Securing your PC on a budget

There are many different options to help you secure your PC. Good password protection, software protection, and network/dns protection.

There are two important things you can do to secure your computer, no matter if you run on Windows, Mac, Linux, *BSD, or whatever.

• 1. Administrator/Root/Super User is bad for regular use.

Don't run as the system Administrator/root/super-user account for your day-to-day needs. Create a different account that has Administrator/root/super-user access, have a different password (more on this later), and only log in to this account to install/remove software and manage updates. Once you have this account up and running, remove Administrator/root/super-user access from your day-to-day account(s). Even Microsoft agrees finally with Windows 7.

If you have Windows XP, be sure and set the password for the hidden Administrator. They disabled this account by default in Windows Vista (a good thing, since it doesn't have a password by default), but yet having your regular user as a member of Local Administrators group is still foolish. Add the administrator's account back to the welcome screen after you set the password. Then login as that account and remove Local Administrators group access from your standard account. See the next section so you can pick a decent password for both of these accounts.

• 2. Have a password management system.

The other big mistake many people make is having no password, a simple password, and using the same one everywhere. There are many solutions, but the hardest to crack are more than 8 characters. At a minimum, make sure you have some password set, and make it more than 8 characters. Pick the name of your favorite book, TV series, Bible verse and use its initials (The Lord of the Rings would be "TLotR", John 3:16 might be Jn316 or JohnT:S) plus some combination of digits (your house address, anniversary, something). These are very, very simplistic password methods, but they are better than nothing, and better than a simple dictionary word.

If you want a really advanced password system that isn't going to get cracked, follow along in this next three paragraphs.

All passwords should contain a non-dictionary word, at least one of the following (preferably two): an upper-case letter, a special character, and a number. Initials/abbreviations of phrases (not your initials) make for good passwords, like, "See spot run!" could be half of your password as "Ssr!" and then come up with a second phrase and include a number (perhaps put the number in the middle).  For more length, say our second phrase a was "Got milk?" so our password portion of that phrase was "Gm?" and finally we added a number, 99, in the middle, to form our base password "Ssr!99Gm?". That right there is a great password (upper-case, lower-case, special characters (! and ?), and numbers).

Next, don't use this same password everywhere. Come up with a system, but a not too obvious system so you can have a "base" set of password phrases and then insert something unique for each account.  Come up with something to make up a unique password for each website/company.  Say the site's second letter and last letters (obviously you should pick something unique for you). For our Google account, this would be "o" and "e". Now insert these two letters between 99 (again, come up with a unique spot), so now our Google account password would be: "Ssr!9oe9Gm?" (Google). Yahoo! would be "Ssr!9a!9Gm?", and so on. If someone saw enough of your passwords, they might discover your system, but it's not obvious if they see just one or two and don't think much of it. But this way you've a unique and complex, but easy to remember password method, and you can create passwords on the fly whenever you need.  Also you can write your system down, and it's not easy for someone to decipher it.  You'd write down:  "See spot run!" and "Got milk?" and "99" and "Second and Last."  Since your own based phrases and number are going to be unique (and even the ordering of them), even myself or someone with knowledge of this password creation system wouldn't be able to know your passwords.

Using this same system, your regular PC account could use the letters from "Personal Computer" as "er" in the middle, and your "Administrator" account could use "dr" in the middle, yet get the idea. The kids really should have their own account for the PC (it could be a single shared account named "kids", or one for each depending on their age) and use the simple password creation method, and even create a Visitor account for guests (you can put the password info right in the login name, "Password is Gu3st-316" or whatever).

• 3. Using the right software: Software updates, Anti-virus, Anti-malware, and Web Browsers.

Set Automatic updates to run Automatically and Install in the Control Panel on Windows. Get Anti-virus and Anti-malware software from a known-good source. Just searching Google or getting it from a friend isn't a good way to find these. There are many bogus programs which try to appear as Anti-virus or Anti-malware and are themselves scams. Use a known-good site to find them, such as CNET. You can use their search tool to look for Platform: Windows, Category: Security Software, Price: Free, and find all of what I'm going to link to and more with user ratings.

For home use, you can get the AVG Free Anti-virus and Malwarebytes Anti-Malware for free. Install Mozilla Firefox and allow the internet default to use it instead of Microsoft Internet Explorer.

Just with these steps, 1-3, I set up my In-Laws 3 years ago on Windows XP, and never a problem, never a virus, even with friends and family coming over and using the computer. The real key there is that they don't share the administrator password.

• 4. Malware and phishing protection at the DNS-level.

For all Operating Systems, there is also another line of defence that I've started using and recommending called OpenDNS. Whenever your computer wants to go to a website, it has to convert from the human-readable name (like roysdon.net) to an IP Address (like 208.202.125.53. OpenDNS can help by filtering websites based on DNS. It has two benefits, one is malware/botnet protection to help protect your PC from getting infected in the first place, but even if your PC did get infected, it couldn't phone home via DNS.

The second is that OpenDNS filters whatever content you want it to, which at a minimum you'll want to filter Phishing and Malware sites, and most likely you'll want to filter everything from the Medium level (porn, gambling, hate sites, etc.). The best part after all these features is the cost: absolutely free.

If you're a real tech wiz, you're probably already running Linux for your Operating System instead of Windows or Mac OS X. This isn't for the thin of skin who don't like to tinker and learn (often). I moved this section to the end of this post.

• This is an optional section for very advanced users, not a required step!

Linux comes in many different distribution bundles. There are dozens of Linux distributions by a large number of companies, but there are about a half-dozen major Linux distributions. My preference for Linux are distributions based on Redhat's different offerings. For my desktops I use Fedora Linux, MythDora for my "TV"/Media Center, and for my servers I use CentOS Enterprise Linux (re-compiled from Redhat's Enterprise Linux). Ubuntu Linux is geared around the real novice user, and I'd recommend if you're just starting into the world of Linux and not a real in-depth-techie.

Whichever Linux distribution you run, you shouldn't have your head in the sand and think you're immune to problems. Automatic updates or notifications are key, as well as using SELinux, iptables (software firewall) and some solutions to detect key system file changes like chrootkit and rkhunter.

I'll close with this: Be a good steward of your computer (and even online banking!) resources.  Just like you wouldn't leave your car unlocked and the keys on the dashboard, take the same precautions with your accounts and computer.  Probably 95% of spam comes from people who leave their computers and servers unsecured (security means software updates too), and then someone with bad intentions gets control of their system and uses it to send spam.  Most online banking fraud is the same: unsecured computers with bad software secretly running forwarding on your account login information to folks who drain your account or use your credit cards for purchases.