I'm quite a careless user as I don't really understand where the risks are and I wouldn't mind being able to do cc transactions with some kind of confidence.
I've also got Norton Protection Centre and will download these spyware scanners.
Are there any other things I should be getting?
10
kendela
11
markjoy
Kendela, I don't know what the capabilities of the Norton protection centre are, but from reading the info on the site, it seems to be a substitute for the built in windows security centre, monitoring the status of whatever security applications you have.
Basic minimum is a firewall, and a resident (realtime) antivirus. I'm guessing you use Norton for at least the second.
The main things to guard against are trojans and keyloggers. Any good antispyware program should do that. Use the one of your choice, or perhaps alternate them, to scan at least once a week. Update them first. Same applies to the Antivirus. (It's probably set to update automatically?)
If any malware is found, never delete, always quarantine, or, after investigating it to see if it's a false positive or not, do nothing/ move it to an "ignore" list for that scanner. If anything real is found, quarantine and repeat the scan. Keep repeating 'till nothing is found. Then scan with a different scanner (second opinion, different definitions, maybe different removal capabilities.)
The reason for quarantining, is that if it is a false positive, and they all flag these sometimes, you are able to then restore the file when you realize something's broke.
Don't worry too much about cookies, they are easily deleted.
A two way firewall is useful to detect applications attempting to send data out. (Windows XP firewall only blocks bad inbound data.)
The sky is just about the limit for installing security products on a pc. However, sometimes more is less. You should not have more than one AV running, nor One firewall, nor one antispy, in realtime protection. Usually, you can't have more than one, they'll "fight" with each other, demanding the other be uninstalled. If oyu get the "paid" versions of any of those antispys, only use one in realtime. You can install as many demand scanners as you want, but for the average user, two or three is adequate.
12
kendela
Thanks very much Mark. When I get positives, how do I know whether it's malware, a trojan, a keylogger or just a cookie?
Also, any suggestions for firewalls?
13
markjoy
Now that can be tricky. Start with the easiest first: cookies. these can track browsing habits and send the results "home", so you are targeted with ads better suited to your web browsing experience. Hah! They can be benign, too, such as the cookie installed by a site you visit often, to store your preferences/login status etc. They are also very easy to delete, thus the lower end of threat. Just look at the website id for the cookie. If it's, for example, thorntree lonleyplanet, you might elect not to delete it. If it's freehardcoreporn2u dot com, you might choose to get rid of it.
How to know if something is a trojan or key logger? Often you don't.
The trickier bit is when you get a file name and location that is meaningless to most of us, say, C:Documents and settings(username)application datawinsysincBHO run at start## (totally made up BTW). Or a long registry string {9O453FDFS354blah blah blah etc}
Copy and paste the file name into Google. See what others are saying about it. If it's a long string, especially with your username included, it may have zero hits. In that case just copy the last part of the info, say, the location and the file name, or just the file name. Often just reading the precis of the Google search results will give a strong indication of whether it's a threat or not. If still uncertain, have a look at some of the web pages with the same results, particularly webpages belonging to a respected forum, like Wilderssecurity, Castlecops, Mybleepingcomputer, Spybot to name a very few. Sponsored search results often want to scan your pc for errors then sell you something.
Another usefull tool is to upload the file concerned to VirusTotalto have it scanned by a battery of online scanners provided by all the big names in PC security. If still uncertain, quarantine it, and see if everything still works, ask the Asquared or SAS or whatever vendor, or post a question at a forum.
I like Comodo Firewall Pro, because it passes most of the leaktests, is free, and fairly easy to use. Other popular firewalls include Kerio, ZoneAlarm (which has compatability issues sometimes) PCTools, Jetico (good but needs a lot of knowledge). If there is one built into your Norton package, I would imagine it's pretty good. The one built into Windows XP is great, but only blocks inbound. Heres a firewall testing site that can give you a bit of an idea as to how good your current protection is, inbound anyway. ShieldUp
Pro tip
Lonely Planet
trusted partner
trusted partner