|
|
|
|
Windows Secrets Newsletter • Issue 212 • 2009-08-27 • Circulation: over 400,000 |
|
AD
|
|
Table of contents INTRODUCTION: New info leads to today's unscheduled newsletter TOP STORY: Security Baseline provides basic PC protection WOODY'S WINDOWS: ISPs block some outgoing e-mail unexpectedly PATCH WATCH: IE 8 is being pushed to systems that blocked it |
|
ADS
|
|
INTRODUCTION New info leads to today's unscheduled newsletter 
By
Brian Livingston
We don't usually publish new content during our summer break in the last two weeks of August, but an update to the WS Security Baseline is compelling us to release special content for you today. Besides that, we're also releasing breaking news by contributing editors Woody Leonhard and Susan Bradley on ways some Internet service providers may be blocking your e-mail (and how you can work around it) and on the fact that Microsoft has started pushing out Internet Explorer 8 even to people who previously declined it. Security Baseline gets new list and new writer As long-time readers know, Windows Secrets periodically publishes a feature called the Security Baseline. This advisory is intended to advise home and small-business PC users on the minimal setup they need to protect themselves against hackers. I recently asked Robert Vamosi, an award-winning tech writer, to update the baseline with the latest findings from around the Web. Robert has written for CNET, CNN, the BBC, and many other outlets. His analysis of the latest test-lab reports will be welcomed by anyone whose security is, shall we say, not up to par. Advanced Windows users should always conduct their own research on the best combination of security products for their specialized needs. But if your mom and dad think buying a PC in a store and plugging it into the Internet is all the security they need (or you think that's all you need), take a minute to read Robert's article in our free content. Or surf to our site's Security Baseline page, which is updated whenever we find a major change. Woody's and Susan's articles are contained in our paid content today. If you're a free subscriber and aren't receiving our paid content, it's easy to get. There's no fixed fee! Simply make a financial contribution of any amount — whatever it's worth to you — and you'll receive all WS paid content for one full year. More info on how to upgrade New bonus download for all paying subscribers A big benefit for our paying subscribers is the fact that we license valuable content several times a year and let our paid readers download it at no extra cost.
|
|
ADS
|
|
TOP STORY Security Baseline provides basic PC protection 
By
Robert Vamosi
The Windows Secrets Security Baseline describes products and services that serve as a minimum safe PC configuration. This week, I'm updating the latest findings on a set of hardware and software that should meet the needs of individual PC users, though more-advanced users and large businesses may want a more-sophisticated approach to computer defense. It sometimes seems like we spend more time protecting our PCs than actually using them. Sadly, in the modern computer age our systems are under continuous attack. Even worse, those attacks take ever-new approaches to break into our PCs and steal our personal data. Fortunately, you can put the odds against becoming a malware victim decidedly in your favor by taking a few relatively simple precautions. That's the purpose of the WS Security Baseline. Windows Secrets doesn't have a test lab and ordinarily doesn't test hardware, so we analyze the results of independent labs to determine which products provide a balance of security and convenience for individual PC users. The baseline's four components are a hardware firewall that's built into your router, security software that guards against all types of malware threats, a software-update service to ensure that your applications are patched against the latest exploits, and a secure browser. Keep in mind that the baseline is just that: the minimum precautions required to protect the average PC user. Depending on your activities and level of computer experience, your security may require added layers of protection, including encrypted data storage and transmission, PC virtualization, and parental controls. For more information on virtualization software, see WS senior editor Gizmo Richards' Dec. 18, 2008, column, "Keep your Net activities away from prying eyes." Contributing editor Becky Waring offers sage advice on keeping your children safe online in her Dec. 4, 2008, column, "Tools let parents control their kids' PC use." New top choice for router-based firewall D-Link DIR-825 Xtreme N Dual Band Gigabit Router boasts an Editor's Choice from PCMag and high marks from other publications as well. While wireless routers are not so secure as hard-wired units, this model includes a guest feature that lets you grant friends wireless access to your network while blocking them from accessing anything on the network except the Internet.  Figure 1. D-Link's DIR-825 Xtreme N Dual Band Gigabit Router makes it easy to let friends use your wireless network securely. Other features of the DIR-825 are device sharing via a USB port, support for 2.4-GHz and 5-GHz mixed-mode Wi-Fi, and the ability to connect a USB EV-DO card for use as a cell modem should your WAN link fail, according to PCMag. The product costs about U.S. $150 online. Visit the routers page on D-Link's site for more information. Security suites are simple and all-in-one The most straightforward approach to PC security is to use a security suite — such as Symantec's Norton Internet Security or Norton 360, McAfee's Internet Security or Total Protection, and Kaspersky's Internet Security — that protects your PC from viruses, Trojans, spam, and other malware. You benefit from having to install and maintain only one application, as opposed to the best-of-breed approach to security software that requires multiple installations and updates. Many experienced PC users prefer to pick and choose their security programs so they get just the features and interfaces they prefer. Also, security suites have a reputation for being difficult to uninstall. Most importantly, many top-rated specialty apps are free. The suites cost from $30 to $70 a year for up to three PCs. The benefit of a security suite for a home user is convenience. Only a single product needs to be purchased, configured, and updated. Having achieved top or first-runner-up honors from the editors of PC World, PCMag, Maximum PC, and other reviewers, today's consensus security-suite selection is Symantec's Norton Internet Security 2009. The program pairs excellent malware detection with a good range of features. The latest release continues to be faster and less resource-hungry than previous versions, according to PCMag and other testers. If you're one of the many people who've sworn never to install a Norton or McAfee security product again, however, there are a lot of other strong contenders for security-suite top dog:
If you choose a specialty antivirus program over a suite, you'll need to download and install a good software firewall as well. (This is in addition to the firewall built into your network hardware.) The free Comodo Internet Security combines a firewall and antivirus app; more information and a download link are on the vendor's site. An alternative is Agnitum's Outpost Firewall Free; Agnitum's site provides more information about the product. One of the highest-rated free antivirus programs — by PC users and software reviewers alike — is Malwarebyte.org's AntiMalware, available for download from the company's site. Update services identify unpatched applications For novices, the free Microsoft Update service automatically patches Windows, Office, and other Microsoft programs. (The service requires Internet Explorer, which has security weaknesses of its own. However, it's extremely unlikely that any malware will make it onto the Microsoft site and attempt to infect your PC by exploiting a vulnerability in IE.) Susan Bradley and other WS contributing editors recommend that you configure Windows' Automatic Updates service to Notify me but don't automatically download and install. Before you install any Windows updates, read Susan's twice-a-month Patch Watch column and other Windows Secrets articles to learn which patches might be risky or otherwise undesirable. Many PC users don't trust Microsoft's opinion of what they should install, and neither of the MS programs report on patches for non-Microsoft programs. In her May 28 Top Story, Susan reviews Shavlik's Patch Google Gadget, Secunia's Online Software Inspector/Personal Software Inspector, and Belarc Advisor as alternatives to Windows Update and Microsoft Update. The downside of using Shavlik's updater is the program's reliance on the Google Desktop program, which some analysts consider a privacy risk. If you wish to use the updater anyway, however, you'll find it on Shavlik's download page. Secunia's OSI runs in your browser, requiring no download or installation, while PSI is a standalone program that installs on your PC. You can download PSI from Secunia's site. If you find yourself forgetting to run either OSI or PSI after Microsoft releases updates, you can sign up for an automatic reminder. To do so, click Secunia's reminder service link and enter your e-mail address. The company will notify you whenever a new update is released. The free Belarc Advisor utility can be downloaded from the Belarc site. The program's interface isn't too pretty, but Belarc does the job. Use a browser that will keep you safe Until recently, most experts agreed that the safest way to surf the Web was to use Mozilla's Firefox browser, available from the organization's download page. At present, Secunia's Firefox 3.0.x advisory page states there's a URL spoofing issue in that version of the browser. The equivalent report for Firefox 3.5.x indicates the same unpatched vulnerability. By comparison, Secunia's report for Google Chrome 3.x shows no advisories for that browser. Likewise, Google Chrome 2.x comes up clean in Secunia's analysis. That gives Chrome a bit of an edge over Firefox security-wise, at least for the moment. For added safety when using Firefox, download the donationware NoScript add-on, which is available from the vendor's site. This extension automatically blocks JavaScript and Adobe media files on a site-by-site or source-by-source basis, allowing you to override the blocks as needed. NoScript can also thwart clickjacking attempts and other Web nasties. (Be sure to add WindowsSecrets.com and other trusted names to your list of sites that are permitted to use JavaScript, which is important for some Web functions.) Windows Update and some other Microsoft services require Internet Explorer. Unfortunately, Susan Bradley hasn't yet been able to give the latest version — IE 8 — the thumbs-up for large enterprises, due to incompatibilities it has with some sites. I recommend that you use Firefox, Chrome, or another IE alternative as your default browser and open IE only when necessary. Having a patched copy of Internet Explorer installed, however, keeps your PC free of exploits targeting Office and other Microsoft products that use IE's HTML-rendering capabilities. Secunia states on its IE 8 page that Microsoft has addressed only two of the four vulnerabilities found to date in the new browser. The service's report of a URL path-spoofing vulnerability was posted on Aug. 19. A "Charset Inheritance Cross-Site Scripting Vulnerability" in IE 8 remains unpatched more than two years after the problem was first discovered, according to Secunia's report. (The vulnerability also affects IE 7.) To be sure, Firefox and other browsers periodically suffer from flaws such as IE's. But until Microsoft learns to close its browser's holes within days, as Mozilla and other browser developers do, using Firefox or another alternative to IE is still your best bet. WS contributing editor Robert Vamosi was senior editor of CNET.com from 1999 to 2008, writing pieces such as Security Watch, the winner of the 2005 MAGGIE Award for best regularly featured Web column for consumers. |
|
PERMALINKS Use these permalinks to share info with friends We love it when you include the links shown below in e-mails to your friends. This is better than forwarding your copy of our e-mail newsletter. (When our newsletter is forwarded, some recipients click "report as spam," and corporate filters start blocking our e-mails.) The following link includes all articles this week: http://WindowsSecrets.com/comp/090827 Free content posted on Aug. 27, 2009: You get all of the following in our paid content:
Thanks in advance for your support! |
|
YOUR SUBSCRIPTION The Windows Secrets Newsletter is published weekly on the 1st through 4th Thursdays of each month, plus occasional news updates. We skip an issue on the 5th Thursday of any month, the week of Thanksgiving, and the last two weeks of August and December. Windows Secrets is a continuation of four merged publications: Brian's Buzz on Windows and Woody's Windows Watch in 2004, the LangaList in 2006, and the Support Alert Newsletter in 2008. Publisher: WindowsSecrets.com LLC, Attn: #120 Editor, 1700 7th Ave., Suite 116, Seattle, WA 98101-1323 USA. Vendors, please send no unsolicited packages to this address (readers' letters are fine). Editorial Director: Brian Livingston. Senior Editor: Ian Richards. Editor-at-Large: Fred Langa. Technical Editor: Dennis O'Reilly. Program Director: Tony Johnston. Web Developers: Dan Engler, Damian Wadley. Research Director: Stephanie Small. Research Analyst: Allison Espiritu. Copyeditor: Roberta Scholz. Contributing Editors: Susan Bradley, Scott Dunn, Michael Lasky, Woody Leonhard, Ryan Russell, Robert Vamosi, Becky Waring. Trademarks: Microsoft and Windows are registered trademarks of Microsoft Corporation. The Windows Secrets series of books is published by Wiley Publishing Inc. The Windows Secrets Newsletter, WindowsSecrets.com, Support Alert, LangaList, LangaList Plus, WinFind, Security Baseline, Patch Watch, Perimeter Scan, Wacky Web Week, the Logo Design (W, S or road, and Star), and the slogan Everything Microsoft Forgot to Mention all are trademarks and service marks of WindowsSecrets.com LLC. All other marks are the trademarks or service marks of their respective owners. HOW TO SUBSCRIBE: Anyone may subscribe to this newsletter by visiting our free signup page. WE GUARANTEE YOUR PRIVACY: 1. We will never sell, rent, or give away your address to any outside party, ever. 2. We will never send you any unrequested e-mail, besides newsletter updates. 3. All unsubscribe requests are honored immediately, period. Privacy policy HOW TO UNSUBSCRIBE: To unsubscribe from the Windows Secrets Newsletter,
|
