Mike Beaver's: How to Secure Your PC 

1) Download and Install 2 firewalls: Zone Alarm AND Esafe. After installing Zone Alarm, you can double click on the little icon (in your system tray at the bottom right hand corner of your machine), and click on the programs tab and then on either the Server or Access side of any application that it shows. And force each and every application to ask for your permission to do just about anything regarding accessing the web. In other words, when you click on either Server or Access it will give you the option of choosing to block, allow or ask you for permission (X, check or ? mark). You will find that some applications require themselves to be servers, like real player and IRC. Generic Host Process for Win32 will have to be allowed to do what it wants if you wish to surf the web. Most other applications will run well without ever being allowed to act as a server. If you're in doubt, put a question mark on all of the applications, on both sides, then allow what you want ONLY when you absolutely have to.

It's hard to believe that some people actually feel that it's safe to surf WITHOUT any firewall. I like running 2 firewalls as both of these applications try reporting to their home bases (just like Windows XP does). But each firewall (application) will ask you if the other is ok to report home. And you just say no. This way each firewall protects you from the other one giving your data out.

2) Read Batten Down Those Ports. If you're already an information technology wiz (someone who works in that field and knows most of the common terminology), you can skip to page 4 of that document to get right to the USEFUL details.

3) As the above page states, go to Gibson Research Corporation, and have your ports checked to see if anything is open. If you have installed Zone Alarm and done what I suggested, in step 1 above, no ports should be seen by their web based testing tool; except for unplug and pray. If you surf around on their site enough you will know what port that is, download their tool for closing it; and that will close that port as well.

4) Also, as is stated on the 4th page of the page in number 2 above, go to www.iana.org/assignments/port-numbers. Then go to start / run and type in cmd. At the command prompt type in netstat -an. Then compare your open ports with those at the IANA page. If you type, at the c:\ prompt, netstat -an> c:\ports.txt," this will pipe your open ports information to a text (.txt) file onto your c: partition. You can then go into windows explorer and to the C: drive and double click on the ports.txt file, and it will open in notepad. Then you can save this file to your desktop and use it to, over time, close each of the open ports as much as your time and patience allow.

5) CLOSING PORT 139: With the above work, you will notice that port 139 is open. There is a checkbox for "Disable NetBios Over TCP/IP" in Network and Dialup Connections. If you have Windows XP, go to:
start / settings / network connections, and right click on the local area connection icon (that represents your Network Interface Card) and click properties. In the local area connection properties dialog box (on the general tab), click Internet Protocol (TCP/IP) , then click the properties button just below that. Click Advanced, WINS tab, then click the radio button beside Disable NetBIOS over TCP/IP, then OK, OK, and OK. If you wish to confirm that port 139 is closed you can again run the netstat -an command at the DOS C: prompt. If you don't run Windows XP, and wish to close port 139, you can find more information on doing this, in other operating systems, at How To: Demystifying NetBIOS.

6) Download and install AVP and keep updating your virus definitions from this page frequently.

7) Help your PC boot MUCH faster AND close another open port by turning OFF Instant Messenger. Learn how, and more importantly WHY with Outlook & Outlook Express: Security Zones Part 4. In Outlook it's easy. Click on Tools / Options / Other (tab). Down at the bottom remove the check from the small box next to "Enable Instant Messaging in Microsoft Outlook." Click apply / OK. You can also read how to disable port 1900, which Messenger broadcasts through, in the registry, at Disable Windows Messenger broadcasts on UDP port 1900.

Even though messenger can be disabled in Outlook, and stopped from broadcasting in Zone Alarm, if you don't disable it in the registry, and you turn it on in Zone Alarm, immediately it will want to begin broadcasting to the internet.

8) Buy a router at Fry's Electronics, or Best Buy, or one of the other retailers. Shop around as they can be had for 30 bucks or less these days. (Don't forget the network cabling you will need also; this may come with the router; or not).

If you are using a Cable Modem with a USB cable, you will need to have a NIC (Network Interface Card) installed and switch to using it instead of USB. Good luck if you don't have any open PCI slots on your motherboard.

Anyway, with Unix you can close all your ports individually. With any form of Windows this is impossible. Even though systems can't see your ports externally, because you are running a software firewall, spy-ware can secretly open ports on your system and or install keylogger software to get you passwords, and do other nasty things like changing your system to track you with cookies, IDs, etc.

The next step, in securing your system, is to install this router. These days they come pre-configured with ALL ports closed; and GUI interfaces that use your browser to easily configure them. In other words, you don't have to be a Cisco wiz kid to get one configured. So, even if a piece of malicious software successfully uses an open port on your system, that port can't send traffic through a router that has ALL unnecessary ports CLOSED.

9) Download Ad-aware 6.0 build 181 and Spybot - Search & Destroy 1.2 and use these to clean your system of Spy Ware that you will find hidden and installed on your system. After running Spybot, but before you delete what it finds, go to this page and read what that program found on your system. In other words, educate yourself on what is being secretly placed on your system.

10) There are other ports to be closed. But this is all that I have time for presently. If you use Google to find out how to close the rest of your open ports, as opposed to just hiding your PC with a firewall, send the information to me, and, as I test and verify it, I will add it to this web page.

11) You may also wish to check out some of the other links that I have posted at my virus and / or security pages.

Back to Mike Beaver's Hypnotherapy Home Page

If you are the original creator of material featured on this website and want it removed, please contact the webmaster.
 Copyright © 1998-2006 Charles Michael Beaver.