Computer Security for the Novice

By Allen Kenner

Computer technology has changed quite a bit over the past 20 years. People who would normally never touch a computer now utilize such a device almost every day to get their work done. They use email and surf the web regularly. These folks all need to take computer security seriously.

Recently, I've been watching users and how they interact with their computers, and I've been asking them questions about their computer usage. I asked them about their knowledge of the subject in general, and specifically I asked them about security. Very few of them really knew much about computing in general and practically none of them knew anything about security. 20 years ago this may not have been as much of a problem, but in today's world of online banking and identity theft, this can be a huge problem.

After talking with them a bit more, I learned that they have no idea what risks there are on the internet. A few even said they weren't going to worry because "they have nothing of value." This is a very dangerous idea to have. Everyone has something of value to someone, even if you aren't a big huge company. You still have a Social Security Number which can be used by someone to steal your identity, get credit cards and loans in your name--and you'd be stuck with the bill.

Still think you have nothing to worry about?

Someone could break in to your PC so they could use your computer for storage, or even they could even use your machine to attack high-end targets including government agencies. That's correct--someone could in fact break into your machine and use it to attack the FBI or the CIA, and you would be the one arrested until you could prove yourself innocent, or worse--they could erase any trace of them having been in your machine. That means the CIA or FBI has logs showing your computer hacking into their systems, and you'd have no way to prove that you are innocent.

How does all of this happen? For starters, the internet isn't like it was years ago. It used to be that to get an email virus you had to actually open the attachment. Not anymore--now by simply viewing the email in Outlook Express, (or in Outlook), a virus can infect your machine! To make matters worse, this is the default behavior for both Outlook Express and Outlook.

You've probably seen this happen before...you're reading your email in Outlook or Outlook Express, and when you click on the email, you read the entire message in the bottom half of the application. This is the default behavior as pointed out earlier, and just viewing it in this manner is enough for a virus to spread on your system. In the past you had to actually download and open an attachment for something like this to happen.

Outlook Express is the Email Client that comes with Windows, and Outlook is the one that ships with Microsoft Office. Both of them by default tend to allow virus replication with ease. One of the reasons this happens is because of usability. It seems the easier something is to use, the easier it is for a virus or security problem to come in.

What can you do to defend yourself without spending a lot of money and having to read a lot of books?

You don't have to be rich or own countless books on computers to defend yourself. However, you do need a little common sense, and maybe a willingness to learn a few new tricks.

The first step towards security is obviously being cautious in what you open in your email program. If you open everything that gets sent to you, you're going to eventually get stung. Even Instant Message Clients like AIM and MSN Messenger can be a security risk. That's why you're not supposed to use them while you're at work. Well, that and the fact you're supposed to be getting work done there.

If you want a little more information on Instant Messenger Worms you should read this article: http://www.enterpriseitplanet.com/security/news/article.php/3567791  Worms aren't just for email anymore, they have spread to IM clients, and now, even cell phones have worms and viruses.

Boost Mobile phones had a virus about a year ago where the virus would call your phone and the caller ID on the phone would show up as "ACE". If you answered the phone, it would infect your phone, call other phones, and from what the people at American Wireless have said, you would need to buy a new phone.

Sadly, this isn't all; just visiting some web sites can infect your computer with viruses, trojans and spyware. Some spyware "watches" what you do online and then sends the information it collects about you off to another computer on the internet. Scary isn't it? To think someone is watching your every move, and then selling that data to another party on the internet--it's enough to really creep you out.

This isn't a rare occurrence either. Once you put your computer online, you have around one minute before something attempts to infect it. If you have a computer online and take no precautions, more than likely your computer is infested with viruses and spyware, and you may not even be aware of it.

If this sort of thing bothers you, and it should, then do something about it. There are a couple of really nice applications for finding spyware, and best of all, you can find them on the internet for free! The company that makes Ad-Aware has a version for home users that you can use free of charge, and just about everyone with a Windows PC should have this application. You can find this wonderful application here: http://www.lavasoftusa.com/software/adaware

When you visit this web page you'll see a Red button that says "Download Now" and all you have to do is click on that, and it takes you to a download.com server to download the application. Then you simply click on the green button where it says "Download Now" and the application begins downloading to your computer. When you see it has finished, you double click on the application, and it begins the installation of Ad-Aware on your computer. When it finishes, just follow along with the on-screen instructions and you can download updates to the database of known problems it keeps, and then scan your computer. Don't worry if it finds a lot of things--there are a lot of web sites that put "tracking cookies" on your computer, and Ad-Aware finds them and can delete them for you if you desire.

Another free application that you can use to help fight spyware on your computer is called "Spybot Search and Destroy". The download is free and so is the update process. Finding the application can be somewhat of a pain though, so I've tracked down a direct link:

http://projects.securitywonks.net/projects/download.php?go=2&file=2&mirror=2

When you click on that link a little pop up asks what you want to do. You should download the application just like you did with Ad-Aware and then install it. When this has finished, update it, and then let it scan your machine. Running this alongside Ad-Aware can help to protect your machine even more! That said, you shouldn't let this give you a false sense of security, as no application is 100% secure, no matter how much it costs you (or doesn't cost you in this case). Keep that in mind, as a lot of companies will try to make you think that all you need to do is buy their product and never worry again. This is just bad marketing hype and nothing more.

Once you have the spyware applications installed, you can now move on to another potential problem--viruses. You've probably heard about viruses in the news and on TV, but what can you do to help protect yourself against another threat? Just as we found free applications to help protect you against spyware, virus scanners can also be found for free!

The following links are to anti-virus scanners you can download for free:

http://housecall.trendmicro.com

http://www.grisoft.com/doc/1

http://clamwin.com

If you prefer to pay for an application so you have support available from the software vendor, I can recommend the following commercial anti-virus products:

eTrust EZ anti virus ( http://www.ca.com )
McAfee anti virus ( http://www.mcafee.com )
Norton Anti Virus ( http://www.symantec.com )

I've used all of these with good results. Another thing you may want to think about is buying the software packages that come with complete desktop solutions--these typically include the anti virus scanner, a personal firewall, and some type of spyware scanner all in one. As I've said before this shouldn't give you a false sense of security, so don't stop taking precautions just because you have an extra layer protecting you. This is one of the first mistakes a user can make--new viruses are made each day, so you have to stay vigilant to keep up.

What else is left now that you have a virus scanner and an application to help keep track of the spyware that can affect your machine? A firewall of course! A firewall is a device or a program that helps stop other users from getting into your computer. Every user should know at least something about firewalls, as they can be the extra layer of security that protects you while you're online. If you were infected with a trojan horse program, there is a chance that it can let someone take complete control of your PC as though they were sitting at their keyboard! These programs work by opening up a port on your computer and then allowing anyone with the client to connect to it and gain control of your computer.

Imagine you were doing some home banking over the internet and someone was watching the whole time. To make matters worse, some of these applications have a mechanism that's built into them that lets the thief delete the server portion of the trojan, which means that you would never even know that it was there.

One way to help stop this from occurring is by using the anti-virus software that I mentioned earlier...most of them can now find and delete trojan programs for you. When you use firewall software, it asks you if you want to allow a program to access the internet in the first place. This will stop such trojan programs from talking to whomever controlled them. Another thing these firewalls can do is prevent inbound traffic to your machine. The trojan programs have both inbound and outbound traffic to and from your PC as commands are sent to your PC. Worms that spread over the internet use outbound traffic to scan and send themselves out to other hosts. This is only one of the many features a firewall provides to you, and I highly recommend using one.

If you have Windows XP, you should have installed Service Pack 2, which fixed a number of security flaws, but also put something called the "security center" on your machine. This helpful new application checks to see what it can do to protect you, and the new XP firewall that comes bundled is turned on by default!

To start this up, click on the start menu, and move your mouse to "All Programs" and then when the scroll menu opens up, go to "accessories" and then move your mouse to "system tools." Inside that menu you'll see "Security Center". After you click on that, you'll see the application start up and show you a few things about your PC.

The firewall should say "on" as should be "Automatic Updates" and "virus protection". The interface is great for new users, and all you have to do is click on the "on" button to turn things on. As I have pointed out, do not let this give you a false sense of security. Even the firewall, which is on by default, isn't the best firewall in the world, so if you can, take my recommendation and buy one, or if you can't afford it, try out some freebies:

http://www.checkpoint.com

http://www.sygate.com

http://www.symantec.com/home_homeoffice/products/internet_security/npf2006

http://www.zonelabs.com/store/content/home.jsp

All of those may not be free but they are fairly decent products. If you'd like to learn more about firewalls in general, you can visit these links and do some research on your own by typing "firewalls" into a google.com search, and reading up on the subject.

HTMLGoodies Guide to Firewalls

HTMLGoodies Firewall Basics

http://www.howstuffworks.com/firewall.htm

http://www.firewallguide.com

http://www.webopedia.com/TERM/f/firewall.html

I encourage you to read up on this subject more so you can learn which firewall best suites your needs as a user.



Make a Comment

Loading Comments...

  • Web Development Newsletter Signup

    Invalid email
    You have successfuly registered to our newsletter.
  •  
  •  
  •