Friday, October 14, 2011

No PC Security in Vietnam

I've been on vacation in Vietnam for the last week or so. Before I got here, I recalled the state of the computers I've seen here during my last visit and came prepared this time. I brought with me Linux CDs and DVDs as well as a couple of USB drives to help the family with their computers. Today, I'm going to give a brief description of the state of the typical computer in Vietnam as I see them.

My findings are based on a pretty small sample of three computers. Despite the small sample, the uniformity of the install choices made, and the geographical disparity of all PCs suggest there is widespread agreement among the PC builders on how to best build a Windows PC. It seems that their highest priority is that the PC will function properly as a pirated copy of Windows. Every choice made by these PC builders leaves the user less secure, unable to recover Windows if the machine should fail, and more likely to fail due to the choices made. Unless otherwise stated, the conditions observed are seen in all three PCs.

First, not a single PC had a certificate of authenticity. You know that colorful little sticker you usually see on the side of your computer? That sticker is the license key for your copy of Windows. Having this key is absolutely necessary in order to install Windows and pass Windows activation. That sticker is your license for Windows unless you bought a boxed copy and left the sticker in the box. This condition leaves users unable to re-install Windows without having to take their computer to the shop so that a technician can do the work.

Automatic Updates were disabled. The obvious reason for this is to prevent Windows Genuine Advantage from being installed on the computer to check the validity of the license key on the computer. This leaves the user less secure against known security issues because Windows will not be kept up to date.

When Windows is installed for the first time, it creates a user account that is usually the administrator account for the machine. After the installation is complete, the computer will reboot and then walk you through setting up user accounts and Automatic Updates. The user accounts that are setup here are also administrator accounts. Administrator accounts have full control of every process and file on the computer.

Most Windows users are unaware of this condition, and they do not know that they should be running as users, not administrators. This is important because of the way malware installs on a computer: silently. If you are running as admin while browsing the web, and you encounter malware, or a "drive-by download", the malware will install on your computer without you even knowing what happened. After that happens, the only clue is that your PC is running a lot slower than before.

Next up is the file system. By default, Windows will format a hard drive using NTFS. NTFS assigns access controls to each folder and file. This security information assigns access permissions to each file and folder, allowing users to access their own files and prohibiting user access to files that are not theirs. This is important for security in that it prevents viruses from accessing system files and changing them - if you are not running as an administrator account.

Here in Vietnam, it is common practice to install Windows to a FAT32 file system. Some of you may find that the term "FAT32" is familiar. Some of you might even remember that FAT32 was a feature in Windows 95 and 98. Unlike NTFS, FAT32 provides no access controls to files and folders in the file system. This means that even if you are not using an administrator account, you still have access to every file on the system and can change or delete them at will (and at your own peril).

Taken together, all of these conditions add up to one very insecure computer, even with antivirus installed. The FAT32 file system allows non-administrators to access system files and change them. User accounts are admin accounts and Windows Update is disabled. This is a playground for botnets in Asia created for the very purpose of pirating Windows.

When people pirate Windows, they fail to realize the true cost of using pirated Windows. To prevent piracy, I recommend installing Linux (like Mint, or Fedora). Linux has a few qualities that you won't find in the way Windows is installed here. With Linux, you get file and folder security by default. You don't run as admin by default. And you get automatic updates by default without having to worry about Windows Genuine Advantage consuming your time and money.

Some people are starting to wake up and smell the choices, however. By one estimate, there are more than a thousand Linux users in Vietnam. I'm gonig to do a conversion today from XP to Xubuntu. Even the Vietnamese government has taken note of the opportunities afforded by Linux. Many small countries from around the world, including Vietnam, see Linux as a opportunity to create their own software industry. Linux is also a way out of dependence on Microsoft and other American software vendors. In fact, Microsoft depends on piracy to survive.

So get safe, get legal and get Linux, Vietnam.