Computer Security 101a

It has been a few months since my last article "Computer Security Basics 101" and since I got such a good response I decided to write a follow up article of tips and suggestions that should allow you to add even more layers of protection to your PC.

Since my last article Windows Vista (for better or for worse) was released to the public and has been adopted by a number of individuals and with this in mind I have made notes where appropriate on which tips work with this product. If you are wondering about security specifically for Vista hang on for a bit as I will be writing something topic on that very soon.

So much like I did previously here is my list of top 10 tips you can implement in order to made your PC less vulnerable to harm and potential attack.

Address Space Layout Randomization (ASLR)http://www.wehnus.com/ that will add this feature into Windows XP Pro. For Windows Vista users ASLR is already part of the product and I do not advise installing this software. - ASLR is a technology that randomizes the location of key system libraries and executables in memory in such a way that makes it difficult for an attacker to locate. An adversary wishing to attack a system with ASLR must first locate the particular code they want to target in memory before carrying out the attack which, while not impossible, is very difficult and out of the reach of most. You can download a free software application called WehnTrust at

For additional reading point your browser to http://en.wikipedia.org/wiki/ASLR which offers a very detailed write up on the theory and concepts behind ASLR.

Data Execution Prevention (DEP)http://support.microsoft.com/kb/875352 Be aware that the directions contained therein are not for the faint of heart or inexperienced...what I'm saying is BE CAREFUL and try it out on a non-production or test system first. - DEP is a technology that is designed to restrict what regions of memory that applications can run processes in. Through the use of DEP applications can be more tightly controlled and reduce the chance of some malicious code such as worms, virus or Trojans from running as well as reducing the likelihood of some types of problems such as buffer overruns from occurring. To learn more about DEP and how to enable it go to

For additional information point your browser to http://en.wikipedia.org/wiki/Data_Execution_Prevention which explains how DEP works just a bit better than can be explained here.

Windows Defenderwww.kolla.de and Windows Defender can be downloaded at www.microsoft.com/defender. Windows Vista includes Defender, XP does not however Spybot can be installed and run alongside Defender on both systems. - Windows Defender is Microsoft's first anti-spyware program and it is a good first attempt at such an application. Windows Defender does the typical scanning and such you would expect from any good anti-spyware application as well as additional features such as real-time protection and tighter integration with Windows. In practice Windows Defender is fairly reliable at removing spyware (provided the user keeps the signature database up to date) , but the smart user would still have another application such as Spybot to backup Defender. Spybot can be downloaded at

Note: User education is another great antispyware tool.

User Accountswww.microsoft.com (free) to disable the feature. - We use them every day on our machines, but are we using them correctly? What I am talking about it user accounts that we use to do work on our system. Most of us login to our home or business machines without thinking of the implications of what the wrong user account can do. The average user tends to login to their home machine as the Admin of the machine which means they can do anything they want which is good and bad. Looking at the good side of things logging in as an Admin means we can do whatever we want, from the bad side of things it means that anything we get on our machine while logged in as an Admin can also do what it wants. Avoid this problem by creating a second user account for yourself with lesser privileges and use that for your day to day work and only log in as an Admin to install software or modify system settings. Check your documentation for more info.

Disable Autorun - Autorun is a great feature as it allows us to install a flashdrive or insert a DVD or CD into our computer and it will automatically start up and carry out a default function (such as playing a movie or prompting us to install something). Autorun can be relatively easy for a potential attacker to exploit as all they would have to do is place a trojan or some other type of program on something as harmless as a flashdrive and then just wait for someone to plug it into their PC and have Autorun take it from there. Prevent yourself from coming to harm by using software such as TweakUI over at

Note: Autorun can also be disabled by editing the Registry or configuring Local Security Policy, but you will need to do homework to learn how to do it one of these ways (as both can be dangerous if done the wrong way).

NTFS - NTFS is a file system (e.g. what allows you to store data on your harddrive) that allows you to put permissions on your important files and folder preventing unauthorized access. Years ago the default file system on a PC was FAT and later FAT32 both of which suffered from limitations on drive size as well as other areas such as security, two areas that NTFS addresses. While you can easily convert a FAT or FAT32 drive to NTFS it still requires you to learn how to do things such as set permissions and such to take full advantage of the system. Consult your Windows Documentation for more info. Applies to both XP and Vista.

Encrypting Files - Encrypting sensitive data prevents (or at the very least slows down) someone from accessing your data if they get the file or get onto your system. NTFS includes an encryption system right out-of-the-box called EFS or Encrypting File System which protects files from being accessed by unauthorized parties, but what it you aren't running NTFS? Let's look at a Flash Drive which typically does not run NTFS as its file system, but rather FAT32 which doesn't offer any protection in the form of encryption. In these situations we can still offer protection in the form of a product called TrueCrypt over at http://www.truecrypt.org/ . TrueCrypt allows a user to create something similar in concept to a ZIP file that we can drop other files into to encrypt. Once we use TrueCrypt we can store the file on our Flash Drive and if we've done things right even if we lose our drive no one can get to our files. Yes, this does work with XP and Vista.

Note: Vista includes a feature called BitLocker which can also fully encrypt a drive so it is inaccessible without a "key", but this is not portable across OS's like TrueCrypt would be.

Data Disposal - Ever get rid of an old computer? If you have you might want to do what is called "Wiping the Drive" to prevent someone from recovering your files before getting rid of the computer. In a nutshell we should Wipe the Drive to thoroughly remove all data erased and otherwise from the system so it cannot be recovered (remember short of melting down the drive data can always be recovered from media). There are many good utilities that can perform this function, many for free just search Google. This applies to XP and Vista and every other operating system.

For the record it always shocks your average computer user to know that the data on their drive can be retrieved even if it is deleted. Wiping a drive is a very reliable way for the average Joe to keep deleted data from being recovered and falling into the wrong hands. It is still worth noting that even though a wiped drive will keep the majority of computer experts from recovering erased data there are still ways to recover data which is why government and other organizations who do not want their data to recovered melt down or DeGauss old drives.

Image Your Drive - I recommend that a user regularly image their drive though not as often as they would back it up. Imaging a drive is in essence taking a snapshot of the drive and saving it for restoration later if there is a problem. Imaging can be done with off-the-shelf software such as Symantec's Ghost or one of many others. If you are buying a new PC you should always make it a point to image it when you get it so you have a configuration from when you first got the machine then take another after you do the initial configuration to get it to your liking. Imaging can be done with any operating system.

Backed Up in a Flash - In addition to imaging and backing up your system I recommend that individuals get a good Flash Drive and copy files they consider important to it now and then. The benefit of doing this is that if your hard drive crashes or you erase something accidently you can copy it back from the drive very quickly. Better yet you can take it with you and as an offsite backup in the event that wherever your computer is happens to be in danger or destroyed. I also want to remind everyone that this is not in any way a replacement for the standard backup to a tape or DVD.

Well that's it for this time, until next time stay safe