Windows Vista: The Complete Reference (Complete Reference Series)

2017-07-07 02:10:07

Communication security ensures that the data you transmit and receive through the Internet or an intranet is sent to and received from the actual systems with which you intend to communicate, as opposed to another system impersonating the desired system. Communication security also ensures that messages are sent and received without being intercepted or spied upon.

This chapter discusses viruses and how to avoid catching them, how to control what Internet Explorer downloads when you browse the Web, browsing secure web sites, and how to send and receive secure e-mail messages. Windows Vista includes an Internet Connection Firewall that you can turn on to protect your computer from malicious intruders (see Chapter 22).

Note	User accounts and passwords for multiple people using the same computer are described in Chapter 6. Security settings for people sharing files over a LAN are described in Chapter 30.

For more information about Windows security, see the Microsoft Security web site at http://www.microsoft.com/security and the Microsoft TechNet Security Center web site at http://www.microsoft.com/technet/security. Another valuable Windows Vista security web site is http://www.microsoft.com/technet/windowsvista/security/ and the Windows Vista Security Team blog at http://www. blogs .msdn.com/windowsvistasecurity/.

Protecting Your System from Viruses and Worms

A virus is a self-reproducing malicious program that can infect files on one computer but needs help in order to find other systems to infect (like filesharing programs). A worm is a self-reproducing program that can send itself to other systems (e-mail viruses are actually worms). Some viruses and worms are just annoying, taking up space on your system or displaying an annoying message, but many others are destructive, deleting or altering files or clogging up Internet e-mail systems with thousands of unwanted messages. The upcoming sidebar "How Viruses Spread" contains more information.

The Microsoft Baseline Security Advisor

Microsoft has written a program that can check your computer for incorrect security settings. Go to http://www.microsoft.com/technet/security/tools/mpsa.mspx to download the Microsoft Baseline Security Advisor (MBSA). Or go to Microsoft's support site at http://www.support.microsoft.com and search for article Q320454. The program is small-about 2.5 MB. It can scan the computer on which it is running or other computers on a LAN or the Internet. It displays a security report like this:

The report includes security information about user accounts, file systems, Windows updates, Internet Explorer settings, and other configuration options.

Many SOHO PC users have their own secret sauce for protecting their PCs from viruses and worms. Said sauce typically includes Microsoft Windows Vista security features bolstered by third-party antivirus, firewall, and antispyware solutions.

Types of Virus Files

Viruses and worms can be stored in several types of files:

EXE, COM, BAT, MSI, MSO, and PIE program files, scraps , or shortcuts These viruses and worms run when they are opened (clicked or double-clicked in Explorer or Windows Mail, for example). If Windows is configured not to show file extensions, you may not be able to tell easily which files have these extensions. Tell Windows to display filename extensions by choosing Start Control Panel. From the Control Panel, type Folder in the Search field to bring up the Folder Options icon. Click Folder Options to open the Folder Options dialog box. Click the View tab, and clear the Hide Extensions For Known File Types check box.

DOC (Word document), XLS (Excel spreadsheet), and MDB (Access database) files These files may contain viruses and worms written in Microsoft Word, Excel, or Access macro languages. The macros (customized automation instructions) usually run when you open the file. Because Word and Excel are the most popular programs that run macros, Word documents and Excel spreadsheets are the most common macro virus carriers .

VBS (VBScript) files These viruses and worms are written in Visual Basic and run when you click or double-click them. Visual Basic is a programming language used, among other things, to write macros for the Office suite of applications, including Outlook 2002.

For a more complete list of file types that might contain viruses, see article OL2000, "Information about the Outlook E-mail Security Update," in Microsoft's Knowledge Base: go to http://www.support.microsoft.com and search for the article number.

Caution

Scraps, a Windows file type created by cut-and-paste operations, can contain executable files (including viruses and worms) that appear to be other types of (harmless) files. An article on this issue, "Scrap Files Can Tear You Up," is at http://www.pc-help.org/security/scraphtm.

Preventing Infection by Viruses

The best prevention for viruses is to avoid getting infected in the first place (practice safe computing). If you do get infected, tools are available to clean your system.

How Viruses Spread

The commonly cited psychological reasons for individuals to open suspicious e- mails are fear, greed, and sex. The notorious Melissa worm by David Smith was started simply by being posted to the alt.sex newsgroup. Smith asked that the file not be circulated, so of course it was. That single posting to a newsgroup was the only action that Smith performed to spread his worm throughout the world, causing millions of dollars in damages and, in some cases, days of mail server downtime for some major companies.

So, the moral of the story is: If you receive a message from someone you don't know, or from someone you know but didn't expect to receive a file from, approach it with caution. If it has an attachment, just delete it. If you're not sure, let it sit unopened in your inbox for a few days, while you check the antivirus and e-mail hoax web sites. A one-day delay in opening an attachment might be enough for you to hear about the danger of the virus.

Avoiding Getting Infected

The generally accepted method of preventing viruses from successfully attacking your computer is the use of antivirus software that detects known viruses before they run and infect your computer. Of course, there is the tried-and-true method of not downloading or opening anything that you cannot verify, validate, or otherwise determine its source.

Note

The Internet isn't the only way to catch viruses. If you commonly move files from one place to another using removable media (for example, USB thumb drives , DVDs, or CD-ROMs), then you need to be careful. The data on a disk, whether it be from school, office, or library, likely came from the Internet. This simple fact makes it possible for the disk to contain a virus. Office networks are typically more secure, because your LAN administrator is running a firewall, intrusion-detection software, and antivirus software, but don't take that for granted. School networks are often less secure because of insufficient staffing resources and budgets . Public access points like ones in libraries, copy shops , or cyber cafes are a mixed bag. Your best bet is to be wary of any data coming to your computer from the outside. Even commercial software has been known to be a transmission source for viruses.

Practicing Safe Computing Online

If you regularly work with others across the Internet and use file attachments regularly to collaborate on projects, then you need to be especially astute about viruses. You should institute a PC security regimen that includes an antivirus program (with autoupdates to download the latest antivirus signatures) and a firewall (software like McAfee Firewall and a hardware firewall on your home office router). Awareness and common sense are also integral to a security regimen. Here are some tips to help you stay aware:

Never open a file attachment from an unknown sender.

If one of your usual e-mail correspondents deviates from their usual e-mail communications style and the message includes a file attachment, call the person to verify they are sending you a file attachment. A number of e-mail viruses work by infecting one user, then culling their Outlook or Windows Mail address book to propagate the virus to other PCs.

Do not download files from sources you are not familiar with. Stick to known, reputable web-based software libraries like CNET's http://www.Download.com (http://www.download.com), Tucows (http://www. tucows .com), and WinPlanet (http://www.cws.internet.com), and the web sites of well-known hardware and software manufacturers. Many pornography sites require you to download a viewer program: think twice, since these programs have been known to contain dangerous viruses.

Do not accept any file that is offered unsolicited . If you receive an e-mail notifying you that you have won a contest and you can click a URL in the message to download your prize, think again. Did you sign up for a contest? Legitimate sources invariably draw from an existing customer base and rely on word of mouth and advertising campaigns to get new customers, not random free give-aways.

Use a software firewall in conjunction with your SOHO network router's hardware firewall to protect your PCs and SOHO network.

Back up your PCs on a regular basis to an external backup drive or an online backup service like Xdrive (http://www.xdrive.com), http://www.backup.com (http://www.backup.com), IBackup (http://www.ibackup.com), or EVault (http://www.evault.com).

Secure your instant messaging (IM) client by staying on top of client software updates. Additionally, you may want to consider third-party IM security software like ZoneAlarm IMsecure or IMsecure Pro (http://www.zonelabs.com). Small to medium- sized businesses (SMBs) should look to enterprise IM solutions like AIM Pro (http://www.aimpro.premiumservices.aol.com/) or Microsoft Office Communicator (http://www.microsoft.com/office/communicator/prodinfo/overview.mspx).

Using Antivirus Programs

A strong antivirus program is a must in today's Internet-connected computing world. An antivirus program can't prevent infection if it's not running. Buying and installing an antivirus application is a small price to pay compared to losing all of your work for a week, all of your carefully collected bookmarks, the hours that you spent making all of your CDs into MP3 files, your priceless photos of your first time abroad-whatever your most treasured files include. Here are some of the most popular and effective antivirus programs:

Symantec Norton AntiVirus, at http://www.symantec.com/home_homeoffice/products/ Norton AntiVirus is a complete antivirus solution. You can go with the simple Norton AntiVirus, or pop for the complete Norton Internet Security suite of security applications-a particularly good deal that includes a personal firewall that is well suited to protecting broadband (cable, DSL, and Verizon FiOS) users.

McAfee VirusScan, at http://www.mcafee.com McAfee has migrated many of its security programs into software as service (subscription-based) offerings. McAfee's online security offerings are updated daily (or even more often) with the latest virus signatures, making them a proactive tool to protect your PC from the latest virus du jour.

Windows Live OneCare, at http://www.windowsonecare.com Microsoft's subscription-based entry into antivirus and online security is part of its Windows Live strategy and is a complete online security tool that includes antivirus, antispyware, firewall, performance tune-ups, and automatic backups .

When deciding on an antivirus program, look to subscription-based services like Microsoft Windows Live OneCare or McAfee VirusScan (and keep the subscription up to date!) because the automated download tools (once installed and configured) pay attention to the latest antivirus updates, meaning you don't have to worry.

Once you have an antivirus program installed, configured, and running, the antivirus program scans all incoming files (via e-mail and web downloads) for viruses. For example, the antivirus program might display a dialog box while you are retrieving your e-mail, reporting that a message contains a worm and offering to delete it for you. Some antivirus programs also scan your hard disk regularly to look for viruses that might have sneaked through. If the program sees a virus, it displays a message telling you what to do.

Knowing When You're Infected

You may find out that your system is infected when you see a strange message telling you that you're a victim. Some other ways of telling are as follows (although all but the last can be signs of other Windows problems):

Your system slows down (especially programs loading)

Files disappear

Programs crash unexpectedly

Dealing with an Infected Windows System

If you have already been infected with a virus, follow these steps:

If an unfamiliar dialog box, error message, or something else unfamiliar appears, make a note of the message or other symptom. Unplug the modem or network cable, and then shut down the computer. Continuing to use an infected computer is a bad idea for several reasons. Depending on what type of virus or worm you have, additional damage can be done. With the speed of today's systems, a virus or worm can delete or write over gigabytes of data in a matter of minutes.

Do not try to repair or otherwise contain the damage or effects of a virus or worm using software that was not specifically designed to do so. In other words, don't run Norton Speed Disk to try and solve the problem.

Do not install antivirus software after you discover a virus or worm. Unless you are sure that the virus is nondestructive, leave the computer turned off until you find out how to get rid of the specific virus that your system has contracted.

Locate a computer that is not infected. Go to a virus resource web site and find out how to fix it. Try the web site of one of the most popular antivirus programs (listed in a previous section) or one of the virus information sites listed in the next section. Look for step-by-step instructions for removing the virus. Companies like Symantec and McAfee often develop scripts that aid in the removal of recently discovered viruses and publish the details about what that virus has done or can do, so that they can be safely removed.

Once you know which virus you have, follow the steps to disinfect your system (that is, remove the virus). If the virus has deleted or overwritten files, it might not be possible to get the files back, but you can at least prevent further damage to your system and infection of other systems.

If you can't identify the virus or find a procedure for getting rid of it, call technical support for your computer (or your office's technical support person). Explain to them what happened and that you would like some assistance in removing the virus, or at least in taking steps to minimize the damage. You may have to pay a fee for this service if you go through your computer's manufacturer.

Once you are sure that the virus is gone, buy and install an antivirus program. Don't make the same mistake twice!

Another approach is to back up all your data files (but none of your programs), reformat your hard disk, reinstall Windows and your applications, restore your data files, and buy and install an antivirus program to prevent reinfection. However, leaving your computer running while you make the backups can give the virus time to delete more files.

Tip	After you have cleaned up a virus, back up, reformat, and reinstall your system. Many viruses and the resulting repairs leave your system unstable, and parts of virus files may still be lying around.

If you make regular backups, check the backups that you made within at least 72 hours of discovering the infection (see Chapter 9). Your system may have been infected for days (or longer) before you realized it.

Protecting Your System with Windows Firewall

Windows Internet security had long been the domain of third-party security companies like McAfee and Symantec until the launch of Windows XP Service Pack 2, in which Microsoft added Security Center to the Windows Control Panel. That's when pundits and even critics began to see Microsoft as a potential contender in the PC security realm.

The introduction of the Security Center in Windows XP SP2 meant that Microsoft Windows finally had a native security monitoring tool that governed the Internet firewall, software/operating system updates and patches, and virus protection.

The Security Center eventually seeded the launch of Windows Live OneCare (http://www.windowsonecare.com/), a full security suite that includes firewall, antivirus, and automated backup software.

What Is Windows Firewall?

Windows Vista includes Windows Firewall (see Figure 33-1) to help protect your PC (including your data and personal information) from malicious online threats, including hackers, viruses, and worms that try to reach your computer while you are online. Windows Firewall checks information incoming from the Internet to your PC and either blocks the information or accepts it depending on your security settings.

Figure 33-1: Windows Vista includes Windows Firewall for protecting your PC from malicious attackers .

Cutting past Microsoft marketing, Windows Firewall should be seen as a lower-end security firewall solution. It's fine for when you are just getting your PC set up with the latest Microsoft Windows security patches and service packs . However, be security conscious and shop for a firewall from one of the major security vendors like McAfee (http://www.mcafee.com), Symantec (http://www.symantec.com), or Zone Labs (http://www.zonelabs.com).

The next few sections show you how to set up Windows Firewall to protect your PC. This is also a good primer to demonstrate the typical steps you need to take to set up a software firewall.

Enabling/Disabling Windows Firewall

You can enable and disable Windows Firewall from the Windows Control Panel, depending on the group policies that are set on your PC. Perform the following steps to enable Windows Firewall:

Click Start Control Panel to open the Windows Control Panel.

Click Security to open the Security Options windows.

Click Turn Windows Firewall On Or Off to open the Windows Firewall dialog box.

Click On to turn Windows Firewall on. This is the recommended setting. You also have the option Block All Programs, which effectively seals your PC from any incoming application downloads. Click Off to turn Windows Firewall off.

Note	You should turn Windows Firewall off once you install a third-party firewall on your PC, because running two software firewalls can hamper system performance. You can run a software firewall in conjunction with a hardware firewall (like those included in home network routers) without such issues.

Setting Inbound and Outbound Rules

If you have appropriate security policies, you can have control over the inbound and outbound rules for Windows Firewall. Think of setting inbound and outbound rules as being "the gatekeeper," because you are blocking and unblocking applications' passage through your firewall to the public Internet. Perform the following steps to set inbound and outbound rules:

Click Start Control Panel to open the Windows Control Panel.

Click Security to open the Security Options window.

Click Allow A Program Through Windows Firewall to open the Exceptions tab in the Windows Firewall dialog box.

To unblock a program or service, select it in the Program Or Service drop-down list.

Click OK to confirm the change.

Other inbound and outbound management options include adding programs and ports. Click Add Program to open the Add A Program dialog box, in which you can add programs to your Windows Firewall rules. If the program you want to add doesn't appear in the Programs list, you can click Browse to browse to the program's executable file on your local hard drive.

Click Add A Port to open a new firewall port in Windows Firewall. Adding a new port to your firewall doesn't require a network engineer. However, in absence of said network engineer, you should always consult the program's documentation to find the port number and protocol you need to open on Windows Firewall in order for the program to be able to access the Internet.

Protecting Your System with Windows Defender

Windows Defender is another new Microsoft online security tool that launched with Windows Live OneCare and was later included in Microsoft Windows Vista.

What Is Windows Defender?

Windows Defender (see Figure 33-2) enables you to apply another level of security over your Windows Vista PC. It guards your PC from spyware and other malicious software that can install itself on your PC without your knowledge or express consent .

Figure 33-2: Windows Defender is your first line of defense against spyware.

Spyware protection via Windows Defender offers real-time protection when spyware or other unwanted software attempts to install itself on your PC. It also alerts you whenever an application attempts to alter important Windows settings.

Windows Defender also ties into the Microsoft SpyNet community, an online resource for tracking how Windows Defender users respond to software that has yet to be classified as spyware, malware, or other sort of risk.

Spyware scanning can be run automatically by Windows Defender, acting as a first line of defense against spyware and other malicious files that might be installed on your PC without your consent or knowledge.

Windows Defender runs two types of scans:

Quick scan, which scans just the important Windows system components

Full system scan, which scans your entire hard drive

Opening Windows Defender

Windows Defender is available from the Control Panel. First, you need to open Windows Defender:

Click Start Control Panel to open the Control Panel.

Click Security Windows Defender to open Windows Defender.

Keeping Windows Defender Definitions Up to Date

It's imperative that you keep Windows Defender up to date to stave off the latest spyware and malware floating around the Internet. Windows Defender includes automatic scanning as one of its settings. When setting up Windows Vista for the first time, you should perform the following setup to keep your Windows Defender definitions up to date:

Click Tools Settings. The Windows Defender Tools And Options dialog box appears.

Click Options, and then select Check For Updated Definitions Before Scanning.

Click Save to save the new settings.

Turning On Windows Defender Real-Time Protection

Automating security like antispyware and antivirus protection is one of the keys to defending your PC and home network from attacks.

Real-time protection against spyware and malware is a boon to home and SOHO PC users because it means you can focus on your work at hand and not have to obsess over the security of your PC. However, it's always good to review the settings and status of your security software (like Windows Defender) on a regular basis, especially as the service packs and patches for Windows Vista multiply during the first year after the product's launch.

To set your Windows Defender scanning settings:

Click Tools Options. The Options dialog box appears.

Choose Automatically Scan My Computer.

Choose your scan frequency from the Scan Frequency drop-down list. Daily is the default selection. You can also choose to scan your PC on a particular day of the week.

Choose the time of day you want the scan to run. The default time for Windows Defender is 2:00 A.M.

Choose the type of scan you want to run from the Type of scan list. By default it's set to Quick Scan, but you can also select Full System Scan.

Click Save once you have finished configuring your Windows Defender scan settings.

Tip	Full System Scan can be time consuming and thus you may want to run full system scans after you suspect your PC has been attacked , late at night when you are sleeping, or as part of your normal PC maintenance regimen.

Sources of Antivirus Information

Here is a quick list of applications and sites that you should investigate long before you need them:

Antivirus Software, at http://www.antivirus.about.com This http://www.About.com site is a clearinghouse about the latest antivirus software and virus news.

Download Squad, at http://www.downloadsquad.com/category/security/ This popular web log covering all things software includes antivirus and security coverage.

Doug Muth's Anti-Virus Help Page, at http://www.claws-and-paws.com/virus A fantastically deep collection of information regarding computer viruses with lots of helpful papers, reports , and links to additional resources. One thing that makes this site great is that it's not tied to any commercial concern.

Symantec Security Response at http://www.symantec.com/security_response/index. jsp Symantec Security Response is a launching point to Symantec security solutions for consumer and corporate customers.

McAfee Avert Labs Threat Library, at http://www.vil.nai.com/vil This encyclopedic listing of viruses is one of the first places you should look to get help or find out what's going on.