First, a little about my technical awareness/background. In school year 2003-04, I took some "intro to" computer classes in college - W2K, Linux, HTML, Adobe CS, Visual Basic C++ - and am familiar with basic terminology. Had to install and configure Linux and W2K OS's on a hard drive (not a network), write some simple programs in C++, create a rudimentary webpage by hand in Notepad, reconstruct a website, feetnet.com, on my hard drive with working links to all the images. Besides installing Linux, I had to learn to navigate directories, log on as root user or other user, and connect my Linux drive to my school's computer lab network. That's about the extent of my technical background.
As to internet security, my school uses Ad-Aware and SpyBot on campus computers, and until recently, I used the same and hadn't given the matter a second thought. I had be warned to use a firewall, but I figured if I confined my internet activity to Google, banking, Amazon, Yahoo, MSN and the like, I would be OK.
Recently, I discovered file sharing and MP3's on sites like Megaupload and Rapidshare via my favorite classical music community on Gamingforce and had gone tripsing blithely through cyberspace, downloading everything from Beethoven to the Beatles with reckless abandon only to discover that Ad-Aware and Spybot S&D can't detect and fix everything. I kept getting persistent entries on S&D that wouldn't go away - SexList, cmdService, and Look2Me. After reading about keyloggers and the like, I became paranoid and stopped paying bills online. I found a free utility to kill Look2Me but couldn't get rid of the other two. Upon having a free scan performed by Trend Micro's website, I discovered my hard drive was riddled with Trojans, malware and spyware that Ad-Aware SE and S&D had neither detected nor fixed. so in exasperation, I reformatted my hard drive. This was my wake-up call.
I'm seriously thinking about learning how to set up and use the Ubuntu/Firefox configuration that I've read about before casually surfing the web again.
A day-and-a-half later, my desktop is finally up and running again with Windows 2000 SP4. Since reformatting, I have been careful to confine my web browsking to Microsoft updates, Intuit, Adobe, Linksys, PCTools, Sun Microsystems, and the like in conjuntion with getting my wireless router, MSOffice, Quicken, Adobe Reader, and Sun Download Manager completely up and running. I also download ppt. and .wma files for class from my school's website and have visited Google, Wikipedia, and my Yahoo email being careful to only open expected emals- that's it.
Finally after getting all my programs re-installed and updated on my desktop, I pored over reviews by PC magazine, PC World, Adware report, and others (on my wife's laptop) and decided to download Comodo Personal Firewall and PCTools Spyware Doctor 3.8 and Registry Mechanic. For these I typed their respective homepages directly into the Explorer address bar rather than from third party links. I am still deciding which antivirus and antispam programs to use based on the reiviews.
After downloading the Comodo Firewall, I realized how little I know about the inner workings of the standard programs on my PC. Looking back on my computer education, I wish I had taken a class that showed how a standard commericially available program uses the registry, the internet, and its program files for routine tasks. I also wish I had dissected an eleborate spyware or malware program to see how it works and how to thwart it.
I selected the "custom" setting to see if I could teach CPF how to let Spyware Doctor and other programs do their jobs unimpeded. I saw on this forum a tutorial which I haven't viewed yet, http://www.embsolutions.com.au/cpf_rule/index.htm
, but will watch soon.
My sense is that I will have to go through an initially steep learning curve to use this program properly but that, if I stick it out, it will be worth it.
Is it possible to create behavioral profiles for commonly used programs that Comodo can remeber and alert me to unusual/erratic behavior?
At this point, do I select the "allow" option for everything? If I do block something and a program stops working properly, how do I know what to reverse/delete in the log to restore functionality?