You might wonder if it's even possible to have a safe computing experience in this day and age, beyond unplugging your broadband connection and never installing any software. Of course it's possible, but it will take some work on your part. You need to install tools to protect yourself, learn good practices, and most importantly – exercise common sense.
We’re thinking primarily of Windows PCs with this article (the majority of computers, of course), but there’s also advice for Mac users here, and much of what is written applies to both in one way or another.
Okay – so here's what you need to do for safer computing, from the bare minimum on up…
The very minimum
Install an antivirus program and keep it up to date. Without this, your PC is virtually guaranteed to be infected. There’s no excuse as you can get good free antivirus software easily these days.
Use a firewall
Make sure your firewall is turned on (Windows has one built in).
Allow auto updates
Let Windows and Mac OS update when they want to, since Microsoft and Apple are constantly patching any security holes they find.
Don't accept EXEs
Downloading executable files (ending in EXE, COM, or BAT) is something you should do with caution, and be very wary of those emailed to you. That goes for DOC, XLS and PDF files as well; they can carry macro-based viruses.
Activate the hardware firewall
Your router should support NAT (network address translation) so Internet users scanning for open ports to exploit can't see your computers. It should also support SPI (stateful packet inspection) to distinguish legitimate network traffic from bad. Don't turn these features off.
Know what's running
Windows runs a lot of background programs than are invisible to you. Task Manager (Ctrl-Alt-Delete to view) reveals them, but you can learn more with Sysinternals. It spells out Windows processes in plain English.
Scan single files
Got a file you think might be infected? VirusTotal.com will tell you. Upload the file to the website or forward it as an attachment to firstname.lastname@example.org with subject line "SCAN." It will check the file its extensive database and give you a report.
Run regular scans
Make sure you run a virus scan regularly, at the very least once a week – and we mean a full scan, not just a quick one.
Protect your Mac
Macs might be much less prone to malware than PCs – but don't be complacent. There’s an increasing amount of Mac-targeted malware out there, so make sure you have a decent security suite.
Use strong words
A "strong" password mixes numbers and letters, and not in alphabetical or numerical sequence ("abcd1234" is not strong). Mix the case and throw in punctuation marks. Use an entire phrase if space allows; longer is better. For more advice, see: Making sure your passwords are up to scratch.
Don't use weak words
Never use a word that you can find in the dictionary or that is a proper name. Pet names, kids, and spouses make bad passwords. Don't use the date you changed passwords ("jan23"). By all that's digital, don't use "password" as your password.
Alter your passwords regularly to stay one step ahead of those who might want to pilfer them.
Don't use the same password on every computer you use or every site you surf. All it takes is one site to become compromised, and then someone will have access to all your accounts.
Don't AutoComplete passwords
Browsers will store your passwords and fill them in for you. This is a very bad idea on a shared or office-based PC – or even, say, a private laptop if it gets lost or stolen. Don’t use password saving when your browser offers the option – if you want your passwords memorised, see the next tip.
Use a password manager
If you don’t want to have to bother with remembering individual, strong passwords, then get a program to do it for you. See our closer look at the best password managers for recommendations.
Unless you are 110 per cent certain, don't click links in email. Though a message may look as if it's from PayPal, your bank, or even your friend, if you're at all suspicious, follow your instincts. The URL provided might look like www.paypal.com, but the link under it could go to a different site. Type the URL for your bank or PayPal (or whatever it might be) directly into your browser yourself. And remember – real financial institutions won't (or at least shouldn't) ask you to verify accounts via email.
Beware of greeting card frauds
Online Xmas cards are great for phishers. Disreputable sites can collect info from people who send cards, and then again from the recipient who clicks to watch one. Stick to the Hallmark store. Or just send a real card.
Beware of pop-up security fakes
Ever been surfing along and get a pop-up window telling you to scan or disinfect – you’ve got a virus – and offering you a handy product to do so? Seem too good to be true? That's because it is – it’s malware.
Beware of other software vulnerabilities
Info stealing is not limited to the web and email. It can happen with other programs, such as the VoIP service Skype. In fact, in the past a malware Trojan horse pretended to be Skype to steal usernames and passwords. The solution: Update your antivirus software regularly, and scan regularly. And don’t download any programs from dodgy looking sites on the web!
Watch for rogue software
Software you install may also be stealing your information – especially software that claims to help you by finding malware. For advice on dealing with these sort of threats, see: How to make sure you don’t fall victim to rogueware.
Get extra filters
Security suites often offer browser plug-ins to detect phishing sites. For example, Avast is a free suite which has a plug-in for all the major browsers. Use one such plug-in, and take notice of its warnings!
You might consider using a less popular browser – Opera, for example, is a pretty slick but less-used affair. These are less likely to be targeted by malware authors, as exploiting them provides less of a pay-off than the likes of IE, Chrome and Firefox. This can help to minimise your risks, but don’t think you’re invulnerable by using something like Opera!
If you're stuck using IE for whatever reason, you can avoid many potential exploits by turning off ActiveX controls, the technology that lets the browser automatically run software components. Go to Internet Options, Security tab, click the Internet globe icon, and then Custom Level. Set most of the “ActiveX controls and plug-ins” entries to "Prompt" or "Disable." If something you need doesn't work later, go back in and adjust the settings.
Look for the lock
If you're going to send sensitive information via a website, you want to make sure the site encrypts that traffic. Look for the “https” (notice the "s") in the URL, and a green lock icon in the address bar next to the address. Don't send any info – such as a credit card number – unless the site is encrypted. However, even the bad guys can run an encrypted site. Just because it's secure doesn't mean you can trust it.
Eat your cookies
In the past, cookies caused plenty of worries. Now, however, they're usually harmless – but regular checks via scans with your antivirus will clean out any cookies carrying out intrusive tracking.
Occasionally, we all need to make sure that some of our important files aren't open to all. Fortunately, it is possible to hide sensitive data on your machine. If you want to know how to do this, read our guide to hiding your data.
Protect Mac folders
On Mac, you can make a password protected "folder" by using the Disk Utility application to create a disk image of the original. Apply a password. The resulting DMG file contains the entire contents, restorable with a click.
Get social butterflies
Don't put personal information on social networks and make it easy for people to harvest your details. And don't post that compromising picture, either. Things on the web have a way of becoming permanently available.
Erase your tracks
Always erase your browser history after surfing on a shared PC.
When you use a public or shared PC, don't save passwords when prompted, obviously enough! Also be sure to log out of sites so you don't leave your -mail or online files open to someone else.
Just about every web service wants your email address. If they need it only to send a confirmation, give them a temp address. 10 Minute Mail will give you a disposable address, which you can read for 10 minutes.
Get a secondary email address
The proliferation of free web-based email (Gmail, Outlook.com, Yahoo and others) means there's no excuse for giving out your regular email to anyone but friends.
Never, ever, ever, send a reply to a spam. Even if it's for a product you want. Doing so confirms you read it, and your address goes on the spammers' lists for eternity.
If you post your email address online, write out "name at domain dot com" so spiders can't find it. Anyone who can't translate that to email@example.com doesn't deserve to send you messages.
Filter it out
Use email with a spam filter. Most services have them these days – Gmail is very good, for example. Security suites can include spam filters, too.
Dummy it up
It may annoy friends, but the more complicated your email address, the harder it is for spammers to guess and crack your code. Think firstname.lastname@example.org as opposed to email@example.com.
Enforce a common area
Always make sure children use the computer in an area where you can easily keep an eye on them.
Use a timer
Use time-based rules to prevent Internet use (or computer use) during off hours. Windows can do this, and all parental control software (and many security suites, too). You may even find a setting in your network router.
You don't give the kids carte blanche on the PC, so don't extend it to game consoles, either. For more on this, see our closer look at making the Xbox 360 and PlayStation 3 safer for your kids.
Change the default password
By default, most routers come with a username like "admin" and no password. If you don't change the defaults, anyone on the network could take over as admin.
Change the default SSID name
I can't tell you how many times that I'll look at wireless networks in range and see SSIDs such as "NETGEAR095," in other words, SSIDs that are preconfigured and easily give away the make of the router. When I see this, I also think perhaps the person who set up the router left the default admin credentials to the router's software (see above). Someone nefarious person could access an unsecured network, and with a quick web search, discover the default password to the admin account just by knowing the type of router. Give your network a name that does not reveal the make or model of your router.
Filter the big MAC
Every network device has a MAC (media access control) address. You can tell the router to allow only devices you specify. This isn’t fool-proof, but it doesn't hurt.
WPA it good
I think it's common networking knowledge that there really is no excuse for failing to use WPA2 encryption. Just about all modern wireless clients support it, with only the oldest wireless devices lacking in this respect.
Tunnel for safety
You can use a third-party utility to create a VPN connection from your laptop to the Internet when you are using public Wi-Fi, so spies can't steal your data from the air. For more details on this, see our roundup of the best free Virtual Private Network (VPN) clients.
Lock the laptop
Most notebook computers have a Kensington Security Slot (or K-Slot), a hole for attaching a lock. Buy a lock. Use it – at the office or in the coffee shop. Even at home if you invite someone over you don't know.
Prepare for theft
Sometimes it happens, and you can't do much. So be sure to record all the model and serial numbers on your devices. Check your homeowner's insurance policy to see if you can recover money, even if a laptop is stolen when you're not at home. If not, change the policy.
Track your laptop
Laptops are, of course, a tempting target for thieves. Should your notebook end up being stolen, however, if you’ve taken steps to prepare for the eventuality, there may be a possibility of recovering the machine. Luckily there is software out there to help you recover a pinched notebook – see our feature on 5 security apps that can help with the recovery of a stolen laptop.
Spy with Skype
Catch intruders in your office red-handed using Skype and a webcam. Set your PC to answer calls automatically with video, then call it from a second Skype account. With the monitor and sound off, they won't know you're watching.