Saturday, December 20, 2008

PC Security

A little history is in order here. I have had the opportunity to watch the Internet grow from the early days in 1992. I got my first email address that year with a BBS (Bulletin Board System) called the 0x0 Republic. Some of you are old enough to remember those days of the BBS, Compuserve and the 14.4k Modem.

Back then, I had a humble Amiga 500 and 3000 computer. No, it didn't run DOS, it ran the AmigaOS. As you can see from the screen shot for the Amiga 500, this didn't run Windows, either. The AmigaOS drew it's roots from Unix allowing for command line and GUI operation (windows and icons) of the computer. Their user interface was very advanced compared to the Mac and the PC at the time. Unfortunately, through their own management errors, the company eventually went into bankruptcy.

Around that time, computer security wasn't really an issue. Most personal computers were still single user, general purpose computers and apparently, only a few people bothered to write a virus for the Amiga.

Eventually I got an Apple PowerBook 140b. It was with this computer that I first got a taste of the World Wide Web around 1994-5. It was a slow, stodgy, black and white experience. But I used it to do my research at the time. Back then, Alta Vista was the search engine of choice and they were considered to be the fastest search engine of the time.

And then I got a Windows laptop in 1997. When I first saw the software available for Windows, I laughed and realized what I had been missing on the Mac. I found a nice dialup ISP to work with, too. From there, I started to really get a sense of what could be found on the Internet. For years, I went without antivirus, not completely oblivious to the dangers - but just being careful not to open attachments from strangers.

In 1999, I got a computer with Windows 2000 Professional. And then I moved into a place with cable access to the Internet. I went from a 56k modem to 1.5 Mbs in speed. I had taken some classes on Windows and learned something about the security built into it. I started to read the tech news every day and noticed that more and more, viruses and trojans were making the news. So I got some Antivirus software.

I started out with Norton Antivirus and eventually moved on to Eset's NOD32. I also figured out something that my Dad taught me in terms of strategy: no defense can anticipate all attacks. So I found a good combination of tools along the way. This combination is what I'd like to share with you. It is built from years of experience and through about 12 years of running Windows. Because of this training, learning and vigilance, I've only had to rebuild a computer once due to a virus.

Keep in mind also, that no software can stop you from doing something stupid. If you open an infected attachment, from someone you don't know, you're only asking for trouble. If you click on a link in a spam message that takes you to a site harbouring malicious software, you're likely to be toast, even with the best defense available. Such a site is just waiting for you.

First and foremost, if you're running Windows, you're likely to be running as an administrator. An administrator account can do *anything* to your computer, and that includes damaging it. On the other hand, you can also use a "limited" account. This is a regular user account that can do very little, if any damage to the computer. To put it simply, admin accounts should only be used for maintenance, upgrades and software installation/removal. Limited user accounts should be used for everything else. A limited user should only be used for your daily computing tasks: Internet access, email, writing correspondence, playing games, etc.

When you start Windows up for the first time, you're prompted to provide at least one user name and additional names for other people who might use the computer. Windows XP doesn't give you much of an explanation for the differences in user accounts, either. So, unless you're informed, you create one or more admin accounts to use on your computer.

As a rule, you should never be running as admin unless you need to install a printer, software, remove software and the like. For anything else, run as a limited user.

The reason for this is simple. Many of the latest viruses and trojans install on your computer silently. Virus writers realize that most people will trash emails with attachments from people they don't know. So they use stealth. When your computer is being attacked, you will get no clue that new software is being installed - when you are running as an admin. Windows Vista can help this in some ways, but Vista also has a very similar programming philosophy to XP: convenience over safety. Yes, you can still get warnings that a software is trying to install, but a determined piece of malware can work around that and trash your computer. You won't really notice much other than your computer is running a bit slower than before. Malware tends to change the computer for its own benefit at the expense of other functions.

Now if you're running as a non-admin or limited user, and you click on a drive by download, you're going to get a message indicating that you do not have permissions to install this software - please contact your administrator! If, at this point, you were not planning on installing any new software, it's time to leave, quietly and never come back to that site. Ever.

So, if you have not done so already, create another admin account. Give it a password. Take the account that you're using now and turn it into a limited account. Whenever you need to add something to the computer or to do maintenance, log in to your admin account. For everything else, it's Visa, er, Vista, I mean...um...your limited account.

So that's the first step. Just changing the type of account you use for daily computing is a big step towards preventing infection from a virus or trojan.

Windows Update. Whatever you do, once a week, run it. Yes, they do make mistakes once in a blue moon, but I've never had any problems with their updates. Most malware is designed by reverse engineering the latest updates to find the security holes and then attacking there. Running updates for Windows on a regular basis, (and any other operating system for that matter) will further limit your chances of infection.

And now for antivirus. This is part of what is known as the Windows Tax. You pay for the license and then you pay for the antivirus and other security software. Most good antivirus suites are going to cost $40-60 for the first year, and 20-30 bucks thereafter for maintenance. The best antivirus will do a complete update of signatures without admin intervention. I heartily recommend Eset's NOD32 simply because the updates occur Automatically without you being an logged in as admin. Version upgrades will require admin access, but that is a fairly rare occurrence (once or twice a year).

I don't recommend Norton for a couple of reasons: they are a big, fat, complacent company with a huge market share. Try getting a hold of customer service there. On the other hand, Eset is hungry for your business. I can easily get a hold of their techs without cycling through their music on hold playlist.

Yes, there are others to consider, such as the free version from AVG. But you do, in a sense, get what you pay for. Caveat Emptor.

Remember what I said about how no defense can anticipate all attacks? Well, even NOD32 isn't perfect. So I strongly recommend antispyware as well. SuperAntiSpyware or AdAware are both great products that can find a lot of stuff just, you know, hanging around waiting for an innocent click to come by. They make a good complement to your antivirus software. It's worth noting here, that a fellow IT guy told me the following: Eset (NOD32) recommended SuperAntiSpyware as a complement to their own product. They acknowledged that their product won't catch *everything*. That is a very humble and honest statement to make, and heartening for me to hear. I've had similar experiences first-hand myself, so it's nice to hear it from someone else. That is why I like Eset.

So, we've covered the user accounts, the antivirus and the antispyware. You're also going to want a firewall. This is useful for software that is trying to call home, you know, to the Mother Ship. I have experience with two products for this purpose: ZoneAlarm and Eset's Security Suite w/NOD32. They are both highly recommended with full acknowledgement of other products out there.

They both provide security for those loose cannons known as "open ports". You can learn something about this, here. Gibson Research Corporation has helped me to understand the open ports issue and inspired me to try ZoneAlarm. Personal firewalls allow you to see when software is trying to call home and gives you a chance to block transmission of sensitive information to the Mother Ship!

There's another kind of firewall known as a router. You will know this as a device that allows you to share the Internet connection with more than one computer. Common brand names for routers include Linksys, Netgear, and D-Link. These are all top brands and they all provide an extra level of security. But that security only works if you enable it and configure it properly.

All routers require some form of administration to enable security. Nowadays, all consumer routers come with a CD you can run to walk you through the steps of configuring the router. This is especially important if you're using a wireless router. On any router, you want to make sure that remote administration of the router is disabled - this is usually the default setting. You will also want to reset the admin password which is "admin" usually, by default. If you do not reset the password, someone else can do it for you, as well as reconfigure the router to their liking rather than yours. Check the CD and the online manual for your router for details.

If you're using a wireless router, you must also set the passcode for access to your wireless network. Otherwise, your network will be "open" and anyone can freeload on your cable or DSL Internet access. They can also see your computer and the resources on it. It's important that you use very strong passwords to secure your devices and accounts. Words that are easy to remember are also subject to the dictionary attack on passwords. A strong password is a series of characters that doesn't make any sense. You should also use non-alphanumeric characters (i.e., !@#$%^&*(_+) as part of your very strong password.

I know this stuff is hard to remember. Well, fear not. You can save your passwords in an encrypted file by using KeePassX. This is a portable, cross-platform password manager that uses very strong encryption to protect your passwords. The program uses a master password to provide access to the encrypted contents. Once the master password is set and the password file is opened, you can start to create a set of credentials for every website or application that you use.

I like to use at least a different password for every website that I go to that will involve finances. And I use a very strong password that is created by the password generator built into KeePassX. KeePassX also allows me to copy the username and password into a website. And it allows me to automatically enter the username and password into a website. Don't worry, KeePassX will automatically erase the contents of the Windows and Linux clipboards after 5 seconds for security.

Remember the news about how Sarah Palin's Yahoo account was hacked? She was hacked because she used answers to secret questions that were easy to guess by someone who knew her or her history. A secret question or security question is a question that only you know the answer to, so that if you forget your password, you can recover your password by answering the questions. So, instead of using the secret question to answer a question only you know, this is another chance to use a strong password to further secure your accounts if need be.

But I digress. Back to the router. Once you have set up the router, you will also want to set up DNS on the router, too. DNS is Domain Name Service, which is a service that translates the internet address you know, like www.google.com, into an IP Address, like 208.67.219.230 (verified with the ping command). DNS is part of the backbone of the Internet. Without this service, you would have to remember the IP address of all your favorite websites. This service creates the convenience of allowing us to use names rather than numbers.

Most computers set up your IP address and DNS automatically when they start up. They will get that information either from your ISP or from your router, depending on your setup. In Windows, it's fairly easy to setup your own DNS, too. And most routers will allow you to use another DNS other than the one provided by your cable company.

The alternative I like to use is OpenDNS. OpenDNS provides a great safety service for your Internet connection. OpenDNS does a lot of research to see where the malware is coming from and helps you to steer clear of it. I use the service so that if I should happen to type the wrong address, I can be safely routed away from rogue sites that are serving malware.

And now here is one of my favorite tools: The Netcraft Anti-Phishing Toolbar. This toolbar provides information on every website you visit. First, they give you a risk rating with a colored bar that indicates the risk associated with a website. If it's red, you'll want to go elsewhere. If it's green, then you should be fine. They also tell you how long the site has been there, the rank in terms of popularity. Along with that, you get the location by country with a nice little flag to denote the nation and the name of the hosting service where the site is maintained.

To give you an example of how this works, imagine for a moment that you've received an email from Bank of America. They're telling you that you need to update your account information because it has not been updated in a while and they're concerned about the accuracy. They kindly provide you with a link to their site. So you click on it. The Netcraft Toolbar reveals that the site is located in Russia and was only created a month ago. Hmmm. Time to close the browser.

I want to summarize all this by pointing out that I'm using layers of protection, with each layer providing protection in different ways. Here is a point list summary:

  • Never run as admin on your computer.
  • Install and maintain antivirus that updates without admin support.
  • Install and maintain some sort of anti-spyware.
  • Install and mainain a personal firewall.
  • Install and configure a router (not much maintenance is required for this).
  • Use a secured password manager to manage your passwords (don't leave them on pieces of paper or in a spreadsheet on your computer).
  • Use OpenDNS for a safer browsing experience.
  • Use the Netcraft Antiphising Toolbar so that you can find out if the site you're on is safe.
Here, I have 7 layers of security to prevent my computer and/or my identity from being compromised. You may want to implement a few or all of them depending on your security needs and desires.

If you are in the unfortunate position of having to reload Windows to your hard disk due to infection, then you will want to re-install Windows and image your hard drive. I'd like to expand upon that list with some of my own ideas in a future blog.

If you need help setting any of this up, call me. You can find my website for PC assistance here:

www.ezcomputercoach.com

Have a safe shopping experience while you prepare for Christmas. Be well.

Scott Dunn

No comments: