oBlivIOus (-blv'-s) » Security

The Ten Commandments to PC Security

Aldwin Galapon — Tue, 07 Oct 2008 22:47:51 +0000

All PCs are vulnerable to plagues of biblical proportions: viruses that bring down entire networks, e-mail worms that replicate at lightning speed, identity theft-scams like phishing and potential data theft, Trojan horses that hide inside innocent programs, hackers that take over computers, and more.

And that’s why we’re concerned for your security. In this article you will find 10 basic tips to help you keep your computer up-to-date, free from viruses and spyware, and protected from unauthorized access:

1. REMEMBER YOUR ANTI-VIRUS SOFTWARE AND KEEP IT UPDATED. If you don’t have an anti-virus package, STOP READING RIGHT NOW AND GO GET ONE. It’s not enough to have the software installed; you also need to keep up with new viruses as they emerge. Remember, your anti-virus software is only as good as the latest virus definitions that you have set.

2. USE A FIREWALL. A firewall is like a bouncer for your computer – it checks every ID at the door and won’t let anyone enter if they are not registered on the guest list. When someone on the internet (or on a network) tries to connect to your computer, this is called an “unsolicited request.” If you run a program such as instant messaging or a multi-player network game that needs to receive information from the internet (or network), the firewall asks if you want to block or unblock (allow) the connection. That way, a hacker can’t access personal information on your hard drive and a Trojan horse keystroke logger (someone secretly using a stealth program to monitor the characters you type) can’t steal passwords and transmit them over the Internet.

3. BE SUSPICIOUS OF BOGUS EMAIL. Be wary of any Web site that requires you to download software to view a page, unless it’s something familiar like a Flash plug-in or Adobe Acrobat Reader. What you are about to download may contain a virus, Trojan horse, or some auto-dialer that uses your modem to call pay-per-minute numbers, leaving you with huge bills you’ll be forced to pay. Do not install software via the Web unless you are absolutely sure what it is and that you trust the company you are downloading it from.

4. MAKE BACKUPS AND KEEP THEM SAFE. Simply put, back up your data files at least weekly (daily if you’re running a business). Even if you fall victim to a virus or hacker attack, you’ll escape with only minor damage. External drives are the best forms of back-up.

5. KEEP YOUR OPERATING SYSTEM PATCHED. Email-borne worms and other viruses like to exploit security holes in your software – namely Windows and other Microsoft programs. These days, Microsoft releases so many critical updates to fix these flaws that many users just ignore them. Our advise: DON’T IGNORE THEM. In January 2007, the Slammer worm exploited a vulnerability that Microsoft had fixed six months earlier; thousands of PC were infected –-including some at Microsoft— because their users had never bothered to install the patch. Run the Windows Update program once a week and whenever Microsoft issues a warning. Until we see an automated patch management software, your best bet is to stay up-to-date.

6. MAKE A RESCUE DISK AND KEEP IT AVAILABLE AT ALL TIMES. When things go bad, a boot or rescue disk is your first step to recovery. At the minimum, keep the basic elements of your operating system in an external drive (floppy, flash, or Zip disk) so you can bypass the hard disk at start-up. To find out how, you can also read “Har dware Tips: Create Your Own Emergency Boot Disk (http://pcworld.about.com/gi/dynamic/offsite.htm?site=http://www.pcworld.com/howto/article). A better idea: Use your anti-virus program to create a rescue disk you can use when you operating system gets infected. Label it with a date and store it near your system where you won’t lose it.

7. BE SUSPICIOUS OF SCAMS. There are more hoaxers than hackers on the Internet, and more fake “e-mail virus alerts” than actual viruses. Scams are a popular way of getting your personal information, the most common being fake login pages and forged emails that ask for your password, credit card number, or other sensitive information. If any email asks for your username and password, DO NOT RESPOND or just ignore/delete it.

FACT: Even real virus threats are typically blown out of proportion. A fake warning could cause you to delete harmless files and then forward the message to others, clogging e-mail servers and causing virus-like damage in the process. When you get one of these e-mails (or see yet another breathless news story), check it out first. Type the name of the alleged virus into a search engine to see if any of the major security vendors have issued an alert, and visit the virus hoax pages at F-Secure and Hoaxbusters.

8. AVOID SPYWARE AND POP-UPS. Like Trojan Horse programs, spyware secretly installs itself when you download software i.e. file-swapping applications; it tracks your movements online and delivers ads based on the websites you surf. Pop-ads can also exploit security flaws in your Internet Explorer browser, like the recent Ghost Trojan that hijacked users’ browsers after viewing an ad on the Fortune City website.

9. CREATE A “STRONG” PASSWORD. Good computer security includes the use of strong passwords for all your accounts. It can be the weakest link in a computer security scheme, Strong passwords are important because password-cracking tools continue to improve and the computers used to crack passwords are more powerful.

What passwords NOT TO USE:

Your username or any part thereof
Name(s) of yourself, family, friends, pets, or co-workers
Computer terms and names, commands, sites, companies, hardware, or software
Birthdays or other personal information such as addresses or phone numbers
A set of characters in alphabetic or numeric order (ex. abcdef), in a row on a keyboard (ex. qwerty), or a simple pattern (ex. 123123)
Words that can be found in a dictionary
Your ID number, a bank account PIN, credit card number, etc.
Any of the above spelled backwards
Any of the above preceded or followed by a digit (ex. qwerty1, 1qwerty)

And try to change your password(s) every 6 months.

10. KEEP YOUR PASSWORD SAFE. Your password is as important as your ATM pin, or your front door key. You need to guard it well and make sure nobody gets hold of it. As much as possible, memorize your password and DO NOT write it down.

No related posts.

10 Fast and Free Security Enhancements

Aldwin Galapon — Thu, 08 May 2008 22:32:31 +0000

Before you spend a dime on security, there are many precautions you can take that will protect you against the most common threats.

Check Windows Update and Office Update regularly (http://office.microsoft.com/productupdates); have your Office CD ready. Windows Me, 2000, and XP users can configure automatic updates. Click on the Automatic Updates tab in the System control panel and choose the appropriate options.
Install a personal firewall¹. Both SyGate (www.sygate.com) and ZoneAlarm (www.zonelabs.com) offer free versions.
Install a free spyware blocker. Our Editors’ Choice (“Spyware,” PC Magazine April 22) was SpyBot Search & Destroy (http://security.kolla.de). SpyBot is also paranoid and ruthless in hunting out tracking cookies.
Block pop-up spam messages in Windows NT, 2000, or XP by disabling the Windows Messenger service (this is unrelated to the instant messaging program). Open Control Panel | Administrative Tools | Services and you’ll see Messenger. Right-click and go to Properties. Set Start-up Type to Disabled and press the Stop button. Bye-bye, spam pop-ups! Any good firewall will also stop them.
Use strong passwords and change them periodically. Passwords should have at least seven characters; use letters and numbers and have at least one symbol. A decent example would be f8izKro@l. This will make it much harder for anyone to gain access to your accounts.
If you’re using Outlook or Outlook Express, use the current version or one with the Outlook Security Update installed. The update and current versions patch numerous vulnerabilities.
Buy antivirus software and keep it up to date. If you’re not willing to pay, try Grisoft AVG Free Edition (Grisoft Inc., www.grisoft.com). And doublecheck your AV with the free, online-only scanners available at www.pandasoftware.com/activescan and http://housecall.trendmicro.com.
If you have a wireless network, turn on the security features: Use MAC filtering, turn off SSID broadcast, and even use WEP with the biggest key you can get. For more, check out our wireless section or see the expanded coverage in Your Unwired World in our next issue.
Join a respectable e-mail security list, such as the one found at our own Security Supersite at http://security.ziffdavis.com, so that you learn about emerging threats quickly and can take proper precautions.
Be skeptical of things on the Internet. Don’t assume that e-mail “From:” a particular person is actually from that person until you have further reason to believe it’s that person. Don’t assume that an attachment is what it says it is. Don’t give out your password to anyone, even if that person claims to be from “support.”

Definitions

1 firewall
Definitions

a wall constructed to prevent the spread of fire
computer hardware or software that prevents unauthorized access to private data (as on a company's local area network or intranet) by outside computer users (as of the Internet)

Type: noun

No related posts.

Caution urged with using free Wi-Fi hotspots

Aldwin Galapon — Fri, 01 Jun 2007 10:30:38 +0000

Free access to Wi-Fi (wireless fidelity) networks for using the Internet are offered in many public places like coffee shops, fast-food chains and shopping malls but a leading vendor of computer security software advises against the risks of such connections.

Symantec Corp warns that free Wi-Fi in public hotspots also means that connections are not encrypted, making users and their sensitive and confidential communication and data susceptible to online threats such as fraud, theft, data loss, and hacking.

The company urges uses to protect themselves through cautious computing habits and using software tools when connecting in public hotspots. Symantec gives the following tips:

Easy access, little protection

It can be difficult for hotspot hosts to maintain wireless security. Besides, registration and login requirements tend to defeat the purpose of an “open” Wi-Fi network. So, most hotspot hosts employ little or no security measures-which means the trade-off for quick access and easy administration is high exposure to potential threats.

To compound the problem, any wireless connection is inherently less secure than an ordinary network hookup. Unlike data traveling over a physical cable, wireless transmissions pass through the air as radio signals. Those signals can be intercepted by anyone with a receiver and some basic, widely available tools. When the hotspot you’re on doesn’t use encryption, someone who intercepts your data can read whatever you’ve sent-whether it’s a private email or a user name and password combination.

Because hotspots are in public places, people can simply look over your shoulder to engage in old-fashioned eavesdropping or even target your laptop for theft.

Criminal means and motives

While curiosity seekers put your privacy at risk, the most serious hotspot dangers are cybercriminals with much more sophisticated means and motives.

Even when a hotspot uses security measures, technically savvy hackers have the tools, skills, and patience to work around those protections.

Cybercriminals have learned to use social engineering methods to con hotspot users into divulging sensitive information. Taking a page out of the phishing and pharming book, they set up a wireless network of their own in the vicinity of a legitimate hotspot. By dressing up their network’s name and home page to look like the actual hotspot, they trick you into joining their network. Once you’re on their fake hotspot, they either ask for “new account” information (like credit card numbers or other sensitive information) or redirect you to other fraudulent or virus-laden Web sites.

Security is up to you

With these dangers lurking and very few security measures in place protecting yourself at public hotspots is your own responsibility. Here are some things you can do to keep yourself safe:

Make sure no one is peering over your shoulder when you log into your operating system, email, IM, or other accounts.
Be on the watch for suspicious behavior; never leave your laptop or handheld device unattended.
Turn off file sharing when you’re using a hotspot, and try to minimize the amount of sensitive, personal data you store on your laptops and mobile devices. You can usually turn off file sharing from your operating system’s network settings menu.
Turn off your wireless card when you’re not using it.
Don’t do your online banking or trading at a public hotspot. Save it for a more safe and controlled environment.
Make sure you’re on a legitimate hotspot by checking with the host to confirm the network name and connection process.
Rather than letting your wireless card automatically join the nearest network, manually select the hotspot when you connect.
When you’re on a public hotspot, you have no idea what infections other connected computers might have, or whether there may be a hacker prowling the network. Norton AntiVirus and Norton Internet Security – both from Symantec – protect you from viruses, worms, Trojan horses, and dangerous intruders.
Make wise computing decisions. Always avoid using hotspots for important communications or transactions.

No related posts.