How to make your PC secure - Part 2

Bugs are for mugs
A virus is a computer program that can alter or damage your computer. It usually arrives embedded within another program or file, and often goes no further than your own system.

A worm is equally malicious but smarter than a virus because it emails copies of itself to any addresses it can find in the host computer.

A Trojan is usually a program that purports to be useful but is really a devil in disguise that conceals a hidden virus or worm. All three are to be avoided.

Viruses most commonly arrive as email attachments, enticing you with the promise of something free, such as games or pictures. Delete such email unless they are expected. You know you're infected when a window pops up to tell you so, or your computer starts running slowly or erratically (or not at all), or you can no longer get connected to the internet.

In severe cases, various files can be deleted or your browser keeps defaulting to a porn site instead of your usual home page. Another clear sign is when everybody you know emails you to say: 'Oi, stop sending me viruses!'.

The only sure way to find out is to scan your system with an up-to-date antivirus program. If you don't have one installed and can still get online, try Symantec's free remote scan. This will find, but not fix, any resident evil. See the Virus clean-up section below for more information.

Hacked off
While viruses and worms are essentially dumb code, a hacker is somebody with an active interest in compromising your security. However, as long as you have a strong firewall in place, your computer is 'invisible' on the internet and hence reasonably safe. Test your security with the ShieldsUP scan from GRC. With the SP2 firewall installed and active, you should get a clean bill of health.

But is this the only firewall you need? Well, it's essentially a one-way wall that stops hack attacks getting through but doesn't monitor outgoing traffic. In other words, if a hacker manages to worm a Trojan onto your computer and it installs a key logger (see below), the SP2 firewall will do nothing to prevent it calling home.

For greater peace of mind consider a two-way firewall that monitors and, if necessary, blocks suspicious traffic both in and out. ZoneAlarm Security Suite (about £40) is an excellent choice.

Alternatively, if you have a broadband internet connection, and especially if you share it with other computers in a home network, consider using a router with a built-in hardware firewall. Because the router itself controls the internet connection, it can protect an entire network at a stroke. If you rely on software firewalls alone, every PC in your network needs to have one installed.

If your network also includes a wireless element, consider turning on wireless encryption. There are two possibilities - Wired Equivalency Privacy (WEP) and Wi-Fi Protected Access (WPA) - and which you use depends on which technology your wireless hardware supports.

If it's both, opt for WEP but make sure you set a password (also known as an encryption key). We have no room here to go into the details, but suffice to say that SP2 makes securing a wireless network relatively easy: click on Start, All Programs, Accessories and Communications, and follow the Wireless Network Setup Wizard.

You should now be safe from those geeks-on-wheels called 'wardrivers' who supposedly scour the streets searching for insecure wireless networks, and can also ensure that unscrupulous neighbours can't piggyback on your internet connection.

Spyware cares
Let's imagine that you visit a website and up pops a message warning you that your computer is not secure. Alarmed, you click on a helpful-looking 'Scan My Computer Now!' button and allow a small download to proceed. It's a cunning hacker trick.

That download might be a spyware program that snoops on your surfing, or a key logger that attempts to record and report personal information such as your credit card number and passwords and report back to their master.

It might even be a rogue dialler, which changes your computer's internet settings and secretly calls a premium rate telephone number instead of your ISP whenever you go online. The infamous porn diallers are big news right now. The first you'll know of it is when an enormous bill hits the doormat with an ominous thump.

The trouble is that when you actively give your consent to this kind of thing, however unwittingly, it is entirely possible that your firewall and antivirus program will offer zero protection. What you need, aside from a more cautious approach, is a good anti-spyware scanner.

The free utility Ad-Aware SE Personal can rid your system of existing spyware but you need to upgrade to the Plus version for real-time protection (about £15). Spybot Search and Destroy offers a similar service and blocks known spyware from bypassing your defences in the first place.

A pop-up stopper is useful for blocking those all-too-clickable on-screen messages, and SP2 comes equipped with one that works with Internet Explorer.

Don't take the bait
An email seemingly from your bank asks you to log in to your account to 'verify' or 'update' your personal details. But if you click on the handy link in the message, you'll be taken to a cleverly disguised spoof site that looks like the real thing but is merely a front behind which crooks are waiting to grab your user name and password and have their way with your account. This is the phenomenon called 'phishing', and it's all the rage.

The best possible protection against such scams is not software but a healthy scepticism and a seriously prudent approach. To be safe, never enter any details in a form or a field in an email, and never click on a link to open a website.

Only log on to your bank's site (or others where financial details are stored, such as eBay and PayPal) by typing the address into your web browser window or clicking on the site in your favourites or bookmarks list.

Virus clean up
The best way to stop a virus at source is with antivirus software - and common sense when handling email - but what if your computer is already infected? Unfortunately, many infections are so deep-rooted that they require special removal tools, so a simple scan-and-clean operation with a new program isn't always sufficient.

The good news is that you can often download such tools from antivirus developers' websites even when you're not a customer. For instance, if you suspect that you've picked up the Netsky worm, download and run Symantec's Netsky removal tool here. Be sure to follow the instructions precisely.

Move over Microsoft
Internet Explorer, the built-in Windows browser, is notoriously insecure. Why not simply switch to something less leaky? There's no guarantee that you'll be safe using non-Microsoft software but you will at least be spared those threats designed explicitly to exploit weaknesses in Internet Explorer (of which there are many).

The alternative web browser of choice right now is Firefox, which scored well in our web browser group test, but Opera won the Best on Test award. Both merit consideration.

If you decide to stick with Internet Explorer, click on Internet Options in the SP2 Security Center, open the Security tab, and select the Internet icon. Now click on Custom Level and reset the default level to Medium-low or Low. This forces Internet Explorer to ask your permission before downloading files or running ActiveX controls (potentially harmful mini-programs).

Service Pack 2
As well as fixing numerous known 'holes' in Windows that could be exploited by viruses and worms, Service Pack 2 (SP2) includes a stronger firewall, monitors your antivirus software for problems and brings everything together in a unified Security Center.

It's not perfect - new flaws continue to be discovered - but a PC with SP2 in place is a lot more secure than one without. All new computers sold from December 2004 should have SP2 pre-installed. If you were sold a system without it, demand an explanation.

You should also apply SP2 as an upgrade to an older system. Get it at the Windows Update site - if you can stomach a 100Mb-plus download - or order a free CD from Microsoft here.

To minimise the risk of conflicts between SP2 and other installed software, uninstall any programs that you don't actively need before installing the service pack. Also check for and install SP2-specific updates for those programs that you keep before installing.

Email perils
An 'executable' file is a self-contained program that can install a virus immediately if you open it. Suspicious file extensions include .com, .exe, .vbs and .scr but viruses can also be concealed within .zip files. In fact, there are many other possibilities and you can't always tell a nasty just by looking. You'd be foolish even to try.

The rule remains the same: never open a file attachment until you have run it through your virus scanner. Thanks to SP2, Outlook Express now automatically blocks access to some types of attachment, which is heavy-handed but sensible. It also prevents HTML code from running automatically in the preview pane, which removes the (small) risk of catching a worm just by reading a message.

Until you get SP2, disable the Outlook Express preview pane altogether (click on View, Layout and uncheck Show preview pane) or read messages in plain text only (click on Tools, Options, then open the Read tab and check the 'Read all messages in plain text' box).

Get yourself protected
We hope to have convinced you that computer security is something to take seriously but not necessarily something to lose sleep over. For every vulnerability, there is a strong defence; and no wannabe phisher can access your accounts if your common sense steers you clear.

What you must not do, we stress again, is connect your Windows PC to the internet and hope for the best, even for a moment. Even with Service Pack 2 in place net nasties are waiting and that way lies danger.

Instead, follow our advice for instant and continuing peace of mind. With just a few sensible precautions, computing can be safe and fun.