Windows Security Tip: Enable Windows Firewall

Having your computer on any network, whether wired or wireless, subjects it to a countless number of security attacks everyday.  These attacks are an attempt to breach the security of your connection to collect information or damage your computer.  Since the release of Windows XP, Microsoft has included the Windows Firewall in it’s operating system.  The Windows Firewall is a simple software-based firewall solution that will provide basic protection against intruder attacks.

How to Enable the Windows Firewall

In Windows XP: Click Start > Control Panel > Windows Firewall.  In the new window click On (Recommended) if it is not already selected.

Windows Firewall in Windows XP
Windows Firewall in Windows XP

In Windows Vista/7: Click Start > Control Panel > System and Security > Windows Firewall.  On the left of the screen click Turn Windows Firewall on or off to change the status of Windows Firewall.

Windows Firewall in Windows 7
Windows Firewall in Windows 7

Enabling the Windows Firewall is one of the many steps you can perform to keep yourself secure as you browse the internet.  Click here for more of our security-related articles.

Wireless Security Tip: Secure Your Wireless Internet

wireless-security-thumbIf you have your own wireless internet connection, it might be unsecured (meaning that you don’t have to type in a password to access it) or it may be using WEP encryption.  There are several important reasons why you should encrypt your internet (or switch from WEP encryption to a stronger method such as WPA or WPA2):

  • Leaving your wireless internet unsecured lets anybody access your network which can cause slow connection speeds.
  • If an intruder illegally downloads something using your wireless internet, you could be legally liable for their actions.
  • An intruder could potentially monitor your network traffic and obtain passwords or other confidential information.
  • WEP encryption can be easily cracked in a matter of minutes, which makes it only slightly better than an unsecured connection.

This guide will show you how to identify the current security used on your wireless network, and how to better secure it with WPA / WPA2 encryption.

Note: Some older network cards don’t support WPA2 encryption.  If you can no longer connect to your access point after setting it to WPA2, use WPA instead.

Identifying Your Current Security Mode

Most of the time, you can see what type of security an access point uses before connecting to it.  View your available wireless networks and check out your own network to see what your current security settings are.

Wireless Security in Windows XP (WPA and WPA2 highlighted)
Wireless Security in Windows XP (WPA and WPA2 highlighted)

Wireless Security in Windows 7 (WEP and WPA highlighted)
Wireless Security in Windows 7 (WEP and WPA highlighted)

If you see WPA or WPA2 next to your connection – that’s great, you’re done.  WPA and WPA2 provide strong protection as long as you use a good password.  When creating a password, avoid using dictionary words and try to include complex characters like !@#$%^&*.

If you see WEP or no security, it’s time to add WPA or WPA2 to your access point.

Enabling WPA/WPA2

Wireless security options are different for every access point and router, so refer to your user’s manual or check out the device manufacturer’s support information online.  Your device may even come with an installation disc that can walk you through security setup.

In general, you need to locate a Wireless/Wireless Security section in your access point’s configuration and enable WPA or WPA2 security.  With many access points and routers, you can type in the Gateway address of your internet connection in a web browser to access the device’s configuration page.

Note: The Gateway address can be found by viewing your current connection’s details (varies by your operating system) or by pressing Windows Key + R, type cmd and press enter, then type ipconfig and press enter.

Gateway Address in Connection Details
Gateway Address in Connection Details

Gateway Address using ipconfig in Command Line
Gateway Address using ipconfig in Command Line

In my case, my router’s address is 192.168.1.1, so I typed that address in my browser and pressed enter.  This will open the device’s configuration page (you may need to enter login credentials to access this page).  Locate a Wireless Security section (this may be under Wireless, look around until you find it) and enable WPA or WPA2 security, selecting ‘Personal’ if it gives you the option.  Create a strong password and click save.  You will have to re-join your network once this has been done.

Wireless Security in Tomato Firmware
Wireless Security in Tomato Firmware

Wireless Security in Linksys Firmware
Wireless Security in Linksys Firmware

Now that you’ve enabled security on your wireless connection, it will be much more difficult for an intruder to steal your internet access or perhaps obtain confidential information.

Have any tips for better securing your internet connection?  Share them with us in the comments.

Have a Virus? Let Malwarebytes Help

It can happen to anyone:  You turn on your computer and log in, only to find pop-up advertisements, search bars, a changed desktop background, and many screens warning that you may be infected with a virus.

virus1
Desktop background changed by a virus

One sign that you have been infected with a virus (or what can be referred to as malware) is the sudden appearance of new “security” software, such as AntiVirus 2009, Total Security Center, and System Security.  These programs are not valid anti-virus software, and will often warn you that your system is infected and then direct you to their site and request payment for running scans on your system.  It is important that you do not pay for these “services”.

system-security

Depending on the severity of the virus infection, the usability of your computer may range from moderately usable with moderate pop-ups, to random restarts, system errors, and blue screens of death.

Although the situation may seem dire, there is hope.  Malwarebytes is a free program that swiftly remove virus and malware infections.

Using Malwarebytes

Start by downloading the free version of Malwarebytes.  Before finishing the installation, be sure that the check boxes for “Updating Malwarebytes’ Anti-Malware” and “Launching Malwarebytes’ Anti-Malware” are checked.

When the program has launched, select Perform full scan to scan your entire hard drive. and click Scan.  The full scan will take quite a bit of time, so if you’re in a hurry select the Perform quick scan option.

scan1

On the next screen, select the drives you wish to let Malwarebytes scan.  Although the default C: drive may be sufficient, I would recommend scanning all attached drives.  Click Start Scan to start the virus scan.  Depending on the size of your drives and the amount of data stored on them, a full scan may take well over an hour.

When the scan has completed, the results will be shown.  Click Show Results and click Remove Selected Items to remove the virus infection from your system.  Depending on the virus, it may be necessary to reboot your system to completely remove some items.

scan-results
Malwarebytes Scan Results

Tips for improving scan performance

Run the scan in Safe mode

Many times a virus will embed itself into a running system file.  Malwarebytes will not always be able to remove virus items that are embedded in running processes.  The easiest way to reduce the number of running processes is to boot into Windows Safe mode.  To enter Windows Safe mode, repeatedly press the F8 key when first booting your computer.

Update software before each use

It is important that you update the virus database before you perform a scan.  Click the Update tab on the Malwarebytes main window and click Check for Updates.  After the update has been finished, you can then continue with the scan as shown above.

Multiple scans

Although Malwarebytes may be successful, it may be possible that not all parts of the virus were removed during the scan.  It can be helpful to perform a second scan of the system to verify that all items were removed.

Conclusion

Although it is important to take steps to prevent a virus infection, Malwarebytes can be a useful program for removing malicious software.  Your first defense to preventing a virus infection is to have up-to-date virus software.  A free anti-virus solution is Microsoft Security Essentials.  Above all, smart internet browsing will be the best way to avoid malware.

Security Week at Techerator

bitlocker_featOctober is National Cybersecurity Awareness Month, and Techerator is participating by running a week-long series of computer and internet security related articles.  We’ll be posting tips and guides about safely using your computer, avoiding viruses/malware, recommended antivirus programs, and what to do when you’ve been infected.

Check out our special National Cybersecurity Awareness Month series as well as all of our security-related articles.

We encourage you to participate in National Cybersecurity Awareness Month by following these important tips:

  1. Make sure you have antivirus software installed and keep it up-to-date.  The best way to keep your antivirus software current is to set it to automatically install updates.
  2. Keep your operating system up-to-date.  When Windows, Mac, or Linux notifies you that an update is available, apply it as soon as possible.
  3. Make backups of your important files.  Copy any important pictures, videos, and documents to an external hard drive or a CD/DVD, and keep a backup schedule.

Have any tips for computer or internet security?  Share them with us in the comments!

Preventing Viruses Part 1: Email Viruses

keyboard-virus-thumbWhen you think of a computer virus, you might imagine a hacker in a dimly-lit room deliberately targeting your computer with malicious software.  While that might happen in movies, real viruses are nearly autonomous and are constantly scanning the internet seeking vulnerable software and hardware.  As soon as they find a viable target, they infect and attempt to propagate again.

So how does your computer get infected with viruses (or more broadly defined as malware)?  The unfortunate truth is that most viruses are self-inflicted, so in this guide I’ll be giving you some tips on how to avoid viruses that spread through email.

Why Email?

Email is a common way to become infected because it provides a simple method for transferring files as attachments.  This doesn’t mean that reading an email in your inbox will infect your computer, but it does mean that your messages could have viruses attached to them disguised as ordinary files.

Here’s a likely scenario:  A friend of yours gets a computer virus.  The virus then uses their email address book to spread itself over the internet (and your address is on that list).  You receive an email from your friend saying you should open the attached file.  You open it and your computer becomes infected, and the cycle continues.

The Art of Avoiding Email Viruses

Avoiding email viruses isn’t as easy as never opening attachments.  You need to be actively aware of the messages you’re receiving, including the sender, addressees, and message content.  If anything seems wrong, it’s probably in your best interest to leave it alone.  One of the oldest rules of the internet continues to hold true for email: if it seems too good to be true, it probably is.

The most important thing is to only open attachments you were expecting to receive, and make sure they are the correct file you expected.  You’re most likely to be infected by an email from a friend or family member, so if you receive an attachment when you weren’t expecting one, don’t hesitate to email them back and ask what the file is before opening it.

If you’re receiving a file you were expecting, it still doesn’t hurt to run your virus scanner before opening it.  Most email programs (including Gmail) can automatically scan attached files for viruses.

What to Watch Out For

I recently received a suspicious email from a friend that didn’t have an attachment, it instead had a link to an executable (.exe) file.  The email came with the subject “WOW”, which can easily pique your curiosity as to what the file may be.  I noted that the email was addressed to me and several people I had never heard of, which also alerted me that something was awry.

Before opening the file, I replied to my friend asking him if he intended to send that email (or if he was even aware it was sent).  I also suggested that if he didn’t intend to send the file, that he should immediately notify the recipients of the email to stop them from opening it.  It turns out that he had no idea the email had been sent from his account, and he began notifying the recipients not to open the file.

virus-prevention-email-message

General Rules for Avoiding Email Viruses

  1. If you weren’t expecting a file, don’t open it.
  2. Ask the sender what the attachment is before opening it.  They may not have been aware it was even sent.
  3. Make sure you have an anti-virus program installed and keep it updated.  Microsoft Security Essentials is free and provides good protection.
  4. Especially avoid executable file (.exe) attachments.  Viruses can be stored in many ways, but .exe’s are more likely than others to be malicious.

By following the tips in this guide, you should be well on your way safely using your email.  Have any tips for avoiding email viruses?  Share them with us in the comments!