After checking a few posts recently, and having delt with MANY virus related issues in a homes and small biz'...I thought an over-all "best-practices" post maybe be of help to some. HTH -- For Windows the following line-up cannot be beat, imo...and it's all FREE -AdAware -Spybot S&D -SpyWareBlaster Check for updates and run the scan/remove/protect functions of the above at least once a week...every day if you are a heavy net user -AVG Great Anti-virus....updates itself. But...also, at least once a week, manually check for updates, just in case the auto-update feature has malfunctioned (not uncommon for any auto-updating programs). -ZoneAlarm A must-have if you have a full-time and/or high speed connection. If you have dial-up, it would be best, but not critical, imo. - Mozilla Firefox browser. Another must-use for anyone. Still a much more secure and trouble free browser (although the bug makers are starting to focus on it). Use this normally, but if some web page does not seem to work as usual, you can also open up IE and use it as needed. FINALLY.... Twice a month, or so, make sure all the above are updated....then....turn off you PC and restart it into SAFE MODE. From there, run the scan/remove/clean procedures on each of the above items. REASON: There are bugs out there which can only be detected when the PC is in Safe Mode - try it sometime if you have not already...you'll be surprised. VERY IMPORTANT - this gets lots of folks: Many off-the shelf PCs come with TRIAL versions of anti-virus suites pre-installed. Often, when the trial period expires, folks to do realize it, or they do and simply never get around to renewing the subscriptions...even though there are usually pop-up notices. Whatever the case....if you have some sort of "do-it-all" virus/bug/firewall suite (pre-installed or not)...be aware that just because you see the icon down in the tool-bar does not mean that everything is ok. You MUST check it often, manually (as mentioned above) to make sure it is still working and that it has the most recent virus definition. Even if it is supposed to "auto-update" it may not be doing so...for various reasons. I have seen huge problems occur (especially in homes) many...MANY times due to this. Folks knew they had "full auto protection" and never checked up on it. Inevitably, the protection would either stop working completely, or stop getting updates automatically. As new viruses came out...they were wide open and suffered unnecessarily. ----- All of the above items are available for FREE at www.DownLoad.com Be SURE to get the FREE/BASIC versions of the programs (if you want to go really cheap) since some of do have both free and delux versions ---- Espcially note ZoneAlarm. There is only ONE verion, but you have to SPECIFIY the "BASIC" version during the installation process. Many do not realize this, install the Delux version, and it stops working after the trial period. HTH

Very nice writeup. On windows systems, don't forget to turn automatic updates ON. Going to the microsoft web site - www.microsoft.com - and clicking "Windows Updates" - every once in a while isn't a bad idea either. Alan http://www.xmission.com/~alanne/PcMaintenance.html

Perhaps you should retitle this guide to 'The cheap skate's guide to security'. All your recommendations are freeware. I'll grant you that the paid for versions aren't any/much better except in the case of antispyware where the paid for versions are usually worse. I use both Mozilla Firefox and Mozilla. Personally I prefer Mozilla without the Firefox. You might consider adding A-squared to the list. Overall, this is what I frequently recommend on it seems a daily basis.

Yes...agree, cheap skates list indeed! And a big plus since these tools are as good or better than the ones that cost. Also, thanks alanne1956...I completely forgot to mention the Windows update. That definately should be a part of the Once a Week routine (at least). The auto-update settings of the Windows Update should be set on "Notify me but do not automatically download..." The completely auto-download option can be problematic...since it can unknowingly malfunction, for a number of reasons.

Hi, I always use Mailwasher to see my mails on the server before Outlook brings them in. This program gives the great advantage you can delete, bounce and blacklist mails before they even see you pc. Tamtam

Nice list Kev100, I found this in my favorites from one of the last times it was done http://www.computing.net/security/wwwboard/forum/7667.html How about adding these to your list CWShredded Microsoft AntiSpyware CCleaner F-secure Blacklight Spoofstick To check a suspicious file for viruses upload it here http://virusscan.jotti.org/ For an online virus scan choose any of these http://windowsxp.mvps.org/Scanners.htm If any advice helps, please post back as it might help others.

A followup to: http://www.computing.net/security/wwwboard/forum/272.html ---------------- I FINALLY defeated the stupid thing!! It is used for DNS, and that is why if it is not allowed then the net will no longer work. To test this theory, deny 'Generic Host Process..' access in ZA, open 'start', 'run' and enter 'cmd.exe' When the command prompt opens, type ping 'www.archive.org' (or some other web address you have not yet visited since your last reboot). It will complain that the host 'could not be found'. Now, go into ZA and allow the 'Generic Host Process..' access and repeat the ping command, but when ZA pops up asking if you wish to allow 'tcp/ip ping utility' to access the internet, click 'no'. You will see in the DOS window that PING now find the correct IP for that domain name (using the Generic host Process to do DNS) but fails to connect to that IP (because you disallowed it access using ZA). Now that we know that the reason it blocks web access is because it is used for DNS, we simply have to use a new DNS solution. First go and download this program: http://www.analogx.com/files/fci.exe and install it. Then open up the command prompt again and this time, while connected to the net, type 'ipconfig /all' this will spew all kinds of neat info, but all we care about it the two number strings across from 'DNS' which should be in this format xxx.xxx.xxx.xxx Once you have those two number sets, enter them into the FastCache program you just installed as the primary and secondary DNS server addresses. Then go into 'start', 'settings', 'network connections' and right click on the icon representing the entry you use to connect to the net, and select 'properties'. Then click on the 'Networking' tab, then click on the entry labeled 'Internet Protocol (TCP/IP)' and then click the 'Properties' button. In the window that opens, click 'use the following DNS server addresses' and then in the first box below that enter '127.0.0.1' and then click 'ok', and 'ok' again to close both dialog boxes. Then close and reopen FastCache after disconnecting from and then reconnecting to the internet. Then go into ZA and give FastCache full access rights (fc.exe) and then DENY 'Generic Host Process..' all access. Then try and browse the web, it should work fine. If it doesn't work, check to make sure that the right addresses are entered into the FastCache settings dialog and that you did change the DNS setting in the connections properties and finally that you did allow FastCache in ZA. There you go, full internet workings but NO spying, nasty little 'Generic Host Process' anymore. Oh, and btw, for those having issues where they install ZA, then leave their computer for a time online and come back and find that the net does not work until a reboot, try turning OFF 'autolock' in ZA. If autolock is on, as soon as your screensaver activates ZA halts all internet traffic, but when the screensaver is dismissed ZA DOES NOT automatically restore access, to do that you have to manually right click its systray icon and remove the checkmark next to 'engage internet lock'. Also, for the doubters, if you really think all this is kooky, try this, allow 'Generic Host Process..' in ZA, do the ping thing in the command prompt with several of your favorite websites and note down the IP addresses that you get. Then disconnect from the net and reboot your computer, this should clear your local DNS cache. Then reconnect to the net and in ZA DENY 'Generic Host Process..' access to the internet. Then open internet explorer and in the address bar, type the one of the IP's you noted down earlier like such http://xxx.xxx.xxx.xxx and you will see that the site loads up fine, but then try accessing it by typing in its 'normal' address (http://www.somesite.com) and you will see that it does NOT load.