This excerpt is from network engineer Yves A Martin who also is the founder of M-Quak Computer and Internet Sepcialists.
Recently a computer security expert stated that the only way to keep a computer 100% safe was to never turn it on. It turns out this inaccurate and a little misleading. A computer used solely to type up and print out documents, never connected to the Internet and that never received files transferred from some other computer, could in fact be a useful 100% secure computer system. This brings us to the two main ways viruses and other malware get on a computer: through a network like the Internet and file transfers from other computers.
Users want to attach computers to the Internet and receive emails, instant messages; browse web pages, download music and fun software etc. The problem is that this puts not just millions but billions of people at their doorstep! Imagine that if billions of people could reach a home instantly – how many ill intentioned people would come by to see if the doors and windows were secured? How many con artists would knock on the door? An Internet connected computer is in just that predicament.
When a computer is connected to a network by design it starts listening for communications from the outside world. Things known as ports get created which are special “doors” to the computer. These doors are special because they each have a designated program that will answer the door if it is knocked on. Examples of programs that listen for traffic from the network include:
instant messaging programs
Internet phone software
software for connecting to the computer from remote locations
Even the operating system itself opens ports to share files or a printer or anything else on the computer. Each of those programs creates a “door” to a computer that it will answer if someone “knocks” on it. If that program is poorly designed then when it answers the “knocking” program could take advantage of it and thus compromise the computer.
In addition to people being able to come across the Internet and knock on one of the “doors” mentioned above - by using a web browser and surfing the Internet users are inviting people to access their computers. Every time a web site is browsed the web browser is downloading files to the computer and processing them. If that web browser is not programmed properly it is a huge security risk. For example on December 12 of 2008 Microsoft reported a big security hole in all versions of its Internet Explorer browser. The hole permitted data stealing software to be installed on the victim’s computer just by browsing an infected web page! Other examples of programs that invite access to your computer:
File sharing and music sharing programs (by far one of the largest security risks)
Instant messaging software
So aside from isolating a computer from the outside world, how can one protect a computer system? Here are some tips:
Don’t use Internet Explorer as your main browser. I am not bashing Microsoft or Internet Explorer particularly and something should be made clear: It is not necessarily that other browsers are programmed so much better but that 80% of people surfing the Internet are using Internet Explorer. Thus thieves interested in gaining access to the maximum amount of victims are going to spend most of their efforts exploiting the security holes of the browser that 80% of the people are using.
Put a firewall between your internal network and the Internet. A firewall’s job is to keep out those billions of people who can be at your doorstep instantaneously. It will only allow those you invite to knock on your computer’s door.
Use a Firewall on each individual computer. The network firewall mentioned above is a big step toward protecting the internal network. The problem is that it generally won’t protect users from themselves. A user browsing a website is telling the network firewall that it has given an invitation to that website and to permit files from that site to come through. If the user browses an infected website with a browser that has a security hole a virus will get into the network. If it is a certain type of virus it could start replicating itself within the local network. A computer firewall defends against this sort of problem.
Update your operating system and browsers. Security holes are constantly found in all operating systems and all browsers. Software updates patch these holes.
Use a good and up-to-date antivirus and spyware program. These programs help prevent damage from viruses that do make it to your system.
Backup your data. Short of isolating a computer it is impossible to 100% secure a system. If you backup your data then should the worst occur having good backups will prevent disaster.