|
This is a quick brief on major security issues and solutions for anyone connecting to the Internet by any means. This article is about home PC security only. The general principles could be applied to the corporate world but we would strongly recommend that higher-end solutions be deployed. Home computers are important as many are used as gateways into corporate networks via VPN (Virtual Private Networking). Home computers are also unknowingly the source of most of the world's Spam e-mail and automated attacks on other computers and systems. There are many ways to get your home computer infected. Every computer has open ports, much like a house with open windows, as these ports are needed by applications to allow interconnection to other computers. These open ports are often exploitable. Every computer has applications such as word processing or e-mail, and many of those applications can be also be exploited. Your web browser is an application and a major point of infection. Browse the wrong web site and presto, one infected computer. Viruses are less of a problem these days, it's now the world of trojans, bots and/or root kits, often one and the same. We use the word "malware" as a generic term for all of these classes of objectionable programs.
Part of the problem, and it's a big one, is that most people insist on running their computers in full administrator mode. This means that all those applications, with the security holes and open ports to the Internet, are also running in full administrative mode. Exploiting any of those applications means the malware author will "own" your PC and also have full administrative access. Creating a non-administrative user on your local PC is the safest, and only use the administrative user to install software. The bottom line is that your computer should not be run in administrator mode except when needing to install hardware or software.
Every PC attached to the Internet by any means needs all the security patches installed. This applies to all the operating systems out there, Windows, Linux, Unix, and yes indeed - the Macs. Even hardware such as routers, printers, network cards, and yes, even hardware firewalls need these security patches installed on a regular basis.
The fastest way to infect your computer is to surf the porn or hacker related sites. Even a well patched machine, with browser patches up to date a month ago, runs a high degree of risk being infected with a trojan of some sort within short minutes of surfing these sites. The Issues:Malware (malicious software) and identity theft are the single biggest issues for users of the Internet today. Common malware reads e-mail addresses stored on your computer and spreads accordingly. Some types of malware will also read keystrokes searching for credit card information, on-line bank account information and almost all of them provide some sort of back door so hackers can remotely control your PC without you ever knowing. Common malware may also set itself up as a server to distribute spam, pirated games, music, pornography or attack other Internet sites - also without you knowing.
In the past, most computer security revolves around protecting the PC with a blocking device called a firewall, and scanning for known threats with a virus scanner. However, infection is a given these days, and most home and small business firewalls don't protect against malware running on your PC and connecting to the outside world. Virus scanners tend to work poorly or not at all against a wide variety of malware. Due to these deficiencies I use a security philosophy called "inside-out security" whereby I protect against unknown forms of malware already inside a network and blocking them from communicating to the attacker on the outside. This gives you time to detect an intruder and remove the malware before it becomes a problem. A lot of this depends on being informed and educated on the complexities of computer security so I hope this article can be a start. Some key points on PC security:Anti-virus software provides no more than perhaps 25% of the needed protection against Internet based threats and is only useful for that 25% effectiveness if updated at least daily with new virus detection signatures. Commercial grade systems update hourly and are often pushed out in real time from the vendor. Anti-virus software, if not up to date, is often deleted once a machine is infected. Anti-virus software does not protect you from any defects in the operating system or software, the most common point of entry for hackers. Most anti-virus software also does not detect nor protect you against malware programs written by supposedly legitimate companies to track your Internet activities, display unwanted pop-up advertising, force you to use their home page or search engine, or worse yet - installs porn related programs without your knowledge. This kind of malware is called spyware or adware.
Software firewalls provide limited protection at best. Most users are unfamiliar with the operation of such software and often disable key features that allow malware programs to operate. Such firewalls can also be attacked and removed by new exploits that the firewall is unaware of, or even an exploit of the firewall software itself.
The vast majority of users are unaware that their computer is infected with malware or is being used by a hacker. Indeed, they want to use your computer as along as possible and actively avoid detection.
Malware most often comes from just surfing the net or reading certain kinds of e-mail. It's the browser itself, often a component within your e-mail software, that is the problem and you can be infected just by browsing random sites or viewing your e-mail. Malware may also enter your system via open ports on your computer, something few people are aware even exist. You may also install malware without your knowledge by installing some so-called free utility or screen saver. Most home computers are infected with an average of over twenty applications that are unwanted, un-requested and potentially harmful to you or your computer. Sadly, business computers are not much better. Security Solutions:No single solution provides protection beyond perhaps fifty percent coverage. Only when used in the following combinations, and kept up to date, will these tools and procedures keep your malware protection at close to one-hundred percent.
1) Update your operating system right away with any new security related patches. Ditto for any software used to communicate in any manner with the Internet. In particular this applies to users of Microsoft Office and Outlook products, plus whatever your favourite graphics viewer might be. Java and applications such as Adobe PDF reader are other applications that need to be constantly updated.
2) Purchase a hardware router/firewall. LinkSys and D-Link make inexpensive and effective models and are found in any computer store. If you choose to go wireless make sure you read the manual and enable all the password protection and encryption security features. Do not use WEP encryption as it's easily crackable, use WPA encryption instead. Check the manufacturer's web site regularly for any updates. I have a personal preference for LinkSys as the product is more flexible due to the availability of 3rd party firmware upgrades based on open source code. Not all the Linksys hardware is upgradeable to third party firmware, ask before buying.
3) Purchase anti-virus software and update it daily. http://www.grisoft.com makes a free one called AVG for home use. This product does NOT detect nor remove spyware or rootkits so you need their other free anti-malware product to do this. Also install their new root kit detector and do a scan with that. These three products are also good at cleaning out what may be infecting your computer right now.
4) Purchase a software firewall even if you have a hardware firewall. Software firewalls fill some key security holes not available with other products. ZoneAlarm and Comodo make good ones that are free for personal home use. Both programs ask you if a program's request to connect to the Internet is legitimate and gives you a chance to say no. Where this fails is that many people don't know when to say no. Neither program is that great at telling you if a specific application is truly safe - but they are getting better. I prefer Zone Alarm myself but both have their good points.
5) Do regular manual scans for malware. Do not rely in any automatic scans as the free products often remove that feature to encourage you to purchase the pay version. And by all means, purchase the full products if you can afford to do so.
If you are running Windows XP, or better, you can download a free version of PC Tools Spyware Doctor from Google's Google Updater. Works well. There is also a Symantec program you can use for scanning for existing malware. Microsoft also has a free anti-malware program called Windows Defender. Spyware Doctor has worked the best for me and I use the full commercial version on at least one of my PCs.
You need all of these programs running to reach 90-95% protection. All them, except the software firewalls, detect only what is known. The software firewalls require some knowledge on the part of the user to know if an application is in fact malware. Comodo is great here in that it allows you to send the suspect malware to them for testing.
6) Do regular external security scans free at http://nmap-online.com/
7) The following software monitors traffic through your firewall router and looks for anything suspicious. Also makes for a great education. Worth every penny. Do try the working demo. http://www.linklogger.com/ On Spyware and Adware:One of the best security vulnerability database out there: http://xforce.iss.net/xforce/search.php Do a search on your favourite operating system version plus any applications you have installed on your PC and prepare to be horrified. Another good one is here: http://nvd.nist.gov/
Remember: You, and not the hacker, are probably your own worst enemy when it comes to computer security. Most people treat the Internet as a highway to be driven down while wearing a paper bag over their head. This attitude, unfortunately, creates havoc for the rest of us.
|
