Getting Started PC Security ? Preventative Measures

My last article, the Hardware Guide, covered the basic requirements for a capable, reliable hardware setup to trade the markets effectively. Some of you may also be aware of my Techies Corner Guide, which provides some basic information about PC security, and links to a variety of downloadable programs and tests to use for the security-conscious amongst us. Some of the information in both may be duplicated here, but this article brings everything together as a "one-stop shop", and provides a valuable reference point for future use.

There are many problems that we, as internet-intensive users can come across during our daily work. Most of us use ADSL connections, and whilst this type of connection is more often than not essential for our business, it also exposes us to the not-so-friendly side of the internet.

Some of the common problems you will no doubt have encountered will include:

  • Viruses
  • Spyware
  • Trojan Horses
  • Firewall attacks
  • Spoof websites
If you aren't familiar with all of the above items, you should be. As traders, we cannot afford to show any complacency when dealing with these malicious individuals who write and develop such programs - cut them off at the knees, or better still, don't give them a chance in the first place.

Viruses​

Most people (if not everyone) ought to be familiar with viruses. Put simply, a virus is any program which self-replicates and spreads by placing copies of itself into other computer code or documents/programs. Some viruses are harmless, whilst others can destroy your system, delete files, and disable hardware. In short, if you find them on your system, get rid of them.

There are plenty of anti-virus (AV) programs around, as you are no doubt aware. Many are free, others involve an annual fee. Some of the most popular free ones, available for download by either free registration or just a straight link, are listed below. Some products are standalone, and require download, others are accessible through a web interface. However, if you're a Windows XP user, XP monitors your AV product by default and will constantly remind you that either a) you don't have one installed or b) the virus definitions are out of date. You can turn this function off if required by accessing Start -- Control Panel -- Security Centre.

Its worth finding out how effective your proposed or current AV solution is. There are a number of reports frequently published on the web which test the more popular solutions on a variety of platforms and show results. Two good examples are Virus Bulletin and About.

Free AV Programs (standalone)

Free AV Scanners (web based)

If you opt for a standalone version (the best choice, in my opinion), make sure you either update it regularly yourself, or configure the program to check for updates once a day. I say that standalone is best because some AV programs will actively scan the PC the whole time, even if you have not asked it to manually scan for viruses. Avast! is one such program which has in the past alerted me to a problem before I had run a manual scan.

You should only run one AV product on your PC. More often than not, AV products will use the same files and resources as one another, and trying to get two to work concurrently can cause problems - so keep it simple.

Spyware​

Sometimes called Adware, this is a generic term for any program that monitors a user's activity. Again, like viruses, they can be quite harmless or cause a great many problems. Sometimes, the same form of spyware will have one effect on one machine, and another effect on another. There are no hard and fast rules, except for the one about getting rid of them from your system.

The most harmless form of spyware is probably the tracking cookie. This is a piece of code placed on your computer by your web browser and used by a website to record information about you. Some cookies, such as the ones Trade2Win uses, can - at your request - remember such details as your username and password, logging you in automatically whenever you return. Others are can record the kind of sites that you visit for demographic purposes - i.e. visitors to site "a" also visit sites "d", "k" and "m".

Other types of spyware can be more malicious, particularly those that incorporate ActiveX script. ActiveX is a technology developed by Microsoft to enable web pages to behave like programs - the exploitable element of this being that they can install programs onto your PC without your knowledge. Microsoft have gone some way to fixing this with the release of Windows XP Service Pack 2.

Some browsers are more susceptible to Spyware than others. The most popular browser, Internet Explorer (with around 90% of the marketplace) ships as default on all Windows-equipped machines and as such is the browser most regularly targeted by Spyware developers. Other browsers, such is Mozilla Firefox, an open source browser, offers enhanced security over IE but at occasional small expense, in that not all websites are yet Mozilla compatible, but they'll typically tell you so (or you'll realize when you visit the site).

The next version of Internet Explorer, IE7, rumoured to be with us in beta format later in 2005, is going to be primarily focused on security, which suggests that Microsoft is well aware all is not well with IE6 - a feeling backed up by the numbers of users switching to products like Mozilla.

Some of the more popular free and pay-for solutions are listed below. This is not intended to be an exhaustive list, and it is worth reading the various reviews available on the web and in PC magazines. Some anti-spyware programs perform poorly, and others will even install spyware on your machine - read about it here.

Free Anti-Spyware Programs

Pay Spyware Programs

Like Viruses, make sure that whatever Spyware solution you choose is kept regularly updated. Most, if not all, will prompt you for updates when you run them. However, unlike AV products, you can run more than one instance of anti-spyware products on your machine, as no one solution has yet been found that is a catch-all.

Trojan Horses​

Like the wooden horse of Troy, a trojan is a program which arrives on your PC and, should you stumble across it, often looks quite innocent. They will either sit there and apparently do nothing, whilst quietly monitoring away - much like Spyware - or, on a pre-defined date and time, will perform some action - such as erasing files, logging and sending keystrokes for password retrieval purposes, and things like that. They are not classed as viruses as they do not replicate themselves, although some of their actions are virus-like.

Trojans are detected by most AV and/or Spyware products, and should be dealt with by the same programs as above. Like Spyware and Viruses, the best solution is to regularly scan your PC (at least once a week if you are a heavy user of the internet) and deal with any threats immediately.

Firewall Attacks​

I'm hoping that no-one who has read this far is wondering what a firewall is. If you're reading this, that means you're on the internet, and that means you need a firewall. Even those of you who are on dial-up.

A firewall can be either a piece of software installed on your PC, or part of a hardware element (such as a router) that protects network traffic. They contain a set of programs that follow user-defined rules as to what is and what is not allowed access to and from your PC.

Many of us who use Windows XP as our Operating System will have a software firewall installed as standard. However, it is well known that the default Windows XP firewall, whilst effective at blocking inbound traffic, is quite useless at blocking outbound traffic, and some programs can actually turn it off (Huitema, ITPro ). This, of course, can prove problematic should you inadvertently download or receive a file that is malicious, because it will sit there, perhaps transmitting passwords and keystrokes through your firewall without your knowledge.

It is worth getting a third-party firewall such as Sygate or ZoneAlarm to ensure that the security of your system is not compromised (again, both are available in either free or pay-for format, depending on your use) . If you have a router, either wired or wireless, it will have a firewall built in which should prevent most problems.

Free Firewalls

You can test the effectiveness of your firewall at a few well-established locations on the web. Just click the link, follow the on-screen instructions and within a minute or two you should have some idea as to how secure (or preferably, invisible) you are on the web.

It is also worth visiting websites such as PCPitstop on a regular basis. Here, you can register for free, and have the website perform a free scan and offer potential tune-up tips for the machine in general and advise you about security settings.

Spoof Websites​

Also known as "phishing", these will typically appear in your inbox, prompting you to visit a site purporting to be owned by your bank, or Ebay, or Paypal, to tell you that they are "updating their records, and could you please log in to verify them" - or some such. Of course, you click on the link provided in the email, which takes you to the site that it is alleged to come from. You log in, put in your details, and maybe think no more of it. But there's a problem.

Lets say that the site you get the email from is PayPal, Ebay's payment method. Or at least you think its PayPal. But its not - I promise you.

What it is, in fact, is a copy of the PayPal site. This is relatively easy to do. You could copy the entire page of this website, for example, by viewing the source code, and placing it on another site somewhere else. It would look the same, sure - but it won't function the same because the content that creates this page and a lot of web pages is dynamic - pulled from a remote database - and wouldn't be there. But you get the point - it is simple enough to copy an entire website and fool people into thinking that its the real thing. So, you go along, think you've logged in - but what you've actually done is send your username, password and who knows what else to a database elsewhere, for someone to retrieve at leisure, log in to your accounts, and clean them out.

There are a couple of things we can do to stop this.

First of all, when you visit a site such as PayPal, Ebay or maybe your online bank, just check the actual HTTP header in the browser. Make sure that the address is correct. For example, for Ebay it should say something like : http://www.ebay.co.uk/. If it says anything different, manually type the address into the browser or take it from your "favourites" list and use that. Don't click the link they they send you and think that it is OK just because it looks right. It can say one thing and mean something else.

Another thing to check for is the encryption. All sites such as those mentioned above use a technology called SSL (Secure Sockets Layer) and 128-bit encryption to protect your identity. Hence, when you go to log in at, for example, Ebay, you should see something like: https://signin.ebay.co.uk/ws/...... Note the trailing "s" after HTTP. This denotes that it is a secure web page. As does the small padlock symbol that all browsers should display in the bottom right-hand corner. Without all of these, don't even try to log in, because you're not where you think you are. If you aren't familiar with this, try the following:

Open a web browser, and type "http://www.paypal.com" into the address line. After a few seconds, the site will come up. However, you'll note that the address you typed in has changed to "https://www.paypal.com", and the padlock symbol should display in the corner of the browser. This is what you need to look for to make sure you're on the site you think you are, and not somewhere else.

Some browsers, such as Mozilla, offer add-on extensions (in Mozilla's case called "spoofstick") that will automatically tell you the correct address of a website, regardless of what it displayed in the actual address bar.

A lot of sites that have either been phished or may be subject to phishing will often send genuine emails to their customers saying that they will never ask you to log in and verify your details. Trust them. If you follow the simple points laid out above, you can establish very quickly whether you are on the genuine item or a good copy.

In Conclusion​

To summarize the above, as an active trader there are a few things that are absolute "must-haves".

  1. A decent, up-to-date AntiVirus package.
  2. One or more AntiSpyware products.
  3. A good software or hardware firewall, properly configured and regularly tested.
Finally, you need to know your PC - know how it should perform, know the kind of things it should do. If your software firewall prompts you to allow a program access that you've previously allowed access, is it because that program has become infected with a trojan, and hence changed? Or did you reconfigure it somehow? If the PC has started performing poorly, or you've lost functionality somewhere, the first thing to do is test it to death and back - the number of PC problems that are easily solved this way is astounding.

For thorough scans of both Spyware and Viruses, try running the PC in Safe Mode. To do this, hit F8 as the manufacturer's logo appears on screen, and then choose "Safe Mode" from the on-screen prompts. This will start Windows with the minimum amount of drivers required, so you won't have internet access, but it will perform scans faster because there are less resources running. It can also be easier to delete infected files because they may not yet be loaded into memory and hence be inaccessible.

By following the above suggestions, you should be able to keep your PC in tip-top shape, and help prevent spreading malicious files to colleagues and friends. Most of it is common sense, and if you follow the guidelines that the various software packages give you, there's nothing dreadful you can really do. Remember too that if you're using Windows ME, 2000 or XP, you also have a System Restore function available off the Start Menu that can often undo any problems, even if you've caused them yourself.
 
Last edited by a moderator:
I've just speed read this article during a pause in trading and it looks brilliant - thank you very much for all the effort that's gone into this.
Richard
 
Yes, it's good to see all this in one place.
This should be a must read article for everyone that uses the internet.
If I may add a couple of points: -
1) There are many 'rogue' versions of anti spyware software out there which appear to work but do other sneaky things as well. I use those that Matt has highlighted. There are also others that are bone fide. If you want to try something else I suggest that you go to one of the computer help discussion boards (I tend to use www.annoyances.org) and search for comments on it before making a decision.
2) Make sure that you have the phone numbers of your trading platform handy for when your internet provider has problems. My own line was down for 6 hours today. Could you cope with that?
 
Thanks for your comments, everyone.

The Spyware list wasn't intended to be definitive, just to suggest some examples. I think the Techies Corner thread is a more suitable location to have a huge list of programs, and its served its purpose very well for coming up to a year now, although I keep meaning to get round to pruning it one of these days...

M$ antispyware is excellent, but at the moment it is a Beta version and I believe they expire in July of this year. Whether Microsoft will make it pay-for or keep it free is anyone guess, but the previous owner of the company (when it used to be called Giant AntiSpyware) I believe it was around the $50 mark - maybe someone can clarify.
 
Trader333 said:
One of the best Spyware programs is the Microsoft's own version which is FOC and can be found at:

http://www.microsoft.com/athome/security/spyware/software/default.mspx


Paul

The only thing that concerns me with that one Paul, well two things really;
1/ It's a beta version and I'm always a bit wary of betas, as they are often full of bugs and we are the guinea pigs, and MSFT doesn't have a great track record of releasing bug free full versions.
2/ I run it on one of my PC's along side Adaware and Spybot and they always pick up stuff the MSFT program doesn't, but it has never picked up something they didn't
 
Its not a true Beta, though. The product was released some time ago and has received excellent reviews in its past life as Giant Antispyware, who were bought by MS some months ago. Hence, most of the groundwork was done by Giant, and everything pretty much remains the same as far as I know - even the logo is the same as it used to be when Giant owned it - MS have basically just tacked their name onto it for the time being. The only thing it doesnt do at present is scan for tracking cookies, which both Spybot and Adaware do.

I have PestPatrol on this machine (excellent, imo), and the MS product on my other laptop and really can't fault either product.
 
Right on cue (well, almost) comes a spoof email, splashing its way into my inbox today. Bit of a giveaway this one as I don't bank with Barclays, but it gives you a good idea.

The first image (left) is the spoof website. Mozilla's "spoofstick" in this case clearly identifying the host site as something other than Barclays (along with the http address of course). Second image is the genuine article, as you can see from both Spoofstick and the HTTP header - note the "s" on HTTP.
 

Attachments

  • barclays_ripoff.gif
    barclays_ripoff.gif
    22.9 KB · Views: 505
  • barclays_genuine.gif
    barclays_genuine.gif
    24.9 KB · Views: 438
Eh, hope I do not sound nosy, but is the person shown in the picture of the author rossored? Nice to be able to put a face to the name. :)
 
Thanks. So, curiosity is not such a bad thing after all... :cheesy:
 
Great article

Thank you for your article, I’ve taken increased steps to safe guard by laptop that I use primarily for trading. I actually encountered a spoof website a few month ago, I know something wasn’t right about the set up so I closed down the webpage and didn’t use it. I will be looking for that encryption on all websites from now on.
 
Top