A while back I was asked to toss something together about computer security for a message board. I’ve posted it there, and decided to post it here as well.
This is mostly useful to people running Microsoft Windows.
Basic Security Tips
I’m going to attempt to keep this simple – if you have questions after reading this post here, and I’ll try to answer.
1) The Operating System
The biggest problem you will face is that your computer probably runs Microsoft Windows. Microsoft Windows was not originally designed for networking. Even though Microsoft has made changes for the last twenty years, Windows is still the least secure operating system ever designed.
Avoid using Microsoft Windows if at all possible. An Apple Macintosh, or a PC running either one of the Linux or BSD variants is far safer. If you want to try something other than Windows, you can find a lot of information at Distro-Watch.
Note that almost all of the Linux and BSD variants are FREE downloads. Many can also be run from the CD/DVD drive without installing, to see if you like it, and if it works with your computer. It will cost you a blank CD/DVD, but they are relatively cheap.
If you are already running a Mac, Linux, or BSD, you are relatively safe. All of them use a security model that is more robust than what Microsoft Windows uses, and you can skip down to the Password section.
If you are running Windows, using an Anti-Virus system is a must (other operating systems don’t need to run AV). Not only do you need to run an anti-virus, you must keep it up to date. When I tell people that it’s cheaper to buy a Mac, this is one of the reasons – you don’t need to pay for an Anti-Virus subscription.
While there are some free anti-virus products on the market, they are limited, and not necessarily worth what you pay for them. Good AV products are available in most stores selling Windows software.
3) Email Clients
Microsoft Outlook, and Microsoft Outlook Express are the most efficient virus distribution systems ever designed. Under no circumstances should you use them at home. At work hopefully you have a competent IT Staff, and of course the company is paying, you aren’t.
The safest way to handle email is to leave it on the cloud, i.e. use GMail or YahooMail (I do not recommend Hotmail). If someone sends you an attachment of any sort, think before you do anything. Some files, like PDF files can have nasty stuff inside. You are running Anti-Virus aren’t you?
Mozilla Thunderbird is safe, again as long as you are running Anti-virus, and as long as you don’t open any attachments. Thunderbird is a free download from:
If are using a Mac, running Linux or BSD, you can ignore this section.
4) Browsing the Internet
Under no circumstances click on the ‘E’ icon for Internet Explorer. Next to Outlook/Outlook Express, Internet Explorer (also known as Internet Exploder because of the danger of using it) is one of the most dangerous Windows applications. If you do have to use Internet Explorer for anything, like banking, use the most recent version, which can be downloaded from the Microsoft website. While the later versions are considerably better built, they still are not trustworthy.
If you are stuck with Windows, there are some really nice alternatives to Internet Explorer, all of which are free downloads. They are:
Seamonkey (which also includes an email client)
5) Movies and Music
Microsoft Media Player is another dangerous program, that should never be used. It has had a history of security issues which taken in total are terrifying. However there are good options, which are free downloads. For audio ITunes is an excellent choice:
For video the best option is Videolan Player (VLC):
Another choice is Miro Player. Miro shares source code with Videolan, so the basic video display capabilities are the same. The big difference is that Miro has an online library of free videos, including that incredible classic, ‘Santa Claus vs The Martians.’ Miro handles the downloads for you, and acts as a library as well.
Note that both Miro and Videolan can handle audio, and to a certain extent ITunes can handle video, but Itunes video capabilities are limited.
WARNING – If a video file won’t play in the above players, or tells you that you need to download a CODEC, it’s a scam to make you download a virus! Immediately delete it.
6) Productivity – the Office Suite
Microsoft Office is also an issue. It has been used many times as a virus delivery system, through the built in scripting language. If you have to use Office, turn up the security level on the scripting language, so that it warns you before running a script, this will help.
If you decide to look at alternatives, this is the one place where you might loose some functionality, if you are an advanced user. For most of us, we won’t notice the difference. There are both free and paid alternatives. They are:
Word Perfect – Paid Application:
Open Office – Free Download:
Libre Office – Free Download:
Note that the three above are siblings, using a lot of the same base.
Wikipedia has a long list of other options here:
7) Acrobat (PDF) File Viewing
Most Windows computers come with Adobe Acrobat Reader installed. This is a problem because there is such a large number of computers with the same basic setup, it’s a tempting attack point. I recommend uninstalling Adobe Reader, and installing one of the options listed on this page on Wikipedia:
Physical security is also an issue. If your computer automatically boots up and logs you in, you are insecure. A good password, which isn’t your pet’s name, is a must. The password should be a mix of letter and numbers. It should not be written down on a post-it note next to the computer!
It should however be recorded in a safe place, along with instructions so your family can get into the computer if anything happens to you. You might also want to consider drive encryption, newer versions of all operating systems support this. Again, make sure that the password used for drive encryption uses a mix of letters and numbers, and make sure you have a copy in a safe place.
At this point you are probably thinking that I don’t like Microsoft. I admit that I don’t like Microsoft, and considering my experiences with their software, I have good reason. I was using computers before Microsoft was founded, and have experience on a lot of different operating systems. I can remember the issues that came when the company I was working for switched to Microsoft DOS, about thirty years ago. I can remember the problems with Windows 95. I can remember the problems – well, you get the idea. I’ve never had that level of problems with any other vendor. Ever.
In general if you avoid Microsoft software, you will be more secure. Sometimes the problem isn’t Microsoft directly, for example Sony BMG decided to use anti-copying technology on some compact discs. Problem was, the technique that they used was bad, and any Windows system that had the discs placed into the CDRom drive became insecure, and in many cases totally unreliable.
And I’m serious about Mac computers being cheaper. Oh, you’ll pay more up front, but you don’t have to pay for an anti-virus subscription, and you won’t have to take it into Geek Squad regularly for repairs. And Macs are built using higher quality components, so they last longer.
Using the above suggestions can’t totally protect you, but they will help. If you have any questions, ask.
Merry Christmas and a Happy New Year to all!
Friday December 24, 2010
PS: The only completely secure computer is one with no network connection, locked inside of a bank vault. Remember that.