|
|
|
|
|
|
|
|
|
|
| • |
|
| • |
|
| • |
|
| • |
|
| • |
|
| • |
|
| • |
|
| • |
|
| • |
|
| • |
|
| • |
|
| • |
|
| • |
|
| • |
|
| • |
|
| • |
|
| • |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
|
General
Please keep Windows patches up to date
and follow safe computing practices.
To obtain any hotfix for a Microsoft product, you may use the
Microsoft Hotfix Request Web Submission Form.
Laptop Security
Passwords
- The Basics. Everyone knows that you should protect your passwords, and
not share them with anyone or write them down on yellow sticky notes
attached to your computer screen. Most people know that longer and
uncommon passwords are more secure because they are harder to guess, and
that you should not use any personally identifiable information in your
password. Some people are aware that it's a good idea to change your
passwords every now and then. Not as many people know that the biggest
threat of fraud comes not from a person-a family member or a
co-worker--guessing your password, but from computerized
password-cracking robots hunting for under-protected computers
worldwide, day and night.
- Pitfalls.
-
Do not use any common passwords, especially your name or your login
name. Some very common passwords are: password1, abc123, myspace1,
password, blink182, qwerty1, 123abc, baseball1, football1, 123456,
soccer, monkey1, liverpool1, princess1, jordan23, slipknot1, superman1,
iloveyou1 and monkey.* If you are using any of these, change your
password right away to one that follows the rules.
-
Make your password strong and memorable; better yet, use a passphrase.
Use at least 8 characters; 14 or more is best. Combine letters, numbers,
and symbols. Use words and phrases that are easy for you to remember,
but difficult for others to guess. Misspelling at least one of the words
in your passphrase makes it more difficult to crack. Example: My 2
*katz* are black
-
Do not use the same password everywhere. If any one of the computers
or online systems using your password is compromised, all of your other
information protected by that password is in danger of being compromised
as well.
-
Change your passwords regularly. A password that is shorter than 8
characters should be considered good only for a week or so, while a
password that is 14 characters or longer (and follows the other rules)
can be good for several years.
-
Never provide your password over email or based on an email request.
Any email that requests your password or requests that you to go to a
website to verify your password is almost certainly a fraud.
-
Do not type passwords on computers that you do not control, such as
those in Internet cafes, computer labs, shared systems, kiosk systems,
conference centers, and airport lounges.
-
More information:
Strong passwords: How to create and use them
What to do if you're a victim of fraud
Wired.com
Anti-virus
-
Sophos Anti-Virus is
available for no cost to all registered UBC students, staff and faculty.
A CWL is needed to download. Among the versions available
are those for all current Windows systems and Mac OS 8, 9, and X.
- Active Virus Shield
powered by Kaspersky Lab, is one of the better free anti-virus packages available
for Windows users. The program installs smoothly, pulls down hourly virus definition
signatures from Kaspersky Lab and features realtime protection (including e-mail scanning).
- House Call
is a free online virus scan tool which
uses Javascript so there is nothing to install.
Anti-spyware
Spyware generally refers to an application running silently on
your system, collecting data on your websurfing, and reporting back to the
spyware installer.
- Spybot
can detect and remove spyware of different kinds from
your computer.
- SpywareBlaster
prevents the installation of ActiveX-based spywares, adwares,
browser hijackers, and dialers.
- Bugnosis (IE only)
reveals web bugs and find out who's tracking you
on the Web.
Firewall
A firewall blocks unwanted access from the Internet.
- ZoneAlarm or Outpost Firewall (Windows)
Windows XP with Service Pack 2 (SP2) has a built-in firewall, which is enabled by default.
Other Windows users can install a free third-pary firewall such as ZoneAlarm or Outpost Firewall.
- NetBarrier X4 (Mac OS X)
Mac OS X has a built-in firewall (ipfw) and can be enabled thru: System Preferences -> Sharing -> Firewall. If you don't want the built-in firewall, there are third-party firewalls that you could buy.
- Firestarter (Linux)
Firestarter is a front-end graphical user interface (GUI) that uses the Netfiler (iptables/ipchains) system. Firestarter is available for use in GNOME and KDE desktops. For installation guide, see Installation - Firestarter.
RootKit Detection
A rootkit typically hides logins, processes, files, and logs. Rootkits may include software to intercept data from network connections, and keystrokes.
- Sysinternals RootkitRevealer scans your system for rootkit-based malware.
- F-Secure Blacklight detects and eliminates active rootkits from the computer.
- GMER, a free rootkit scanning tool built
by Polish Windows internals guru, is widely hailed as the best at ferreting out stealth
rootkits from PCs. GMER does an excellent job of finding hidden processes
hidden services, hidden files, hidden registry keys, hidden drivers and all kinds of
driver hooking. It can also serve as a process explorer to monitor the creating of
processes, the loading of drivers and libraries and file function and registry entries.
- Rootkit Buster by Trend Micro.
- Rootkit Detective by McAfee.
- DarkSpy AntiRootkit
- Microsoft Malicious Software Removal Tool
Software Inspectors
A rootkit typically hides logins, processes, files, and logs. Rootkits may include software to intercept data from network connections, and keystrokes.
Safe Browsing / Email
Internet Explorer is more prone to malicious software (malware) attacks due to ActiveX.
Malware mostly depend on ActiveX for their activation and propagation to other computers.
Check out Firefox.
- Firefox
(web browser) includes an integrated pop-up blocker, tabbed browsing,
and has a cool feature called
- Thunderbird
(e-mail client) supports multiple e-mail accounts, POP, IMAP, LDAP address completion,
and has a built-in Bayesian spam filter. Like Firefox, Thunderbird
lets you also add additional functionalities through
"extensions".
- Haute Secure is a browser plug-in currently
available for Microsoft's Internet Explorer that does realtime blocking of drive-by
malware downloads. The tool fits behavior-based profiling algorithms into the browser
(Firefox support is coming soon) to identify and intercept malicious files in real-time.
-
LinkScanner Lite from Exploit Prevention Labs is a product that supports Firefox.
-
NoScript for Firefox
is a Firefox extension that does preemptive blocking malicious scripts and allows
JavaScript, Java and other potentially dangerous content only from sites you trust.
It also blocks Flash and other potentially exploitable plugins, and provides
the powerful Anti-XSS protection.
Miscellaneous Tools
- File Shredder is free desktop application for shredding (destroying) unwanted files beyond recovery.
- CCleaner is
a free system optimization and privacy tool that can be used to remove unused files
from your system -- allowing Windows to run faster and freeing up valuable hard disk
space. CCleaner also removes temporary files, URL history, cookies from the three main
Web browsers (IE, Firefox and Opera). It can also be used to delete temp files and
recent file lists for all those third-party applications sitting on your PC.
-
PC Decrapifier removes crapware that comes
pre-installed on Windows computers. This program will not remove crapware from older
computers but is perfect for new machines that ships with trialware.
There is a long list of products
it will find and remove, including QuickBooks Trial, NetZero Installers,
Earthlink Setup Files, Google Desktop and the myriad of anti-virus trialware apps.
| |
