12.1 Securing Your System
You may want to be generous and share files on your PC with others, but doing so can expose your computer to various security risks. This section offers hints on striking a balance so you can share in the benefits of a networked world while keeping your PC safe.
12.1.1 Microsoft's Baseline Security Adviser
Here's a trick few people know: Microsoft's Baseline Security Adviser, a free software download, can scan your computer for possible security holes and suggest how to fix them. Among other things, the software checks whether you have the most current security updates from Microsoft, whether you have security updates installed for the Windows Media Player, whether you have any Internet vulnerabilities, and other similar information. (For more on Windows security updates, see Sidebar 12-1.)
Note: When installing the Baseline Security Adviser, consider turning off your antivirus software, then turning it back on after the adviser is installed. If your antivirus software runs during the installation process, it may issue security warnings. If so, simply tell the software to let the installation proceed, despite the warning.
You can download the Baseline Security Adviser from http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/tools/Tools/mbsahome.asp. After you've downloaded the program, install it and follow the instructions to run it. After a few minutes, the program presents you with a detailed security report, like the one shown in Figure 12-1. A green check next to an item means your PC is secure, a yellow X means there may be a security issue, and a red X means you have a security problem. To get information about a problem, click the "Result details" link; to find out how to fix a problem, click "How to correct this."
Although the terminology the program uses can be difficult to understand at times, it's still worthwhile to run the check-up so you at least know about any trouble you should tackle.
| || |
Figure 12-1. The Microsoft Baseline Security Analyzer found potential risks on this PC: It couldn't confirm whether the most recent security updates were installed. If you receive a warning like this, it doesn't mean you have a problem ‚ only that you might have one. Your best bet, in this case, is to use Windows Update, as outlined in the next hint.
Tip: A host of shareware offers more advanced security options. See Sidebar 6-7.
12.1.2 Windows Update
Windows XP can automatically run Windows Update whenever your computer is on and connected to the Internet. This service checks the Microsoft Web site for downloadable improvements to the operating system and security patches , which are files that help your PC fight off the latest potential hacker attacks.
Windows Update is an important service, so you should make sure it's running on your PC. Here's how:
Choose Start Control Panel System Automatic Updates (Figure 12-2) .
Turn on "Keep my computer up to date," if it's not already selected. This setting tells Windows XP to continually check Microsoft's Web site for updates.
| || |
Figure 12-2. When you choose "Keep my computer up to date," Windows Update upgrades itself if necessary before checking for other system improvements.
Pick a download and installation schedule .
In the Settings section, select the option that says "Download the updates automatically and notify me when they are ready to be installed." This option does the download work for you, but it doesn't jump ahead and install the updates immediately ‚ a good safeguard, as updates are occasionally problematic . If you wait a day or two before installing an update, you can check Microsoft's Web site (see the next hint) to make sure there aren't any serious bugs reported about the latest patch.
Note: XP notifies you that it has downloaded new updates by opening a little text balloon in your system tray.
When you want to install the new updates, click the notification balloon, which opens a wizard that walks you through the installation.
12.1.3 Manually Checking for Updates
Windows Update only alerts you to the availability of what Microsoft considers to be very important updates ‚ primarily those dealing with security problems. But Microsoft constantly offers new updates that Windows Update doesn't tell you about, including improvements to the Windows Media Player, new drivers for your video card, updates to Microsoft Office, and other goodies .
It's easy to check for these updates and install them. Here's how:
Choose Start All Programs Windows Update .
Your browser takes you to the Windows Update Web site, at http://windowsupdate.microsoft.com.
Click "Scan for Updates. "
Microsoft's Web site scans your system to identify any updates you're missing. If there are "critical updates" available (usually those having to do with security), Microsoft displays them in a list, with an Add button next to each one. Read the description for each, and click the Add button for any you want to install.
| WORKAROUND WORKSHOP |
Downloading Updates You've Declined
At some point you may decide not to install an update Windows XP tells you is available. But what happens if, for some reason, you later change your mind? It's easy to install updates you've previously declined.
Choose Control Panel Performance and Maintenance System Automatic Updates and click the Declined Updates button. (If you haven't declined any updates, the button will be gray, and you won't be able to click it.) In the dialog boxes that appear, click Yes and then OK.
Windows XP doesn't immediately retrieve the updates you've skipped . Instead, the next time it scans for updates, it notifies you that the ones you've declined are available, so you can decide which one s you want to download and install.
On the left side of the page, click Windows XP .
This displays all the available "non-critical" updates, such as those that fix small bugs, or upgrade Microsoft programs like the Windows Media Player. Read the description for each, and click the Add button for any you want to install.
When you've chosen all the updates you want to install, click "Review and install updates. "
The screen shown in Figure 12-3 appears. It lets you review all the updates you've chosen before installing them. To remove an item you've selected, click the Remove button next to its name .
| || |
Figure 12-3. As you select the updates you want to download, Microsoft estimates the download time for all the items on your list, based on the speed of your Internet connection.
Click Install Now .
Your PC starts downloading the files, then installs them. You may need to restart your computer to complete the installation.
Note: On occasion, Windows XP may tell you that you have to install certain updates separately , rather than as part of a group .
12.1.4 Checking for Viruses
If you've been living on the edge and don't have antivirus software installed, you can still check to see whether your PC is infected by going to the free online virus checkers run by Symantec and McAfee .
To use Symantec's virus detector, go to http://security.symantec.com/sscv6/default.asp?langid=ie&venid=sym, click Go, and then click Start (under the Virus Detection button). The site asks several times whether you want to install software from Symantec. Click Yes every time, and then scan your system for viruses, as shown in Figure 12-4. If the site finds any viruses, it tells you which files are infected, and what viruses they have. (To get rid of the viruses, though, you still need to buy antivirus software.)
| || |
Figure 12-4. If you don't yet have antivirus software on your PC, you can use an online virus checker, like the one from Symantec pictured here, to see if your computer is infected. For the best protection, you should run antivirus software on your PC, since it eliminates viruses in incoming email and documents before they can do any damage. (Sidebar 12-2 tells you more about antivirus software.)
McAfee has a similar free online virus checker. Go to http://www.mcafee.com, click McAfee FreeScan, and follow the instructions. (You must register with the site before you can use the free virus-checker.) As with Symantec's checkup, McAfee's service tells you if you have any viruses, but doesn't get rid of them.
| FREQUENTLY ASKED QUESTION |
Do I really need antivirus software?
New viruses infect computers across the Internet every day. Unfortunately , Windows machines are most susceptible, and the damage can be severe, causing permanently lost files and impaired ‚ or even dead ‚ PCs. You can minimize the threat by using third-party antivirus software, which isn't free but is much cheaper than recovering from a virus.
Symantec (http://www.mcafee.com) are among the leaders in the field. Their software programs not only block viruses from wreaking havoc on your PC, they can also help you eliminate a virus if you've had the misfortune of catching one.
Once you installed an antivirus program, make sure you keep it up to date. Symantec and McAfee offer Web-based updates, and you should look for new updates at least every other day.
12.1.5 Stripping Personal Information from Your Documents
When you save files in Microsoft Word, Excel, and PowerPoint, some personal information about you may wind up in the DNA of the document. How does this happen? When you create a new document, Microsoft Office automatically includes information you provided when you installed Office, such as your name or company name, in the background of the file. (If you're working on a document someone else created, the file contains that person's details.)
To view this information in any file, choose File Properties. Figure 12-5 shows you the window that opens.
| || |
Figure 12-5. You may not realize it, but many of your Microsoft Office documents contain personally identifying information, like the details shown here. You can delete it, but first make sure none of the information is required ‚ by your employer, for instance. If attaching your name to a file is more ownership than you care to claim ‚ say the file is a spreadsheet detailing your plans to embezzle money from your company ‚ you can tell Office to strip this information out of a document when you save it.
Using Word, Excel or PowerPoint, choose Tools Options Security, and select "Remove personal information from this file on save." When you next save the file, the program won't include any personal information.
Note: Unfortunately, you have to do this individually for each file you save; you can't tell Office to do it for every document you work on.
12.1.6 Preventing Word from Stealing Your Files
Word has a useful feature that can, unfortunately, let other people gain access to files on your PC. The feature is called Word Fields , and it inserts self-updating information into Word documents, such as page numbers . If, for example, you add a page to the middle of a document, Word automatically renumbers all the pages.
Some of these Word Fields are hidden, and because you can't see them, you can't tell what they're doing. For instance, the hidden field IncludeText can insert Word documents or Excel spreadsheets into other Word documents ‚ a useful feature if you want to combine several documents. But the IncludeText command can also be used maliciously. If someone sends you a document that has a hidden IncludeText field that points to specific files and their locations on your hard disk, your PC could send those files back to the document originator without your knowledge.
You can fix the problem by downloading a free software patch from Microsoft that closes this loophole. Download the patch and instructions on using it from http://support.microsoft.com/default.aspx?scid=kb;en-us;329748.
Another option is the free Hidden File Detector, available from http://www.wordsite.com/downloads/hfd.htm. It adds a new menu item, Detect Hidden Files, to Word's Tools menu. When you select this command, a dialog box alerts you to any documents that have been inserted into the file by a Word Field.
Note: You can also fix the Word Fields problem with any downloads. In a Word document, choose Edit Links to see if there are any links to files present. If so, delete them ‚ that's all you need to do. (If there are no links to files, Word grays out the Links option, so you have nothing to worry about.)
12.1.7 Hard-to-Crack Passwords
Frequently, hackers break into computers not through any impressive programming feats, but by doing something much simpler: guessing passwords. (You'd be surprised at how many people use the word "password" as their Windows XP logon password ‚ a ridiculously easy gateway to your PC, but not the only one that's a cinch to crack).
One of the best ways to keep your computer safe from prying eyes is to create tricky passwords. Here are several strategies to make your passwords difficult to guess:
Use at least eight characters in your password . It's a simple matter of math: the longer your password, the more difficult it is to guess.
Mix letters and numbers . When you mix the two, your password is more obscure than one that includes only numbers or only letters.
Use both lower-case and upper-case letters, if possible . Some passwords are case-sensitive, which means the only way to type them correctly is to use the proper case. So using different cases in your password makes it much more difficult to crack.
Never use the name of your spouse, child, pet, hometown, or anything else associated with you . If someone knows any details about your life, these are the first passwords they're likely to try.
Use a random password generator . These tools create passwords containing a very difficult-to-guess collection of random characters. There's a free password generator on the Web at http://world.std.com/~reinhold/passgen.html. You can also download the free Quicky Password Generator at http://www.quicky.com.
| || |
Figure 12-6. To prevent snooping when you're on the road with your laptop, turn off file and printer sharing, as shown here.
12.1.8 Safe Travels with a Laptop
If you use file sharing on a laptop while connected to a home or corporate network, you should rethink your sharing policy when you travel ‚ particularly if you connect to wireless hot spots, where other people using that wireless juice can view and use your shared files and folders. (For more about WiFi and wireless computing, see Section 9.1.)
But it can be cumbersome going through your PC and manually turning off sharing on all your shared folders ‚ not to mention turning it on again for each folder when you come home. Luckily, you can turn off file sharing temporarily for all your folders at once.
Here's how. Right-click Network Neighborhood and choose Properties, then right-click the network connection you use when you travel (for example, Wireless Network Connection) and choose Properties again. Uncheck "File and Printer Sharing for Microsoft Networks" and click OK, as shown in Figure 12-6. When you return from your travels, just recheck the box.
| ADD-IN ALERT |
Top Security Downloads for Files and Folders
The built-in tools Windows XP uses to keep your files and folders secure work reasonably well, but there are far more powerful tools available. If you're in the market for added protection, try these downloads.
HideFolders XP . One of the best ways to keep files and folders secure is to completely hide them from other people. HideFolders XP does just that. It can make up to 64 folders invisible at once, and works with both Windows XP Home Edition and Windows XP Professional; only those with the right password can view the folders and files. It's available from various Internet download sites or directly from http://www.fspro.net. HideFolders XP is shareware, so you can try it for free, but you're expected to pay $24.95 to keep using it.
FolderLock . FolderLock lets you put a virtual lock on any file or folder by password-protecting the file. All you have to do is drag a file or folder to the "locker," and it stays locked until you unlock it. FolderLock works with either version of Windows XP and can be used with drives that utilize either FAT or NTFS compression (Section 3.3.1). FolderLock, available from http://www.newsoftwares.net, is shareware and free to try, but you need to cough up $25 if you plan to keep it.
Sure Delete . When you delete files and folders from your hard disk, doesn't really delete them. The file data remains on your computer, so someone with the right tools can find it and read it. If you want to make sure your deleted files can't be recovered, Sure Delete takes out the trash ‚ permanently. It works with FAT or NTFS compression, and with both versions of Windows XP. You can download Sure Delete for free from http://www.wizard-industries.com.