Instant messaging (IM) is rapidly becoming a favored attack vector for the bad guys. Too many IM programs allow anonymous connections by default. This is a very, very bad idea. You don’t want anonymous Internet creeps pinging you to become your “buddy.” Anonymous IMs, such as “Hey, look at this cool website,” “Nice screensaver here” or “Awesome free porno” have installed viruses, spyware and rootkits on gazillions of computers around the world. Once, because a potential employer liked to use IM, I reluctantly installed AOL Instant Messenger (AIM). I was appalled at the lousy default settings that AIM foists upon its users, and wrote a series of articles on the subject last September. Without proper installation, monitoring and security, IM programs are a bad idea for your home or business. If you need to “instantly” communicate with someone, call them on the phone. If you don’t believe me, Google for “secure instant messaging” and you’ll see what I mean.
Updated operating systems and programs are a vital part of good security. I once repaired a computer that had never run Windows Update, yet had been used on the Internet for two years. Before I removed 249 viruses and over 3000 spyware programs, this computer would barely even turn on. I should have simply wiped the hard drive and started over, but that’s not what the owner wanted.
Most users should have the Windows Automatic Updates feature turned on. I also like to set Windows Update to run at a time when the computer itself may actually be turned on, instead of the default 3:00 a.m. setting. There is one caveat about Automatic Updates: if not properly set up, it may silently install Internet Explorer 7 as a “critical” update.
To avoid this unfortunate situation, you’ll need to run Windows Update manually. First, make sure that IE7 is not installed. Then, find the “Windows Update” link in your programs list. If you’ve never manually run Windows Update before, you’ll have to jump through some hoops, such as installing Microsoft’s asinine Windows Genuine Advantage nonsense. Finally, you should land on the actual update page. Select the “Custom” option, find IE7 in the update list, uncheck the box next to the IE7 update and check the box that says, “Don’t show this update again.” Then, simply close the program and you’re done.
You should also update other critical Microsoft programs, such as the Office suite. Vast numbers of security vulnerabilities have been found and patched in various Office components. Sadly, you’ll have to use Internet Explorer to get these updates. Go to office.microsoft.com and click the link in the upper right-hand corner that says, “Check for updates — Office Updates.” You’ll be redirected to another page. When there, click the link in the upper right-hand corner that says “Office Update;” not “Microsoft” update, “Office” update. Have your Office CD on hand, because certain update “features” can only be found on the CD; strange, but true.
You’ll also want to make sure that you have the latest Java updates for your browser. Mozilla provides a plugin updates page (https://addons.mozilla.org/en-US/firefox/browse/type:7). To allow proper installation and testing of your Java plugin, run Firefox, go to Tools/Options/Security and add www.java.com to the list of sites that are allowed to install add-ons.
Most good antivirus programs will update themselves automatically. Older versions of Adaware must be updated manually, while the new 2007 version updates automatically. Spybot S&D must be updated manually. Be sure to also run Spybot’s “Immunize” function.
Next week: more Internet security basics.