Windows XP, End Of Life or End Of The World? How Can I Stay Safe on Windows XP?

I guess by now you have heard that Microsoft ceased support for Windows XP on the 8th of April 2014. In some circles this is old news, the April 2014 End Of Life was already known in September 2010, when Microsoft announced that Windows XP will no longer be sold after 22 October 2010. Many people mistook this date as the date when Windows XP machines will stop functioning and this is mainly due to the manner in which the end of life date was announced, many sources made it sound like the end of the world for Windows XP users. But is this really the end of the world? In this article we will look at whether you should upgrade to a newer version of Windows and how you can stay safe not only on Windows XP, but on every other operating system as well.

First of all, your Windows XP machine will not stop functioning, but will continue to operate as it always did. The only difference is that you will no longer receive any Windows Updates because Microsoft will no longer develop patches for Windows XP after 8 April 2014. According to Microsoft, existing updates and fixes will still be available, but I guess after some years Microsoft might even pull these from their servers. The biggest concern by Microsoft is your security and to quote from their end of life page; “PCs running Windows XP after April 8, 2014, should not be considered to be protected, and it is important that you migrate to a current supported operating system”. Technically, this might be true, because should a hacker discover a flaw in a core component of Windows XP, it could be exploited to circumvent any security measures on a Windows XP machine and Microsoft will not be fixing that flaw. But is it fair to say that every XP machine should not be considered to be protected? In my humble opinion, no! There are a couple of things you can do to make sure your Windows XP computer is safe and secure.

I've read quite a lot of articles about Windows XP coming to end of life and from the comments on these articles, it is clear that a lot of people are not really worried about this. Some people feel that Windows XP is a very old system and people should have upgraded ages ago, while other believe that Windows XP still caters for all their needs and that they can continue to use the system without any foreseeable risk or problems. I am one of those people who have used Windows XP for years (and still do to a certain extent) without a single phone call to Microsoft for support. Whenever I ran into problems I always found a solution on the Internet and chances are you will still find solutions to Windows XP problems, because forums and articles will remain on the Internet for years. Computer repair shops will still have people with the necessary expertise to troubleshoot issues on Windows XP and many issues on Windows XP can still be addressed by a system restore or a re-installation, so it is not as if these tools are going to vanish now that Windows XP has reached its end of life.

The stark reality remains that at some stage it might be necessary to upgrade to a newer version of Windows, because certain hardware might not work on Windows XP, for example in the near future you might not be able to connect your mobile phone to your Windows XP machine. This has already been seen with the Nokia Lumia phones (running Windows Phone off course, so it is no surprise that support for Windows XP is pathetic). In order to connect a Nokia Lumia phone to a Windows XP machine, you need to install Service Pack 3 with Microsoft Windows Media Player 11. The lack of hardware support on Windows XP will boil over to many devices including DVD players, printers and graphics cards, because the manufacturers will no longer develop drivers for these devices. But the chances of installing a new DVD player or the latest graphics card in an old machine, running Windows XP is fairly grim. I still use an old Pentium 4 machine with an AGP slot for my graphics card, so I won't even be able to install a PCI Express card on that machine, so why would I worry about Windows XP drivers for a PCI Express card if I can't even install the hardware on the machine? Still, some people are running Windows XP on fairly new machines, so when they decide to buy new hardware in the future, they may be forced to upgrade to a newer Windows version because there won't be any drivers to run the hardware on Windows XP and I think this should be the only reason to move away from Windows XP.

Many companies still run Windows XP on their computers because their in-house software was developed on Windows XP and upgrading to Windows 7 or even Windows 8 is not financially viable at the moment. I can also speak out of experience. Years ago I developed a program in Windows 98 and had to make some modifications to it to make it work under Windows XP. I know comparing Windows 98 to Windows XP is not the same as comparing Windows XP to Windows 7, but it remains a pain in the neck to port your software to a new operating system. I could afford making the modifications, because I did not make any money from this software and I did not have any loss in production while I made these modifications, but certain companies cannot afford the downtime, so they opt to stay on Windows XP. If your software works well in Windows XP and you can continue to run your business using Windows XP, why upgrade? If it is not broken, why fix it? But in the end, I will still advise companies to develop Windows 7 or 8 solutions on the sideline, while running your in-house software on the Windows XP machines in the mean time. Should the time come when you are forced to upgrade, you will be ready to make the transition without too much effort. This is easier said than done for small and medium enterprises, who do not have the necessary manpower and financial resources to make such a transition, so they opt to stay on Windows XP for as long as possible. However, when your business model depends on software running on Windows XP alone, I think it is time to consider other alternatives, because you might face bankruptcy in the face if you are forced to leave Windows XP.

Right, so in a business environment, it might be necessary to upgrade to a newer version of Windows, but what about the individual, the normal man on street? I believe they have the least to worry about. If you are a happy Windows XP user, why upgrade now? When the time comes where a upgrade is inevitable, you will most likely have to buy a new PC, because older PC's can hardly handle Windows 7, so what are the chances of running a future version of Windows on a Celeron, Pentium 4 or Dual Core? (Yes I know, technically you can run Windows 7 for example on a Pentium 4 or Dual Core, depending on the size of the processor and RAM, but in the end they perform pretty poor when compared to running Windows XP on these systems). What about the Windows XP user who has a newer computer that can handle Windows 7 or 8 quite well? The question is not really about what your computer can handle, the question is, is it necessary to upgrade, merely out of a security point of view? I guess it depends on who you are and what you do on your computer. Unless you are a celebrity or high profile figure, chances are small that you are going to be targeted by hackers, but you still run the risk of getting infected by malware, leaking out personal and sensitive information to the creators of the malware. In order to get infected by malware you need to do something to introduce the malware to your system and even if the malware is exploiting a certain unpatched vulnerability in Windows XP, the malware still needs access to your system to make use of that vulnerability. So if you do not browse questionable and dangerous websites, if you are not “click-happy” (clicking on every link you see) and ignore strange and suspicious looking e-mails you have a lower risk introducing malware to your system.

So it boils down to clever computer use in general and not a specific operating system, so here are a couple of tips to keep you safe and secure on your PC (whether you are on Windows XP, Windows 7, Windows 8 and in some instances these tips are even good practice for Linux users).

PC Safety Tip #1: Only browse trustworthy websites

The hardest part for this tip is how to identify a trustworthy website. This discussion is a whole article on its own, but generally speaking, stay away from sites involved in piracy, pornography or advertised through spam. Rather stick to well-known sites with a good reputation and as a rule of thumb, use your gut feeling, if something is bothering you on a website, rather stay away from it.

PC Security Tip #2: Do not be “click-happy” but rather “click-vigilant”

Do not click on every single link or ad you see on the Internet or in an e-mail. You should NEVER click on any link in a suspicious e-mail and stay away from ads making unrealistic promises, or claiming that you have a new message, or that there are problems on your PC that needs fixing, or that you are the quadrillionth visitor to their site and that you have won a boat trip to the Bahamas. Use your common sense and once again follow your gut, if it sounds to good to be true... it probably is.

PC Security Tip#3: Uninstall all 3rd party software that you do not use

This is a very useful tips for Windows XP users, because you automatically close down vulnerabilities in your system by removing unused software. Over time we install a lot of programs and some of them is only used once to perform one specific task. If you do not think you are going to use a specific program again, rather uninstall it.

PC Security Tip#4: Refrain from adding programs to your system tray / Windows startup

Not all programs give you the option of adding it to the system tray, but normally these programs load at startup, so if you want to remove them, remove them from the Windows startup. As a rule of thumb, if you are not using it constantly and if it is not a security program, remove it from your Windows startup. Rather launch it when you need it, than having it run in the background, filling up your memory and introducing vulnerabilities to your system. Disable stuff like the Adobe and Java Updaters and rather update them manually. Do not leave your GPS updating software running in the background, rather launch the updater when you actually want to update your GPS. Refrain from leaving programs like TeamViewer running in the background, especially if you do not need remote access to that computer on a constant basis.

PC Security Tip#5: Do not install browser toolbars or plugins / add-ons

For Windows XP users, this is a must, especially if you want to make sure you are closing down any possible weaknesses in your system. Browser plugins and toolbars are the most vulnerable parts of your browser and is normally exploited to do drive-by installs. These plugins and toolbars are normally developed by 3rd party developers and do not go through all the security standards and checks that the browser's own components had to go through.

Plugins are normally useless, unless it is a plugin for a specific, useful purpose like a dictionary. Try to stay away from all browser plugins or add-ons, but if you really need to use a browser plugin, make sure it is from a trustworthy developer and that the plugin is widely used.

While there are exceptions to plugins, browser toolbars are always useless, even the ones developed by anti-virus companies. I haven't come across a single toolbar that made my life easier. They are normally used for ads and change stuff in your browser that you never asked them to do. So stay away from browser toolbars, period.

PC Security Tip#6: Do not open attachments from unknown senders

You should not even open attachments from known senders if the e-mail look suspicious. I've seen malware sending itself to everyone on the victim's address book, so it may appear as if your best friend sent you a photo, but the attachment is actually an executable (EXE) file containing malware. Use care when opening e-mails.

PC Security Tip#7: Never let your browser save your passwords

This is once again a little common sense and good practice. The safest storage space for a password is your brain, but we all tend to forget our passwords sometimes, so rather store it in some offline location or device. Never store your passwords on a device that has Internet access and make sure the device is encrypted. I am not a big fan of a password manager, but if you have to use one, once again, use it on a computer without Internet access.

PC Security Tip #8: Only use trusted USB drives on your PC and disable Autorun

You should not trust any USB drive unless you use it yourself and even if you use it yourself, do not plug it into a computer that doesn't have an anti-virus on it. If you have to borrow it to a friend, colleague or family member, make sure you scan it with an anti-virus scanner before using it again. Use a tool like Panda's USB Vaccine to protect the USB from getting infected with Autorun malware. This tool can also be used to disable the Autorun feature on your PC altogether, which is a must for Windows XP users. Do not take any chances with USB drives on your Windows XP machine, you are more likely to get infected by a USB drive than being infected by a malicious e-mail.

PC Security Tip #9: Use an alternative browser and dump Internet Explorer

Microsoft might have stopped developing patches for Windows XP but alternative browser developers will continue to support Windows XP for quite some time. So I suggest a browser like Firefox, Chrome or even Opera. Remember, these developers will continue to update and fix their browsers, but Microsoft will no longer patch Internet Explorer 8 (which is the latest version you can install on Windows XP). Support for IE8 died when Microsoft pulled the plug on Windows XP.

PC Security Tip #10: Use an up to date anti-virus and firewall solution

Why did I not mention this as the first tip, it seems pretty important to have this in place before anything else, right? Well, that's not entirely true. If you follow tips 1 to 9 down to the last letter, without any compromises, I will even go so far as to say that you can remain safe and secure without any anti-virus software. I am not promoting the use of a PC without anti-virus software, I'm merely illustrating the point that you can minimise the risk of becoming a cyber crime victim, by having some good PC security habits.

It is not good enough to have an anti-virus application as your only line of defence against cyber attacks, these days you also need a good firewall on your PC (especially Windows XP users). Your best bet would be an Internet Security suite like avast Internet Security, but if you cannot afford the paid version, at least use a free anti-virus and firewall application.

Most people are running their Internet connections through a router these days. Make sure you are utilising the firewall features of your router and if possible, use a router with NAT (Network Address Translation) capabilities. Having a software firewall on your PC, combined with a NAT router is a great way of controlling both inbound and outbound traffic on your computer.

Conclusion

Windows XP is an old system, you can't argue that fact, but it has been and always will be a great and stable operating system. At some stage you will have to upgrade to something newer, but it has to be your own decision. I don't have a problem with Microsoft pulling the plug on Windows XP, but I have a problem with Microsoft bullying their loyal users into upgrading, by using scare tactics through claims that all Windows XP machines are suddenly insecure.

Should you upgrade immediately? Not necessarily, you can continue to use Windows XP for as long as it does the job for you. The purpose of this article is to illustrate that PC security is not only vested in a secure operating system, but also through safe and secure computer usage practices and habits. It is not the security flaws on its own that makes an operating system insecure, but the way you use that operating system, where those security flaws can be exploited.

About the Author
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, analysers of security software and raising awareness about spam and malicious software.

A Quick Look at Kaspersky Internet Security 2010

I recently did an in-depth review of the latest Internet security suite from Kaspersky Lab, Kaspersky Internet Security 2010 (KIS 2010). It is certainly an improvement over previous instalments, providing a more comprehensive level of protection against malware based threats. Some components have been divided into smaller, separate components, making the application very flexible in terms of customisation. What does that mean for the user? The user is able to disable unnecessary components in cases where similar protection is provided by a standalone application, for instance a spam filter or parental control application. There are a lot of good things to say about this security suite, but it is definitely not without its faults, I will discuss these in detail a little bit later.

Installation and setup
Very easy and straightforward. Getting the application up and running is child's play and the process is fairly automated, meaning very little user interaction is required during the installation procedure. I have a little bit of criticism against Kaspersky Lab going the opt-out route regarding the participation in the Kaspersky Security Network. With "opt-out" I mean that you need to explicitly opt out from participation and I would like to see this the other way around. But at least Kaspersky Lab gives you the option to opt out, unlike other software developers who never even inform you of participation in their usage data collection programs.

Updates
The software updates itself quite often, with definition updates released several times a day. The software checks for updates on an hourly basis, but certain users report that actual updates are published every three hours on average. Nevertheless, Kaspersky Lab stays up to date with the latest threats and outbreaks, to the benefit of every user of their software.

User Interface
It is quite easy to use the software, making it an attractive option for novice users. Most of the components work out of the box and customising them is no rocket science. However this can't be said of all the components. The firewall component is the least user friendly and making changes to the firewall rules, to make it behave in a way that suit your needs, is an extremely frustrating and time consuming operation.

Performance
You won't need a monster PC to run Kaspersky Internet Security 2010, but you need at least 1 GB of RAM and an 1GHz processor to run the security suite on Windows XP, without compromising the overall performance of your computer (for Vista and Windows 7, double these figures to 2GB of RAM and a 2GHz processor). Off course you will notice a slight decrease in performance, but nothing major. With the processing power of today's standard office computers, you shouldn't have any trouble running the software on one of these.

Real-time Protection
This is where Kaspersky Internet Security 2010 packs the punch. This security suite brags with a whopping 13 different security components, each one of them providing tailor made protection against specific types of threats. You are basically protected against malware (viruses, spyware, trojans, rootkits, etc.), network attacks, spam, phishing attacks, intrusive advertising through banners and even your kids are protected against inappropriate content on the Web. There is more to Kaspersky Internet Security 2010 than meets the eye and only a look under the hood can reveal the different levels of protection provided by this world class security suite.

Threat Protection Tests
This is the core of every security software review, in other words, can the software protect me when the pawpaw hits the fan? Malware tests were satisfactory, although it missed a couple of threats. Malicious files are isolated properly and accidental execution of a known threat is nearly impossible. The heuristic scanner is fairly clever too and the software defended itself perfectly when I tried to disable it by force.

The firewall fared well against the couple of leak tests I threw at it, but I was able to determine the computer's MAC address and the fact that it was up and running, with a simple port scan from another computer. The proper behaviour of a firewall in this case would be to hide the computer completely from an unauthorised computer, connected to the same network. The firewall detected and blocked the port scan, but it did not blacklist the offending PC, because it assumed that its IP address was spoofed. I would have liked an option to block the attacking computer completely, but hey, this is not a perfect world.

The spam filter is the only component in Kaspersky Internet Security 2010 that did not do so well during this review. At first I had loads of issues getting it to work in Thunderbird 2 and secondly, I discovered that there is no support for Thunderbird 3 at all (perhaps in the future?). The spam filter operates quite well in Outlook Express but the actual spam filtering left me wanting. I have to mention though, that the accuracy of the spam filter improved, after training it with more or less 150 spam e-mails, but even after all that training it still allowed obvious spam e-mails to come through. So it is disappointing to see a spam filter, with so much potential (Heuristic analysis, GSG technology for image recognition, analysis of RTF files and self-training text recognition with iBayes), struggling so much when it comes to actual spam filtering.

Value Added Protection
Like I mentioned earlier, during the discussion of the real-time protection, you also get a parental control and anti-banner component with Kaspersky Internet Security 2010. These components are disabled by default, because not everyone will have use for them. However, these simple tools are really impressive in terms of functionality, they do exactly what you would expect from them. The parental control component is easy to configure and very little configuration is needed, because it relies heavily on heuristic detection of inappropriate websites. Heuristic analysis is often something that delivers either a lot of false positives or false negatives, but the heuristic analyser of the parental control component is totally different, it is successful at detecting inappropriate sites, with very few false positives.

People with a vendetta against banner advertising will find the anti-banner component very helpful. Once again it relies on heuristic analysis to detect common banner sizes. The parental control and the anti-banner components, each has a white-list and a black-list, which can be used to explicitly allow (white-list) or block (black-list) specific websites.

Conclusion
Kaspersky Internet Security 2010, is a well rounded Internet security package. There is most certainly some room for improvement in the firewall and spam filtering division, but apart from its faults, it still remains one of the leading Internet security suites in the market. I highly recommend it for home and office use.

To win the battle against cyber crime we need comprehensive protection against online threats. We need to take the necessary precautions to keep our computers free from malware and unauthorised access. In order to achieve this goal, we need the necessary protection on our computers BEFORE an attack strikes. An Internet security suite like Kaspersky Internet Security 2010 can help you achieve this goal.

One golden rule applies to computer security, prevention is better than cure!

About the Author
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, analysers of security software and raising awareness about internet fraud and malicious software. For more details about this security suite, read my in-depth review of Kaspersky Internet Security 2010.

The Streetwise Guide To PC Security

We are halfway through May already and speaking of which, we are almost halfway through the year already. But what progress have we made in terms of cyber security. Spam is on the rise, malware infections are on the rise, botnets are growing bigger and more Internet users are turning into advance fee con artists. Pretty grim picture isn't it? No, I do not want to sound pessimistic, but the reality is that no piece of computer security software can protect you completely against Internet based threats. What am I saying... throw away all your spam filters, firewalls and anti-malware applications? No, not at all, they play an integral part in our protection against cyber threats, but even the best tools in the world can fail dramatically if they are not used by streetwise cyber citizens.

I guess most of you are glaring at your screen right now, asking yourself, "what the hell is he talking about?" Lets take two persons and put them in a dangerous neighbourhood, the one person is a high profile celebrity dependant on his bodyguards to keep him safe and the other person is a normal guy who grew up on the streets and learned to take care of himself. Which one is the most likely to survive, all by himself, in this dangerous neighbourhood? The latter of course. Why? Because he is streetwise, he doesn't need fancy tools and bodyguards to take care of him, he knows how to think for himself and what to look for in order to stay out of the heat. Computer security is a lot like that, you don't need to be an Einstein to stay safe in the online world, it is no rocket science to be streetwise, you just need to how to stay on top of your game, you catch my drift? Right, enough street slang, so lets get to the point.

I stumbled across a very interesting article about PC security, published by BitDefender. A BitDefender employee told me that the article is quite old, but nevertheless, it is a generic set of PC security rules that are still very applicable to computer security these days. I have a lot of positive things to say about this article, but it is not without some criticism, so without any further ado, lets take an objective look at the list of rules called the Ten Commandments for Your Computer Sanity.

"1. Don't assume anything. Take some time to learn about securing your system."

Perhaps the single and most important rule of them all. If you are not sure, ask for advice and try to understand why it is important to take certain precautions, don't just assume that's the way things are done.

"2. Acquire and use a reliable anti virus program. Select an anti virus that has a consistent track record. Checkmark, AV-Test.org and TuV are among the most respected independent testers of anti virus software."

So many people go out and download the first anti-virus program that pops up on their screen. Malware infested products are marketed very aggressively, so these less known, but dangerous applications often occupy top spots in search engine results and online contextual advertising, so never trust a download just because it appeared in the search results of your favourite search engine. Visit Spyware Warrior for a comprehensive list of rogue anti-spyware products.

"3. Acquire and use a reliable firewall solution. Again, independent reviewers are your best bet for reasonable choices. Some operating systems come with a firewall, which only filters incoming traffic. Use a firewall that can control both incoming and outgoing Internet traffic."

Firewalls were once a thing for computer experts and large corporations only, it was uncommon to find a firewall installed on a normal end user's computer. Like mentioned in the rule, we even have firewalls built into our operating systems these days (not that it really helped the online community in any way when I come to think of one specific operating system). But the necessity of a firewall increased in the last couple of years and it is irresponsible and suicidal these days to browse the Internet without a proper firewall that provides bi-directional protection. You need to know what is transmitted to and from your PC. You don't want malicious code to infiltrate your system and you don't want confidential and sensitive information to leave your PC without your consent.

"4. Do not open e-mails coming from unknown or distrusted sources. Many viruses spread via e-mail messages so please ask for a confirmation from the sender if you are in any doubt."

If more people can adhere to the first part of this rule we will have a lot less virus breakouts and spam. Each time you open a 'harmless' spam e-mail you give the spammer reason to send more spam because you respond to his e-mails. I have discussed this topic a hundred times before so I'm not going into it once again. With regard to the latter part of this rule, it won't be wise to ask for a confirmation from the sender in my humble opinion, you are just looking for more spam by replying to an unknown source. With so much e-mail forgery happening these days, it is anyway a complete waste of time to respond, because the sender's e-mail address is most likely invalid or spoofed.

"5. Do not open the attachments of messages with a suspicious or unexpected subject. If you want to open them, first save them to your hard disk and scan them with an updated anti virus program."

Once again, the first part of this rule is a piece of gold and can save you a lot of headaches if you stick to it, but I do not agree with the latter. It is almost like saying: "Don't shoot yourself with a 9mm, but if you want to, go ahead and take a peek down the barrel to make sure you are using blanks". If you get an e-mail with a suspicious or unexpected subject and on top of that some executable file, Word document, PDF, ZIP or any suspicious file attached to it, don't mess around with the bloody thing, delete it.

E-mail scanners have been with us for quite some time. The e-mail scanner of an anti-virus package uses the same database as the file scanner, so if an e-mail gets past your e-mail scanner, using the latest virus definition database available, what makes you think that the file scanner will do any better? Should you trust an attachment just because your anti-virus program told you the file is clean? A suspicious attachment from an unknown source has a 99.9% chance of being malicious, so why even bother scanning it? Many inexperienced users don't even know how to save an attachment and run it through an anti-virus scanner, so they walk a big risk of infecting themselves. My advice, if you don't know how to handle suspicious files properly, stick to the first part of this rule and ignore the latter.

"6. Delete any chain e-mails or unwanted messages. Do not forward them or reply to their senders. This kind of messages is considered spam, because it is undesired and unsolicited and it overloads the Internet traffic."

Pure words of wisdom. Many people simply assume that friends and family enjoy receiving junk chain letters and unbelievable, ridiculous stories that you need to forward to everyone in your address book. Who needs spammers if you have friends like this? Apart from spamming all your friends and breaking anti-spam laws, it also comes down to bad e-mail etiquette. The fact that your friends are on your mailing list does not give you the right to send them anything you want. Take your recipients into consideration and think before forwarding jokes, petition lists, chain letters and other kinds of junk mail to them.

"7. Avoid installing services and applications which are not needed in day-by-day operations in a desktop role, such as file transfer and file sharing servers, remote desktop servers and the like. Such programs are potential hazards, and should not be installed if not absolutely necessary."

There is a lot of truth in this, but unfortunately this is easier said than done. The blame lies on the side of software developers and not the end user installing the software. Ordinary users simply install the software and use it whenever it is needed. Little do they know that the software is running 24/7 in the background eating up valuable system resources. These programs put themselves in the Windows Start-up without informing the user about it, or the option to load the software at Windows Start-up is often pre-checked during the installation, so the user has to opt-out to prevent this from happening. These pre-checked options are often missed, because the user simply rushes through the 'easy' installation process. There is a reason why certain developers make the installation procedures so easy.

When I analyse HijackThis logs of malware victims, I often see loads of auto-update managers, system tray utilities, P2P clients and all kinds of 'junkware' loaded in the Windows Start-up. These users are always stunned by the sheer performance of their computers after I removed all these useless applications from the Windows Start-up. Ask someone to check the Start-up section of your PC and remove all the redundant entries. You will be amazed to see what difference this can make in your PC's performance. Don't leave file-sharing software like LimeWire, Shareaza or KaZaa running in the background all the time, they create a weakness in your security setup and make it easier for hackers to gain access to your system. As the rule says, these programs should rather be avoided if possible.

"8. Update your system and applications as often as possible. Some operating systems and applications can be set to update automatically. Make full use of this facility. Failure to patch your system often enough may leave it vulnerable to threats for which fixes already exist."

Most people are guilty of not updating their system on a regular basis. But there is a reason why people are afraid of updating. Remember what happened when Service Pack 2 of Windows XP was released for the first time and if I am not mistaking, history repeated itself with Service Pack 1 of Windows Vista this year.

I know one should lead by example, but I am perhaps the worst of them all. I haven't updated several of my applications in years, because I am happy with the versions I am using at the moment and don't want some update to screw everything up. If you stick closely to rule number one you automatically take your computer security to the next level. If you pay attention, to which sites you visit, which files you download and which programs you install, you can easily skip this rule for years without any malware incidents at all. Still it is wise to update your software when you have the chance. It is better to fix a broken wall even if you are never bothered by the outside world. The problem is however, you never know when the outside world might start to bother you, so rather be prepared than sorry.

"9. Do not copy any file if you don't know or don't trust its source. Check the source (provenance) of files you download and make sure that an anti virus program has already verified the files at their source."

Will you use a box of aspirins, from an unknown source, left on your doorstep? Off course not, even if you are familiar with the specific brand of aspirins, you have no idea where they came from. How can you be absolutely sure that they are really aspirins? Well, the same goes for computer files. If you can't verify the reliability of the source of a specific file, how can you trust the contents of that file? You have no idea where the file has been and you have no idea whether the contents of the file is really what it should be.

"10. Make backups of important personal files (correspondence, documents, pictures and such) on a regular basis. Store these copies on removable media such as CD or DVD. Keep your archive in a different location than the one your computer is in."

Backups, ah the one thing that no one ever does. Have you ever thought about what you can loose if you suddenly got infected with malware? What if a cracker gains access to your PC and delete your favourite music collection? Backups play a very important role in PC security, especially when it comes to system recovery after a malware infection or system failure. Any proper security setup should have solid backup policy. Without backups you will never fully recover from a severe system crash. Backups are your insurance against data loss. So if you are not in a habit of backing up your most important documents and data on a regular basis, rather start doing it before it is too late. BitDefender's Total Security can be set to perform automatic backups for you.

We live in an age where we can't rely on software alone to protect us from online threats. You are responsible for your own safety online, software applications like firewalls and anti-virus programs are only tools to help us in situations where things are out of our hands. Your personal computer security depends on your willingness to stick to these rules, being vigilant and using common sense. Treat everything as a threat until you can prove otherwise, this is the safest approach in the digital Wild Wild West.

If you have anything to add to this list of rules, feel free to leave your comments.

About the Author
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, analysers of security software and raising awareness about spam and malicious software.