Chapter 10. Internet Security | Windows Vista: The Missing Manual

If it weren't for that darned Internet, personal computing would be a lot of fun. After all, it's the Internet that lets all those socially stunted hackers enter our machines, unleashing their viruses, setting up remote hacking tools, feeding us spyware, trying to trick us out of our credit-card numbers , and otherwise making our lives an endless troubleshooting session. It sure would be nice if they'd cultivate some other hobbies.

In the meantime, these low-lifes are doing astronomical damage to businesses and individuals around the worldalong the lines of $100 billion a year (the cost to fight viruses, spyware, and spam).

A big part of the problem was the design of Windows itself. In the quaint old-fashioned days of 2000, when Windows XP was designed, these sorts of Internet attacks were far less common. Microsoft left open a number of back doors that were intended for convenience (for example, to let system administrators communicate with your PC from across the network) but wound up being exploited by hackers.

Microsoft wrote Windows Vista for a lot of reasons: to give Windows a cosmetic makeover, to give it up-to-date music and video features, to overhaul its networking plumbingand, of course, to make money. But Job Number One was making Windows more secure. Evil strangers will still make every attempt to make your life miserable, but one thing is for sure: They'll have a much, much harder time of it.

Note: This chapter focuses on Vista's new self-protection featuresall of them. It's only called "Internet Security" because, in fact, virtually all of the infectious unpleasantness that can befall a PC these days comes from the Internet. A PC that never goes online probably won't get infected.So why is Internet Explorer (IE) the most popular hacking target? First, it's by far the most popular browser on the planet. Second, Internet Explorer includes hooks directly into Windows itself, so a hacker can wreak havoc on Windows by using Internet Explorer as a back door.

Lots of Vista's security improvements are invisible to you. They're deep in the plumbing, with no buttons or controls to show you. If you're scoring at home, they include features called:

Application isolation . A program can't take over important tasks performed by Windows itself.
Service hardening. Windows services are programs that run in the background: the print spooler that comes with Windows, virus checkers from other companies, and so on. Service hardening prevents rogue services (or services that have been surreptitiously modified by nasties from the Internet) from making changes to parts of the system they're not supposed to touch; for example, they can't change important system files or the Registry (Appendix B).
Protected Mode . Protected Mode shields the operating system from actions taken by Internet Explorer or its add-ons. So even if a nasty piece of software breaks through all Internet Explorer's security features, it can't do harm to your PC, because Protected Mode locks IE inside a safe box. Put another way, what happens in Internet Explorer stays in Internet Explorer.
Address Space Layout Randomization . When a program is running, it keeps a lot of information in system memory. Because many viruses and worms depend on their author's knowledge of how vulnerable programs keep that information organized, ASLR scrambles that informationnot so much that the programs can't runto makes it harder for them to break into your system.
Network Access Protection . On a corporate domain network, this feature prevents you from connecting to an insufficiently protected PC on the networkone lacking virus protection, for example.
PatchGuard . Prevents non-Microsoft software from touching the beating heart of Windows.
Code Integrity . Software is checked before it runs to make sure it hasn't been modified somehow.

The rest of this chapter describes features that aren't invisible and automaticthe ones that you can control.

Note, however, that built-in security tools can't do the whole job of keeping your PC safe; you play a role, too. So keep in mind these basic tips before you or your family go online:

Don't trust a pretty face . It doesn't take much expertise to build a snazzy-looking Web site. Just because a Web site looks trustworthy doesn't mean that you can trust it. If you're visiting a little-known Web site, be careful what you do there.
Don't download from sites you don't know . The Web is full of free software offers. But that free software may, in fact, be spyware or other malware. (Malware is a general term for viruses, spyware, and other Bad Software.) So be very careful when downloading anything online.
Don't click pop-up ads . Pop-up ads are more than mere annoyances; some of them, when clicked, download spyware to your PC. As you'll see later in this chapter, Internet Explorer includes a pop-up blocker, but it doesn't block all pop-ups. So to be safe, don't click.

With all that said, you're ready to find out how to keep yourself safe when you go online.