TCS - Home Computer Security

Home Computer Security

by Ira Wilsker
Golden Triangle PC Club
From the August 2003 issue of the I/O Port Newsletter

Recently the History Channel aired a show on cyberterrorism. While much of the program showed the types of attacks that have occurred and will likely occur in the future against government, military, infrastructure and commercial targets, it also showed how home users could become the victim of such attacks. As home users we may not believe that we can become terror targets, but imagine if our personal information was stolen, and our data files and financial records were altered or destroyed. These are not some hypothetical risks, but real threats that have already happened to countless home users, and will likely increase in number and severity in the future. Readers of this column are well aware that these topics have been written about before, but the risks are still there and becoming more prevalent.

The Software Engineering Institute at Carnegie Mellon University, in Pittsburgh, hosts a group referred to as CERT(r). CERT(r) has produced a very comprehensive website with explicitly detailed information on securing home computers from attack at www.cert.org/homeusers. Funded with federal money, this site was produced for the Federal Computer Incident Response Center (FedCIRC) and the General Services Administration. The information can be viewed on the web, or downloaded in PDF format from a link on the page.

CERT(r) recommends a series of tasks that all computer users must accomplish in order to protect their computers from attack. First on the list is "Install and Use Anti-Virus Programs". This has been preached in this column numerous times. Viruses, Trojans, and computer worms are becoming an increasing threat; they are becoming more common, more powerful, and more destructive. Good antivirus software properly installed, configured, and updated at least daily is a strong first line of defense against these software threats. Since decent antivirus software is available inexpensively or free, there is no reason not to have it. Some of the more popular free antivirus software titles are AVAST from www.avast.com, and AVG from www.grisoft.com.

The second necessary task that we all must accomplish is "Keep Your System Patched". Microsoft and many other software publishers often release security or other critical updates to patch or close potential security holes. In most versions of Windows, these patches can be simply located and installed by going online, and clicking on START - WINDOWS UPDATE, and following the on-screen instructions. Some Windows products have a feature that automatically seeks and downloads critical updates.

Another task, also mentioned frequently in this column is "Use Care When Reading Email with Attachments". Many of the endemic computer viruses, Trojans, and worms arrive at the victim's computer as an innocent appearing email, often from an acquaintance or a known organization. Unpatched versions of the popular email programs Outlook and Outlook Express can activate these malicious programs by simply allowing them to appear in the preview pane, without actually opening the email, or clicking on the attachment. Be very suspicious of any email attachments.

"Install and Use a Firewall Program" is the next task necessary to protect computers from outside intrusion, or prevent illicit programs from sending information from a compromised computer. Many commercial antivirus programs now come with an integral firewall, and other firewall software is available for purchase or download, sometimes for free. Two popular and excellent free for personal use firewalls are Zone Alarm, www.zonelabs.com, and Outpost, www.agnitum.com.

The three most important terms in computing are "Backup, Backup, and Backup". CERT(r) implores users to "Make Backups of Important Files and Folders." The copies can be on floppies, CDs, tape, external drives, or other forms of storage. A good backup is imperative in order to restore data from damaged or corrupted machines.

"Use Strong Passwords" is next. Names, birth dates, phone numbers, zip codes, addresses, and other commonly used passwords are easy to guess, and quick to find using some common hacker utilities. While hard to remember, passwords of at least six characters using a combination of upper and lower case letters, numbers, and some punctuation marks is often considered as reasonably secure. Do not post copies of passwords where an intruder can easily find them.

"Use Care When Downloading and Installing Programs." Many innocent looking programs may contain some sort of spyware, allowing third parties access to your information or computer. File sharing software, such as KaZaA and Morpheus are notorious for this. Spyware detectors and killers, such as the free Ad-Aware (www.lavasoftusa.com) and Spybot Search and Destroy (spybot.safer-networking.de) are excellent at this. Spyware detectors need to be updated periodically.

If a network is used, the recommendation to "Install and Use a Hardware Firewall" should be followed. Hardware firewalls protect networks from intrusion. These hardware firewalls can either be freestanding, or integrated with a network router.

Since files and other critical data can be compromised, users should "Install and Use a File Encryption Program and Access Controls". Encryption makes it far more difficult for hackers and spyware to utilize any information stolen from the victim's computer.

Completing the tasks listed on the CERT(r) site at www.cert.org/homeusers/HomeComputerSecurity will make your computer highly resistant to most threats, and allow for the restoration of critical data if the worst should happen.



For more information on the Tulsa Computer Society click here



Tulsa Computer Society 8/01/2003
Don Singleton, President