Basic Security Controls
The first step in securing your computers from incoming malware is router configuration. The simplest routers cost around $60 and come with wireless networking capability. Connecting them as shown in Figure 1 builds a barrier between the Internet and your internal systems.
Larger organizations will likely place a standard, non-wireless router at the Internet/internal network boundary. However, the principle is the same. Keep the bad stuff, and the black hats, off your network in the first place.
The next step is making sure your router is properly configured. Most small office and home routers come with a secure configuration. The only thing you have to do is CHANGE THE DEFAULT PASSWORD.
It's easy to check your configuration for holes. Simply use the free online service provided at Steve Gibson's Web site. The service, ShieldsUp!, let's you know if one or more of your router configurations is unsafe (i.e. open). Your results should look like those in Figure 2. You may have some blue boxes. That's OK. However, red boxes mean you have ports open which may allow unwanted visitors.
If you're unsure about how to configure your router's settings, buying a popular router brand like Linksys or D-Link ensures pretty good telephone support.
Now that your perimeter is secure, the next step is to prevent intentional or unintentional visits to known high risk sites. High risk sites include those known to host malware or certain site types (online free games, pornography, pirated music sharing, celebrity sites, etc.). You can purchase software to do this, or you can use a free service like OpenDNS. Using a free service ensures you are getting regular site updates. It also keeps site processing resource use off your computers.
Finally, make sure your computer's firewall is turned on and up-to-date. Windows-based systems (XP SP2, Vista, and Windows 7) have the firewall turned on by default. Unless you specifically turn if off, this provides your last layer of defense--before hitting your anti-virus software--against unwanted activities which make it through your other controls. And don't assume if you have an operating system other than Windows that you're safe. The only thing keeping Windows at the top of the black hat hit list is popularity--the most number of installed systems. Make sure your Linux and Apple OS computers are also running firewalls.