Security is a process, not a product. Even the best software out there won’t protect you if you don’t use it properly. Fortunately, there’s a lot of good software built right into the operating system, and this topic focuses on making it work for you.
Security is also a tradeoff between convenience and risk, so I look at a few places where you can choose to take a less aggressive security posture in return for less intrusion on your life. It’s a fair trade — there are no wrong answers.
Throughout this topic, I focus on the Windows Vista security tools. Other than a basic firewall, the older Windows XP has virtually nothing built in and therefore relies on third-party tools. Vista isn’t perfect, but it’s leaps and bounds ahead of XP.
Visiting the Windows Security Center
The Windows Security Center (WSC) was introduced to Windows XP in Service Pack 2, and was improved as it was carried forward into Vista. The job of the security center is to monitor the status of various security-related settings and to give you an easy-to-read view of your security posture.
The picture of the shield with the exclamation mark in Figure 3-1 is your first indication of a problem.
Figure 3-1:
The Windows Security Center alert in the system tray showing a warning.
If your computer has a more serious security problem, you see a red X instead of a yellow shield, as shown in Figure 3-2.
Figure 3-2:
The Windows Security Center alert showing a serious problem.
Double-click on the Security Center alert icon to bring up the security center, which is shown in Figure 3-3.
The WSC is broken down into four separate areas:
♦ Windows Firewall: This area protects your computer against incoming and outgoing connections, which is an additional layer of defense if you’ve already got a hardware firewall.
♦ Automatic updating: This service automatically downloads and applies patches if you’d like, which ensures your computer is always up to date.
♦ Malware protection: This area shows the status of both anti-virus and anti-spyware software.
♦ Other security settings: This area is a grab bag of extra security features.
Figure 3-3:
The Windows Security Center.
Each item in the Windows Security Center is shaded according to its status and also provides a line of text to further describe the status. Based on the dark shading, you can see that Figure 3-3 has a serious problem with the firewall because the firewall is turned off. The other elements seem to be healthy.
If you don’t see an icon in your system tray, your computer probably meets all the requirements of the Windows Security Center. If you still want to check, go to the Control Panel and then click on the Check this computer’s security status link.
Exploring the Windows firewall
The Windows firewall’s job is to inspect the network packets that go in and out of your computer and to decide if they’re allowed or not, based on the configured policy. The policy is changed over time based on feedback from the user. For example, using a new program might prompt you for permission to allow that particular program to make the network connections.
The firewall tracks down connections to the application. One application may be permitted to make a Web request, but another application might not. By doing so, you have an increased chance of spotting malware because you will be prompted when the application tries to make a request that is out of character.
Turning on the firewall
Turning on the firewall is a straightforward process.
1. From the Control Panel, click the security icon to take you to the security menu within the control panel.
This is shown in Figure 3-4.
Figure 3-4:
The Security menu.
2. From the Security menu, select Turn Windows Firewall on or off to take you to the firewall settings menu shown in Figure 3-5.
3. From the Firewall Settings window, select the On (Recommended) option and click the OK button.
Your shields are now up!
Living with the Windows Firewall
If firewalls were foolproof, then you’d never have been given the option of turning it on — it would be just a part of Vista you never thought about.
Unfortunately, the firewall is not perfect, and it can’t react to every situation. By default, the firewall blocks incoming connections. But what if you need a connection to come in?
When an application requests the ability to listen for incoming connections, and the policy would block that, you are given the opportunity to override the block through the dialog box shown in Figure 3-6.
Figure 3-5:
The Firewall Settings window.
Figure 3-6:
Vista prompts to allow a connection.
The dialog box shown in Figure 3-6 is light on details. You’re being asked to decide whether or not an application should accept connections. If you allow it, the Windows firewall will allow incoming connections into this application.
To be clear, the application has requested the privilege of accepting connections. The first question you should ask is "Did I just launch that application?" If the query came while you were in the middle of browsing the Web, then you should be extra cautious.
After you determine that the alert was as a result of a program you chose to run, you should ask "Is this the type of program that accepts network connections?"
On the Internet, a client (your computer) connects to a server to get some information. The connection is always made from one side to the other, and having a connection come in to you if you’re a client is rare.
Therefore, if you see an alert asking you if you’d like to accept connections, you should qualify the last question by asking yourself why someone would want to connect to me.
You want incoming connections on the following scenarios:
♦ When you’re running some server software such as an FTP server.
♦ When you’re running a peer-to-peer (P2P) file-sharing program that shares out parts of the file as you download the rest.
♦ When you’re running some remote control software and want people to be able to control your computer.
It’s also important to note that if you’re behind a router, then people from the Internet can’t make direct connections to you and wouldn’t be able to connect to the application anyway. There are exceptions to this, such as if you’ve enabled port forwarding.
If you want to allow the application to receive connections, then click Unblock. If not, click Keep Blocking.
Using automatic updates
Software isn’t perfect. Actually, if you spent some time as a software developer, you’d be continually surprised when it works at all. A popular quote among developers is "If we built buildings the same way we built software, the first woodpecker that came along would destroy civilization."
Despite Microsoft’s biggest efforts, bugs exist in Windows. Some of them are pretty tame such as "screen doesn’t redraw properly." But some of them are pretty bad like one that surfaced in late 2008 that allowed anyone that could connect to your machine to take it over. Oops.
Patches are pieces of software that fix bugs. Think of using patches as patching up a hole in a wall, or in a bike tire. Microsoft releases these patches every month, and you can download them to make sure your computer’s software is up to date.
The problem is that Microsoft software often has bugs and, therefore, it tends to release a lot of patches. Chances are you won’t remember to download every single patch every month. Figuring out which patches are necessary is also a problem. So Microsoft introduced Windows Update some time ago, and more recently, made it install patches automatically, should you allow it.
In Figure 3-7, the line corresponding to automatic updates has been pulled down to show some more details.
Figure 3-7:
The Windows Security Center showing the automatic updates option
Click on the Change settings button to bring up the automatic updates configuration, which is shown in Figure 3-8.
From here, you have two options:
♦ Install updates automatically: In this mode, Windows checks for updates periodically and installs them.
♦ Let me choose: Gives you more flexibility on how you apply your updates.
If you choose the Let Me Choose option, the screen in Figure 3-9 appears.
You can select one of the following options:
♦ Install automatically: This option is almost the same as the one in the previous menu. Updates are downloaded and installed without your intervention. The difference between this and the previous menu is that you get to choose the time the updates happen.
Figure 3-8:
Configuring automatic updates.
Figure 3-9:
Showing the available options for Windows Update.
♦ Download updates but let me choose whether to install them: If you’re not comfortable with updates happening without your knowledge, choose this option. When new updates are released your computer downloads them and then prompts you to download them.
♦ Check for updates, but let me choose whether to download and install them: This option is similar to the last option, except that the updates aren’t downloaded automatically. I find this option to be troublesome because I like having the updates happen when I’m not using the computer.
♦ Never check for updates: If you want to do it by hand, choose this option.
I recommend setting your system up for automatic updates, so you won’t miss an update.
