200,000 sites spreading web malware Just in case you think there is no need for securing your computer while connected to the internet, read this ZDNet article for an eye opener on just how hard the bad guys are trying to hijack your computer.

FireEye Malware Intelligence Lab This site is a great place to keep your finger on the pulse of where malware is coming from, and a source of addtions for your hosts file to prevent stumbling on the wrong sites.

Blocking unwanted web sites This Microsoft MVP page explains how to use a hosts file to block web domains that you don't want to connect to while surfing the internet. With the use of a hosts file you can block ads, avoid malware and hijack sites, avoid porn sites, or any other undesirable web site you don't want to connect to.

They provide an already filled in hosts file that is very comprehensive, so much so that it may block sites you actually want, for instance it blocks all ads from Google Ads which I use on my web sites to try to earn money. Not to worry, the hosts file is easily edited to remove entries you don't want to block, with any text editor.

Another thing I noticed about their hosts file was that it prevents MSN Messenger compatible chat programs from connecting. To fix this, remove the section of the file which has the following label above it - [Microsoft via MSN Ad Servers] The file is conveniently arranged in sections where each section represents a particular entity on the web.

Jump down to Windows security software.

The page is written by Microsoft MVPs so the instructions are all Windows oriented, but Linux users can take advantage of a hosts file as well. On a Linux system the hosts file resides in the /etc folder. The hosts file you download from the Microsoft MVP web site is named HOSTS so on a Linux system which is case sensitive you will have to rename the file hosts in lowercase to get it to work

Linux users will also need to add the following two lines from their original hosts file to prevent problems with localhost.

Replace ray-desktop with your own host name. The easiest way is to copy and paste them from your original hosts file before saving over it with the new one. To edit the hosts file in Ubuntu, I usually use the command "gksu gedit &" in terminal to start the gui text editor in root mode. This requires typing in an admin level user's password.

Linux users take note that there will also be a hosts.deny and a hosts.allow file in the /etc folder but they serve a different purpose than the hosts file. The hosts file blocks outgoing connections, while the hosts.deny file blocks incoming connections.

So, go get your hosts file and start surfing the web safer from now on.

HostsXpert This page is where you can get a good tool to work on your hosts file once you have one. The program at this site allows you to do the following.

Append File, Replace File, Merge File, Create Backup, Restore Backup, Restore MS Hosts, Add to Hosts Files, Delete Line, Toggle Comment, Sort File, Swap Localhost, Remove Block Items, Copy to Clipboard, Make Hosts read-only/writable toggle, Search, and Open in Memopad. It can also download a new copy of a hosts file from the Microsoft MVP web site, Remove Whitelist Items, Add Whitelist Items, View Whitelist, Save and Exit Whitelist, and Exit Whitelist without saving.

HostsXpert is a Windows program only, and works with any version from 98 to Vista.

Once you have your hosts file in place and keeping you moderately safe, you now need to consider getting a good Firewall program, and an Anti Virus program. This is more for Windows users as there are more viruses written for them than anyone else's operating systems. I just checked the system information in the Clamav anti virus software, and it claims it has a database of 469,318 virus signatures currently. Those are Windows viruses for the most part. See - Linux Viruses and Computer Viruses and Why Linux user's don't worry about viruses

I'm currently running mostly Ubuntu Linux, and on it I don't need anti virus software constantly running and checking every file I run as it starts, which is very common for Windows systems where infection is so prevalent.

As long as a Linux user sticks to their approved software repository sites for installing their software from, there is virtually no chance of becoming infected with malware. Each distribution of Linux for the most part has their own software repository where they can get software designed for their particular flavor of Linux. A Linux user can still surf the net looking for, and downloading software to install on their systems, which gives them a marginally higher risk of problems, but so few viruses and malware have been written for Unix and Linux systems, that they are few and far between.

A Firewall program monitors your system for connections to the internet, and has the ability to block incoming, and outgoing connections to your computer. In windows they usually pop up a dialog the first time you attempt to connect to the internet with a new program you haven't used before, and asks you if you want to give the program access to the internet. If you do not recognize the program as one you really wanted to connect with, you can deny it access to the internet or network, then investigate the program you didn't expect, to see if you need to get rid of it.

A Firewall also listens to the ports on your computer for incoming connections from the internet or network, and warns you when some process attempts to connect to your computer via any of those ports. It also blocks the access, and hides the fact that your computer is even there to the process that attempted to connect ideally, with the better ones logging the connection attempt, type of attack attempted, and the ip address or domain name of the attacking machine. Some Firewalls have the added ability to trace the route taken to your computer by the attcking machine, as an attack is usually routed through several machines on it's way to your computer.

Once again, on a Ubuntu Linux machine, most of the usual work of the firewall is done by a simple text file in the /etc folder. This file is called hosts.deny and is set to block all access to your computer from outside by default. Unless you are going to run a web server, or other server software on your machine, it is best to leave the hosts.deny file set to block all connections which takes care of half of what a firewall program is designed to do.

There is also a hosts.allow file in the /etc folder on Ubuntu, and it's job is to define which machines are allowed to connect to your computer from the outside. It acts as a white list of domains or ip addresses allowed to connect, and what services they are allowed to connect to, on your computer. Both the hosts.deny and the hosts.allow files are simple text files, but are owned by the system root, and cannot be casually changed. It takes someone with admin priveleges and the admin password to edit these files.

So, on a Ubuntu or other Linux system most of the work of the firewall program is already taken care of by the settings in those three files, which are checked by the appropriate programs before they attempt any connections. I still have a firewall program, and it runs at start up, but I don't really know what I need it for.

This still doesn't help the unfortunate Windows users, so I'll add some links in here to the most recommended Firewall, Anti Virus, and other malware related prevention programs that I read about in the many Computer User's Groups that I belong to.

PS Tools These are a collection of tools from Microsoft that include one which is particularly useful for protecting yourself in your internet applications. If you insist on running in administrative mode in windows PSExec can be used to run your internet applications in restricted mode so you are protected from your mistakes while surfing or reading email. Use the following command line in front of the call to your internet application in it's shortcut

C:\windows\system32\psexec.exe -l -d

This assumes you have placed psexec.exe in the system32 folder. For a primer on the use of the PS tools, see this page.

AVG Anti Virus Free Edition This is a very popular anti virus program which updates it's virus definitions on a daily basis when you are online.

Avira Anti Virus This is another free anti virus program which also updates it's virus definitions regularly. It is highly regarded in the user's groups.

Avast Anti Virus Yet another free anti virus program that is often recommended in the user's groups.

Trend Micro HiJackThis If you do happen to get infected with some form of malware, this is one of the best tools to use to analyze your system, so you can remove the offending infection. This program generates a report which then can be uploaded to one of the many HiJackThis forums, where experienced people help you analyze the results, and decide what needs to be removed from your system to clean it. UPDATE: This help forum is now inactive.

You can upload your HiJackThis logs to the Simply Computers user's group, and there will be people there willing to help you analyze the log, and fix the errors it points to.

Here is a place where you can paste your HiJackThis log file into a form, which will check it and report back to you which entries are suspicious or known problems. This is a good first stop for analyzing your HiJackThis log file, after which you may also need to do further research to determine any remaining unknowns you may have logged. HiJackThis log Auto Analyzer V2

Simply Computer's Wiki This link is to one of the user's group's Wiki page on anti malware applications that are recommended by them. There are links to anti virus, and anti spyware programs recommended by this group.

Free Zone Alarm This is a free version of one Firewall program available. I've used it, and it only allows a certain number of outgoing programs to be authorized to access the internet in this free version. If you have a lot of internet programs you won't be able to grant them all permission to access with this Firewall, unless you buy the paid version of it.

There is also a very good free Firewall called Sygate Personal Firewall, which I am using now. I have tested it against several port scanning web sites, and I always get rated as being invisible to them, so it works pretty good.

Comodo Firewall This firewall now includes anti virus components. I've often seen it recommended on the user's groups.

Personal Firewall Reviews This page lists many, many firewalls you can try, and also reviews them for you.

AV Comparatives This site compares many different Anti Virus programs on their effectiveness at detecting viruses, trojans, and other malware variants. It gives details on just how many malware problems each of the packages they evaluate actually detect, and ranks them accordingly. They also make the results availalble in a .pdf report you can download. They include data on false positives for each Anti Virus program as well, and a report on how well they detect new viruses.

Like this page? Link to it from your own website; just copy/paste this HTML:
<a href="http://www.rayslinks.com/Internet.html">Internet links</a>