Fix 8: Keep Your Own Site Safe

It's not a good time to run a Web site. The Web may look like a digital wonderland, but behind the scenes it's a war zone. And the guns are trained on your site.

Crooks use automated tools to search sites for the most common vulnerabilities. If they find one, they blow the hole wide open to plant harmful code that will attack your loyal visitors.

To help keep your site safe, start with some quick, free scans that ferret out the most obvious problems. First, fill out a form at Qualys.com to request a free scan of one IP address.

Next, download the also-free Scrawlr tool from HP. After a quick install, use Scrawlr to scan your site for SQL injection vulnerabilities (a type of hole targeted in a recent Sony site hack).

A clean bill of health from both scans won't guarantee that your site is safe. For instance, neither will find problems with custom JavaScript code, another common type of attack. And while requesting or running either scan is easy, fixing a reported hole might involve a fair bit of work. But that job will still take far less work than repairing your site and your reputation after your site has been hijacked.

Fix 9: Make Your Passwords Secure--And Easy to Remember

Online passwords are starting to seem about as safe as tissue paper protecting a bank vault. The supply of stolen logins is now so huge that crooks can hardly make any money selling them unless they add other ripped-off data, like addresses or Social Security numbers, according to security researchers. And thieves don't stop with stealing logins to financial accounts--the bad guys regularly pilfer access information for Web mail accounts as well. In one recent case, a scammer broke into Web mail accounts and sent messages to the victim's friends asking for money.

Experts say we should use strong, unique passwords for all our accounts. But they don't tell us how we're supposed to remember them, so most of us end up using the same, not-so-safe password at all our accounts.

Here's an easy fix that allows you to remember just one password, yet still have a strong, unique password for each site you use.  The Password Hash (or PwdHash) add-on for Firefox and IE takes that simple password you type and runs it through an algorithm that uses the site's domain name as part of the calculation. The utility subs in the resulting strong password before you send it to the site. All you have to do (after installing Password Hash) is hit the F2 key in a password box before you type.

For a download link and more info on this useful tool, head to the PC World Downloads page.

Fix 10: Get Extra Cleaning Help for Stubborn Infections

Sometimes even the best antivirus program misses an infection. And once a virus or Trojan horse gets in, removing it can be incredibly tough. If you suspect some nasty got past your defenses, then it's time to bring in extra help.

Many antivirus makers offer free and easy online scans through your Web browser. The scan will take time, as the scanning service will need to download large Java or ActiveX components before it can get started, but they're easy to kick off. You can run them in addition to your already-installed antivirus application for a second (or third, or fourth) opinion. Here's the lowdown on your options.

Trend Micro HouseCall: Will detect and remove malware; works with both IE and Firefox.

BitDefender Online Scanner: Detects and removes malware; requires IE.

Kaspersky Online Scanner: Detects malware, but doesn't remove it; works with IE and Firefox.

F-Secure Online Virus Scanner: Detects and removes malware; requires IE.

ESET Online Scanner: Detects and removes malware; requires IE.