Protect Your Home PC Against Viruses

I have heard that running anti-virus software is still not enough for protecting my Windows PC. It can be still attacked from the Internet. What else do I need to perform to protect it?

Anti-virus software covers only one vulnerability of your computer. And moreover, in many cases it only reacts AFTER infecting your PC. There are some advises how to protect your PC from many attacks.

1. Secure Your PC

2. Stay Secured

1. Secure Your PC


 represents important action.
means higly recommended action, best to perform immediately.
spam means unsolicited e-mail.


  Way What to do
Stop using Microsoft Internet Explorer. Replace it with any other browser. My tips are Opera (for high comfort) and Mozilla (for high safety).
Secure your Microsoft Internet Explorer. Some applications such as some e-mail clients (Microsoft Outlook) use Internet Explorer's browsing window. Turn off especially ActiveX controls for Internet zone.

Doing this disables some browser functionality. In cases where you still need to have it back, e.g. on some special web pages, put such internet site into Trusted Sites category.

Three steps to disable Active X controls:

Steps 1, 2: Follow the first picture. (Click it to enlarge.)
Step 3: Disable all settings in section ActiveX.


Two steps to add site into Trusted Sites category:

(click thumbnails to enlarge)


Lock down any unused ports. Use Security Centre of Windows XP (Service Pack 2) or get IIS Lockdown Wizard available from Microsoft.
Scan your system for viruses and spyware.

Spyware: Some useful free applications like FlashGet, Kazaa or Alexa Toolbar have hidden functionality reporting information via internet about your computer (and your habits) obviously to spammers.

Perform anti-virus scanning.

Detect spyware applications and remove them. Start using products with no spyware.
Popular spyware scanners are SpyBot Search & Destroy and LavaSoft Ad-Aware. I recommend using both, each can detect different spyware.

Turn on or install pop-up blocker. For Internet Explorer I recommend downloading English(!) version of  Google Toolbar (other versions are not equipped with popup-blocker at this time). Other browsers have pop-up blocker built-in, just turn it on in preferences.
Start using a firewall. Firewall contained in Windows has limited functionality. Third-party firewall is higly recommended.


Free for home use are Zone Alarm, Kerio Personal Firewall or Tiny Personal Firewall (search for old version 2.1, new ones are commercial).

Configure the firewall to allow connections only to applications you really need.

6 In case you receive a lot of spam, change your e-mail account.

After doing so, do not forget to send notification to your relatives. Please note, that if you do not secure your computer (and your habits!) sufficiently, you will start receving spam again soon.

Please note that there is a probability being spammed anyway if your e-mail is stolen from e-mail client of someone you mailed. But this probability is not very high.
  Update your Windows and Office. Use websites of Microsoft Windows and Micorosft Office. Note that you will need Internet Explorer for some AutoUpdate functionality.


2. Stay Secured

Way What to do
0 Do not give your e-mail address to any website, if you don't trust its owner. Be aware of 'free newsletter subsriptions' or 'create new account' buttons which ask for your e-mail address. In case you want subscribe to untrustful website, create some freemail account (e.g. at Yahoo!) and give its address.
1 Do not post your e-mail on web pages.Be aware of discussion forums or guestbooks with uncovered e-mail addresses of participants. Also do not enter your e-mail into ICQ details or make it available to other public services. At your own website, protect your e-mail link by some simple stealth trick.

At other websites, try to 'code' your e-mail as name 'at' domain 'dot' com.

In the need of publishing your e-mail address create secondary e-mail account dedicated to that purpose. E.g. for work issues use your company e-mail.

Check incoming programs for viruses. Also applies to Microsoft Office documents! Before you run application, scan it with your antivirus software.
3 Check programs you are going to install for spyware presence. The simplest way is to search Google for words MyNewProgram spyware. Results can say much. Or check spyware list at www.spywareguide.com.
4 Perform antiviral and anti-spyware checks regularly. Keep your scanners up-to-date. You may want to create scheduled launghing of these applications.
5 Keep your Windows and Microsoft Office updated. Turn on Windows AutoUpdate service.

Update Office manually from Microsoft Office Website.

6 Never reply to spam. Even if spam offers  'unsubscribe' option, consifer using it carefully. Many suspicious companies will unsubscribe you, but then use such 'personally confirmed' e-mail to spam you from other servers. You unsubscribe one and subscribe to five. Ignore spam or set-up anti-spam filter.
7 Beware of peer-to-peer downloaders. Most of them contains a spyware. Being connected, it is not guarranted which data they are uploading from your computer. Never use them on computer with highly confidential data or important projects. Keep eye on Data Sent connection counter. If they are dowloading from you, consider stopping downloader application.
8 If you send one e-mail to more people, keep recipients invisible one to another. In case of e-mail worm in one of their PCs the others are not reached. Use Bcc: field to specify addressees.
9 For advanced users:
Know your running processes.
To identify a process (1) enter its full name into Google and examine articles found, or (2) search location of process exe-file in your PC. Location can help you identify it. (Note that many viruses are simply copied in C:\Windows, so don't trust everything in this directory.) Display file's Properties window and inspect Version tab, if present.

For advanced users:
Check your program startup lists.

Using Windows utility regedit.exe inspect HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run and HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run. Get acuiant with these files as in case of process list.