Re: Free firewall needed
Here's my toolkit recommendations:
Hey Matt,
Here's some instructions on how to go about securing your PC a bit against malware.
All of these are free versions. These companies do offer a "professional or commercial" pay-for-version that has more features, but most home users shouldn't need all that. One note: it may take a bit of navigation to get to the free versions on some of the web sites. Also be careful - a "free trial" version is not the same as the "free" version. The free trial version is actually the full-fledged pay version, and the free trial will expire after a while (month or two)... The "free" version will not expire so quickly.
Section 1 introduces the items, Section 2 outlines a good process in installing/running them.
Section 1: The tools.
CCleaner:
http://www.ccleaner.com/ This will delete 'crap' from your hard-drive and can fix (some) registry issues as well.
AVG:
http://www.avg.com/ This is a pretty good anti-virus program. The other one I have heard about is called 'avast' (also has a free version). These tend to be more light-weight and less resource intensive than the commercial alternatives (Norton, Symantic, etc..)
Zone alarm:
http://www.zonealarm.com/ This is a firewall. There is a link on their website that answers the question "why do I need a firewall". And yes, windows XP came with a rudimentary firewall - but it is permissive in nature and unless you do a lot of legwork up front will provide you with only a false sense of security.
Anti-Malware tool:
http://www.malwarebytes.org/ This tool scans for, and removes "malware" from your PC. The definition of "malware" does include viruses. Because there are virus scanners, most malware tools concentrate on other types of malware such as 'adware' (pop up ads during your browsing), 'hijacks' (redirect your browser from one site to another), and 'spyware' (track your browsing/computer habits and send the information to someone). There are worse than these too.
Anti-Malware tool:
http://www.safer-networking.org/en/index.html The tool is called "spybot-sd". It is good to have multiple malware scanners on your PC. Often one will catch something that the others don't. This one has an additional feature - a run-time registry protection program - that will ask you when things try to change your registry. This is a good feature, as the registry is a key component of windows and many malware items attempt to write to it so that they can embed themselves into windows (ie: and be started automatically when windows starts).
Anti-Malware tool:
http://www.lavasoft.com/ This tool is called "ad-aware". Again, multiple malware scanners on your PC are a good thing. These three should be diverse enough to catch just about everything.
Anti-Malware tool:
http://www.javacoolsoftware.com/spywareblaster.html This tool is called spyware blaster. It is NOT a scanning tool. What is does is to attempt to secure your system a bit so that it is much more difficult for malware to get itself installed.
Anti-Rootkit tool:
http://technet.microsoft.com/en-us/sysinternals/bb897445.aspx This is called rootkit revealer. A rootkit is a particularly nasty piece of malware in that it goes very deep into window and runs with all the permissions possible ("root"). It uses those permissions to hide itself so that it doesn't show up as a running process, as a file, or even to most scanners. The rootkit tool scans for this sort of thing.
Section 2: A good order for doing things.
The first thing to do is to clean up. All of the scanning programs look at files - the less files there are, the faster they will run.
Step 1: Uninstall anything you are not using. This is a standard windows uninstall found in the control panel.
Step 2: Shut off indexing, unless you frequently search your hard drive for files. You should be able to shut this off by opening *windows* explorer (not internet explorer), right clicking on your hard drive, selecting the "properties" option, staying in the "general" tab, and un-clicking the box that says "Allow indexing to....".
Step 3: Download and install CCleaner. During the install, there will be an dialog that contains a bunch of install options - I usually do not install the yahoo toolbar. This is a personal choice, though, so if you want it go ahead and install it.
Step 4: Run CCleaner. This will clean up files you don't need. Again, we do this first so that there are less files for the other things to scan.
Step 5 (Optional): Run the disk defragment tool. The logic here is that things will maybe run a bit faster if the files are defragmented. To get to this, open *windows* explorer again, right click on the hard drive, select the properties option, go to the "tools" tab, and click on the "Defragment Now" button.
At this point we have hopefully reduced the number of files to scan, and made things faster for the scanning steps.
If you already have an anti-virus program, then skip step 6. Anti virus programs tend to conflict more than other programs, so one should be enough per PC. If you want to change programs (you subscription has/or is running out - then uninstall the one you don't want before installing another). You may need to run through steps 4 & 5 again afterwards - anti-virus programs tend to take up a fair amount of disk space.
Step 6: Download AVG. Install it. Make sure that you update the virus database *before* you run any scan (otherwise you could be using an older database - not a critical error, but updating is faster than running two scans). This is true for all of the other scanner programs - update before scanning.
Step 7: Download Spybot-SD. Install it (including the part that protects the registry). Update. Scan. Additionally, there is a option to "inoculate" your pc - go ahead and do that.
Step 8: Download MalwareBytes. Install, Update, Scan.
Step 9: Download Adaware. Install, Update, Scan.
Step 10: Download the rootkit detector. Install, Scan. This routine is an exception in that it doesn't use a database for its scans so the version you downloaded should be the latest. (There is no harm in checking for updates, though).
Step 11: Download spywareblaster. Install. Update. Enable protection. Now, if you use (macromedia) flash then you should disable the 'flashkiller' option (tools->Flash Killer).
Step 12: Download zone alarm. Install. Check for updates. The installation will require you to reboot your PC at some point. You can use the automatic scan to determine which programs can access the internet - it does a pretty good job. Once this is installed and running (after your reboot, and after all the questions it will ask), it will pop up from time to time asking you "Program xyz is attempting to access the internet" (or similar type questions). Some of these will be windows programs, some will be others. If you don't recognize the program - pull open the internet explorer and look the program name up. There are websites that specialize in identifying programs. If it checks out, you can tell zone alarm to allow access - AND TO REMEMBER the decision.
Doing these things will clear (and keep your PC clear of things if you periodically run them) your PC of all of the common malware you may have. This does not mean 100% - the point is that all of the tools require the people that made them to be aware of the exploit or malware in order to be able to scan for it. If the malware has only a limited amount of circulation (ie: just starting out) and you are unlucky enough to get it - then these scanners won't find them. Zone alarm and the spybot-sd registry monitoring tools *will* detect the program trying to hit the internet or change your registry settings. However, they will happily allow it to do so if you tell them that it's OK.
Bottom line, this is a layered defense - but the most critical piece is the human at the keyboard.
