link you are delivered to a fake website (probably copied from the real one) that collects your username and authentication information for use later by others. Security specialists have guessed that money stolen through these activities provide a major source of funding for terrorism.

One other side effect of going to a “phishing” website is that a program could be planted on your PC to make it part of a “Botnet” (robot network) that would do things in the background by remote control—usually generate SPAM email (the electronic version of unsolicited commercial mail) for things like “lose weight”“ or “enlarge body parts”.

Another type of rogue email that one might receive (or be part of distributing) is called the “Nigerian letter”, purporting to be from a person who solicits your cooperation to move a large sum of money from one place to another, for which you would be paid a large fee, after putting up some money in advance to help the process.  The original emails were from Nigeria but the current ones could claim to be from any location.

How can you protect yourself? The first line of defense is to ensure that the home PC can get out but outsiders cannot get in. This is provided by a network firewall or router between the satellite/wireless modem and the home network. This is in addition to the basic software firewall provided by Windows for all network connections. It is important that the firewall be set to deny all inbound traffic—tunnels are created by the firewall to pass back responses to requests originating internally, so there is no need to make any provision for inbound traffic. It is desirable if the firewall has the capability to “stealth” its existence, that is, not respond to any external requests. The router setup program or administrative console is used to make these settings – if someone else is hooking the equipment up be sure that they make these changes. Unfortunately, not all home routers come configured for maximum safety.

Web browsers (like Internet Explorer and Firefox, for example) are the primary path of infections and have been fitted with many software tools to resist malware. Changing the default browser settings can make the web experience much safer—these settings are under “Tools” in “Options” or “Internet Options”. Automatic download and installation of helper programs should be disabled or set to “ask” if it is ok – this gives you control of what gets installed on your computer. Popup blocking features should be used—newer browsers have the capability to allow popup windows from specific websites and block all others. This is a very desirable feature and works most of the time. Small files called cookies are left on the user machine to contain access information or track usage. Most bank and online services use cookies to identify users. Other websites use cookies to track usage for their own purposes. Browsers will have options to silently accept all cookies, block or ask. Because some websites need cookies enabled to work (but only a few), “ask” is recommended. Internet Explorer 7 has a feature to check if the website you are going to is a known bad site. This feature may be helpful.

Email programs that download mail from an external server should be used with care. Email preview should be disabled, because the preview capability would execute any embedded malware before you had a chance to delete the email. Be careful opening emails from sources you do not know. And if you get an email from your bank or credit card company or eBay wanting you to click on a link to re-enable your account or deny an expensive purchase, don’t do it. Call the company if you want to confirm that it is not from them (none of them contact their customers in this manner.) Look at the email Internet header or html source for any suspicious email if your program has this capability. In Outlook these are shown via the right click menu “Options”. If you have SPAM or junk mail filters, use them—they will eliminate a lot of garbage.

Every computer that can connect to the outside should have a virus scanner installed and kept current. Trend Micro (www.trendmicro.com) and Kaspersky (www.kaspersky.com) are popular and effective independent security software vendors. Other popular choices are Norton (www.symantec.com) and Defender (www.microsoft.com). There are hundreds of choices, unfortunately. Like a car, antivirus programs need regular maintenance to remain effective, so part of the cost is a subscription fee for malware scanner updates. There are thousands of viruses and Trojans in the wild and they are constantly changing as virus-writers try to get around the latest protections. Weekly scanner updates are common, and one vendor does it hourly.  (One curious aspect of Defender is that the 'check for updated definitions' feature does not appear to work -- instead, the user is expected to get updates through the Windows Update facility.) The better antivirus programs scan email, check each new file that is downloaded and install helpers in the web browser to protect from downloaded malware. Any detected malware will be removed or blocked if possible. It is important to be aware that no antivirus program is 100% effective and moreover, not all infections can be cleaned by these tools. That is why the emphasis is on good and careful computing habits rather than “protection”.

When protection fails, the only remedy may be to wipe the computer and start over, as not all infections can be removed by antivirus programs. Because of different vendor choices in parts, it is best to do this from the original vendor recovery disks. At one point these were supplied with the machine. But it is increasingly common for the new machine to have one or two blank DVDs for the new owner to use to prepare “recovery” media. This is a very simple but important step. Without it, cleaning up the mess can be much more difficult. And it cannot be done after there is a problem—the new recovery disk might be infected when it is built.

If the recovery media must be used, you should know that all other files will be wiped out. So it is important that the install disks for any programs be kept, and you should also make copies of downloaded programs and license keys.  Picture or music libraries or any other personal files on the computer should be copied off to removable media at regular intervals. Do not assume that when it is on the computer it is forever; even if the computer is never infected, all could be lost if the disk crashed or other hardware failed.

Safe computing is very much like safe driving—stay on the known roads, don’t crash into people, obey the traffic signs and check the car regularly for oil, tire pressure and the like. Except with computers it is: keep a good firewall between you and the outside world, be suspicious of strange emails, keep your virus scanner updated and don’t go surfing for excitement. You may encounter more excitement than you expected.