There is a whole world of security knowledge, programs, and practices out there. It's easy to get lost, or go overboard and overload your computer with too many security programs. Let's start by just extending the basics a bit. (mostly complete 03/10/08)
Your OS and browser are essentially your front line, following your little bird brain. It's quite common for OS and browser exploits to show up after the vulnerability's been patched. This is partly because it's easier to reverse engineer a patch than to find the vuln the hard way, and also because of the habits of people not patching ASAP. That isn't to say that exploits don't show up before a patch--they do--just that it's a common occurence for them not to. Do you remember the Blaster Worm from ~2001? It's still roaming around, hitting and spreading from unpatched systems.
However, there is more to it than just patches. There are settings within Windows that can help improve your security situation. For example, having Windows show hidden files and extensions. You can get to that setting by opening Windows Explorer, then go to Tools, Folder Options, then the View tab. How will this help? Say I send you a picture of boobies, only it's not really a picture of boobies, but a nasty virus waiting to log your keys, delete your porn, and other bad things. It's trivial to send you an executable file that will show up with the right icon for an image file. Maybe I'll even stick a ".jpg" on the end to further ease your mind. So now I've sent you boobs.jpg.exe. Unless you had the settings above, you'd see boobs.jpg, which you might think is safe and double-click on, and then you'd be the boob.
Your browser can be likened to your front door, and is often the first thing that comes in contact with malware out there on the internet. What happens next depends on what kind of malware it is, which browser you use, and most importantly, you.
It IS possible to have a secure, safe browsing experience with Internet Explorer. I just don't recommend it to anyone. Besides - IE is a bit weak on features. What I DO suggest is that everyone find a browser they like. Firefox isn't for everyone. Personally, I prefer SeaMonkey, Firefox's direct predecessor. They use the same engine (Gecko), but I prefer the more mature look and feel of SeaMonkey. Other alternatives include Opera, which is an entirely different engine from Gecko and Trident(IE's engine), Safari for Windows (not recommended, barely out and already has a bad security rep), Gecko speed-demon K-Meleon, and IE shells such as Maxthon. IE Shells like Maxthon often include security enhancements, including the ability to toggle javascripting and ActiveX on and off easily. Netscape, the only browser to offer both Gecko and Trident engines, is pretty much dead.
The most important thing about anti-virus protection is to keep it updated and active. You could use even the most pathetic anti-virus program out there (ClamWin and Microsoft OneCare battle for the bottom) and you'd still be better off than having nothing at all, or having an out-dated version of something better. Obviously, it'd be best to have something at least half-decent. To find out what's good, take a look at av-comparatives.org.
An anti-virus program's effectiveness is not all there is to consider. You should consider how it might affect your system. Most of the good ones have free trials. I suggest picking one and trying the demo. If your computer doesn't like it, uninstall it. No money wasted that way.
There are two other facets to detecting and cleaning malware on your system: anti-spyware and even more specialized anti-trojan programs. Both are highly likely to detect and remove (or at least disable) keyloggers. However being the specialized tools that they are, anti-spyware and anti-trojan applications will not provide the more general protection that an anti-virus program will. Anti-virus programs these days also detect trojans and spyware, but not as well as the dedicated tools.
I will not suggest any particular anti-virus, anti-trojan or anti-spyware. For this component of your security setup, it's important that you try out and choose one for yourself. For me, McAfee and my computer don't get along well, while Norton and CA's EZ AV run fine. On my second computer, CA's EZ AV made it unbootable! Thus I strongly suggest you use demo versions to try out different AVs, making sure to uninstall one before trying another.
In WoW class terms, you could look at these security programs like classes: Anti-Virus is a feral druid: good tanking, with some ability in the other roles. Anti-Spyware and Anti-Trojan would be pure DPS classes.
The differences in firewall products only emerge once a system has been compromised. If your system gets infected, Windows Firewall will do little to mitigate the damage. Unsolicited inbound worms such as Blaster, Nimda, etc etc. are the only infections a Firewall will prevent outright. For our analogy, let's say that Worms = Fire damage, and Firewall = 100% resistance. Firewalls with outbound control have a chance at keeping the damage minimal, but once the system's infected they're also vulnerable to being shutdown.
Some firewalls, notably the ones included in Norton and McAfee's security suite products, have AV-like definitions that they automatically download. These definitions allow the firewall to configure itself to automatically allow certain well-known programs to access the internet. I don't like this feature at all as it's prone to cause problems, and a potential security risk.
There are plenty of free firewalls out there, designed for everyone from a total noob (ZoneAlarm) to semi-advanced user (DSLR thread on how to find Kerio 2.1.5, which is less buggy and lighter weight than 4.x) to budding guru (Jetico) and beyond. I personally use Kerio 2 on one computer, and Comodo on another.
Firewalls, in WoW terms, are armor. Doesn't stop you from getting hit, just lessens the damage you may take.
In WoW class terms, a Firewall is your CC'er. I would say it's your main tank, but the firewall's role is actually less important than that. Your antivirus is more valuable, and your own brain even moreso. The firewall's job is mitigation, which crowd controllers accomplish by manipulating or taking enemies out of the fight entirely.
Up until now we've discussed what to do before you're infected, but what happens if, for all your security measures, you get owned? It's pretty much inevitable. You skip an update, you turn off your AV, or something new and undetected comes along and bites you. What then? That's when the Recovery side of security comes into play.
A LiveCD is a CD with a complete OS on it, that you boot, and run directly from the CD itself. Most LiveCDs boot into a flavor of Linux, but there are one or two that boot to a much-compacted, highly-tweaked Windows. For our purposes, either one will work, though the fastest is Damn Small Linux. It's also the smallest at a mere ~50MB. Perfect for popping into a compromised computer to get a safe, clean environment to change your password and recover your account from. If your WoW account is ever compromised, I highly recommend burning a dsl disk, booting off it, then changing your passwords for your email, bank, WoW, and whatever other accounts you wouldn't want to lose. dsl "just works" with most hardware, though wireless networking may be a bit iffy, and includes Firefox. If dsl doesn't work, there's always the much bigger and slower Knoppix. Borrowing a friend's computer may be preferable to using Knoppix though.
There is also the System Rescue CD for the more adventurous of you. Although not directly intended as such, it can be used as a tool to clean up a virus-infected system.
Disk Imaging is a slightly different type of backup process. Rather than backing up just your data and perhaps leaving some stuff out, imaging seeks to preserve a snapshot of your entire disk (or partition) as it was at a certain point in time. The advantage here is you can make an image while your computer is running well, and if something happens to your computer, you can boot off the recovery disk, restore the image, and be on your merry way. For a list of free back up and imaging apps, click this link. Or, if paying for something gives you peace of mind, Acronis TrueImage is highly rated. I was able to obtain it for free via limited time offer, but the regular price is fairly reasonable.
So the worst has happened, but wiping and reloading is not for you. You don't have a disk image, and you can't comprehend LiveCDs. Fret not, there are volunteers who can help you. You can find them at the DSLReports Cleanup Forum and also at CastleCops. Be sure to follow the mandatory pre-analysis steps at DSLR first.
