Back home > home PC security and privacy

 
         
Home PC Security and Privacy
08.02

If you have an Internet connection, your PC needs to be secured. Without proper security your PC is open to the world. It's like having a neon sign above your house saying "Compromise Me".  There are also privacy issues to think about. What information is being gathered about you as you go from web site to web site?

Let's start with security.  There are a number of things you can do, all simple, that will go a long way in protecting your PC and it's contents. If you are of the mind set that says, "So what", or "I don't have the time", or "I don't understand it", then you are not fully aware of the potential problems resulting from a compromised PC.

Imagine this scenario… You don't think home PC security is an issue. It's no big deal so you take no steps to secure your home PC. One day you get an email with an attachment. The email says, "Check out these never before seen pictures of Julia Roberts and George Clooney". Or maybe it says, "You have been chosen the $10,000.00 winner of our contest, just open the attached file for instructions on how to claim your prize"

Foolishly, because you don't care about PC security, you open the attachment. The attachment wasn't pictures of Julia and George or instructions on claiming your contest prize, instead, it was a script file that silently installed a Trojan on your PC. A Trojan being one thing disguised as another (in this case it is a malicious program). The Trojan that was installed was a keyboard capture program. You don't see any immediate problem with your PC after opening the bogus attachment, so you think nothing of it.

You continue to use your PC, unaware that a keyboard capture program is running in the background. You decide to go to your Bank's web site to check your account balances, and as is normal, login using your username and password. You see that your bonus check from work has been deposited, so you decide to do some Internet shopping. You go to a few Internet shopping sites and make some purchases. Each time entering credit card information from one or the other of your two credit cards. After shopping, you decide you need to do some work on your own web site that you have worked so hard to create. After making some updates to your web site on your home PC, you login to your web server (using your username and password), and upload the changes to your web site. By now it is late and you are tired. You stumble off to bed, leaving your PC to sit quietly, waiting for your return.

At 2:30AM your PC suddenly comes to life. The Trojan that you so ignorantly installed on your PC earlier in the day has a job to do. While you were perusing the Internet during the day- shopping, going to the bank, updating your web site, the keyboard capture program was silently recording all of this. All of your keystrokes were being logged and saved in a file on your PC. It is now time to send that file off to the Trojan's creator. The program contacts it creator over your Internet connection, establishes a connection with the creator's PC, and sends the file with all your keystrokes off to God knows who.

The next morning, around 11AM, you visit your web site. But instead of seeing your web pages, you see some childish web page saying, "Your web site has been Hacked". You soon discover all the content for your web sited has been deleted… so much for all your hard work. You are puzzled, but have no clue as to what has happened. The following day you get a call from both your credit card providers. They tell you hundreds of dollars in purchases on both your credit cards have been made in the last 24 hours. Once again, you have no clue how this could have happened.

Someone now has your credit card numbers, the login information to your personal web site, the login information for your online banking and who knows what else. If that wasn't bad enough, the keyboard capture program is still sitting silently on your PC, capturing everything you do.


Protecting your PC

So what can you do to protect yourself and your PC? Several things.


1. Update your Operating System. Many computer compromises are possible because of an insecure computer operating system. Whether you use Windows 98, Windows 2000, Windows XP, or a MAC OS, or some Unix mutation, you need to keep your PC's Operating System up to date and patched. With Windows Operating Systems (Win98 and above) all you have to do is click Start, Windows Update. This will take you to the Windows Update site where the latest patches for your Operating System can be downloaded and installed.

2. Install Anti-Virus software. There are many Anti-Virus programs on the market to choose from that will protect both your PC and your email from being infected by viruses. With email protection, your incoming and outgoing emails can be scanned for possible viruses and Trojans. It is also important to keep your Anti-Virus software up to date. Most contemporary Anti-Virus programs have an automatic update feature that you can configure to keep your virus definitions current. At the very least, you should check once a week for new virus definitions. Probably the the most widely used Anti-Virus programs are
Norton AntiVirus and McAfee AntiVirus.

3. Install a Personal Firewall. A firewall can be either software or hardware that is installed to protect your computer from being accessed from the Internet. For home users, a software based firewall is most common. Programs such as ZoneAlarm, Norton Personal Firewall and BlackICE will keep intruders on the Internet from accessing your PC at home.
It is also important that your firewall be able to detect when a program on your PC is trying to access the Internet. With this capability you would be alerted, when the keyboard capture program in the above scenario, was trying to contact it's creator. You could then deny this program access to the Internet, thus preventing it from carrying out it's nefarious purpose.
Note: Not all personal firewalls have this option, so check first.

4. Don't open Email attachments unless you know for sure who sent it. Even then, scan the attachment with your Anti-Virus software before opening it. With an up to date Anti-Virus program installed on your PC, you can be reasonably sure it will detect any potential viruses or Trojans in your email attachments. However, because there are always new viruses being created, your Anti-Virus software might not yet have a definition for it. So always be suspect of attachments, and keep your Anti-Virus software up to date.
Also, be aware that many viruses will access the Address Book in email programs and use those email addresses to propagate the virus. Because of this you might get an email from a trusted source and think it's OK to open the attachment, when in fact, it contains a virus. Always scan your attachments! Either that, or just don't open them.

5. Think twice about Web based Email.  For some people this is their only option, but if you do have the option of using a POP3 email account and an email program such as Outlook, Outlook Express, Eudora, or others, then use that instead of web based email like Hotmail and Yahoo Mail. Web based email systems have one purpose. Sign up as many users as possible to make as much money as possible. Your security and privacy concerns are not a primary concern to these companies. Some of them do employ security measures for your email, but you are then putting your security in the hands of someone else. Additionally, web based email sites have become a major source of SPAM email.  If you do have a web based email account, be prepared for large amounts of SPAM.

Be aware too, that your Anti-Virus software that is able to scan emails for viruses in email programs like Outlook Express, will not scan your web based email for viruses.  If possible, avoid web based email systems. And if you do use them, and have an email account with an ISP (a POP3 account), don't use them as your primary email system.


Next Privacy Issues

 

 

 


 

   Top