Security for Home and SOHO Computers
(Also check out the FAB page for more!)

1. Install a Firewall, for instance, AntiVir
   ZoneAlarm* or Tiny Personal Firewall*
2. Install a Proxy server
3. Install a proxy Filter - Proxomitron or here.
4. Setup your browser to use the proxy.
5. Setup your proxy to use the filter
6. Setup your filter to use your ISP proxy.
7. Install a modern Anti-Virus program

   Install a Spyware checking program - MajorGeeks

1. Don't use Spyware[Adware]-enabled software - like download managers, even Netzip from Real networks, Smartdownload from Netscape, Opera, Kazaa, and many others. Other Spyware could inclide PIMs, screensavers, etc.
2. Go here for a list of known Spyware.
3. Spyware can damage or compromise your system as much as a virus.
4. Go to Spyware-Guide for more info.

There are so many ways for trojan programs to start up whenever you start Windows. There are many programs which monitor the common startup areas, such as, win.ini, system.ini, startup, registry run keys. However none of them can monitor ALL the possible ways to autostart a program. For more information follow this link:
try Nohack or here or click here for the plain text version.

Found a great little program which lists most of the Autostart entries mentioned above on your computer. It is called StartupList and can be found here. Get it now. Also, on the same page, is a link to Spybot Search and Destroy and HijackThis, a browser hijacker detector and removal tool.

1. Install a modern Anti-Virus program - pick one that doesn't trash your entire inbox when a virus is detected and removed from email.
2. Install 2 Firewalls - with filtering capability
3. Install a Proxy server - AnalogX or Junkbusters
4. Install a Filter - Proxomitron or here. If set up right, this is the best filter proxy bar none. Click here for the 2 Ver 4.4 compatable SSL dlls (ssleay32.dll, libeay32.dll) you need for filtering https urls.
5. Install monitor programs
6. Install HTAstop - from Privacy Software Corporation. It stops hta scripts from running when you visit a rogue web site.
7. Encrypt your email
8. Install Spyware checking programs - AdAware and companion AdWatch, a task tray monitor.
9. Setup your browser to use the proxy.
10. Setup your proxy to use the filter
11. Setup your filter to use your ISP proxy, or anonymous proxy.
12. Go to Privacy.net - If you see your IP address at the end of X-Forwarded-For:, you may want to consider using an anonymous proxy service like Freedom.net, or use a program like MultiProxy.
    Or use a fee-based anonymous proxy service like the one at LDProxy.
13. Go to Privacy Software Corporation and get control over your internet surfing (NS or IE Clean), and trojan protection (BOClean - one purpose - one job - does it exceptionall well).
14. Go to corporate windows update for Win98, here for Win2000 (huge number of security issues), or windows update for a menu.
15. Go to Microsoft TechNet Security - Security Bulletin Search
16. Clean out the GUID from your MS Word 97 documents, and stop Word from adding GUIDs to new ones.
17. Put your own entries in your Win Hosts file to block pop-up ads and double-click type profiling. Go here for more info.
    

Well, we have seen a huge number of infected computers this spring, due mostly to the Netsky and Sasser worms. Microsoft vulnerabilities never seem to end for their "secure" operating systems. But I suppose we must thank Microsoft for all the overtime needed to fix the problems.
A very indepth and thorough page regarding "Securing your PC" written by Paul Szabo of The University of Sidney can be found here. It is kept up to date. It lists and links a huge number of vulnerabilities. It has solutions. Try it, I think you'll be there for quite a while, because there is so much to read and heed.

Is Microsoft issuing patches for all discovered vulnerabilities? Don't think so. Sign up for this mailing list and Go here to find out!

Then go to Windows Update and get any updates for your verson.

For you Win2000 users, go to the NSA site to download a large number of pdf documents related to securing Win2000, which has a few holes.

WARNING
For those now using Windows XP - there is a very serious vulnerability which leaves the computer wide open to attack, especially if you are using a high speed connection to the Internet, because Universal PnP is turned ON by default. Go to Steve Gibson's site for more information and a small program to allow you to simply turn it off.

Double clicking on innocent looking files may be dangerous - go to the Georgi Guninski security advisory to learn more.
Also see the link at the bottom of the page to GFI's page for an email security test.

1. EasyCleaner - A small program which searches Windows' registry for entries that are pointing nowhere.
2. OleClean - The purpose of this program is to remove the Ole garbage left in the registry after installing and deinstalling several Ole (Com) dlls.
3. Registry Pruner - Clean up your Registry's SharedDLLs key. Orphaned entries can cause install and uninstall programs to misbehave. And can even trigger bogus Registry Corrupted error messages.
   The program can also remove "ghosts", entries in the Control Panel's Add/Remove Programs list that remain even after a program has been uninstalled.
4. Notify - Alerts the user when it detects any kind of change in a directory it has been told to monitor.
5. ScanSys - This is like the Win98 System File Checker. Excellent for Win95, runs on Win98 as well. Keep tabs on system file changes brought on by software installations.

1. SetBrowser - Lets you set the default web browser in Windows.
2. HTAstop - from Privacy Software Corporation.
3. Script Defender - from AnalogX - associate it with certain scripting file extensions.
4. ScripTrap - ScripTrap traps scripts when they attempt to run on your computer and provides the option of blocking them or letting them continue to run.
5. WatchDog - On its first run, WatchDog will prompt you to associate it with certain scripting file extensions. Once associated, WatchDog becomes the default program for Visual Basic Script (VBS) and other scripting files. When one of these files is launched, WatchDog will look it over and warn you of any possible security risks. You can then determine whether the file is supposed to be taking these actions and how to proceed.
6. CookieWall - from AnalogX!
7. IEClean - from Privacy Software Corporation. Keep control of Internet Explorer!
8. CacheSentry - This is a program that fixes serious bugs in the Internet Explorer cache manager (versions 3.0 on up through and including IE4 SP1, Internet Explorer for Windows 98, and IE5.5).
9. CacheMonitor - New version of CacheMonitor II used for tracking Internet cache changes.
10. Watch Your Back - In a nutshell, WYB! will safely remove a read receipt without the sender knowing that you removed it. When a read receipt is detected, you can be alerted to its presence, remove the read receipt, or read the message without the sender knowing that your message has been read. Although this is Shareware ($12.00) I thought it was important enough to include in this category. No more "I spy" using read receipts!
11. Microgarden Outlook Tools - If you're tired of people using read-receipts as ammunition or as a tool to see when you're at your desk (so that you can be attacked by a phone call), our read-receipt blocker disables any receipts as soon as they arrive.
    The BCC notification mechanism is for those clumsy people who sometimes forget they have been BCCed and blow their cover by replying to the message. This tool reminds you that you have been BCCed to prevent accidental replies.

* Tiny Personal Firewall is very good. It comes with a few rules already to go, including DNS. All rules are easily edited, however. Good for novice to advanced. Very nice log files and stats file.

Both are free for personal use. Other free firewalls are not mentioned because, as of this writing, they don't MD5 checksum the internet applications after the access rules are created. (Many of the not-free ones do not check either.)
Remember: only authorize trusted applications! If you are not sure of the program name, research it first. If you authorize a trojan or spyware as a trusted application then the firewall isn't going to help - YOU let it happen!

Now, are you really secure against Javascript or Activex dangers?
Go here to find out:  Security Testing Center

Secunia has a browser-checking site as well, using https - very interesting! For the ultimate in browser testing, try BrowserSpy!