Recommended Web Sites
Information is extremely easy to find on the Internet. For any conceivable subject, you only need to go to your favorite search engine to get hundreds of pages on that subject. The problem, then, is to figure out which pages are actually saying something worthwhile.
There is a tendency in any field, including computer science, for people to believe what they are told. We hear things like "Java is easier than C++", or "Microsoft Windows is a secure operating system", and we believe it without really thinking about it. That sort of blind acceptance is extremely dangerous in computer science. Never believe anything without reading more on the subject; preferably, read many different viewpoints on the subject.
The following are some links to web sites that provide information that is often the opposite of what "everybody knows". The information is provided by people who truly know their field and explain their reasoning. These sites can be a great resource for getting an opposing viewpoint on what you "know" is right.
This is a security oriented newsletter by Bruce Schneier. Bruce does a great job of really explaining security topics; he also has his own opinions, but the background he gives allows you to make up your own mind. Past issues are available, and are wonderful reading. He covers not only computer related security topics, but also real-world security topics such as airport security.
Steve Gibson runs Gibson Research Corporation, a company that researches computer security solutions. Steve pushes the envelope of computer security; his site is repeatedly the subject of denial of service Internet attacks, and he's written custom networking code that manages to keep things up and running.
If you are wondering whether a hacker could attack your machine, you can use the Shields Up page at grc.com to test your computer (even if you're on a dial up connection, try Shields Up...hackers hit dial up connections all the time). If you're interested in exactly how denial of service attacks or Internet worms work, there are also pages that explain both in great detail.
Steve also provides a news server at news.grc.com where he provides updated information on security topics, and a place for you to discuss security with other users. There's also an email list you can get on; there are only a couple of emails a year, where Steve announces new features available in the web site.
Regardless of what type of Internet connection you have, hackers are probably trying to break into your computer all the time. If the Shields Up page at grc.com pointed out any vulnerabilities in your computer, you should be running a personal firewall. Zone Labs provides a good firewall for personal use, and there's a free version available. The firewall is called Zone Alarm, and with it you can get a record of every attempt made to connect to your computer. When Internet worms are filling up the Internet, you'll get a record of every time they tried to infect your computer.
After installing any personal firewall, go back to the Shields Up page at grc.com and retest your compter. If your firewall is working, then Shields Up should give it a "Stealth" rating. That means that, as far as any hacker is concerned, your computer does not exist. If you have any ports on your machine that are not stealthed, they should be ports you have specifically told the firewall to open (a firewall that opens ports without your permission is not a good firewall to use).
One particular application to pay attention to is the Front Page web server. By default, it will provide server access to the Internet. Usually, you're using it to edit web pages on your local computer, and you do not need it being a web server for anyone on the Internet. To see if it's doing this, start up Front Page and then run the Shields Up test at grc.om. Port 80 will be marked as Open if the web server is providing services to the Internet. To avoid this, go into your firewall and tell it to block Internet server access for Microsoft Front Page web server. In Zone Alarm you can block Internet access but still allow it to provide a server for the local computer (the Trusted network, in Zone Alarm terminology). After making the change, run Shields Up again and port 80 should now be marked as "Stealth".
With a good firewall, you won't have to worry about hackers getting onto your machine.
Virus Protection
A good firewall will protect your computer from hacker attacks, but you also need to protect your computer from viruses. There are two steps to protecting your computer from viruses.
The first is to use an email client that gives you control over whether code is run or not. Microsoft Outlook, for example, is notorious for running code without you asking it to. This allows viruses to infect your computer if you just read an email in Microsoft Outlook. What you want is an email program that only runs code if you ask it to. That way, if you get a virus, you know it's your own fault. I personally use Eudora; it's free and does everything Outlook does.
The second part is to have a virus scanner that will warn you if someone sends you a virus. There are two parts to a virus scanner. The first part is the scanner itself, that runs on your computer and tries to identify viruses. The second part is the virus database. The scanner can only find viruses that are in the database. Many virus scanner databases are only updated after a virus becomes a problem.
The best virus scanner I have found is AntiViral Toolkit Pro. This virus scanner has caught every virus that has ever made its way to my machine, while friends running other virus scanners were infected. Daily updates are made to the virus database as the AVP researchers identify new viruses. Of course, any virus scanner is only good as long as you keep the virus database updated.