Tutorials - General > Essential Security software

Tutorials & FAQs: General: Essential Security software


The aim of this tutorial is to give you an insight into the world of security and give you some basic tips and information on how to secure your PC from the outside world. It will also describe what viruses, Trojans and Spyware / Malware are and how to prevent them from getting on your PC. It will also give you information and links to a number of well known (and perhaps some not so well known) software applications and web sites specifically related to the security and protection of your system.

The software included here is for Windows based PCs. At the time of writing I do not have any details of similar packages available for other Operating Systems like Linux and Mac OS. In some cases, the main website related to the software will include details of software that manufacturer supplies for other OSs.


Disclaimer

Please note that the links, software and information included in this tutorial are in no way endorsed by or are recommendations from PlusNet. It is information gathered by members of the tutorial team and collated here for your use. Downloading and use of such software is at the owner's risk and no liability is given to their suitability. PlusNet or the tutorial team accepts no responsibility from any loss or damage caused by installing such software.


A small glossary

There are several terms and names that exist related to security what follows is a brief description of what they mean:
  • Trojan

    A Trojan (also called a Trojan horse) is a software program in which harmful or malicious code is contained within another (seemingly harmless) program. When this program executes, the Trojan performs a specific set of actions, usually working toward the goal of allowing itself to persist on the target system. Trojans can allow hackers to open backdoors on your system, giving them access to your files and even network connectivity.

  • Virus

    A small computer program designed to make copies of itself over and over. It attaches to other programs and reproduces when the other programs are run. The effects of a virus can range from harmless messages that appear on screen to destruction of data, either right away or on a set date. File attachments in e-mail messages are a common source of virus. One rule of thumb is to NEVER double click (execute) an attachment to an e-mail unless you are sure who it is from and that it is safe to do so.

  • Spyware / Adware

    A technology that assists in gathering information about a person or organisation without their knowledge. On the Internet, "spyware is programming that is put in someone's computer to secretly gather information about the user and relay it to advertisers or other interested parties." As such, spyware is cause for public concern about privacy on the Internet. While they are sometimes sinister, like a remote control program used by a hacker, software companies have been known to use spyware to gather data about customers. The practice is generally frowned upon. This is also known as "adware" and is often associated with ad banners and pop-up advertising.

  • Malware (Malicious software)

    A generic term increasingly being used to describe any form of malicious software; e.g. viruses, trojan horses, worms, Denial of Service and other such attacks. Sometimes referred to as rogue programs.

  • Keyloggers

    Malware which runs unnoticed on a PC and captures all keystrokes made by the user. It often has the ability to transmit the captured information to a remote location either via a network connection or email. This is often used to collect usernames, passwords, bank and credit card details that can be used for fraudulent activity.

  • firewall

    A system designed to prevent unauthorised access to or from a private network. Firewalls can be implemented in both hardware and software, or a combination of both. Firewalls are frequently used to prevent unauthorised Internet users from accessing private networks connected to the Internet, especially Intranets. All messages entering or leaving the Intranet pass through the firewall, which examines each message and blocks those that do not meet the specified security criteria. Firewalls can either be software based (a program running on your PC) or hardware based (part of the functionality of your router).

  • pop-ups

    A new browser window that appears unrequested (by you) on your screen. A gratuitous, easily programmed visual effect exploited by many web sites often to the consternation of the hapless user. Commonly used for advertisements. Particularly annoying are those termed exit popups: browser windows that spring to life when you leave a site or when you close a browser window.

    One other form of pop-up that you can get is from the windows messenger service (note: this is not MSN messenger) running on Windows NT/2K and XP. Spammers have now started using this as a method for sending spam to your PC. If the pop-up box that appears has the title 'windows messenger' then that is how the spam is being sent to your PC.

  • cookies

    Cookies are small text files that Web sites place in your computer to help your browsers remember specific information. For example, they might store your passwords and user IDs. They are also used to store your preferences for content or personalised pages. Most shopping carts use cookies. These allow you to choose items and leave the virtual store, then return later and find that all the items are still in your shopping cart. Cookies are also used to build a profile of which sites you visit and which banner ads you click on. Advertisers use this information to deliver targeted ads directly to your computer. Some sites save your preferences on the cookie itself. Other sites assign users ID numbers or encoded passwords and keep records of your preferences at their end. Some sites use temporary cookies (called session cookies) that are deleted when you exit your browser. Others place persistent cookies, which stay on your hard drive for long periods.

  • worms

    Worms are like viruses in that they try to copy (replicate) themselves over the network and onto another computer through an unprotected shared folder or directory. They can also try to replicate themselves by reading the address book of the infected computer and emailing themselves to those addresses without the owner's knowledge or permission.

How do you protect your PC from being infected

In simple terms you need a:
  • firewall
  • virus / trojan / worm / scanner
  • spyware / malware / keylogger scanner
  • pop-up stopper
  • cookie handler / blocker
And with a few carefully selected programs, many which are free, it is possible to do all of that and in so doing protect your system from the world outside and hopefully give you a trouble free existence on the internet.

However, nothing is ever 100% effective so, while installing and running the above software there will be situation when they will not work or will not detect new trojans or viruses. Often the 'fix' is to download an update and rescan your system but as with all things security, the hackers and virus writers are always one or two steps ahead of the protection software. This will means things will 'slip through the net' and none of the writers of the software detailed below will guarantee 100% effective protection.

So, let's explain how each of the above types of software work:

  • Firewall

    This is an application (software firewall) that you run when your PC starts up or automatically exists in your router (hardware firewall). You can configure the firewall to restrict or allow program access to/from your PC, or in the case of a hardware firewall, to/from your local network. In some cases you can be informed of programs running on your PC that are trying to gain access to the internet (which you can allow or deny access). In addition it can log/inform you of other computers on the internet (or even on youir local network) trying to gain access to or find out some information about your PC.

  • Scanners (Trojan, virus, spyware etc)

    These are applications that will scan the files on your hard disk, applications in memory and in some cases received email for files that are associated with known infections (viruses, trojans and spyware etc). They generally all contain data files that describe how to identify the virus or trojan (a signature) and what to do to remove them. Most will also have a way to update the data files to include new viruses, trojans and spyware, often on a daily basis because new ones or variations of existing ones are being created every day. This is often automatic over the internet but some require this to be done manually.

    In addition, some scanners must be run manually at regular intervals and others when installed will run automatically and a predetermined time. Some are actually running all the time and will detect infections 'on the fly' by scanning memory or email attachments or watch for unusual behaviour from the programs running on your PC.

  • Cookie handlers / blockers

    This type of software allows you to control what types of cookies your browser will store on your hard disk and block those you have selected not to. Thus removing the method by which many web sites collect or store information about your system and/or your browsing habits. Most browsers today have the ability to block certain cookies from being stored but there are many external programs that can do it either as well or better.

  • Pop-up stopper

    This is a program that is designed to stop the annoying pop-ups from appearing when you visit certain websites. These are often related to advertising or spyware / malware / cookie storage and download. Some browsers like Mozilla have a built-in pop-up stopper which means additional software is not needed. Sometimes pop-ups are used by websites in a legitimate way and the pop-up stoppers often have an opt-in list where pop-ups will be allowed.

Now to the programs themselves

What follows is a list of applications compiled from the internet and known security web sites. The list is not all the software that is available in each category but should include the most well known packages. Apologies if your favourite is not included but there is a limit to what I could put together.

Note: It is important that you read the installation instructions included with any software thoroughly to make sure you install and configure it correctly for your system. An incorrectly installed or configured program may not actually be protecting your system and so give you a false sense of security. This can be just as bad as having no security software installed.

Where possible, the following information is supplied for each product:

Name: Indicates the name of the application and author/company. Click on the link to go to the website where you can normally download the program or view the pruduct features.

Updates: Indicates how updates for the software (or new virus/trojan definitions) can be obtained and if this is a manual action (you have to click a button to check for updates) or automatic (the software automatically downloads updates as they are released).

Support: Indicates where support for the software can be found (often a forum)

Type: Indicates under what licence the software is issued:
  • Freeware - free for personal use (need to pay a licence fee for commercial use) or sometimes called donateware where the author would appreciate a donation to be made to them to help in the development of the software.
  • shareware - Requiring a payment for registration after a trial period, often registration payments turn on additional features.
  • Trialware - Limited time trial versions (15, 30 days etc) after which the user has to pay for a registration code to continue using the software.
  • commercial - Indicates commercial applications you have to pay for up-front before use.
Description: A short description of what the software does and additional comments.


Anti-spyware related software

Name: Spybot Search & Destroy by Patrick M. Kolla.
Updates: Yes via internet, manual/automatic (config) through program, frequent updates.
Support: Spybot S&D Forum
Type: Freeware (donateware)
Description: Spyware & malware scanner. Some trojans and viruses also detected. Very polular and well respected scanner, lots of features. Scans run manually

Name: Ad-Aware by Lavasoft
Updates: Yes via internet, manually activated through program, frequent updates.
Support: Lavasoft support forums
Licence: free for personal use, payfor versions with additional features
Description: Spyware and malware scanner. Some trojans and virii detected. Another popular scanner with large user base. Scans run manually

Name: SpywareBlaster by Javacool Software
Updates: Yes via internet, manually activated through program, frequent updates
Support: SpywareBlaster support forum
Licence: freeware (donateware)
Description: Can prevent the installation of any spyware ActiveX controls from a webpage

Name: SpywareGuard by Javacool Software
Updates: Yes via internet, manually activated through program, frequent updates
Support: SpywareGuard support forum
Licence: freeware (donateware)
Description: Provides a real-time protection solution against spyware. Use with SpywareBlaster, runs in background with systray icon

Name: HijackThis by Tomcoyote
Updates: Only as program is developed
Support: Tomcoyote forums
Licence: freeware
Description: Examines certain key areas of the Registry and Hard Drive and lists their contents


Control your startups

Name: StartupList by Merijn
Updates: Only as program is developed
Support: LurkHere Forums
Licence: Freeware
Description: Lists all autostarting apps on your system.

Name: Startup Monitor
Updates: Only as program is developed
Support: Links on website
Licence: Freeware
Notes: Notifies you when any program registers itself to run at system startup.

Name: Startup Control Panel
Updates: Only as program is developed
Support: Links on website
Licence: Freeware
Description: Control panel applet that allows you to easily configure which programs run when your computer starts.

Name: Autostart Explorer by Mischel Internet Security
Updates: Only as program is developed
Support: Support Page and forum
Licence: Freeware for personal use, Licence required for commercial use.
Notes: Allows you to explore all autostart apps on your system


Some Useful websites related to startup content:

Startup Content
Startup Applications
Startup Application list search
Task List Programs


Windows Messenger Service

Name: Shoot The Messenger by Steve Gibson
Updates: As program is developed
Support: See above link
Licence: Freeware
Description: A small tool to enable you to disable the Windows messenger service and stop those spam pop-ups from appearing. This will not effect normal application and is not related to MSN messenger, which will still function with the messenger service disabled.

Name: Adaware Messenger-Control plug-in by LavaSoft
Updates: As program is developed
Support: See above link
Licence: Freeware
Description: A plug-in for the Adaware spyware scanner (see earlier section) which allows you to enable/disable the Windows messenger service.


Online Anti-virus scanners

Name: Housecall Scan now by Trend Micro
Updates: Unknown
Support: See link
Licence: N/A
Description: Online virus scanner

Name: Online virus scanner by Kaspersky Lab
Updates: Unknown
Support: See LInk
Licence: N/A
Description: This only allows specified named files to be scanned for viruses on your PC.

Name: eTrust Anti-virus scanner by Computer Associates
Updates: Unknown
Support: See link
Licence: N/A
Description: Online virus scanner. Uses ActiveX controls so only works with Internet Explorer browser

Name: Security Check by Symantec
Updates: Unknown
Support: See link
Licence: N/A
Description: Online virus scanner and online security scanner

Name: ActiveScan online virus scanner by Panda Software
Updates: Unknown
Support: See link
Licence: N/A
Description: Online virus scanner

Name: Command on Demand AV scanner by Authentium
Updates: Unknown
Support: See link
Licence: N/A
Description: Online virus scanner. You can select the files/folders to scan.

Name: Antivirus scan online by RAV (IE only)
Name: Antivirus online file scan by RAV (non-IE)
Updates: Unknown
Support: See link
Licence: N/A
Description: Online virus scanner. The IE only version uses ActiveX and can scan your whole disk, the non-IE version can only scan a selected file.
Note: RAV Online Scanning ActiveX Buffer Overflow

Name: Free Online Virus Scan by Bitdefender (IE only)
Updates: Unknown
Support: See link
Licence: N/A
Description: Online virus scanner. Uses ActiveX so only works on IE

Name: PC Pitstop Antivirus scanner by PC pitstop
Updates: Unknown
Support: See link
Licence: N/A
Description: Online virus scanner. 3.5Meg download before it can run

Name: McAfee Freescan by McAfee
Updates: Unknown
Support: See link
Licence: N/A
Description: Online virus scanner.


Port scanners

Name: Online quickscan by Sygate
Name: Online stealthscan by Sygate
Updates: Unknown
Support: See link
Licence: N/A
Description: Online port scanner. Sygate also do additional online port scanners

Name: ShieldsUp by GRC
Updates: N/A
Support: See link
Licence: N/A
Description: Online port scanner plus lots of other security related network tests.


Anti-virus programs

Name: eZ Antivirus by Computer Associates
Updates: Yes, signature files via internet. Manual or automatic update and frequent updates
Support: Support Center
Licence: Commercial (30 day free trial)
Description: Anti-virus scanner.

Name: Vet Anti-virus by Computer Associates
Updates: Yes, automatic via internet. All definitions and updates free
Support: FAQs & Technical support
Licence: Commercial
Description: Single & multiple PC versions. Also has a version for Palm, which is a Free download to existing owners of Vet anti-virus software.

Name: Sophos Anti-Virus
Updates: Yes, via internet.
Support: Sophos Support
Licence: Commercial. You can register for trial versions.
Description: Protection for desktop, laptop and servers. Versions available for many non-windows OSs like *nix, netware, MacOS.

Name: KAV Anti-virus by Kaspersky
Updates: Yes, via internet or manual download.
Support: Kaspersky support
Licence: Commercial. Yearly subscription needed for virus defs updates.
Description: Many versions to cover different users and different OSs. Does have some incompatibilities with other applications, ADSL on ME and some cable modems.

Name: NOD32 Anti-Virus by eset Software
Updates: Yes, via internet. Automatic defs and program updates
Support: Support Center
Licence: Commercial. (30 day free trial available)
Description: Versions available for non-Microsoft OSs.

Name: Norman Virus Control (NVC) by Norman
Updates: ??
Support: Normal Support Page
Licence: Commercial (30 day free trial available)
Description: Versions available for non-Microsoft OSs.

Name: F-Prot Anti-Virus by Frisk
Updates: Yes, via internet. Automatic program and virus defs updates
Support: F-Prot Anti-Virus Support
Licence: Commercial (30 day free trial available)
Description: Versions available for non-windows OSs.

Name: AVG Anti-virus by Grisoft
Updates: Yes, via internet. Manual and automatic update.
Support: AVG Technical support
Licence: Free (single home user) and commercial versions available
Description: Home and corporate versions available.

Name: Norton Antivirus by Symantec
Updates: Yes, via internet. Yearly subscription for virus defs updates
Support: Symantec Support
Licence: Commercial
Description: Uses liveupdate to keep programs a defs up to date.

Name: McAfee virusscan by McAfee
Updates: Yes, via internet. Yearly subscription for virus defs updates.
Support: McAfee Help
Licence: Commercial
Description: Another well known anti-virus app.


Online Anti-Trojan scanner

Name: Trojanscan by Gfi (IE only)
Updates: N/A
Support: See above link
Licence: N/A
Description: Requires ActiveX to run so only works when using IE browser


Anti-trojan programs

Name: Trojan Remover By Simply Super Software
Updates: Yes, via internet. Manual update via button.
Support: Support page
Licence: Commercial (30 day free trial available). Online registration.
Description: Scans for and removes trojans and worms.

Name: Trojan Hunter by Mischel Internet Security
Updates: Yes, via internet. Automatic update. Free upgrades (program and rules file) for life
Support: Support Page and forum
Licence: Commercial (free trial available)
Description: Very well known trojan scanner with many awards. Memort resident and manual scan features.

Name: Trojan Defence Suite (TDS-3) by DiamondCS
Updates: Yes, bia internet. Manual Program and ruleset updates
Support: Support page and Forum
Licence: Commercial (30 day free trial available)
Description: Very well known trojan and worm scanner. Also detects some viruses. Memory resident and manual scan features.

Name: Tauscan by Agnitum
Updates: Yes, via internet. Manual Program and ruleset updates
Support: Support Page
Licence: Commercial (30 day free trial)
Description: Another well known and respected trojan scanner

Name: The Cleaner
Updates: Yes, via internet. Automatic updates.
Support: Support Page
Licence: Commercial (30 day free trial)
Description: Real-time memory resident scanner that detects and removes trojans, worms and keyloggers.

Name: BOClean Anti-Trojan software by NSclean
Updates: Yes, via internet. No change for updates
Support: via Gladiator Security Forum
Licence: Commercial
Description: Another well known and respected Trojan scanner.


Firewall

Name: Outpost by Agnitum
Updates: Yes, via internet as program is developed. Manual update.
Support: Support page and Online Community
Licence: Freeware and Commercial
Description: Free version not compatible with ICS (internet connection sharing)

Name: Sygate Personal Firewall by Sygate
Updates: Yes, via internet as program is developed. Manual update.
Support: Support Page
Licence: Freeware and commercial
Description: Easy to use.

Name: Zone Alarm by ZoneLabs
Updates: Yes, via internet as program is developed. Manual upgrade. Yearly subscription required.
Support: Support Page and Forum
Licence: Freeware and commercial. Free trial of pro version reverts to free version after 30 days
Description: One of the best known firewall products. Freeware version works very well, commercial pro version even better.

Name: Kerio Personal Firewall by Kerio
Updates: Yes, via internet as program is developed. Manual upgrade.
Support: Support Page and Forums
Licence: Commercial (30 day free trial)
Description:

Name: Norton personal firewall by Symantec
Updates: Yes, via internet as program is developed. Manual upgrade.
Support: Symantec Support
Licence: Freeware and commercial. Free trial of full version reverts to limited free version after 30 days
Description: Another well known software firewall.

Name: McAfee personal firewall plus by McAfee
Updates: Yes, via internet as progam is developed. Manual upgrade. Yearly subscription required.
Support: McAfee Help
Licence: Commercial requiring yearly subscriptions
Description: Another well known brand but has been known to have compatibility issues with other software.


Combined security packages

Name: Norton Internet Security by Symantec
Updates: Yes, via internet as program is developed. Yearly subscription required.
Support: Symantec Support
Licence: Commercial
Description: Contains Norton AntiVirus, Personal Firewall, Privacy Control, AntiSpam and Parental Control

Name: McAfee Webessentials by McAfee
Updates: Yes, via internet. Yearly subscription for virus defs updates.
Support: Symantec Support
Licence: Commercial
Description: Contains Virusscan and Personal firewall plus. Other packages available.


Security websites

Black Viper - good source for understanding all those Win2k/NT/XP background services and disabling what you don't need.

CERT coordination Center - Established in 1988, the CERT(r) Coordination Center (CERT/CC) is a center of Internet security expertise. It issues security advisories and alerts.

Gibson Research Corporation - the home of ShieldsUP security checker and lots of other useful security related information. There is also a newsgroup (news.grc.com)containing discussions groups on all aspects of security, security software and virus/trojan/firewalls. Check this for updates to security software.

TechNet Microsoft Security Bulletins - Details of security bulletins describing problems and associated patches/fixes.

Microsoft Security website - Info on updates and security issues for all Microsoft versions.

Norton Anti-Virus Center - Details of new virus threats and info on virus removal tools and instructions for removing viruses.

Gladiator Security Forum - Good source of info and support on various security software packages and security in general.


That completes this tutorial. If you have any questions or comments regarding the contents of this document please PM me or one of the other tutorials team members.

Tutorial written by petervaughan
Original Article by: petervaughan - Edited by: csogilvie