Using Windows safely
Microsoft Windows can be safely used on the internet, but because it has inherent design limitations, using it safely requires more knowledge, skill and care than using other operating systems. This article will attempt to give less experienced NCF members who choose to use Windows on the internet some background knowledge to help them avoid problems.
Some experts have estimated that almost half of all Windows computers are part of botnets, due to malware infections. Malware installed on your computer can can not only slow your computer down, steal your data, steal your banking and credit card information, but also use your computer to send out spam, individually or as part of a large spamming network, known as a botnet. It is this spamming that results in NCF email getting on email blacklists and stops NCF mail from getting to its destinations. When NCF mail gets blacklisted due to spamming, malware on your Windows computer is now affecting everyone else. The best defence is to make sure your computer is clean and used safely.
- 1 Anti-virus
- 2 Anti spyware
- 3 Firewall
- 4 Don't install random programs
- 5 Don't routinely run an admin account
- 6 Browser toolbars
- 7 Watch out for USB drives
- 8 Don't use Internet Explorer
- 9 Don't use Outlook Express
- 10 Run your updates
- 11 Back-up your files
- 12 Unsupported operating systems are at risk
- 13 See also
- 14 Additional reading
Make sure that you have an installed and functional anti-virus program and that its virus definitions are updated daily. New malware is identified every day and unless your anti-virus has the latest virus definitions it can't identify new viruses. Most anti-virus programs can be set to update their definitions automatically and also do a complete system scan automatically as well. On Windows it is recommended that that a full system scan be programmed to be carried out every day. Because a full system scan can take a lot of computing power, it is best to set these to run in the middle of the night when you aren't using the computer for other tasks.
A scanner that offers real-time scanning of email and website downloads will give much better protection, but no scanner can protect users against zero day exploits, that is new malware that hasn't been identified yet. Because of this, anti-virus is not a complete solution to keeping your computer safe, but it is one useful tool.
Effective anti-virus doesn't have to be expensive, in fact the high-cost ones often slow your computer down a lot, while the free software and freeware ones tend to use fewer resources and are at least as effective. Especially with older computers, not overloading the computer with resource-intensive programs is important, as they cause it to slow down.
Some free anti-virus applications that NCF members have tested are:
- Free software
- ClamWin - free software (only does real-time scanning on Microsoft Outlook, however via an add-in feature.)
- Commercial freeware
An anti spyware application is recommended in addition to an anti-virus program. Some that have been tested by NCF members are:
- Commercial freeware
You need to have a firewall program running to block intruders.
If you are using an NCF-supplied DSL modem then it will have a hardware firewall already configured and running. In other cases ensure you have a firewall at the DSL modem or at the PC level in use to prevent intrusions.
If you aren't operating behind a hardware firewall, or if you aren't sure if you are, such as when you are on open-wifi at a library, coffee shop or at a friend's house, then you need to have a software firewall running. Windows versions starting with XP SP2 and on come with Windows Firewall already installed, you just have to configure it to use it.
Which firewall to run will depend on how much protection you need and how much power your computer has available. Running a lot of protection software can slow older computers right down.
Recommended software firewalls:
- Commercial freeware
You can test your modem security configuration, the effectiveness of your firewalls and other security measures against on-line intrusion with this online test:
Don't install random programs
A lot of malware is offered as "free screensavers" or programs to "make your PC run faster". Be aware that these are all tricks to get unwary Windows users to install malware.
Only install software from reputable sources. If in doubt, don't install it.
Be very wary of any file that has an extension of ".exe" (Windows executable) or ".scr" (screensaver). Be very careful of files that have double extensions such as ".txt.vb" or ".jpg.exe" as these are tricks to make you think the file is safe when it isn't. Many versions of Windows hide file extensions and this can display only the "safe-looking" extension and not the ".exe" extension. If you get these in your email from someone you know it is likely malware on their computer that sent it to you to spread itself.
Many attempts to get you to install malware are browser pop-ups that are designed to look like warning dialogue boxes from your computer. Almost all browsers can be set to block pop-ups so you won't see these. If you do get a pop-up examine it carefully before you accept installing anything. Most malware uses social engineering tricks to fool you into installing it.
Think critically about everything you are going to click on.
Don't routinely run an admin account
On Windows the first account created has administrative privileges. This helps you set things up, but if you regularly use that as your daily user account and it gets compromised by malware than the malware has unrestricted access to the computer. Creating a second account to use as a daily-use account will restrict access should that account be compromised by malware.
A lot of users install browser toolbars, sometimes many of them all at once! Some of these are malware and nearly all the rest are adware, essentially spamming you to get you to buy things. Most of these slow your browser down and make the internet run slower for you. Most tool bars are at best useless and take up screen space that could be used to show websites instead.
If you really need one certain browser toolbar then make sure it is from a reputable source, otherwise, give these a miss.
Watch out for USB drives
Other people plugging USB drives into your computer is a quick way to spread malware. If a friend brings a drive over to show you something ensure it is scanned for malware first.
Don't use Internet Explorer
Internet Explorer (IE), Microsoft's own browser that comes with all versions of Windows, is not the best browser choice. Most versions of it are not standards compliant and don't display websites, like Zimbra, correctly, which can make it frustrating to use.
IE also lacks a lot of modern browser features, like spell-checking, "do-not-track" and other useful things.
Older versions of Windows, like Windows XP, cannot use the latest versions of IE. For instance Windows XP cannot use versions newer than IE8, which was first released on 19 March 2009. The older IE versions are no longer supported by Microsoft and have unpatched vulnerabilities that can be exploited by malicious websites and compromise your computer.
There is no reason to use out of date browsers, when better browsers are available for free download and have new versions released frequently. For Windows users NCF has tested and recommends:
- Full-featured browsers
- Lightweight browsers
Most of these other browsers have add-ons available. The use of Adblock Plus and Ghostery will greatly reduce the number of opportunities to download malware and so installing these two add-ons is highly recommended.
- Ghostery blocks a lot of tracking and spyware, but may cause some websites to not work right.
Users should be careful of adding other browser add-ons, especially for Chrome, as some of these are malware themselves. Stick to browser add-ons that have been recommended by reliable sources.
Some people may have to use IE to access work-related websites that only work on IE. These websites are becoming rare these days, but there are still a few of these non-standards-compliant websites around. If you need to use IE for one website in particular then there is no need to use IE for all your other on-line work. You can open and run two browsers at once, if need be.
It can help to have a second web browser installed on your computer, as some websites do not work with all browsers correctly. It may be helpful, for instance to use Firefox as your main browser, but have Chrome installed in case a particular website does not display correctly.
Don't use Outlook Express
The Outlook Express email client came with older versions of Windows, including Windows XP. The latest version is Outlook Express 6.0 which was released in October 2001 and has been unsupported since October 2005. It has many unaddressed vulnerabilities, including:
- Database corruption issues
- Security issues
- Incorrect handling of PGP/MIME signed messages
This article explains more about the problems with Outlook Express.
It is much safer to use Zimbra, NCF's webmail from your browser, or if you want to use a local email client, then Mozilla Thunderbird, is a free software email client that has much better security. Thunderbird's interface is very similar to Outlook Express and so it is easy to learn how to use it. Another alternative is Windows Essentials by Microsoft, which is commercial freeware.
Run your updates
Windows operating system updates are very important, so don't skip installing them! They often contain patches to fix security risks that have been recently identified. If you don't install your updates you are leaving yourself open to malware.
If you find that installing the updates ties up your computer then install them at the end of the day so they can run overnight when the computer is not being otherwise used.
Back-up your files
It is very important to make back-up copies of your files regularly, no matter which operating system you are using. Hard drives can fail, taking all your documents with them. When using Windows this is even more critical because many common Windows viruses will cause system corruptions that prevent Windows from booting. In that case a rescue disk may be helpful for recovering your files. Also even without malware woes, all versions of Windows break down over time and, if not reinstalled regularly, eventually every Windows installation will be come un-bootable.
Back-ups also provide insurance in case your computer gets stolen. At least you will still have your files.
Files should be backed up on a regular basis, perhaps daily or at least weekly. Some people also make archive copies every few months or annually, so that old versions of files can be retrieved.
There are many ways of backing up files, including:
- CD or DVD
- External hard drive
- USB storage device (thumb drive)
- Cloud storage service (such as the free Ubuntu One)
When making back-ups ensure that you back up your browser bookmarks and, if you are not using webmail, your e-mail as well.
Unsupported operating systems are at risk
Older versions of Windows that are no longer supported are security risks. Malware writers know that any vulnerabilities they discover in older Windows versions will not be corrected and that they are free to exploit them.
Here are Microsoft's official dates for the end-of-life for various Windows versions:
- Windows 98 support ended on 11 July 2006
- Windows 2000 and Windows ME support ended on 13 July 2010
- Windows XP support ends on 8 April 2014
- Windows Vista support ends on 11 April 2017
- Windows 7 support ends on 14 January 2020
In the past, by the time most versions' support ran out there were very few users still employing the system, and therefore it attracted very little interest from malware creators. This meant that the risks of running unsupported systems were relatively small in the past. For instance today very few people are writing malware for Windows 98. But Windows XP is an exception, because, as of February 2014 about 14-18% of all computers are still running this soon-to-be-unsupported operating system, making it a large and valuable target for malware writers.
Keep track of your operating system end-of-life date and plan to either upgrade to a newer version of Windows (usually requires buying new hardware) or install a different, supported operating system on your existing hardware.
- How to Avoid Getting a Computer Virus or Worm on wikihow.com
- Windows XP holdouts vulnerable to hackers - CBC article
- A last reprieve for the enduring Windows XP? by Woody Leonhard on Windows Secrets
- Google Throw XP Users a Lifeline by Extending Chrome Support to 2015, OMG Chrome, 25 October 2013
- Support is ending soon - On April 8, 2014, support and updates for Windows XP will no longer be available. Don't let your PC go unprotected - Microsoft article
- 11 Percent of Windows XP Users Will Switch to Linux, Survey Claims, OMG Ubuntu, 21 February 2014
- Adware vendors buy Chrome Extensions to send ad- and malware-filled updates by Ron Amadeo, Ars Technica
- Avira vs avast vs AVG vs Panda Cloud vs Bitdefender vs MSE, review of best free anti-virus for Windows (February 2014)
- One in Two Windows PCs is a Zombie PC (Part of Botnet/s)
- A World Where Almost One in Two PCs is a Windows Zombie PC
- What's wrong with Microsoft? by Dominic Humphries
- Does Ubuntu need antivirus? - good article on security practices for everyone, by AY Siu
- Windows XP User? Here’s 4 Reasons to Switch to Lubuntu This April By Joey-Elijah Sneddon, OMG Ubuntu