Section 11.5. Security Center | Windows XP for Starters: The Missing Manual: Exactly What You Need to Get Started

11.5. Security Center

Your Control Panel contains an icon called Security Center. It's an easy-to-understand status report on three important security features: Firewall, Automatic Update, and Virus Protection. If any of these are turned off, dire messages appear on your screen at startup and as balloons in your notification area.

As you can see by Figure 11-5, the Security Center is primarily just a status dashboard; the big ON or OFF "lights" are just indicators, not clickable buttons . But it does contain links to numerous help screens, online resources, and other parts of Windows that let you control its three central functions.

Figure 11-5. The Security Center window gives you an overview of your options for protecting your PC and maintaining its software. Click one of the headings (Windows Firewall, Automatic Updates, Internet Options) to expand that section of the dialog box.

If you're using Windows XP in a corporation where a highly trained network administrator is in charge, you may find that you can't make any changes in the Security Center or Windows firewall. Protecting your PC, in this case, is somebody else's job.

UP TO SPEED
Spyware Defined

Spyware is a program that you don't know you have. You usually get it in one of two ways. First, a Web site may try to trick you into downloading it. You'll see what looks like an innocent button in what's actually a phony Windows dialog box; or maybe you'll get an empty dialog boxand clicking the Close box actually triggers the installation.

Second, you may get spyware by downloading a program that you do wantthe free Kazaa file-swapping program is a classic examplewithout realizing that a secret program is piggybacking on the download.

Once installed, the spyware may surreptitiously hijack your browser's start or search page, make changes to important system files, install ads on your desktop (even when you're not online) or report back to the spyware's creators , letting them know what you're doing online.

As noted later in this chapter, there are both free and commercial programs that can clean your system out after a spyware installation.

But if you'd rather avoid getting spyware in the first place, use a pop-up blocker like the one that's now in Internet Explorer, so you won't fall victim to the fake-dialog-box trick. If you're tempted to download a piece of free software, do a quick search of its name at http://groups.google.com to see if other people are reporting it as a spyware container.

11.5.1. The Windows Firewall

If your machine connects to the Internet, it really should have a firewall. If it's connected to the Internet full-time , as with a cable modem or DSL, it really really should have a firewall. Most of the people who have fallen victim to snooping attacks from the Internet are people without a firewall.

Windows XP has included firewall software from the very beginning (it used to be called Internet Connection Firewall). Unfortunately , in the original Windows XP, the firewall's factory setting was Off, and finding its deeply buried On switch required three weeks and the assistance of a Sherpa. ("It's like we gave you a car with seat belts that were really well hidden," admits a Windows product manager. "You had to open a secret panel and press three buttons to make them appear.")

In the latest edition of Windows XP, you can't miss the presence of the firewall. It comes already turned on, and, if it somehow gets turned off, the Security Center offers a direct link to the Windows Firewall control panel. (Of course, you can also open it at any time by choosing Start Control Panel Windows Firewall.)

11.5.1.1. All about ports

Now, if you really wanted complete protection from the Internet, you could always just disconnect your PC from the modem. Of course, that might be a little too much protection; you'd be depriving yourself of the entire Internet.

Instead, you can open individual ports as necessary. Ports are authorized tunnels in the firewall that permit certain kinds of Internet traffic to pass through: one apiece for email, instant messages, streaming music, printer sharing, and so on. (Part of what made the original Windows XP so insecure was that Microsoft left a lot of these ports open, to the delight of evildoers online.)

The Windows firewall works like this: each time a piece of software tries to get onto the Internet, the Windows firewall will pop up a dialog box that lets you know and asks whether it's OK for this piece of software to burrow through the firewall to go about its business. The golden rule: if you recognize the name of the software (for example, an online game), go ahead and grant permission by clicking Unblock. If you don't (for example, PsatNetQuery.exe), click one of the other two buttons.

If you're an online gamer, you'll be seeing a lot of this dialog box. Internet attackers were especially fond of using the ports that interactive online games open.

On the other hand, if you're using a public PC (in a library, say), you might never be asked permission. That's because some administrator has turned on the "Don't allow exceptions" option shown in Figure 11-6 at left. That means, "No holes in the firewall, ever. This is a public terminal, and we can't permit God- knows -what activity to corrupt our system."

If you grant permission, then each time you use that software, Windows will briefly open up a special port for that kind of activity, and then seal the port closed again when you're finished.

11.5.1.2. The exceptions list

When that little Security Alert box opens up, there will be times when you make the wrong decision. You'll deny permission to something that looks fishy, and then find out that one of your programs no longer works. On the other hand, maybe you'll approve something that has a recognizable name, and then you'll later find out that it was actually a trickan evil program deliberately named in order to get your approval. That, unfortunately, is life in the Windows fast lane.

Fortunately, you have a second chance. At any time, you can take a look at the list of authorized holes in your Windows firewall, using the Windows Firewall control panel (Start Control Panel Windows Firewall). When you click the Exceptions tab, you see something like Figure 11-6 at right: a list of every program that has been granted an open port in the firewall.

Using this list, you can also add a program manually (rather than waiting for it to ask permission at the time of launching). To do so, click the Add Program button, and choose the program's name from the list that appears.

Figure 11-6. Left: Here, in the new Windows Firewall control panel, you can turn the Windows firewall on or off. You should turn it off (despite the stern warning) if you're using a non-Microsoft firewall (like Zone Alarm).
Right: The Exceptions tab and the Advanced tab list all of the programs and ports that Windows Firewall is permitted to openbut only when these programs are actually requesting Internet access. Use the checkboxes to temporarily turn exceptions on or off.

11.5.2. Virus Software

Windows XP also direly warns you if you have no antivirus software installedbut unlike the firewall example, this time Microsoft doesn't provide any. The Virus Protection feature, it turns out, is not an inoculation but simply an alert.

However, if you click the Recommendations button, you're taken online to a Web page filled with free time-limited trials of various antivirus programs.

Once you've installed antivirus software, the Security Center will smile on you with a happy green ON "light" next to the Virus Protection heading. (That is, it will if it recognizes the antivirus software.)

You'll have a much more relaxed computing life once you've protected your PC with this kind of software. Consider antivirus software part of the cost of doing business, and remember that you are the best defense against viruses. Don't open email attachments, no matter how juicy they look.

Tip: Some antivirus programs not listed by Microsoft on this page aren't just trialsthey're actually free. For example, at www.grisoft.com, you can download AVG Free Edition, which is free antivirus software. It's a welcome alternative to better-known but much more expensive products like Symantec Antivirus and McAfee Virus Scan.

11.5.3. Spyware Cleaners

As noted above, the Security Center makes clear the importance of installing firewall, antivirus, and automatic-update softwarebut, weirdly, doesn't even mention spyware protection. Spyware detectors are generally free, so by all means consider one of them to be part of your essential PC toolkit. You might choose one of these highly regarded programs, for example:

Ad-Aware . Free version available to individuals (and commercial versions for corporations) at www.lavasoftusa.com.
Spybot Search & Destroy . Free at www.safer-networking.org.

Current versions of commercial antivirus programs, including those from Symantec, McAfee, and Trend Micro, also include some spyware-cleaning functions.

Having a spyware cleaner available is especially important if you download a lot of programs from the Internet (this means you, file swappers).

Tip: Here are four telltale signs that your PC has been infected by spyware: the computer suddenly slows down a lot; Internet Explorer doesn't work right anymore; you get a lot of apparently irrelevant, nonsensical error messages; and the PC freezes up a lot. As soon as you notice these behaviors, run one of those spyware utilities.