The Internet is based on the concept of sharing information. But the Internet was originally designed by and used by people who trusted each other. The Internet also started out as a private network. It is not private anymore. Yet we now connect our computers to this network and our computers often contain very personal bits of information that we would not want made public. This includes pictures, credit card numbers and other forms of financial data, email addresses, private correspondence, even sensitive information about work. This data needs to be protected, yet when we connect to the Internet with an insecure, improperly configured computer, we are making it possible for others to access this information quite easily.
But protecting your computer isn't just about securing your information. If made into a bot or zombie through infection, your computer can be used by others as a launching point for attacks on other computer systems or as a delivery mechanism for spam. It's a pessimistic description of the situation, but you must be aware of the risks that exist in connecting a computer to this network. Mobile devices are another can of worms.
So what can you do? Before I launch into my rant about some facets of PC security, you may want to quickly check out my security tips. Then be sure to return to this spot.
Please realize that your software is not perfect, in fact it's quite flawed. So much so, that many pundits criticize Microsoft and many other software companies for the sorry state (security-wise) of their products - some would say rightly so. Important first steps toward securing your PC include eliminating the vulnerabilities inherent in your software. I'm talking about the operating system (OS)and the programs you use. Security flaws or vulnerabilities inherent to Windows are discovered regularly. When these vulnerabilities are discovered, the companies that made them will usually develop updates to fix the problem. If Windows isn't configured to download and install these updates, and/or correctly configure your other software to operate more securely, some vulnerabilities still exist. One is just as bad as many. Much of the damage done to corporate and home computers could be prevented if computers got all updates installed as soon as they were available. You'll find that a fresh install of Windows without the complete collection of updates connected to the Internet will likely be infected within minutes. That's even before you start surfing the web or getting your email.
This problem is a double edged sword. You're not really safe online until you obtain and apply the Windows updates, but you have to connect to the Internet to get them in the first place. This problem can be mitigated somewhat by installing security software (such as Microsoft Security Essentials) right away, then running Windows update soon after.
One of the things that makes a Windows computer susceptible is the way programs like (especially) Internet Explorer and MS Office have intertwined themselves with the Windows operating system. This is one of the reasons why some folks switch to non-Microsoft products to browse the web (Opera, Chrome, Firefox), manage email (Eudora, Thunderbird) and for productivity applications (Open Office, Star Office, Corel Office). These alternatives have a cleaner track record today, but this is partly due to the fact that Microsoft is an easy target due to its dominant (90%+) market share. Once alternatives become more prevalent, people will begin to discover and exploit their vulnerabilities too - and they do exist, they're just not in the spotlight at the moment. I've heard it said that Linux and Mac OS OS are more secure operating systems than Windows. While they do have fewer problems than Windows, that will likely change once they become more popular.
No matter what software you use, you should find out what features put your system at risk. If the preview feature is on, e-mail programs like Outlook or Eudora allow program code to be executed within downloaded email messages, before the user even opens the message. ActiveX controls, Visual Basic and Java Scripts offer similar problems, as they can execute within a web page or email without you knowing. Tiny scripts can be written to access your system files or deposit a Trojan. You have to be aware that a program running on your computer may have the same rights as you do (such as reading, writing and deleting files). The solution? Be vigilant about getting the latest updates, especially those related to security. Be sure to get them directly from the company who created the program. These days, some infestations even come disguised as patches to Windows vulnerabilities which are offered up to you. Never accept an online offer to fix a problem with your PC. The legitimate companies don't work that way. The Computer Emergency Response Team (CERT) at Carnegie Melon University has put together a brilliant primer on Threats To Home Users.
Speaking about all of these problems can lead to a paranoid user. I am not trying to scare you, but to motivate you to learn more about security and take it seriously. Speaking of paranoia, I take issue with people who would suggest that everyone must delete their cookies and disable Javascript on their web browsers. Cookies, in many cases are what make certain Web applications function. They are not the malicious entities some people paint them to be. Cookies may potentially be used to track you, but they can't extract information from your computer such as your name or e-mail address. They can't steal any information about you that you didn't provide to the web site in the first place. Cookies cannot magically figure out your credit card information. When it comes to Javascript, there are many commercial and corporate Web-based applications that simply won't function unless you have Javascript enabled. For the Windows-based user, get to know the "security zones" settings in IE - so you can define who you trust and who you don't, and what you trust each person or zone to run on your computer.
No comments:
Post a Comment