Despite continued media attention and judging from the continued number of people who ask why their PC responds sluggishly or crashes, it appears that there is still not enough awareness amongst computer users in securing their home computer systems.

Users also seem to be blissfully unaware of the dangers of opening random emails and attachments which can easily infect Windows-based computers with spyware, Trojan horses, keystroke loggers or quot;Zombiequot; control software. (To check if your PC runs strange items at startup see my other article, Checking the Windows Registry).

All personal computers, be they IBM-PC compatible, Macs or other systems must not be connected to the Internet until they are secured. And to do so, we apply defence in depth and layered protection:-

The first line of defence is a hardware firewall. This will be a small box which ideally fulfils three functions: modem, router and firewall. Being hardware rather than software it is very much harder for a cracker to subvert. Next we add a software firewall. This will allow us to check exactly what programs are attempting to communicate on our PC. By offering such control we are in a position to restrict communications we are unsure about. Ideally you should consider that no personal information should ever leave your PC except when you require it (such as when communicating with your Internet banking site). The software firewall lets you see and choose what programs may communicate on your PC. Our next layer of defence is provided by an antivirus (A/V) package. This may be provided by the same vendor as the firewall or not - your choice. Next, anti-adware scanners which scan and detect malware activity (Trojan Horses, dialers, ad-ware) provide the next layer of defence. Finally, as our innermost layer of defence, I strongly recommend you install and use a new browser and cease using Internet Explorer. Any of the free browsers (chief amongst them are Mozilla and Firefox ) will be safer to use because they are not as tightly coupled to Windows and hence are less exploitable and hence safer than IE.

Following are links for several popular products along the lines of defence mentioned above. If your friendly IT guru recommends something else by all means go with his/her recommendation.
Items marked with an asterisk ( * ) have been successfuly deployed by myself.

Hardware Modem+Firewalls

• Seg/Draytek Vigor Modem+Firewalls www.seg.co.uk*
  • Home ADSL Vigor 2600+RJ12 ADSL WAN interface
  • Business ADSL Vigor 2900+ (Ethernet WAN interface)
• D-Link DFL-200 (router+firewall only)

Software Firewalls

• Trend Micro PC-cillin Internet Security 2007
• ZoneLabs ZoneAlarm* (free version available)
• Symantec Personal Firewall
• Sadly Sygate Personal Firewall no longer exists as the company has been bought by Symantec BUT you can still download it from various Google searches.

AntiVirus Software

• ClamWin*
  Server or CLI enthusiasts may prefer ClamAV for Windows
• Grisoft AVG Free -Edition*
• Avast Home edition (free)
• F-Prot Home version (30-day trial available)

Anti Spyware

• Ad-Aware* from www.lavasoft.de
• HijackThis* from tomcoyote.org/
• Spybot S&D

Alternate Browsers

• Firefox*   Fast, lightwight browser
• Mozilla 1.7x*   Browser suite with email and news client.

Alternate Mail readers

• Eudora
• Pegasus
• Thunderbird*

By applying these layers of protection and on the PC, applying defences in depth to catch all manner of activity, we ensure a much safer computing environment. To the above we might add:-

1. Check for security updates regularly (most software does so itself, a daily update check works wonders)
2. Apply security updates regularly. Auto-updates are good for most of us.
3. Older Windows XP systems (prior to October 2004) should apply Windows XP service pack 1a. Versions of Windows XP (Home & Professional) from about October 2004 onwards will probably have this pre-applied and should instead apply Service Pack 2 ; note that there were many problems reported with this so do check Microsoft's SP2 trouble page and the Application Compatibility page to see if your software is marked as problematic.
4. Backup often.
5. Don't open strange emails and/or attachments if you do not recognise the sender. Delete them instead (harsh but safer). Remember your bank will never ask you for your online banking username & password so don't be tempted by emails that purport to come from your bank.
6. Be suspicious. If your PC takes longer to boot or shutdown maybe there's something wrong. Investigate. Ask your friendly IT guru :-)
7. Backup often ;-)

• A nice graph by the SANS Internet Storm Center (ISC) shows the "survival" time for an unpatched, unprotected (Windows) system when connected to the Internet.
• Surviving the First Day ; a guide to how to keep WindowsXP safe from the moment you install it.
• IT Professionals: check out the WinXP SP2 Resources.