<-- back
to Computer Help index page
(The following pertains to Microsoft Windows computers, since that covers by far the majority of computer users these days. Not that I particularly like that fact, but it's what most of us are stuck with ;-)
Owning a Windows computer is like owning an automobile in some respects -- good maintenance can head off a whole world of headaches. Good car maintenance involves a lot more than just driving around and filling up at the gas station. Similarly, there are a number of computer tasks and configurations that, properly done, will make your computing experience go a lot more smoothly.
Jump to section:
Disk
error checking
Defrag
Antivirus
Spyware
Firewalls
Windows
Update
Disk error checking.
In versions of Windows prior to Windows
XP, the Microsoft operating system has a program called Scandisk.
On most machines it can be accessed by going
Start button > Programs > Accessories
> System Tools > Scandisk.
There are two types of scans to be performed using this tool: Standard and Thorough.
- The Standard scan only scans for file and folder errors, and takes only a few minutes on most machines.
- The Thorough option does everything the Standard scan does, plus a physical scan of the hard disk(s) for bad sectors. Depending on the size of your hard drive(s) and the speed of your machine, the Thorough option can take from 10-15 minutes to over an hour.
In Windows XP, Microsoft did away with Scandisk, opting instead for Chkdsk, or Error Checking. And as is the case with Microsoft "improvements" many times, they've made it harder to access.
This page has good instructions on how to perform a disk scan in Windows XP:
http://www2.sunysuffolk.edu/mandias/tips/scandisk_xp.html
If that link ever goes dark, try this:
http://www.google.com/search?cat=++&q=windows+xp+scandisk
Defrag.
Disk fragmentation can cause a lot of problems over time, ranging from slower operating speeds to a complete crash. In the normal usage of a Windows computer, files get added, deleted, file sizes change. This results in files becoming split in pieces, and scattered across the hard drive. Such file splitting and scattering is called "fragmentation". Hard drives should be defragmented once a month at bare minimum. (Some will say this isn't necessary that often, but my experience indicates that it's a good idea.)
In Windows versions before XP, the
Defrag tool is accessed by going
Start button > Programs > Accessories
> System Tools > Disk Defragmenter.
Fire it up, select the drive to be
defragmented, and let 'er rip. Running Defrag is similar to house
cleaning; the more often you do it the shorter a time it takes to complete.
If you haven't done it in a long time, it might take 45 minutes or an hour
to finish. After that, if you run Defrag regularly, say every week,
it shouldn't take more than about 5 minutes.
In Windows XP, the procedure for running Defrag is similar to the process for running Chkdsk, as described at the web page linked above.
• Diskeeper Lite: Executive Software has a great defragmentation product called Diskeeper Lite. It's a free feature-limited version of their full-featured for-pay product Diskeeper. DK Lite does a better job than the standard Windows Defrag tools in my opinion, not to mention being faster. It's available for download at
http://www1.execsoft.com/dklite.exe
Antivirus.
Most people in North America use Norton Antivirus or McAfee Antivirus. Other brand names include Trend Micro, Sophos, F-Secure, and Kaspersky.
My personal favorite is Panda Platinum, and I also hear good things about NOD32. All of these products cost money. BUT there's no reason for anyone not to have antivirus software installed on their computer any more; there are two good *free* solutions that have been available for some time now.
• Avast! 4 Home -- http://www.avast.com/i_idt_1016.html
• AVG Antivirus -- http://www.grisoft.com/us/us_dwnl_free.php
Both of these products do have for-pay versions, but the free versions do the job for many people on a budget.
- The important thing about any antivirus program is keeping it updated. An antivirus program only knows about the latest viruses that are out there if it is up-to-date with the latest virus definitions. If an antivirus program hasn't been updated in 6 months (and I see this all the time), then that program doesn't have a clue about how to detect any of the thousands of viruses that have come out in the past 6 months. All it knows about is the viruses that were in existence prior to that time. So keep it up to date! It just takes a little bit of time, and costs nothing. (Or, in the case of a paid-for antivirus program, it costs very little per year.) The better antivirus programs auto-update themselves in the background while you're online -- but it's still a good idea to check the program's definitions 'created on' date every now and again, to make sure the auto-updates are performing correctly. (This is man-made stuff after all, and any of it can go kerflooey from time to time.)
- Also important is running a complete system scan every so often. For most folks once or twice a month is sufficient. Some will want to scan more often. The reason for this is that a virus-laden file can make it into your machine between updates. Here's a scenario: Let's say you updated your antivirus program yesterday afternoon. Then this morning a new virus comes out, and an e-mail with a virus-laden attachment arrives in your inbox. Your antivirus program doesn't know about this virus yet, since it's so new; an update hasn't come out that includes detection for this new virus yet. So no alarm bells went off when the e-mail was downloaded from your POP3 e-mail server into your machine. (Don't laugh at the odds, this happens thousands of times around the world every day.) An update comes out that afternoon, and your antivirus software updates at some subsequent time, either automatically or manually depending on your brand of antivirus software. (Obviously, automatic updating is preferable.) So you're up to date -- but still there's a virus-laden e-mail or file somehere on your machine that you don't know about! It slipped in between updates. So that's why it's important to scan your hard disks periodically, even if your antivirus program auto-updates itself.
Whatever you do, use only one antivirus
program per computer. Using two or more on the same machine can result
in marked instability, or worse.
Spyware.
This term describes a class of software
that is often included 'hidden' within other software, such as file-sharing
applications and browser toolbar add-ons. Spyware looks over your
cyber-shoulder and sends personal information to marketing companies, which
then serve up personalized pop-up ads on your computer. I've had
to format/reinstall from scratch more machines in the past year from spyware
than from viruses. It's gotten that bad. There oughtta be a
law. (Some have introduced legislation, but who knows how far that
will go.)
• PC Pitstop has a spyware information center, with a link to an online tool that'll scan your computer for spyware (compatible only with Internet Explorer 5.0 or higher):
http://www.pcpitstop.com/spycheck/default.asp
- SpywareInfo also has an online spyware scanner: (also IE only)
http://www.spywareinfo.com/xscan.php
- Also Webroot Software, makers of Spy Sweeper, offers the free Spy Audit scan:
http://www.webroot.com/services/spyaudit_03.htm
• Two good free programs that will scan your machine for spyware and remove it:
- Spybot Search & Destroy -- http://www.safer-networking.org/index.php?page=download
- Ad-aware -- http://www.lavasoftusa.com/software/adaware/
I use both of these. One program can often find something the other one misses. Spybot S&D does accept donations, and Ad-aware comes in a paid-for version too.
Both programs need updated definitions from time to time, and can be updated from within the program itself; similar to an antivirus application. Spybot S&D definitions might come out every few weeks, while Ad-Aware updates come out every 4-7 days or so.
When using Spybot S&D, it's a good idea to go into the program options and activate the modules under the "Immunize" section. This will keep a lot of spyware from ever installing itself onto your computer in the first place. Those who use the Internet Explorer web browser are especially susceptible to what are called 'drive-by' software installations. The "Immunize" feature of Spybot S&D can help to avoid this, as well as involuntary home page changes, which are part of what's known as 'browser hijacking'.
• Of course the best policy is to avoid installing spyware products in the first place. If you're considering downloading & installing a freebie and you want to check out whether it contains spyware or not, you can visit these sites:
http://www.doxdesk.com/parasite/
• PC Pitstop has a good page on Gator, one of the worst spyware offenders out there:
http://www.pcpitstop.com/gator/default.asp
• If you're into file-sharing software such as KaZaA, check out
http://www.spywareinfo.com/articles/p2p/
for a list which file-sharing apps
do, and do not, contain spyware.
Firewalls.
By default a Windows computer is an insecure machine on the internet. Every computer has 65,256 "ports" through which traffic can pass in incoming and outgoing directions. If a "cracker" (which is a more accurate term for online bad guys than "hacker" is) can gain access to one or more of these ports, that can mean trouble:
- Intruders can erase files, or steal passwords, bank account numbers, and credit card numbers, if they're stored on your machine.
- They can install software secretly that hijacks your computer and turns it into a 'zombie' machine that will do the bidding of the 'crackers', who can easily use your computer as a soldier in a massive computer-army attack directed at other computers/websites on the internet. This is known as a Distributed Denial of Service (DDoS) attack.
- They can use your computer as an open relay. Some uses in this regard have included using the victim's computer as a spam (Unsolicited Commercial E-mail, or UCE) conduit; also storing pornographic material on the victim's computer, then using that person's computer as a mini web server to offer up pornographic images by remote control to those who visit porn sites. A man in England whose computer had been infiltrated in this manner was actually arrested and faced jail time, until exonerated by expert computer tech witnesses. Rare, but it can happen. All of these infiltrations and hijackings can take place in the background without the owner of the computer ever being aware of what's happening.
Firewalls can keep a lot of this from occurring. A good software-based firewall is like an internet doorman for your computer, checking all traffic coming in and going out to see if it's legitimate or not.
Windows XP does include a rudimentary software firewall, but it's not turned on by default (this will change with Windows XP Service Pack 2) and only checks incoming traffic. A better solution is to download and install a firewall that checks traffic in both directions. That way, if a Trojan horse program or some spyware finds its way into your machine, you'll be given a warning that an unauthorized program is trying to get out onto the internet from your computer. Knowledge is power when dealing with this stuff.
• Some good free software firewall products:
- Sygate Personal Firewall -- http://smb.sygate.com/products/spf_standard.htm
- ZoneAlarm -- http://www.zonelabs.com/store/content/company/products/znalm/freeDownload.jsp
- Kerio Personal Firewall -- http://www.kerio.com/us/kpf_download.html
(Dial-up users might want to avoid Kerio. On many machines using a dial-up internet connection, I've seen Kerio inexplicably fire up the internet dialer every time the computer starts up or reboots. Broadband users who don't use dial-up modems should see no problems in this regard, though.)
- Agnitum Outpost -- http://www.agnitum.com/download/outpostfree.html
All of these products have paid versions
too. As with antivirus, it's always adviseable to use only one of
these software firewall applications per computer. Using two or more
software firewalls on the same machine can result in instability or worse.
• Hardware firewalls/routers
For most people on dial-up, a software firewall should be sufficient. This is due to the fact that crackers seek out broadband users more. Broadband connections are always on, they're a lot faster, and IP addresses change much less frequently, if at all.
For broadband users, i.e. cable, DSL, satellite, or high-speed fixed wireless subscribers, a router is a good investment. A router box acts as a hardware firewall/gateway for incoming traffic, and can split a broadband connection so that more than one machine can share the connection.
Some good brands of router include:
Linksys
D-Link
Netgear
SMC
Barricade
Routers can be purchased in wired
or wireless configurations. Wireless is convenient, but more expensive
and still pretty insecure overall at present. So I don't recommend
wireless networking. Yet. Some just have to have it, though,
and it can be made fairly secure, if not 'bulletproof'. (We won't
delve into the ins and outs of attempting to secure a wireless network
here, that's another long discussion.)
• Online security testing
Once you have a hardware router and/or software firewall in place (I use both), it's a good idea to test your setup's security.
- Probably the best known online security testing site is Steve Gibson's ShieldsUp!, at
https://grc.com/x/ne.dll?bh0bkyd2
There you can run a series of tests that will remotely probe your computer for vulnerabilities, open ports, closed ports, and 'stealthed' ports.
- 'Stealthed' ports are the best result, by far. This means that your computer doesn't respond to pings initiated by crackers; in effect that means they can't 'see' you online. It's like a stealth bomber that doesn't show up on radar, since it just absorbs the radar signals. A 'stealthed' computer port doesn't respond to rogue online probes. If a cracker doesn't see a live computer connected to a particular IP address, he'll just move on to another one.
- Closed ports are better than open ports, but not as good as 'stealthed'. A closed port means the cracker/intruder can see that there's a computer operating at a particular IP address. He can't just walk right in, but since he knows there's a live computer at that address, he might decide to spend some time and try to 'pick the lock'. So you can see why it's better to be 'stealthed'. If you're invisible, it's a lot less likely that anyone will mess with you.
(By the way, the software firewalls mentioned above, used by themselves, will stealth most all computers. Most hardware routers will too, though some require special configuration on a few ports.)
- Open ports are a sign of a serious
security liability. Install a firewall! I've read about
non-firewalled computers being connected to the internet via broadband
connection, and being cracked within 12 (twelve) minutes. Of course
that won't happen to *every* unprotected machine, but it has been shown
to be possible. Better safe than sorry, especially when several good
free software firewalls are available today.
- Some other online security scanning sites:
http://security1.norton.com/sscv6/default.asp
http://www.sdesign.com/securitytest/index.html
Windows Update!
Within most every copy of the Internet Explorer web browser is a file menu item that points the browser to the Microsoft Windows Update site. In Internet Explorer, go Tools > Windows Update. If you don't see that option, you can always manually navigate to the URL
http://windowsupdate.microsoft.com
Or, there might be a Windows Update icon in your start menu. On some older operating systems it might be under Start > Settings.
Once at Windows Update, click on the "Scan for updates" link. [b]If Windows Update lists any Critical Updates, get them![/b] They're called Critical for a reason. Many viruses, Trojan horses, and other malware take advantage of known liabilities in Windows. Critical Updates patch these holes, and are important to apply.
Other updates are optional. Some of the Recommended Updates are good to install; you can get further information at the "Read more" links provided with them.
I normally stay away from Driver Updates provided by Microsoft; they can introduce trouble. It's a better practice to get driver updates (video, audio, modem, etc.) straight from the hardware maker's web site.
Newer versions of Windows provide
a feature that will download Critical Updates automatically, or at the
very least notify you of their existence. It's still a good idea
to visit the Windows Update site periodically, to make sure that these
auto-update services are doing their job properly.
<-- back
to Computer Help index page
=====
Information current as of 4-17-2004.