PC security: Your essential software toolbox

Don't fall victim! With these tools, services and tips, you can protect yourself against malware, phishing and theft.

Mobile malware is getting lots of attention these days, but you can't forget about your PC's security--after all, you probably still use it to pay bills, shop online, and store sensitive documents. You should fully protect yourself to lessen the chance of cybercriminals infiltrating your computer and your online accounts, capturing your personal information, invading your privacy, and stealing your money and identity.

Mobile malware is getting lots of attention these days, but you cant forget about your PCs securityafter all, you probably still use it to pay bills, shop online, and store sensitive documents. You should fully protect yourself to lessen the chance of cybercriminals infiltrating your computer and your online accounts, capturing your personal information, invading your privacy, and stealing your money and identity.

The future of malware

You need to guard against viruses, of course, but not all antivirus programs catch all threats, and some do better than others. You have to watch for many other types of threats, too: Malware invasions, hacking attacks, and cases of identify theft can originate from email, search engine results, websites, and social networks such as Facebook. They can also come in the form of links or advertisements for phishing and scam sites. But with some education on the topic, and the right tools, you can identify such scams and avoid falling victim.

If your children use your computer, you must also protect against inappropriate content such as violent games and adult sites, and you should monitor communication on social networks. Although the best approach is to keep a close eye on your kids while they use the computer, you can employ tools and services to filter content and monitor their Web usage when youre not around.

Protecting your data from computer thieves and from people who tap in to your Wi-Fi signal is also important. Encrypting your computer is the only way to ensure that a thief cannot recover your files, passwords, and other data. And unless you password-protect and encrypt your wireless network, anyone nearby can connect to it, monitor your Internet usage, and possibly access your computers and files.

Here are the security threats you should watch for, and the tools you can use to protect against them.

Viruses and other malware

Viruses, spyware, and other types of malware are still prevalent, and cybercriminals are constantly finding new ways to infect computers. Although adult sites and illegal file-sharing sites have a reputation for harboring malware, you dont have to browse the shady parts of the Web to become infected.

Installing a good antivirus or Internet security program should be your first step. However, not all are created equal. While no single antivirus product can protect against all of the millions of malware variants, some packages detect (and successfully remove) more threats than others do. For strong PC security, choose one of the top performers from our 2012 antivirus product-line reviews, such as Bitdefender Internet Security, Norton Internet Security, or G Data Internet Security. And in the future, be sure to check back for our more up-to-date reviews.

Although an antivirus package is your primary weapon for fighting malware, you might wish to add other tools to your arsenal for extra security.

OpenDNS provides content filtering that blocks many malware-infested sites and phishing scams. You can enable this online service on select computers, or on your router to protect all connected devices. The free OpenDNS FamilyShield automatically blocks malware, phishing sites, adult content, and proxy sites that try to bypass the filtering, and it requires only a simple setting change on your PCs or router. The OpenDNS Home and Premium DNS offerings filter malware and phishing sites, and let you make a free or paid account to customize the filtering and other features.

The freeware utility Sandboxie lets you run your Web browseror any other applicationin a safe mode of sorts to protect against damage from downloaded viruses or suspicious programs that turn out to be malware. It does so by running the browser or selected program in a virtual environment (also known as a sandbox) that isolates the program from the rest of your system. Some antivirus or Internet security packages come with a sandbox feature, but if yours doesnt (or if it doesnt allow you to run programs in the sandbox manually), consider using Sandboxie when youre browsing risky sites or downloading suspicious files.

Intended to complement the defenses you already have, Malwarebytes works alongside most regular antiAvirus programs. It may catch malware that your regular antivirus utility misses, or remove threats that your standard package cant. The free version does on-demand scans (you manually open the program and run a scan), whereas the paid version has real-time monitoring just as regular antivirus software does.

In addition to installing antimalware utilities, you can take other steps to help prevent attacks.

Enable automatic Windows Updates: This action ensures that Windows and other Microsoft products regularly receive the latest security patches. You can adjust Windows Update settings via the Control Panel. For best protection, choose to have Windows download and install updates automatically.

Keep non-Microsoft software up-to-date: Dont forget to update your other software, too. Some popular programs and components (such as Web browsers, PDF readers, Adobe Flash, Java, and QuickTime) are bigger targets than others, and you should be especially mindful to keep them up-to-date. You can open the programs or their settings to check for updates, but most will automatically notify you when an update is availableand when you receive such notifications, dont ignore or disable them.

Hacking and intrusions

Malware-caused PC problems arent the only thing you have to worry about. A determined cybercriminal can get inside your PC by directly hacking into it, and some malware can steal your data and passwords, sending the information back to home base.

This is where a firewall comes in handy: It serves as a gatekeeper, permitting safe traffic (such as your Web browsing) and blocking bad traffic (hacking attempts, malware data transfers, and the like).

Windows includes a firewall, named (appropriately enough) Windows Firewall. Its set by default to block malicious traffic from coming into your computer, but it isnt set to watch the data thats going out, so it will likely not detect any malware attempts to transmit your data to cyberattackers. Although you can enable the firewalls outgoing protection (in Windows Vista and later versions), that isnt easy for the average user to set up or configure.

For the ultimate in PC security, you should use a firewall that protects your machine from both incoming and outgoing malicious traffic by default. First, find out whether your antivirus utility or Internet security package has a firewall component, and whether it offers full protection. If it doesnt, consider a third-party firewall such as ZoneAlarm Firewall or Comodo Firewall Free.

Phishing and scam sites

One method that cybercriminals use to steal your passwords, money, or identity is commonly called phishing (a play on the word fishing). Attackers try to get you (the fish) to hand over your information or money. They do so by hooking you with an email message, IM, or some other form of communication (the bait) that looks as if it came from a legitimate source such as a bank or an online shopping site.

Phishing isnt a new tactic, but people still fall for it. Here are some precautions that you can take to keep phishing scams from reeling you in.

Dont click links in email: Scammers often put links to fake login pages in email messages that look very convincing in an attempt to steal your personal information. With that in mind, if an email ever asks you to click a link to log in to a site and enter your username and password, dont do it. Instead, type in the real website URL of the company directly into your browser, or search Google for the site.

Check for SSL encryption: Before entering sensitive information online, make sure that the website is using encryption to secure the information while its moving over the Internet. The site address should begin with https instead of http, and your browser should show some kind of indicator near the address bar. If a site isnt using encryption for a screen in which it asks you to enter sensitive data, its most likely a phishing site or scam site. SSL encryption isnt a guarantee of safety, but you ought to make a habit of looking for that lock icon.

Use a Web browser add-on: Many Web browser add-ons out there can help you identify phishing scams and other dangerous sites. Typically these plug-ins use badges or some other indicator to show whether a site is safe, unsafe, or questionable. Most antivirus programs offer these types of browser add-ons, but if yours doesnt or you dont like it, consider using Web of Trust, an independent site-reputation tracking service.

Social network safety

Facebook, Twitter, and other popular social networking sites have given cybercriminals additional avenues to try grabbing your personal data. For example, scammers might create a malicious Facebook app that attempts to harvest your information for their financial gain, spreads tainted links, or hijacks other peoples profiles. Below are a few measures that you can implement to protect yourself on social networks.

Tighten your security and privacy settings: Although security and privacy features vary across social networks, they can help to protect you and your account data. You must set them up, however, for them to work effectively. For instance, both Facebook and Twitter allow you to encrypt your connections so that other people cant hijack your account when youre connecting from public Wi-Fi hotspots. And Facebook offers a feature to monitor and track the computers and devices that log in to your account, to help identify unauthorized logins.

Be careful who you friend or follow: Before you add someone as a Facebook friend, or follow them on Twitter or Google+, ask yourself whether you really know the person. Cybercriminals often set up fake profiles just to spread spam and malicious links.

Watch for phishing attempts, scams, and hoaxes: If something sounds fishy or too good to be true, it probably is. Two widespread Facebook scams, for instance, promote links or apps that claim to tell you who has viewed your profile, or that promise to change your Facebook profile layout or themeeven though neither capability exists. Think before you click on these types of links or apps, as they could steal your information, hijack your account, send spam to your friends, or cause other damage. To learn more about social network security and to discover scams as they develop, follow sites such as Facecrooks or PCWorlds own security topic page.

Check app permissions: If youre thinking of giving a Facebook app permission to access your profile information, first check out the types of information it wants. If you think a particular app should not be able to access certain details, dont allow it. Also, periodically check the apps youve authorized to see if any of them look suspicious.

Twitter lets apps access account information, too. Be sure to review which apps and services can access your profile. If you no longer want to use a particular app or service, you can disable it from this page.

Use apps to help detect malicious activity: A number of apps can tell you if your social network accounts are vulnerable to attack, or if youre sharing too much personal data. For starters, they can filter and moderate your feeds and comments for malicious or inappropriate content, and detect fake profiles set up to flood your feeds with spam.

Two good antiscam apps are Bitdefender Safego for Facebook or Twitter and MyPageKeeper for Facebook, both of which monitor your profile's feeds and comments and alert you and other users to any malicious links they encounter. For more details on how each utility works, see go.pcworld.com/socialmediasecurity. And if you operate your own Facebook Fan Page or blog, consider using a service such as Websense Defensio, which filters comments for spam messages, malicious content, and profanity.

Inappropriate content

If children use your computer, you should look at ways to block inappropriate content and online predators. Even if children arent searching for unsuitable content, they could still stumble across it in searches, find it via links or advertisements, or even access it directly by mistyping a site address.

Enable Parental Controls in Windows: With the parental controls in Windows Vista and later versions (accessible through the Control Panel), you can determine when your kids can use the computer, which games and applications they can run, and the types of websites they can visit. The feature also provides activity reporting, so you can keep an eye on their computer usage.

Activate OpenDNS for Web filtering: As I mentioned earlier, OpenDNS is an online service that offers content filtering. But in addition to stopping malware and phishing sites, OpenDNS can block adult-oriented sites and other online material that may be inappropriate for children.

1 2 Page
Editors' Picks
Join the discussion
Be the first to comment on this article. Our Commenting Policies