Computer Security
I'd like to share with you a few of my computer security concerns. We all consider our computers remarkably useful tools, and we have a tendency to treat them as appliances (taking for granted that they'll run on their own without our intervention). However, being tools, they require maintenance to work properly and safely. The security threats I'll discuss here arrive from three sources: email, browsing the web, and remote access. When it comes to email, please remember that we should never open an attachment unless we are ABSOLUTELY sure of the source. This is the easiest way for malicious hackers to get into your computer.

All the computers at work, and hopefully your home computers, are protected by a program called Avast. This program, in its default implementation, defends against viruses, Trojan horses, keystroke loggers, and malware (spyware and adware). But even Avast isn't immune to bugs. It was recently discovered that the installation files could, in some cases, make it possible for someone else using your computer to gain access to your files. For this to happen, someone would need to be able to log onto your computer, so this is only a problem if your computer is not password protected. Still, Avast has fixed the bug, and you may need to download the program again, and re-register. I'll be happy to do this for you.

Another malicious attack that comes via email is "phishing". This is where you receive an email that seems to come from a legitimate source, like Citibank or PayPal, telling you that you account has been compromised or otherwise breached and that you need to follow a link to a page where you'll be asked to enter you personal information such as login name, password, account number, etc. These bogus sites, which look just like the real ones, then use your personal information for illegal purposes. The best advice, in the past, was never to follow these links, and if you had concerns simply to enter the address of the legitimate page in your browser address bar and check on your account at the legitimate source. This is no longer good enough. A recent DNS (Domain Name Service) hack led people to malicious sites even if they had manually entered the address in their browser. The best advice is to never enter personal information into a web page if told you need to update or confirm your information. Do this only after calling the institution to confirm any message you may have received from them.

Web browsing is another vector for fraud. Internet Explorer, because of its built in ability to share and execute programs (Active X), is inherently insecure. See this story for a current vulnerability:

http://www.eweek.com/article2/0,1895,1944579,00.asp.

The browser I recommend is Firefox, which is much more secure for everyday use. Computer code is so complex that there will always be new exploits (ways to get into the code being run on your computer). Making sure you have the latest security updates for your operating system is your first line of defense. That's why all the computers at work are set to update automatically. Again, Avast will help protect you from malicious sites when you are browsing the web.

The third door for hackers is through remote access. We use Remote Desktop Connection at work, which provides us with username and password protection. Our default password is a combination of numbers and letters and is at least seven characters long. That is the least we can do to make it hard for hackers to gain access to our computers. Software is freely available that will enter every word in the dictionary, in all its permutations, into our password request field in a matter of minutes. You should change your password from the default (ask me if you don't know how), but don't replace it with something easy to hack. Make it a combination of letters and numbers and at least seven characters long. Obviously, we should never share our passwords and we should change them periodically.

As you can see, there are numerous ways in which someone can gain access to your computer and the information on it. A virus is bad enough, but it can be removed. If someone gains control of your computer then they'll have access to all the information on it and to all the information on the network that you have access to. If this unhappy event occurs, our first problem is detecting it. That part is up to me. Often, however, a compromised computer will simply result in LOST data. That's why backups are so important. You do back up the data on your home computer, don't you?

Archives