|
Home PC Security and
Privacy
08.02 |
If you have an Internet connection, your
PC needs to be secured. Without proper security
your PC is open to the world. It's like
having a neon sign above your house saying
"Compromise Me". There are
also privacy issues to think about. What
information is being gathered about you
as you go from web site to web site?
Let's start with security. There
are a number of things you can do, all simple,
that will go a long way in protecting your
PC and it's contents. If you are of the
mind set that says, "So what",
or "I don't have the time", or
"I don't understand it", then
you are not fully aware of the potential
problems resulting from a compromised PC.
Imagine this scenario… You
don't think home PC security is an issue.
It's no big deal so you take no steps to
secure your home PC. One day you get an
email with an attachment. The email says,
"Check out these never before seen
pictures of Julia Roberts and George Clooney".
Or maybe it says, "You have been chosen
the $10,000.00 winner of our contest, just
open the attached file for instructions
on how to claim your prize"
Foolishly, because you don't care about
PC security, you open the attachment. The
attachment wasn't pictures of Julia and
George or instructions on claiming your
contest prize, instead, it was a script
file that silently installed a Trojan on
your PC. A Trojan being one thing disguised
as another (in this case it is a malicious
program). The Trojan that was installed
was a keyboard capture program. You don't
see any immediate problem with your PC after
opening the bogus attachment, so you think
nothing of it.
You continue to use your PC, unaware that
a keyboard capture program is running
in the background. You decide to go to your
Bank's web site to check your account balances,
and as is normal, login using your username
and password. You see that your bonus check
from work has been deposited, so you decide
to do some Internet shopping. You go to
a few Internet shopping sites and make some
purchases. Each time entering credit card
information from one or the other of your
two credit cards. After shopping, you decide
you need to do some work on your own web
site that you have worked so hard to create.
After making some updates to your web site
on your home PC, you login to your web server
(using your username and password), and
upload the changes to your web site. By
now it is late and you are tired. You stumble
off to bed, leaving your PC to sit quietly,
waiting for your return.
At 2:30AM your PC suddenly comes
to life. The Trojan that you so ignorantly
installed on your PC earlier in the day
has a job to do. While you were perusing
the Internet during the day- shopping, going
to the bank, updating your web site, the
keyboard capture program was silently recording
all of this. All of your keystrokes were
being logged and saved in a file on your
PC. It is now time to send that file off
to the Trojan's creator. The program contacts
it creator over your Internet connection,
establishes a connection with the creator's
PC, and sends the file with all your keystrokes
off to God knows who.
The next morning, around 11AM, you visit
your web site. But instead of seeing your
web pages, you see some childish web page
saying, "Your web site has been Hacked".
You soon discover all the content for your
web sited has been deleted… so much
for all your hard work. You are puzzled,
but have no clue as to what has happened.
The following day you get a call from both
your credit card providers. They tell you
hundreds of dollars in purchases on both
your credit cards have been made in the
last 24 hours. Once again, you have no clue
how this could have happened.
Someone now has your credit card numbers,
the login information to your personal web
site, the login information for your online
banking and who knows what else. If that
wasn't bad enough, the keyboard capture
program is still sitting silently on your
PC, capturing everything you do.
Protecting your PC
So what can you do to protect yourself and
your PC? Several things.
1. Update your Operating System.
Many computer compromises are possible because
of an insecure computer operating system.
Whether you use Windows 98, Windows 2000,
Windows XP, or a MAC OS, or some Unix mutation,
you need to keep your PC's Operating System
up to date and patched. With Windows Operating
Systems (Win98 and above) all you have to
do is click Start, Windows Update. This
will take you to the Windows Update site
where the latest patches for your Operating
System can be downloaded and installed.
2. Install Anti-Virus software.
There are many Anti-Virus programs on the
market to choose from that will protect
both your PC and your email from being infected
by viruses. With email protection, your
incoming and outgoing emails can be scanned
for possible viruses and Trojans. It is
also important to keep your Anti-Virus software
up to date. Most contemporary Anti-Virus
programs have an automatic update feature
that you can configure to keep your virus
definitions current. At the very least,
you should check once a week for new virus
definitions. Probably the the most widely
used Anti-Virus programs are
Norton
AntiVirus and McAfee
AntiVirus.
3. Install a Personal Firewall.
A firewall can be either software or hardware
that is installed to protect your computer
from being accessed from the Internet. For
home users, a software based firewall is
most common. Programs such as ZoneAlarm,
Norton
Personal Firewall and BlackICE
will keep intruders on the Internet from
accessing your PC at home.
It is also important that your firewall
be able to detect when a program on your
PC is trying to access the Internet.
With this capability you would be alerted,
when the keyboard capture program in the
above scenario, was trying to contact it's
creator. You could then deny this program
access to the Internet, thus preventing
it from carrying out it's nefarious purpose.
Note: Not all personal firewalls
have this option, so check first.
4. Don't open Email attachments
unless you know for sure who sent it. Even
then, scan the attachment with your Anti-Virus
software before opening it. With an up to
date Anti-Virus program installed on your
PC, you can be reasonably sure it will detect
any potential viruses or Trojans in your
email attachments. However, because there
are always new viruses being created, your
Anti-Virus software might not yet have a
definition for it. So always be suspect
of attachments, and keep your Anti-Virus
software up to date.
Also, be aware that many viruses will access
the Address Book in email programs and use
those email addresses to propagate the virus.
Because of this you might get an email from
a trusted source and think it's OK to open
the attachment, when in fact, it contains
a virus. Always scan your attachments! Either
that, or just don't open them.
5. Think twice about Web based Email.
For some people this is their only
option, but if you do have the option of
using a POP3 email account and an email
program such as Outlook, Outlook Express,
Eudora, or others, then use that instead
of web based email like Hotmail and Yahoo
Mail. Web based email systems have one purpose.
Sign up as many users as possible to make
as much money as possible. Your security
and privacy concerns are not a primary concern
to these companies. Some of them do employ
security measures for your email, but you
are then putting your security in the hands
of someone else. Additionally, web based
email sites have become a major source of
SPAM email. If you do have a web based
email account, be prepared for large amounts
of SPAM.
Be aware too, that your Anti-Virus software
that is able to scan emails for viruses
in email programs like Outlook Express,
will not scan your web based email for viruses.
If possible, avoid web based email
systems. And if you do use them, and have
an email account with an ISP (a POP3 account),
don't use them as your primary email system.
|