How to Protect Your Desktop PC

Installing strong, up-to-date security software is a given. But it takes much more than that to defend the epicenter of your digital life.

Keep Your OS Patched
Could real people actually be as clueless as some of those characters we see in movies? Sadly, you need no more evidence of that cliché than the average computer user. Even though he or she knows that an OS update is as critical as, say, nailing boards over your windows in a zombie apocalypse, many choose to ignore the updates until something crawls in and eats their brains.

The most basic security step PC users should take—regardless of OS—is to install the latest updates. Yes, we know, it can be teeth-gritting—especially when the updates are larger than the original OS—but it’s necessary for patching holes being used by attackers to squeeze into your PC.

Lose Windows XP
Windows XP was a great operating system but it’s now over 10 years old and it’s a popular target for attacks. Why? It’s not as secure as its replacements. It’s also where the money is—literally—with 51 percent of computers on the planet running it. Many attacks specifically target XP and ignore Windows Windows 7 and 8 completely. Unless you like to wrench on your OS all day, we recommend that you give XP the retirement it has earned.

Keep Your Applications Patched
Even Microsoft haters have to admit the company has done an admirable job patching its operating systems in a reasonable amount of time. Because of this, many of the weak spots on a PC aren’t even the OS anymore, but rather the third-party applications. While Microsoft will patch its own products in Windows Update, it doesn’t do squat about anything else. With literally dozens of apps to check for updates every week, you can see where the problem lies. That’s why we run Secunia’s PSI Scanner

The free app runs in the background and checks your installed apps and plugins for available updates and then gives you a link of where to download the patch. The latest beta version will actually install some of the updates for you. The company also offers an online scanner but we don’t recommend it because it runs in Java.

Beware the Usual Suspects

When a massive malware outbreak occurs, you can almost always expect to see these five shifty guys in the police lineup: Flash, Acrobat/Reader, QuickTime, Java, and JavaScript. Normally we’d say just execute ’em, but it doesn’t always work that way. Yes, if you can, simply uninstall these offenders (save JavaScript), but if you must have them, there is a way to at least mitigate some of the damage.

Start by disabling Acrobat/Reader in your browser. In Firefox, go to Tools, then Add-ons, then Plugins, and disable the Acrobat plugin. While you’re there, you should also probably disable QuickTime, Java, and even the DivX Web Player if you want to be extra cautious.

To disable these plugins in Chrome, go to Options, Under the Hood, Content Settings, Plugins, and select “Disable individual plugins.”

Now, go into the Acrobat app, go to Edit, Preferences, Trust Manager, and uncheck “Allow opening of non-PDF file attachments with external applications.” While you’re in Preferences, click the JavaScript option and uncheck “Enable Acrobat JavaScript.” Also click on Internet and uncheck “Display PDF in browser.” Or just dump the whole thing for Foxit Reader.

For QuickTime, start the player, dig into Edit, Preferences, QuickTime Preferences, Browser, and uncheck “Play movies automatically.” To mitigate the damages from Adobe Flash, consider running the FlashBlock extension in Firefox and Chrome. This will prevent Flash from being displayed on a page. In its place will be a place holder that, when clicked, will play the Flash content.

Disabling JavaScript unilaterally can be problematic, as it breaks many sites. Still, for the paranoid, there is a way. The NoScript extension for Firefox is the leading contender. Chrome has no such extension, but you can go to Tools, then Options, then Content Settings, then JavaScript, and select “Do not allow any site to run JavaScript.”

This will place a small icon in the address bar that will let only your favorite sites run JavaScript. Disabling JavaScript in Chrome can be wonky, but it’s worth investigating if you want to avoid one of the primary ways crooks are targeting you.

Use a Virtualized Browser

Since the vast majority of attacks are coming from the browser, one of the safest ways to surf the web is from a virtualized browser or a virtual machine. One of the simplest ways to accomplish this task is to build a virtual machine using either Virtual PC 2007 or VM Ware Player.

Both are free, and both Microsoft and VM Ware offer free images that include browsers. Microsoft offers Vista and XP with IE8 installed and VM Ware offers Ubuntu with Firefox installed. Of the three options, VM Ware’s is the most solid but folks not used to Linux might be thrown for a loop. Microsoft’s images time out after three months, so you’ll have to download it again.

Get a Second Opinion

Do you really know if that file is truly untainted? Many malware writers are specifically crafting wares to avoid detection by antivirus suites. If you have a file that you need to run, we recommend that you incubate it for a few days or a few weeks if possible. This gives security software a chance to catch up to any new exploit. We then recommend that you get a second opinion from Virustotal. com. This website lets you upload a file to be scanned by two dozen AV engines. Just remember that malware writers are also using tools such as Virustotal. com to see if their wares can pass muster, so long incubations are key.