Free Monthly Newsletter...and much more!

5 Star Support - Free Computer Help and Technical Support



Computer Security Review

Written by Dave
5 Star Support Volunteer Technician

Original version written 2004
Current update 11/19/06

<>Security Programs and Solutions:

Compatible with PC’s running Windows 2000 professional, XP Home and XP Professional including XPsp2. Users of Windows 98, Windows 98 SE, and Windows ME should refer to the paper on Windows 98 Security located elsewhere here on 5 Star Support. It should also work well with Windows NT 4.0, and if you are running WinNT, Win2k, or WinXP, remember you should be logged on as administrator to install any of these programs. I have not tested any of these programs with Internet Explorer 7.

NOTE: For best (easiest) results, the programs should be installed in the order listed below. If you already have one or more of these installed in your computer, no worries, just add the ones you don’t have. I strongly recommend reading all pages before you do anything to your system to be sure it is something you want to do. The programs listed are free for personal or SOHO use. Companies or businesses should use the paid licensed versions in all cases. Read the licensing agreement to determine which programs require purchase for business use. These programs are all for individual PC or workstation use and are not designed for server installation.

<>Anti-virus and Firewalls:
AVG Anti-Virus, free edition. Download & install, get updates from within program. Set it to run updates and a scan every day at a specified time convenient to you. Set files to be considered out dated after 7 days. Be sure to update daily. Also, be sure to register the program. Not as well rated by many writers as some other antivirus programs, but I cannot understand why because it is a very good program. It does seem to consistently have the ability to “heal” a number of infected files that other programs could not do anything with, and its’ reaction speed to incoming threats, even in email, is very fast. The programming is excellent and the database for definitions actually runs hours ahead of most other antivirus programs. I actually run AVG Pro and I scan daily.

Zone Labs offers a very good free firewall. It is easy to set up, and the help section is very good. If you want to try the Zone Lab firewall, you can get it at:
Just click on the link at the top of this web site page for “Download FREE Zone Alarm” and you are all set. Be sure to register the software and check the can Zone Labs contact you box. If the box is checked, you will receive notification from Zone Labs if there are program changes, as well as new versions of the firewall when they are released. They usually release a new version of their firewall about two times annually. Be sure to read the help file for proper setup.

That should cover you for a very good firewall. Next we move on to Spyware and Adware protection. You should note that if you installed the above Zone Lab firewall, as you install and update the programs below, the firewall is going to pop up a message window asking if the program is allowed to access the Internet. Simply check the box to “remember your answer”, and choose always allow by left clicking with your mouse.


There is one new program recently introduced from the Czech Republic called AVG Anti Spyware. It is from Grisoft, the same vendor that provides AVG antivirus we discussed at the beginning. The program is compatible with Windows 2000 (all versions) and Windows XP (all versions) and is designed to work in harmony with all known anti-virus and firewall programs, and most other security type programs as well. It uses a threat database with an amazing 300,000 + entries that you will be protected from. This is easily one of the largest threat databases currently assembled. I have been running this for a while in my test machine and find that it can dig deeper and find more than any other program I have ever used. 
They have a really great program here. After you download and install the program, you will need to update the database from within the program. After that, you have a full version of the program to test for 30 calendar days. After that time, it reverts to a free version with automatic updates and advanced features disabled until such time as you decide to purchase the program. You can, however, still update and scan manually. All updates for the paid full version of the program are done automatically in the background while you are on-line, saving you the time it would take to do it manually. The database is updated daily, and I have received updates daily since installation. This is truly a great program in my opinion, and I think it is well worth the expenditure. It has proven itself to be able to repeatedly find and quarantine things no other program I have ever used has been able to even detect, let alone deal with.
One final caution: If you intend to use Microsoft’s Anti-Spyware program called Windows Defender, you will have to make a choice. I have found that Ewido Security Suite and Microsoft Anti-Spyware Beta do not get along well together, so you will have to pick one or the other. Trying to run both will also consume a lot of system resources and slow you down considerably.
AdAware SE, personal version by Lavasoft. Download & install. Get updates from within the program weekly. This is one of the better Adware & Spyware programs out there, and nobody should be without it. You may be interested in the Pro version if you like it. It is well worth the $20, and it ads the Ad Watch feature. Then go to:
You can also download and install the plug-ins for AdAware (7 total) including the VX2 cleaner. Spyware in VX2 format is very dangerous, and almost impossible to remove without this, or a similar cleaner. You can also download the instruction manual for Ad Aware SE (PDF format). It covers the entire program and is very helpful, and explains the plug-ins. The manual is highly informative, and I really recommend you save it to your security folder for easy reference and read it. The Ad Aware Pro version manual is also available here in PDF format.
Download AdAware Cloak to a security folder created on your c drive. Put a shortcut to it on desktop. It can be started before running Ad Aware if spy-ware/ad- ware etc. causes program to stall or hang and prevents a normal scan. It hides Ad Aware so it can perform a normal full scan.
Download and install WinPatrol from Bill P Studios. Remember to set Nuts under the cookies tab to prevent cookie types you don’t want. You can clean out cookies daily. You can check which cookies to keep. Great program! By default it sniffs system every 9 minutes for any changes and alerts you to any changes. Once installed, you get warnings about any new programs installed (you will have to answer yes to allow the program to run) or any browser helper objects or home page changes. Remember to answer yes as the programs added below pop up on your monitor (it will take at least 9 minutes for Win Patrol to notice the new program – usually after a re-boot). After installation you should check for the types of cookies blocked. On the newest version, this will be under the cookies tab as NUTS has been removed. The minimal cookie types I recommend you block are: 1805, 2o7, ad, ads, AdServ, atwolla, Banner, bfast, CGI-Bin, Click, Commission, count, gain, gator, hitbox, hot, kazaa, kount, metric, and ru4.
Download & install Spyware Blaster, update from within the program weekly. It prevents many spyware and adware cookies and programs from being installed in the first place. It works by prevention rather than removal. It prevents adware and spyware in its’ database from being installed in the first place. It works by adding restricted sites to your browser.
Download & install Spybot Search & Destroy. Update from within program weekly. Very powerful program capable of making registry edits and changes, so be careful with its’ use. Don’t use the advanced settings until you become familiar with the program and how it works. Also install Tea Timer from the download (check the box for tea-timer during install) as it alerts you to any changes in your start menu, browser home page, etc. or your registry. After it is installed, you will see a new icon for the program (small blue symbol with a lock). It is a good program. You will have to check for newer versions of the program periodically as no e-mails for newer versions are sent. I check 4x annually. About every 3 months. A caution is in order here if you elect to install and use Tea Timer, and it is very important. Tea Timer can, in some instances, prevent the proper install or un-install of programs because it will see a change in your registry, intentional or not. For this reason, if you are intentionally adding or removing a program, I recommend you turn it off so it will not interfere with your intended action (This includes Windows Updates). To turn it off, right click the icon on your tool tray and select “Exit Spybot Resident” from the push up menu. This will exit the program until you re-boot so you won’t have any problems. It will usually pop up after a re-boot when you have installed something new to ask you whether or not you wish to allow this registry change. You will need to check the “remember this answer” box, and then click on “allow change”. Do not use the advanced mode until you are familiar with the program and know what you are doing. Remember that this is a powerful program capable of making registry changes.
Download & install E-Mail Sentinel Pro. It converts e-mails to plain text format for safe opening of e-mails of all types, because no code can be executed from within a plain text document. No restriction on usage, just click on “try now” each time the computer boots up and shows the splash screen for the program. Note that all HTML format e-mail will be converted to plain text, so you won’t get many images or pictures within the e-mails you open while the program is running. The images are most often displayed as a blank box with a red “X” in the upper left corner. The images can be displayed if you so desire by re-opening the e-mail in your browser. After installing, remember to set your options. Under the options tab, left click the + sign next to security. You left click on the security option selection in the left pane and the options display in the right pane. Check the boxes according to your preferences. Latest version v 2.6 is no longer free after a 7-day trial, but it is well worth the $14.95 asking price. If you hunt on the web (Google Search) you may still be able to find v 2.4 or early v 2.5 which is free (unrestricted usage for private use).

All the above security programs’ icons for shortcuts should be organized in a security folder on the desktop for easy access. Put short cuts to all the programs in the security folder. You may also want to set up a security folder in your browser’s favorites section. You can add all these URL’s to the folder as you go along for easy return to the web sites later for updated versions of the programs as they become available.

Remember the main reason for the multiple programs is that one program will catch things the others do not. This is why I have picked them. I base the program selections on their ability to detect and quarantine or remove the greatest number of threats. No one program has it all, and all the detection rules and data base entries are different from one program to the other. Running them all is the only way I have found to get the best protection.

Although this may sound like a lot, remember that as of May 2006, there are over 200,000 known active Viruses, Trojans and Worms out there, and an additional number in excess of 320,000 known forms of active Adware and Spyware programs, not to mention browser hijackers, tracking cookies, key loggers and data miners. That’s a lot to protect you from.

Remember also that this is a word processor document. The hyper links in this document may not always work depending on the browser you are using and your browser settings. If this is the case, you can simply copy and paste the URL links into your browser address bar to get to the web sites easily.

<>Browsers and E-Mail:

If you want to try an alternative browser, I highly recommend Firefox, and use it as my default browser for everything but Microsoft updates or anything specifically requiring Internet Explorer. It is very powerful and fast, and new versions are released about 2 to 4 times a year. It is a robust, very fast, and powerful program that supports tabbed browsing for convenience, and even includes a news feed reader starting with v 2.0. It is much safer and more secure than Internet Explorer in my opinion because it is not embedded in your operating system. You can download and install it for free from:
You should note when you are downloading and installing a new version, you may sometimes need to un-install the previous version first. Always check for installation notes and instructions before downloading and installing a new version. When un-installing, you usually use the “add and remove programs” function from within the control panel. Any needed files for Mozilla are usually retained on the c-drive after the un-install. Just remember to re-boot after the un-install and the new install as the instructions assume you know this. I find it easiest to set up a Mozilla folder on the c-drive and save your downloads to it so that they are easy to find and install from. Simply name the folder “Mozilla installs”. If you choose to use Mozilla products, you will also need to go to:
In order to get the Netscape versions of both Flash Player and Shockwave to use with Mozilla for the best possible browsing experience. They are quick and easy free downloads, and you really should do it. It is important to remember to download them from Macromedia from within the Mozilla browser, not Internet Explorer.

If you like Microsoft Outlook or Outlook Express for an e-mail application, you might want to try Mozilla Thunderbird instead. It is very powerful and secure and really fast. I use it as my default e-mail program. The look and feel of the program is very close to Outlook, but the options are easier to use, and the program is very easy to set up. You will need to know your incoming and outgoing mail server information and password given you by your IP for set up. The help section is excellent. The program is very fast, and as an added bonus, it is an excellent newsreader for RSS and XML feeds. Multiple accounts for mail and news can be set up easily. Thunderbird has quickly become my default email and newsreader service program of choice. The Thunderbird e-mail program is also available for free from:
The same applies to Thunderbird as with Firefox listed above. Always follow instructions before downloading and installing a new version. When un-installing and then installing a new version, the needed files for the program settings are retained on your c-drive after the un-install so you don’t have to set up the program all over again. Remember to re-boot the computer after both the un-install and new install. As with Firefox, I recommend you set up a separate Thunderbird folder on the c-drive and save your downloads to it so that they are easy to find. You can name it “Thunderbird installs”.

<>Mozilla Notes:

All programs from Mozilla are free; open source code offerings, written by some of the best programmers around anywhere. There are new versions of the software released anywhere from 2 to 4 times annually. I have one common denominator or recommendation for all these programs. Read the release and installation notes for each new release. In some cases, you will have to uninstall the previous version before installing the new one. Installing a new version on top of an existing one will always cause big problems. In all cases so far, you uninstall by using the Add & Remove Programs function from the control panel. There is one nice feature though. After removal of a version, windows will indicate not all folders were removed during the uninstall, referring to a remaining program file folder still on the hard drive, and ask you whether or not you want to remove it also. Answer no to this question. The files remaining in the folder are your settings and preferences files as well as any password information, favorites for browsing, etc. Just let the new version install to the same folder created by the older version of the program. This will minimize your set up time for the new version. In many cases you will be ready to go in just a couple of minutes. The latest versions of Firefox and Thunderbird will actually check for new release versions for you and will update and install the new version for you while you are on line. All you have to do is restart the program. This is a very nice feature.
If you really like Firefox and Thunderbird, both programs rolled into one in a program called SeaMonkey is also available from, not This program represents the evolution of Mozilla that was the original browser offering that started it all. You may want to give it a try for convenience, but I prefer to use Firefox and Thunderbird as separate programs for more control.


Other places good for information and special “tools” are available if you hunt deep enough. An enjoyable trip to this one may help you out with a number of little and not so little problems:
It is a good site if you have been infected with “cool web search” (about blank) in one or more of it’s many variations. Nasty stuff. You should at least visit and read. It is worth your time.

If you want to really know about “Cool Web Search”, “about blank”, and how many problems it causes, I can direct you to:,-Spyware,-Adware-&-Malware-Applications/
It will give you a real appreciation for what you are up against. It is a real eye opener if you are new to this type of thing.


Last, but not least, you may want to see how secure you really are after all the above programs are installed. This is also easy to accomplish. The best security port scanner I can recommend is from Steve Gibson of Gibson Research. He is a computer security expert who regularly works free-lance for major corporations and also the Federal Government. He has helped catch Black Hat hackers in recent years, and helped many companies secure their networks. His web site offers a free scan of the over 1,000 ports on your computer. The scan, called “shields up”, only takes a few minutes, even on a 56k dial-up modem. If you are using a router or proxy server, you will find your true IP address is not displayed during the scan, but rather the IP address of the router or proxy. He also offers three great little programs:

“Un-Plug & Pray” which turns off the usually not needed plug & play function of Windows.
“Dcombobulator” which turns off DCOM in Windows.
“Shoot The Messenger” which turns off windows messenger service.

These three services should be turned off unless you absolutely need them, but I can’t imagine why you would. These three Windows services have been used in the past by hackers as an easy way in. They all represent vulnerabilities you can easily disable. To get your free port scan (called “Shields Up”) as well as the three programs above, go to:

Steve’s web site also offers a free leak test for firewalls, which I use on a regular basis. It is simply called “Leak Test” and it is a small, easy to download program. All of his programs are very small to save disk space, but work very well. (His program called “Wizmo” is also kind of fun to play with if you are inclined toward programming or scripting.)

<>Testing Internet Explorer:

If you intend to use Microsoft Internet Explorer as your browser, you may want to test it to be sure all settings in your machine are as secure as possible, and all available patches have been installed. To do this, there are free security scan programs available designed specifically for Internet Explorer. I have used them before, and they work very well. To test your machine for any problems with Internet Explorer, go to:
You simply follow the on screen instructions. This is a very thorough live test, the results of which may surprise you. If you use Internet Explorer or MSN browsers, I heartily recommend trying it out. Two other good tests are available at:

<>Security tips:

This tip applies to users of Win2k all versions and WinXP. When first setting up the system, most users begin with the default identity that has administrator privileges. Many users make the mistake of leaving this identity on the computer as an almost “sacred” account only to be used when making changes to the system. I can’t tell you how dangerous a practice this is. Writers of every kind of mal-ware out there are well aware of the administrator account. Being on-line as an administrator allows hackers and mal-ware writers complete access to your machine if you are ever successfully attacked, or mal-ware is installed. Don’t set up your machine this way!

To avoid serious problems later, I strongly recommend you take the time to set up your machine using the following steps:

Re-name the administrator account to anything of your choosing except “administrator”.
Go to Start, Settings, Taskbar and Start Menu and check the box for “use personalized menus.
Create separate accounts for yourself and all others who will be using the computer. Make yourself a power user, and all others restricted users. Restricted users cannot view others files, make system changes, or add or remove programs.
Do not allow non-expiring passwords, and make all passwords at least 7 digits long, mixing in upper and lower cases as well as symbols or characters. Avoid passwords longer than 15 characters.
Require use of control-alt-delete when coming out of standby, and system start up or hibernation start up. This purges the memory cache to guard against boot viruses etc. and protects passwords.

From this point onward, only go on-line as an account with administrator privileges when getting your Windows and Internet Explorer updates, or using Microsoft Baseline Security Analyzer, or updating a security program that requires administrator privilege. NEVER go on line as administrator for anything else. If you have not set up your system this way, it’s not too late. I would recommend you go back and change it. You won’t be sorry.

Only use the administrator account for changing system settings, or adding-removing programs, or other administration functions such as password and local security policy, global system settings etc. Do everything else from your personal power user account. This includes any web usage, or downloads of any kind. ALL downloads should go to a separate folder (mine is a shared desktop folder named “downloads”, but you can do the same with a shared folder on the c-drive, whichever you find easiest to do) where they can and should be scanned with your anti-virus program before they are ever installed. You can then log off and log back on as administrator to install the program while still being off line. This is the safest way to do it.

After installing any new program, you should run system anti-virus scans and spyware/adware scans immediately, unless you are absolutely sure the program is safe. I recommend you set up a desktop folder simply called downloads, and put any new download into this folder. You should then open the folder and scan the download with your anti-virus program before it is installed. This is especially important, believe it or not, for any new wallpaper &/or screensaver. Many wallpapers and screensavers contain spyware, and some even contain browser helper objects, toolbars, adware, spyware, or worse yet, browser hijackers and key loggers. Believe it or not, the Yahoo Toolbar and the Google Desk Bar contain a form of spyware that dials home with your visited web sites history whenever you go on line. They claim this is done for “research” purposes and to help them “constantly improve the functionality of their products” – hmmm.

Do not install or use any browser helpers or toolbars which claim they will “help you” with web surfing or web searches. These are referred to as a BHO (Browser Helper Object). Most of them will dial home with your surfing habits and visited web sites in the background while you are connected to the Internet. Some even contain key loggers (record your keyboard entries aground while you are connected to the Internet. Some even contain key loggers (record your keyboard entries and key strokes – a nice way to obtain passwords and account numbers).

If you are into music and download it from the Internet, DO NOT even think about installing anything from KaZaA. If you do, your computer resources will be wide open and shared by any and all users of the program whenever you are on line. KaZaA is also incredibly difficult to completely remove due to the deep registry changes and edits it makes on your machine. If you will be using Windows Media Player for your music, and you are planning to connect on line with the player, I recommend you disable scripting capability in the player so that it cannot run scripts. If it can run scripts while downloading music, you can pick up almost anything in the background without knowing it until it is too late.

If you are a gamer, a caution is applicable for any games downloaded from Wild Tangent. Running games from Wild Tangent requires use of a program referred to as Wild Tangent Web Driver that contains a program called Back Web Light. In my opinion, Back Web and Back Web Light are forms of spyware because they dial home with collected information (of what kind? Wild Tangent doesn’t say) whenever you are on line, and do so in the background without your knowledge. If you read Wild Tangent’s privacy statement and policy carefully, it even says your information can and will be shared with third parties. Wild Tangent claims this is done to constantly improve the quality of their products and provide you with the best possible gaming experience. If you ever install anything from Wild Tangent, you won’t believe what it takes to get it all out of your machine. It takes me about four hours with 5 different programs and registry edits to clean it out of the average computer. Even after the clean up, a Wild Tangent Control icon will usually remain in your control panel, although it will be non-functional.

Here’s a tip if you decided to install E-Mail Sentinel Pro from the programs listed above. Remember I mentioned the security tab? Here’s a screen shot showing the way I recommend you set it up:

I have entered a number of file extensions as you can see for an important reason. The extensions added have been employed maliciously during the past few years and have been used to spread infections to computers via e-mail attachments. (The extensions on my personal banned list are: .exe .dll .ocx .wav .jpeg .gif .bat .com .cmd .pif .scr .zip .mime .mim .uue .uu .b64 .bhx .hgx .xxe .doc .vbs .ico .bmp .ani .cur .hlp .upm) You may want to enter these as shown above like I have done on my machines. To do so, simply left click on new and type them in, one at a time, followed by “enter”. In general, I further recommend not opening any e-mail attachments that you are not specifically expecting.

Finally, beware of any download accelerator programs which work by simultaneously downloading what you want from multiple addresses to speed up your downloads. These programs use shared resource technology similar to that used by KaZaA that turns any computer with the software installed into a sort of mini-server. These computers will now act as an additional Internet address for a server so that who ever wants to download the program from the Internet can get it from your computer as well as others when you are connected. Your computer resources will be used in the background without your knowledge or consent. A popular program of this type is called Kontiki. Don’t use it!

<>Phishing and Pharming:

Phishing (pronounced “fishing”), this is a fairly new problem on the Internet, and involves spoofed web sites. The idea here is to get you to click on a web link from within an email, or even a link from another web site. These links are usually placed on or imbedded in a web site, without the knowledge of the web site provider, by a script kiddie, or someone similar, who has malicious intent. Clicking on the link will take you to a new web page, but it may not be the one you intend to go to. It may even be carefully constructed to look exactly like the real thing. Before you can react, you can pick up spyware, loose personal data, or have a host of other problems. This practice is called phishing.

Pharming (pronounced “farming”) is similar to pfishing, but there is no bait involved. Pharming uses DNS record poisoning or domain hijacking. Either of these techniques makes Pharming a dangerous threat. Large numbers of Internet users can be herded to a bogus malicious site without their knowledge or consent. You can be redirected to one of these sites even if you typed in the URL correctly. These bogus sites are very carefully constructed to look just like the genuine article. That’s why they are so dangerous and effective. Domain hijacking and DNS poisoning have been around for about ten years now, but recent trends show an increase in this activity as well as malicious or criminal intent connected with it. Both phishing and pharming have shown a dramatic increase so far this year both in the number of cases, and the complexity of the attacks. I can only advise that you be very careful.

The trick here is to always know where you are going and exactly what web site you are on. But how do you do this? There is a very small free program available which will do this for you. At only 175kb, it consumes almost no system resources, and works by adding a small toolbar to either Internet Explorer or Firefox. The program is called SpoofStick. It is from Core Street, and is very simple to install and use. It works by reading the server you are connecting to, and will display the actual web site you are really on at all times.

<>How to get SpoofStick for Internet Explorer or Firefox:
Download both versions (IE & Firefox if you are going to use both browsers) and save to hard drive.

For Internet Explorer, download and install from folder saved to on hard drive. Internet Explorer must be closed to install the program.

For Firefox, launch the browser, left click on file, select open, then navigate to file on hard drive, and double click on file to install. Close Firefox. The program will install when Firefox is re-launched. You will probably have to right click on the Firefox main toolbar, and then choose “customize” in order to add the new spoof stick toolbar. You do this by finding spoof stick on the options displayed from “customize” and then hold down the left mouse button and drag spoof stick to the desired toolbar location. Please be advised that as of this writing, SpoofStick is only compatible with Firefox up to v 1.5 and will not install or work on the latest Firefox v 2.0

On the left side of the new toolbar, click on options and you can set up both the size of the toolbar, and the color of the font displaying the web site you are connected to. It really is a great little program. Get in the habit of looking at the toolbar every time you select a link, or type in a new web address (URL), to see the web site you are really connecting to.

<>Final Notes:

Trust me when I tell you that the Internet has become a dangerous place for your computer and your personal information contained in it. 2006 is going to be a tough year for security, so please do not take all this information and my recommendations lightly. I have been a member of the 5 Star Support team for a while now, and help an average of three to four people a week with problems on their computers after they have been attacked or compromised. So far, this “stuff” I recommend has helped everyone I have sent it to with no repeat problems after it is all installed and running. The number of contacts for help is constantly on the rise, and even SANS predicts it will continue on an upward trend for the foreseeable future.

I sincerely hope this document helps you, and wish you the best and safest possible experience with your computer. If you need to contact me with questions or need more information on anything contained in this paper, I can be reached by email at:

Best Regards,





Use the Information above at your own risk.  See "Terms of Use"


   Site Map  | About 5 Star Support  | Links | Comments
    Privacy Policy  | Terms of Use  | Newsletter Archive  | Awards
Usage of this site constitutes acceptance of our Terms of Use
Copyright © 2000-2014  5 Star Support All rights reserved.