The Mossberg Report

A Digital Crime Wave

Published on April 12, 2005
by Walt Mossberg

The Windows computing platform is in a genuine crisis. Windows computers are being attacked, every day, by an international army of digital criminals who seek to spy on users, turn their own computers against them and deface, corrupt or destroy their data.

There have long been computer viruses, but until the past couple of years, they were mainly a nuisance. Now they have grown into a serious problem — by one account there were 5,000 new Windows viruses discovered in the first six months of 2004. And the virus plague has been trumped by a new type of malicious software, spyware, which can track your activities, bombard you with unwanted ads, even steal your identity.

Spam has also grown exponentially, clogging e-mail boxes and carrying with it malicious software. For some people, e-mail has become a curse.

And that’s not all. Every minute of every day, hackers using automated software scan the Internet looking for computers vulnerable enough to invade and, in some cases, to surreptitiously take over. Without your knowledge, they can turn your computer into a “zombie” machine rigged to help them spread their nasty viruses, spam and spyware.

So for consumers and small businesses — everyone without a large IT department to manage security — the Windows computers they use have become huge burdens instead of helpful tools. If you do get a severe virus or spyware infestation, you may have to spend hundreds of dollars and many hours to wipe your hard disk clean and start fresh, quite possibly losing crucial data in the process.

And prevention is almost as painful as the disease, because the computer industry has so far come up with only half-baked and piecemeal solutions to these threats. You have to watch every move you make online and install a bunch of security programs, which require monitoring, constant updating and, often, annual fees.

Each of these security programs deals only with a narrow slice of the problem. Firewalls can keep out invaders, but they don’t stop viruses, spyware or spam. Antivirus programs don’t catch most spyware. Antispyware programs don’t stop viruses. And neither stops spam. For that, you need anti-spam software, which does nothing about viruses or spyware that invade your system through avenues other than spam.

You can buy “suites” that combine all these programs, but they are really just bundles of separate applications of widely varying quality stuffed into the same box.

It’s as if you needed a separate burglar alarm system, each with its own control panel, password and monthly fee, for every door and window in your home.

What users need is a simple, all-encompassing security service that would deal with all these threats with minimal user involvement. For now, though, you’ll have to do it yourself.

So here’s my quick guide to Windows security measures. Some of the products I recommend below are free, but others cost money. I like free stuff as much as the next guy, but I don’t believe security is an area where price should govern. You don’t want to entrust your computer’s security to some unknown software author, or even to a well-meaning individual or very small outfit that lacks the resources to keep up with the threats.

Download and install all the security fixes Microsoft issues for Windows. If you have Windows XP, set it to automatically fetch and install these patches (you can do this by clicking on the “Automatic Updates” or “Security Center” icons in the Windows control panel). You should also probably install the massive Service Pack 2 revision of Windows XP, which plugs many security holes. But back up your data first. A significant minority of users have reported big problems with SP2.

Stop using Microsoft’s Internet Explorer Web browser, which has become a four-lane highway for malicious invaders. I recommend instead Mozilla Firefox, which is free at []. I use it all day, every day.

Windows comes with a firewall program, designed to keep out hackers. But in most versions of the operating system, it’s hard to turn on and configure. Even the improved firewall in the new SP2 revision of Windows XP is inferior to several third-party products. I recommend, and use, ZoneAlarm, a free firewall from Zone Labs, available at []. There are some fancy paid versions of ZoneAlarm, which are also fine, but if you want the free one, you’ll have to look hard on the Web page.

Software to stop spyware is still in its infancy, so I suggest keeping two or three anti-spyware programs on hand. Each program will likely find spyware the others miss. But I recommend relying most on the one I use, Webroot’s Spy Sweeper, available at []. It costs $30, including a year of updates, and runs all the time to block incoming spyware. To back up Spy Sweeper, go to [] and get two free programs: Ad-Aware, and Spybot Search and Destroy. Use these for manual scanning.

I recommend Norton AntiVirus from Symantec. It costs $50, including a year of updates. But it works well and has a good automatic updating system. I have been receiving many reports of problems with Symantec’s customer service, so I may have to change my recommendation down the road. But for now, I prefer Norton, and I use it myself.

No antispam program I have tested is wholly satisfying, but I suggest one of two. The first is MailFrontier Desktop, available for $30 at []. The second is SpamSubtract, from Intermute, available for $20 at www.spamsubtract [http://www.spamsubtract]. com. They are very different, and each has its strengths and weaknesses. I oscillate between the two every six months or so.

Beyond installing, monitoring and updating all this software, you need to be careful online. Don’t open email attachments you don’t expect and that come from strangers. They may contain viruses or spyware. Don’t download software unless you really need it and are 100 percent certain of the author’s trustworthiness. It could be an infection in disguise. Never click on a link in an e-mail purporting to be from a financial institution, even if it’s your own bank and it looks official. It could be a scam to steal your identity.

And if you’re totally fed up with the security crisis but want to continue using your computer for common tasks, consider dumping Windows altogether and switching to Apple’s Macintosh, which uses its own operating system, called OS X. There has never been a successful virus reported on OS X, and there is little or no spyware for the Mac.

In my view, Macs have better hardware, a better operating system and better bundled software than Windows PCs. They are as good as, and often better than, Windows PCs at e-mail and Web surfing; at word processing and other productivity tasks; and at handling digital photos, videos and music. And most popular Windows file types open right up in Mac programs, without the need for any conversion or translation.

Stay safe out there.

Return to: A Digital Crime Wave