Although you can never eradicate the threat of malware when probing the web's dark recesses, slapping on as many layers of security as possible will make you less of a target. Here, we show you how to pile on the protection for free.

The other night a friend called, apologetically asking for advice because her computer had been infected with malware. (Truth be told, I knew already: receiving multiple spam emails from your friends somewhat gives the game away.)

It could have happened to anyone. My friend had received an email purporting to be from an acquaintance with some ‘photos' attached. Open email, get infected. Even the most web-suspicious cynic can be caught out this way.

My friend had no idea that she required anything more robust than Windows' built-in security tools. She did, and does, but there's a lot of ignorance about.

Visit Security Advisor

Every PC user should be running up-to-date antivirus and antispyware and a software firewall. Even then there are no guarantees - staying safe online requires you to manage risk. Just as you wouldn't wave your wallet around in a rough part of town, you should proceed with caution if you're surfing dodgy sites.

In this instance, slapping on as many layers of security as you can will make you less of a target. Here, we show you how to do just that, and for free.

Security software reviews

But you'll still need to follow some basic security rules, including regularly changing and protecting all your passwords. As we reveal, ‘soft' targets such as your webmail account are just as important. Follow our advice to keep the hackers out of your contacts book.

Get a multilayered security setup

Let's make one thing clear: if your PC is connected to the web, you need to protect it. Beyond simply switching it off, by far the simplest way to do this is to purchase a brand-name internet security suite with all the updates and technical support such products include. Check out our online security software reviews for a recommendation.

PCA security software reviews

The down side to such products is that they cost you between £20 and £50 a year. But tech-savvy users may find that they can build a security arsenal with no outlay.

Even so, you can never have too much of a good thing. Most security experts recommend adding extra layers to the traditional antivirus (AV), antispyware and firewall setup. With the exception of the products mentioned in Layer 1, the apps below are all designed to work alongside your security suite.

Internet security is as much art as science. Beyond the big three of AV, spyware protection and a firewall, you could install all the products below or pick and choose some or none. It's really a question of how risky your online behaviour is and how much you have to lose.

As with all installations, we recommend that you back up your PC and set a System Restore point before adding security layers. Build them one by one - if you get a conflict, you'll know which tool is the culprit and be able to excise the problem.

Also see: Secure your webmail to stop scams

Although you can never eradicate the threat of malware when probing the web's dark recesses, slapping on as many layers of security as possible will make you less of a target. Here, we show you how to pile on the protection for free.

Layer 1. AV, antispyware and a firewall: Everybody should have AV, antispyware and a firewall product installed, and these tools should be included in even the most basic internet-security suite. If you don't want to spend any money, you could combine freebies such as Avast Antivirus, Spybot and ZoneAlarm's free firewall. But remember: free tools are typically less user-friendly than consumer products.

ZoneAlarm's free firewall

If you're running Windows 7 or Vista, you may not need a separate firewall. But if you're relying on the operating system to filter out net nasties, get hold of Windows 7 Firewall Control Free.

This free program offers fine-grained control over the firewall built into Windows 7 and Vista, particularly the way it blocks outbound connections.

More security downloads

Layer 2. A behavioural blocker: PC Tools' Threatfire is designed to complement an existing antivirus setup, using cloud-based data to work out what's nice... and what's not. It's constantly on the lookout for suspicious behaviour and is able to automatically block malware without a virus being announced or a patch issued.

PC Tools Threatfire

Layer 3. A behavioural scanner: SurfRight Hitman Pro 3.5 is designed to work alongside the other tools here, catching files that make it through all other defences. The scanner reveals and removes active threats using behavioural analysis. It can be installed on your PC and used regularly, or kept on a memory stick to scan when something feels wrong.

Visit Security Advisor

Layer 4. Understudy antispyware: Ad-Aware does a great job of scanning your PC for threats, warning you about them and then deleting them. Even if you already have an antispyware product on your PC, it's a good idea to use this as well.


Layer 5. A sandbox: Sandboxie creates a virtual ‘sandbox' between websites and your system Registry, preventing rogue software from installing. This is ideal for any occasion when you are surfing unfamiliar websites. Even if something nasty gets on to your PC, you can limit its damage.

Layer 6. Shut those (back)doors: It's vital you keep your applications up to date so any exploitable holes or back doors are immediately patched and closed. Manually visiting websites to grab an update for every program you've installed is time-consuming. Instead let Secunia PSI scan your system, list all your applications and automatically check for security patches and apply any it finds.

Security software reviews

Layer 7. Rewrite history: CCleaner is well known as a Registry cleaner, but it also helps protect your privacy. It removes traces of your internet history, including cookies, temporary internet files, browsing history and auto-complete form history. It also cleans Windows' Recent History list - worth doing if someone else is likely to use your PC.

Layer 8. Lock up your bank details: Safe Calculator is a neat utility that pretends to be the basic Windows calculator when you launch it. It's actually a safe that can take a single file and encrypt it, disappearing it into the app itself. You can run it from anywhere, even an external hard drive, so if you've got an important file that's for your eyes only, you can make it vanish with Safe Calculator.

Safe Calculator

Of course, technology isn't the only way to secure your system. The best security tool is your brain, and the weakest part of your defence is your own mistakes. Be sensible. Avoid dodgy websites (McAfee SiteAdvisor can help with this) and don't download pirated software or files. Research software online before installing it, and never click on an email link to a banking or shopping website. Indeed, avoid clicking links in emails altogether.

>> NEXT PAGE: Secure your webmail to stop scams

Although you can never eradicate the threat of malware when probing the web's dark recesses, slapping on as many layers of security as possible will make you less of a target. Here, we show you how to pile on the protection for free.

Secure your webmail to stop scams

Imagine having to explain an email message that asks your friends for money - a message sent from your webmail account.

That's exactly what's happening: scammers are breaking into such accounts and, from those addresses, sending email messages to the victims' entire contact lists. The messages often tout a website or ask for money directly.

It's a new, dastardly twist on an old scam. Crooks have long used harvested addresses in the ‘From:' field on junk email to make messages look realistic. But because antispam measures have been getting better at blocking such spoofed spam, the bad guys are now breaking in and sending email from actual accounts.

Hijacked Hotmail

Maureen Arnold was hit by such an attack. When she checked her MSN mail one day, she found several warnings about undeliverable messages sent from her account that she hadn't written, along with messages in her Sent box.

Visit Security Advisor

The scam email - touting a site selling electronic products - went out to her family and friends. Similar attacks have asked recipients to wire money to a particular account; some have even deleted an account's contact list afterwards.

The attacks underscore an oft-ignored fact: webmail accounts are a major target because they have value. A recent report by the Anti-Phishing Working Group says the most common types of logins stolen by keylogger malware are for financial websites, e-commerce sites and webmail. In addition to hijacking an email account to send out messages, crooks can often glean information that helps them break into a victim's financial accounts.

The first step to protecting your webmail is to keep your PC clean of malware. But this isn't a complete solution: Maureen checked her PC with multiple security scanners after the break-in and found nothing.

Security software reviews

Another important step is to assume that any public or borrowed computer that you've used to check your webmail account was infected with a keylogger and that your account login was stolen. Change your password as soon as you can, on a trusted, secure computer.

Jeremiah Grossman of WhiteHat Security identifies another point of entry: crooks often lift webmail account details after breaking into other sites. Many sites require your email address for logging in and, since many of us use the same password to log into several sites, these details are potentially exploitable.

Change your password

Ensure that you use a unique password for your webmail account. Free tools such as Password Hash can consolidate passwords. Second, when signing up for new accounts, use a ‘disposable' email address - ISPs such as BT offer such a facility. There's a similar feature in the premium Yahoo Mail Plus service (£12 per year). Anonymizer's Nyms service costs a similar amount and works with any email account. 

Erik Larkin and Rick Broida contributed to this piece