How to Make Your PC Secure, for Little or No Money

Let's face the facts here, people — the world has become a pretty scary place.

In the salad days of your youth, all you had to worry about was the health and well-being of your family and locking your doors at night.

Not anymore. Today, you need to worry about security in a whole different arena: your PC.

• Click here to visit's Cybersecurity Center.

Spyware, adware, viruses and Trojans are lurking online, waiting to infest your computer. All could easily cripple your PC if you're not careful.

Worse yet, hackers could steal important personal information.

If that's not enough to send you hiding under the covers, you also have to find a way to keeps your kids safe online.

Scary? You bet. Unmanageable? Not at all.

Pull the covers off you head and listen to us. Our super security guide will help you wise up and stay safe.

Stomping Spyware

A virus is software that can reproduce itself — simple! There's no similar definition for spyware. In fact, we use it as a catch-all term for many kinds of malicious software.

Adware programs pop up ads in your face, sometimes even when you don't have a browser open. Adware may also watch your online activities, profiling you for targeted advertising or more sinister purposes.

Literal spyware gathers information about you and what you do with the computer, possibly enabling identity theft.

Trojan horse programs pretend to be useful, but when brought inside the gates, they get nasty. They may let hackers incorporate your computer into a Denial of Service attack, or turn your system into part of a spam-spewing bot network.

Keyloggers are the ultimate spies, recording everything you type (including passwords).

All of these are lumped under the term spyware — which means antispyware has one heck of a big job.

Signature-Based Protection

Traditional antispyware programs work the same way as traditional antivirus programs, by matching programs against a database of known "signatures."

A full scan checks every file against the signature database; real-time scanning checks any file that gets accessed.

Merely opening a folder can trigger some on-access scanners; others wait until a program tries to launch.

Some traditional antispyware protectors also try to catch spyware by detecting its behavior.

This easily degenerates, however, into nagging the user about perfectly ordinary programs. I consider behavior-based warnings valuable only if they specifically identify the program or the behavior as malicious.

The Editors' Choice for this type of protection is shared by two products, Spy Sweeper ($29.95) and Spyware Doctor ($29.95).

Both of them do very well in testing, removing almost all spyware from infested test systems and keeping almost all spyware samples from installing on a clean system.

Both offer multiple levels of protection, including blocking access to known spyware sites, preventing spyware from configuring itself to launch at start-up, and stopping spyware from installing in the browser.

Webroot currently offers a version that incorporates antivirus protection (licensed from Sophos); PC Tools is building virus support into Spyware Doctor 5.0.

Protection Without Signatures

The problem with signature-based antispyware is that some genius has to capture a threat and develop a signature for it before you're fully protected.

During the gap between appearance of a new threat and publication of its signature, your security can be compromised.

Many companies have devised ways to protect against these zero-day threats. We use the umbrella term "non-signature anti-malware" to describe them. (Malware means any software devised for malicious purposes — viruses, spyware, or what have you).

Primary Response SafeConnect ($24.95), our Editors' Choice in this category, monitors every running process, correlating hundreds of behaviors associated with malicious software.

When the verdict is guilty, it terminates the process and deletes the executable file, along with any ancillary files that its analysis has identified as part of the malicious software. And in testing, it was just about as accurate as the best signature-based products.

Prevx1 Individual ($24.95) performed almost as well. Using one of these products alongside a traditional antispyware product should give a full spectrum of protection.

It's worth noting that the antivirus component of Norton Internet Security 2007 ($69.95), another Editors' Choice, will soon combine both approaches. It already uses signatures to protect against both viruses and spyware. It will add the new SONAR (Symantec Online Network for Advances Response) technology for behavior-based zero-day protection.

Scanning For Nothing

What would you lose if your computer's data got wiped out by a virus? How much would it cost you to replace it? Could you restore the system to full operation yourself, or would you have to pay a technician?

After meditating on these questions, you may be ready to spring for a full-scale security suite. But if you're feeling lucky (or broke), you can put together a pretty decent protection collection for free.

Free Antivirus

The A's have it when it comes to free antivirus protection — you won't go wrong with AntiVir, avast!, or AVG.

To be specific, try AntiVir PersonalEdition Classic (Avira GmbH), avast! Home Edition (Alwil Software), or AVG Free Edition (Grisoft).

Products from all three vendors received the Virus Bulletin's VB100 Percent award and certification for virus detection from ICSA Labs.

All of the above offer on-demand and on-access scanning, and both AntiVir and AVG can schedule scans, but avast! cannot. The user is able to scan an e-mail stream directly with AVG and avast!, but AntiVir does not have this option.

Avast!, with its skinnable interface, is definitely the best-looking; AntiVir has a retro look and AVG's interface is strangely boxy. AntiVir is known for its ability to coexist with other on-access scanners.

Free Firewall

If you get all security patches through Automatic Updates and keep the firewall that's built into Windows XP and Vista turned on, you're decently protected against outside attacks. A router with Network Address Translation adds further protection.

However, the XP firewall doesn't protect against programs that misuse your Internet connection, and the Vista firewall's outbound protection (turned off by default) isn't the same as that of a typical personal firewall.

The free edition of ZoneAlarm (Check Point Software) does everything a firewall must, but doesn't go above and beyond.

It doesn't include the Pro version's SmartDefense Advisor, so a new installation will have to ask you about every program the first time it tries to reach the Internet. The advanced program control or OSFirewall found in the Pro version are also not available, but it does the basic job.

The current Editors' Choice for free firewall is Comodo Personal Firewall (Comodo Group). It does bombard the user with confirmation pop-ups at first, but at least it can preconfigure access for thousands of known programs.

Free Antispyware

Unfortunately, there isn't a standout choice for free spyware protection. Spybot and Ad-Aware, once the champions of spyware protection, just can't keep up with the current onslaught.

Microsoft's Windows Defender (built into Vista and OneCare) seems to be backsliding — at least, when I retested it recently it did worse than previously.

And though Tenebril's SpyCatcher Express turned in a decent performance in 2005, my tests weren't as stringent then.

Your free antivirus's real-time protection will block some spyware installations, and you can choose whichever free spyware program seems best to you.

But do supplement your protection by running the scan-only free version of Spy Sweeper (Webroot Software) or Spyware Doctor (PC Tools). Don't worry if they find suspicious cookies.

However, if the report says you have actual malicious software, you'll need to either bite the bullet and buy the full product or go for free expert help.

How do you get that free help? Visit,, or one of the many other sites that host the HijackThis! (HJT) utility.

Download HJT and run it — just save a log, don't take any action. Upload your log to the help forums at the site where you downloaded HJT.

The experts will take it from there, offering specific and individualized cleanup instructions. After logging and cleanup, you'll have the cleanest computer in the neighborhood.

Picking Parental Control

Unless you have kids or your cat can type, parental control won't help you. Even if you do have kids, software can't totally control them.

Older kids may work around the software, or simply visit a friend whose computer isn't controlled. Add to that the built-in parental control of Windows Vista and you can see why I don't cover it exhaustively.

But if you do need parental control software, here are some features to look for and a sampling of products to illustrate them.

Different settings for different users are a must, if only to let grown-ups surf without limits. Some products, like Vista's built-in and Webroot Child Safe ($39.95), tie configuration settings to Windows user accounts.

Others, such as Safe Eyes ($49.95), our Editors' Choice in this category, define their own user accounts.

And some, like ContentProtect ($39.99), let you swing either way.

Web filtering should keep your kids from accidentally or deliberately visiting inappropriate sites. Most products maintain a database that matches known sites with specific categories — if the category is banned, the site will be blocked.

ContentProtect is unusual in that it analyzes every page, so a brand-new porn site, or an inappropriate page on a normally safe site, could be blocked.

Possibly more important for reining in technology is some form of scheduled access control. Typically you'll define a weekly schedule of available times in half-hour increments.

Child Safe and Vista let you schedule overall computer use. ContentProtect, Safe Eyes, and Child Safe let you schedule specific time on the Internet.

Child Safe additionally allows scheduling individual applications. And all but Vista offer a daily or weekly maximum on top of the time-of-day scheduling.

If you were always home supervising the children, you wouldn't need this software. In the real world you may be at the office. If the kids go ape on the Internet, what can you do?

Both ContentProtect and Safe Eyes can send you a real-time notification of violations and let you manage their configuration remotely, though ContentProtect's remote changes don't take effect immediately.

On the flip side, your older child may have a legitimate reason to access a blocked site or may need an extension on allowed time to finish homework. That's easy to fix with remote management in Safe Eyes.

Child Safe instead offers one-use passwords "loaded" with a time extension or a fixed time with no Web filtering. If your teen calls with a tale of woe, you just hand over the necessary password.

You'll have to think hard about just how much privacy your child should have on the computer. All four products mentioned here will log all violations and also log all Web sites visited.

Safe Eyes, Child Safe, and Vista log all programs launched. ContentProtect, SafeEyes and Vista can log instant message conversations. Just knowing that their every online action is logged may be enough to keep some youths in line.

Of course, the software has to be ruggedized and tamper-resistant; if not, budding hackers will dismantle it. Web filtering and Internet time scheduling have to be browser-independent. Otherwise, kids will just download a non-supported browser.

A savvy teen might try to disable filtering or other protection by killing a process in Task Manager — the software you choose can't let that happen. The products I've mentioned here successfully resisted my hack attacks in testing.

No matter how thoroughly you lock down the home computer, older kids will find some way to get unlimited access at a friend's house, an Internet café, or the like.

One critical facet of parental control is clear communication with your kids. Let them know what is and isn't allowed, and why.

Be sure they understand that "new friends" in chat rooms may not be what they seem. If you manage this well enough, you may not need parental control software at all.

Suite Spot

Security software has to maneuver deeply inside the operating system's innards.

When Windows opens a file, the antivirus wants a look at it, as does the antispyware. If a program calls on Windows to make a network connection, the firewall has to decide whether or not to allow it.

At every turn, the security software needs to monitor and possibly modify what the operating system is doing. The more programs you have sinking their hooks into Windows, the greater the chance that they'll conflict or that their combined scrutiny will put a drag on system performance.

That's why most users should choose a security suite rather than piecing together a collection of separate elements.

At a minimum your suite should offer firewall, antivirus and antispyware, fully integrated with no duplication of effort to lessen its impact on performance. The firewall should block external attacks and control how programs use your Internet and network connections. The best will go further and block techniques that circumvent basic controls.

Most suites also offer some form of spam filtering, private data protection and parental control.

Too often, though, the spam protection is no better than Outlook's built-in "Junk E-Mail" filter.

The parental controls tend to be rudimentary — usually just Web filtering, with no time-scheduling or other advanced features.

Norton Internet Security 2007 ($69.99) is our Editors' Choice, with the new ZoneAlarm Internet Security Suite 7 ($69.95) a close second.

Possibly inspired by Microsoft's pricing for OneCare, all but two of the suites offer a "three-pack" or similar multiple license. A half-dozen include multiple licenses in the base price; the rest charge a little extra. It's a great deal for the modern multicomputer household.

Norton Internet Security 2007 NIS 2007 is one slick piece of work. It takes full responsibility for identifying malicious software and keeping it from harming your computer. The firewall lets known good programs run and smacks down known bad programs, naturally.

For unknown software it makes the decision itself by analyzing the program's behavior; it won't ask you any incomprehensible questions.

NIS 2007 also resisted all my attempts to disable its protection the way malicious software might: It's as tough as ZoneAlarm, which is saying a lot.

This version was completely redesigned to avoid the system performance problems that tarnished the reputation of previous versions.

Whereas ZoneAlarm licenses virus protection from a third party, NIS uses Symantec's own Norton AntiVirus, which is certified for virus detection and removal by the major independent labs. Virus and spyware protection are fully integrated, and in testing it handled spyware almost as well as the best standalone products.

As part of the streamlining process, Symantec pushed less-important suite features completely out of the default installation. If you want antispam, parental control or privacy protection, you'll need to download a separate add-on pack.

Symantec also trimmed features from these second-tier elements.

In testing, the spam filter let tons of spam into the inbox, but it marked a significant number of valid messages as spam — not good! The parental control system no longer has per-user settings. Now one size fits all, and there's no way to temporarily override it.

NIS 2007 gives you world-class firewall, antivirus and antispyware protection, without any incomprehensible firewall pop-ups.

ZoneAlarm Internet Security Suite 7 ZoneAlarm is probably the first personal firewall you ever heard of, and the ZA suite's firewall is still at the head of its class. In recent years antispyware has been this suite's Achilles heel.

That problem is more than solved in Version 7; in testing it blocked and removed spyware better than the best standalone antispyware products (and better than NIS 2007).

Check Point Software (the current publisher of ZoneAlarm) is now partnering with Kaspersky Labs for virus protection. As with NAV, Kaspersky's antivirus is fully certified by the independent labs for virus protection and removal.

ZA's firewall automatically configures permissions for any program in its vast SmartDefense Advisor database, but if an unknown program tries to access the Internet or your network, it will still ask you whether or not to allow it.

The suite does now include an initial Auto-Learn mode that cuts down the initial flood of pop-ups but temporarily reduces security. Its advanced OSFirewall module detects suspicious program behaviors, which is fine, but it reports its findings in pop-up warnings that can be highly obscure. You do get top-of-the-line spam filtering, licensed from MailFrontier.

Starting with Version 6.5, ZA has included Identity Theft Protection as part of the suite. You get a year of credit card protection from Identity Guard (normally $29.95).

The Identity Guard service will handle lost card notifications and warn you if your accounts show up on hacker sites. If you're victimized despite all precautions, the service will help you recover from identity theft.

Top 10 Security Threats

10. Spam Mail: While it's annoying, it's not a security threat unless it comes with a malicious payload. Your e-mail service may filter out spam automatically. If not, Outlook's built-in "Junk E-Mail" filter is as effective as the spam protection in many suites.

9. Phishing Mail: Phishing messages pretend to be from eBay, PayPal, your bank or the like. If you log in to their fake sites, they steal your username and password, and you're sunk. However, both IE7 and Firefox 2 have phishing detection built in.

8. Wireless Attack: If you're not careful, anybody in range can mooch bandwidth from your wireless network and can rummage through your files, because they're inside your network. Your router's WPA/WEP encryption can stop the mooching — but you have to use it.

7. Hacker Attack: Hackers don't care about your puny computer enough to attack it directly. They might broadcast a network virus or release a Trojan, but a personal attack is highly unlikely. Your security suite's firewall and malware protection should keep you safe.

6. Web Exploits: Some Web sites include malicious code to exploit vulnerabilities in your browser or operating system. Just visiting the site can infect or damage your system if the vulnerability hasn't been patched, so keep Automatic Updates on.

5. Adware: Simple adware pops up ads that get in your face. More sinister adware shadows your online activity, phones home and tailors ads for you. Up-to-date antispyware is the solution.

4. Viruses: Viruses are insidious. They hide and use your computer to infect other computers. At some predefined point they strike. Modern antivirus programs are quite good, but add a non-signature anti-malware program to help with brand-new threats.

3. Spyware/Trojans: Spyware spies on everything you do and steals private information. Trojan horse programs pretend to be useful, but can turn your computer into a spam-spewing zombie. Antispyware plus non-signature anti-malware should keep out these threats.

2. Identity Theft: It's not just about your computer when they use your credit cards, divert your paycheck and change your vehicle registration. A full-powered security suite should block all computer-related avenues for identity theft.

1. Social Engineering: The No. 1 threat to your computer's security is — you! Use common sense. Don't take programs from strangers, don't go to "iffy" Web sites and if your security software pops up a warning, READ IT before you click.

Copyright © 2007 Ziff Davis Media Inc. All Rights Reserved. Reproduction in whole or in part in any form or medium without express written permission of Ziff Davis Media Inc. is prohibited.