So you've bought a new PC. You know you need to patch it and install antivirus software, but beyond that, you're a little confused on what to do to keep your files and your identity safe. This article is written to give you an understanding of steps and facts needed to give you a ground-level understanding of what you need to do to bring a machine up to speed to keep it protected.

Patching Your System

Nothing is more important than keeping your operating system (Windows in this case) and your applications up to date. Application vulnerabilities (weaknesses in programs that can be exploited by hackers) are discovered every day. The manufacturers of the programs deploy software updates called "patches" to their customers that fix these weaknesses.

It is very important to only patch your system from the known official sources of the manufacturer. Often attackers will email files or links to software claiming to be a critical patch for windows or other applications, when in fact the files are malicious. So only patch your system using the official Windows Update application/site, or the official updates website of the manufacturer of your software.

In Windows, make sure you run the Windows Update utility (found in the start menu under "All Programs") regularly. You should also set your computer to automatically check for updates daily. This can be set in the utility.

Windows update will cover the components of your operating system, and some of the other Microsoft applications you may have installed, but it does not update your third-part applications, such as Adobe Reader. These have to be updated from inside the program (usually by going to the "Help" menu and selecting "Check for updates…") or by manually downloading the latest version from the manufacturer's website.

To help with this task, there are sites and tools that can help you keep everything up to date by checking currently installed software on your machine against a database of known-latest software versions.

One such site is Health Check by F-Secure. Health Check is a simple web application that runs against your computer, checking your settings and currently installed applications. It will provide suggestions when it is done, telling you what settings it recommends changing to keep you safe, and showing you a list of which applications on your system are out of date, even providing a quick link to download the latest versions. You should consider running an application like Health Check weekly, or at the very least, monthly.

Here's a video on Health Check.

Antivirus

Installing an antivirus product on your computer is imperative. You may hear friends or even tech celebrities saying that they don't use antivirus because they don't download anything suspicious or click bad links. Unfortunately, governing your own behavior is not sufficient protection against malicious files. No matter how careful you are about your browsing habits, you can't guarantee the integrity of the content on the remote side.

A perfect example of this is the recent compromise of the New York Times website. The New York Times is not a small or incompetent content provider, but their website was compromised and hosted malicious code that infected users who viewed their site.

Social Networking sites and other "popular" websites are often targets of many malicious code campaigns . The worm KoobFace is very popular at the moment and will compromise your identity and other private information on your computer. Here's a quick video on the KoobFace worm and how it spreads by showing up as links that appear to be legit links by your friends.

The point is that in any given day of internet use, there are too many moving parts to be absolutely sure you know the integrity of each. Each web page is comprised of code that makes up the layout an d the content and numerous graphic files, scripts, stylesheets and other components that are all being passed to your co mputer each time you click a link.

So what a virus scanner does is watch every file that comes to your machine and determine whether it is good or bad before allowing it to actually do anything. It does this using a definition set and/or heuristics.

A definition set works by listing identifying characteristics of a file in a kind of encyclopedia of bad files. Every time a new file is written or read, the characteristics of that file are looked up and the file is determined to be good or bad.

Wikipedia defines Heuristics as "educated guesses, intuitive judgments or simply common sense". By using heuristics, an antivirus program will look at what a file is and what it does and determine if it makes sense overall that the file is good or that the file is bad.

Installing antivirus software does not have to cost a lot of money. In fact, it doesn't have to cost anything at all. There are a number of free options out there that are adequate.

Free Antivirus

The first option, and the newest contender, is Microsoft Security Essentials. The advantages to this option are that the software is lightweight and runs well on the computers we've tested it on, it has done fairly well in AV testing, its default options are fairly secure out of the box, and it's from Microsoft, not a small, unknown company.

Here's a quick video that is a review of the Microsoft Security Essentials product.

The second option is the fairly well established Avast. Avast is a free antivirus scanner with some extras, as it monitors a number of connection types including mail, instant messaging and web as well as scanning the filesystem.

Here's a quick video on Avast

A third option is AVG. AVG offers antivirus and antimalware capabilities as well as a browser toolbar with linkscanning technology to show you which links are safe and which are not when you search for a topic on popular search engines.

Lastly, Avira offers a free product for home users, Antivir Personal (see downloads page).

Here's a quick video on AVG and here's a video comparing AVG, Avast and Avira

Firewalls

You can think of a firewall as a system that controls access to the doors on your house. You want your friends to be able to get through, but you don't want to talk to the door-to-door salesmen. Most people can use the front door, but maybe you want only the family to use your back door. And maybe even then, certain family members only have access during certain times of the day.

A firewall does basically that on your computer. It limits which program can use which "door" (called a "port") on your computer, and can limit that access by type of communication, who it's communicating with, time, or by user. But the most important thing a firewall does is close off access to all the ports you don't need to have open in your day-to-day usage. This includes ports related to filesharing, so that strangers on the internet can't access the files on your hard drive, and system ports that would leave your computer vulnerable to hackers.

If you are running Windows XP Service Pack 2 or greater, Vista or Windows 7, you have a basic firewall already in place. It is, however, important to make sure that it is running. Here's a video on using and configuring the windows firewall.

More Complete Free Firewall Options

ZoneAlarm has been one of the most popular free Windows firewalls. It will alert you every time an unknown program tries to access the internet from your computer and learn from your actions.

PC Tools offers a free firewall product that allows more fine-grained control and also allows password-protection for your settings. Their product is compatible with XP, Vista and Windows 7.

Comodo has a free internet security suite that includes firewall and antivirus programs.

If you'd like more control of the built-in firewall, Sphinx offers a free program called Windows 7 Firewall Control.

Browsers

While there has been a lot of back-and-forth debate on what browser is the safest, how much so, and how to properly use it, there are a few things you should know to make the right choice for you.

Internet Explorer is the browser that comes installed by default on the Windows platform. Because it is just there, people tend to use it rather than exploring the other options available to them. Some have said that this heavy competitive advantage to Internet Explorer has made Microsoft lax about keeping it safe and secure or up to date in terms of standards and technologies. Internet Explorer is primarily exploited through a technology called Active X, which allows mini-programs (called "controls") to load and provide greater functionality for web applications you visit. Because Active X downloads these controls from the website and runs them locally on your machine, an attacker can create a malicious control and execute it on your machine. Most of the time this involves the user seeing a prompt asking for permission to run the control, but with so many prompts so often, a user can become confused and grant a malicious control permission to run, and attackers count on this happening.

Firefox has long been touted as more secure than Internet Explorer. Whether this is true or not, every browser has its security vulnerabilities. In the case of Firefox, the biggest is arguably the plugin architecture. Much of the functionality its users enjoy come from third-party extensions called "plugins". These plugins are extensions to the browser itself, allowing them to modify web content, post and retrieve information to third-party providers, and perform actions on behalf of the user. The danger is the extent of access that these plugins have to your system. Just as with the Active X controls in IE, these plugins have to request permission from the users to install. Firefox, unlike Internet Explorer, will announce if the site you are trying to visit is a known malicious code site. This tool shouldn't be relied upon for all security but does help the average user against established bad sites.

Chrome is Google's entry into the browser arena. Chrome is based on the same rendering technology as Safari. Chrome is relatively new on the street, and as such as not been exploited to the extent that the older browsers have been. It will take time to judge it's abilities.

Safari is Apple's web browser which has been around for a while now on the Macintosh platform, but not so long on the Windows platform. In its most recent release, it has added some of the basic phishing and malicious site protection that the others have touted for some time.

There are other options out there as well, but these are probably the most popular right now. The most important thing to remember, no matter what browser you use, is to keep your browser up to date. Always update to the latest version to make sure that known vulnerabilities that have been patched will be fixed on your computer.

Behavior

While your behavior by itself is only part of the equation, it is a crucial part. Knowing a few things about how and where to surf, what information to protect and how to protect it, and what the bad guys are looking for will go a long way to protect you and your data.

Where you surf is probably the most important component of your behavior. Don't click on links in email unless you were expecting the email, and it was from someone you know. When you use a search engine, be careful of the sites you visit from the results. There are a few tools that can help with this.

The first is SiteAdvisor from McAfee. SiteAdvisor will either install as a toolbar or you can check a link by pasting it into the SiteAdvisor homepage and clicking "view report now". The site will then give you a rating based on the code of the site, available downloads, spam seen from that domain, and user reviews.

A very similar product is available from Symantec and is called Norton SafeWeb. Other big security vendors are also now starting similar products, including one from F-Secure called Browsing Protection.

Another key component of proper browsing behavior is limiting information to each site. Two areas to cover here would be passwords and financial information.

Passwords

Never use the same password for several sites. If one site is compromised or has a weak password recovery mechanism, every site that you've used the same password for could be accessed by an attacker and all your information stolen and sold. Instead, use a password safe, such as KeePass. A password safe allows you to use a unique password for every site you log in to, and store them in a single place. Your passwords stay in an encrypted form, and the only password you have to remember is the master password to the safe. This is much more secure, as if your gmail password was compromised, the hacker could not use your gmail credentials to log on to your bank. Also, never create an unencrypted file on your computer to keep your passwords, many worms and virus look for text documents with passwords in them.

Financial Data

Just as with passwords, it's important not to use the same card information for every merchant. Again, if your favorite online merchant is compromised and an attacker gains access to your credit card details, the attacker has the ability to use that card number anywhere he/she pleases.

Instead, use virtual card numbers. DiscoverCard and some other providers offer virtual card numbers. You log on to DiscoverCard's site, and visit "Secure Online Account Numbers". Here you generate a virtual credit card number, that links to your real account, but can only be used by the first vendor you give it to. So if you shop and Amazon.com and Amazon were to be attacked and lose your credit card details to a hacker, the hacker could not go to BestBuy.Com and use it, and the moment they did, the account would be considered compromised and the fine people at the fraud department at the credit provider would investigate. Check with your provider to see if this is an option for you.

Rogue Products

Do not be confused by popups telling you your computer is insecure and you need to "click here to download the latest antivirus product now". If you are getting popups from a product you did not install, get out of the site you are on, but do not click a cancel button or even the "X" in the top right of the window. Instead, press ctrl + alt + delete, open Task Manager and go to the applications tab. Click the name of each popup window and click "End Task". Or simply shutdown your computer and restart it. It is a common trick now for an attacker to try to scare you into downloading their product, and have you install (and even pay for) a fake antivirus program that will not actually protect you, but rather infect you. Always use known security vendors when you are purchasing or downloading a new security product.

Here's a quick video on rogue antivirus products.

Personal Details

The last component of behavior I'll touch on is personal details. It is so easy to mess up here. Let's say you have a FaceBook or other social networking profile. You may not realize what personal details are exposed and what can be done with them.

Here's a quick video on social networks and privacy.

Short List

While there are many options, and I am not endorsing specific vendors, sometimes people need a quick list, so here it is:

A little bit of time and effort and a little bit of behavioral modification can go a very long way to keep you and your data safe.

Authored by Dave Smith ( This e-mail address is being protected from spambots. You need JavaScript enabled to view it ) and Robert Clowser ( This e-mail address is being protected from spambots. You need JavaScript enabled to view it )