Thursday, December 10, 2009

21 Steps To A Safer Computer

In the first article on computer security I provided a gentle introduction. In this post I'm going to make some specific recommendations, knowing well that most will ignore what I am writing. Perhaps the only way to ensure such advice is heeded is to have disaster befall you! I certainly hope it doesn't come to that, but I am quite familiar with human nature.

Before I begin I will itemise some consequences of falling prey to malware. Any or all of these can (and will) happen to you:
  • Your web browsing behaviour can be tracked in order to present unwanted advertisement.
  • Your browser can be redirected to porn and other sales sites.
  • Your passwords can be stolen and used for fraudulent purposes.
  • Email messages can be sent as if from yourself but with malicious content.
  • Your identity on internet forums can be stolen and used to post racist, defamatory or otherwise unappealing messages.
  • Your computer can be hijacked, without you knowing, and used as a bot to send out spam.
  • Your computer can be used to orchestrate denial of service (DOS) attacks, opening you up to legal liabilities.
  • An application can be rendered inoperative.
  • Your entire computer can be wiped.

OK, so the threats are real and serious. Now for what you should do about them. I realise you have probably read this advice before in various places. Some might even be called "common sense". But it is useful to have a central checklist to refer to. There is so much more you can do than what is here; take these precautions as a judicious minimum. They may seem a burden now, but many become second-nature and take no more time or effort than being risky. (As a bonus, most are OS agnostic.)

A. Backups are God.

1. Back up your data regularly. Because no matter how secure your system is, some day you will lose important information to malware. Or your hardware might fail of its own accord. All hard drives crash eventually; it's a fact of life. So make a copy of your data somewhere safe, e.g. on a completely different medium (for example DVD). Then make a second safe copy, because one is not enough. (In fact I once had an original plus two backup copies fail... all at the same time! I then spent the next four weeks replicating eight weeks of work.)

2. Store a backup copy off-site. If your house burns down having two copies of your data at that same location will not save your bacon. I recently read of a photographer who had just this happen to her work. You need a copy that is physically distinct. Some now use online storage for this purpose, which is fine if you can bear the bandwidth.

3. Make a backup schedule. I know I'm being repetitive here, but it's one thing to have good intentions about backing up and another to do so religiously. On your calendar mark regular times (every Friday morning, for example) and reserve these for backing up. Determine when you will do full, incremental or other backups, so you don't get confused. Then document what you are going to do in a file on your desktop. Be organised.

4. Store all you local work on a drive other than your boot drive. That way you have one drive with your operating system and programmes and a second drive for your work. If the main drive is corrupted, you have a good chance of getting out alive with the second drive and all your work. If system limits prevent this (for example, you have a laptop with a single drive), then be sure to have two partitions on the drive. Store your work on the non-boot partition. This strategy saved my wife's work when her laptop got wiped last week.

B. Updates Are Important... Sometimes

1. Keep any vulnerable software up to date with the latest version changes. This particularly includes your operating system, your web browser and your anti-malware software. Vendors are always improving security, fixing bugs and plugging holes. You need to have the latest versions to keep up with the crackers.

2. Do not update other software unless necessary, as this exposes you to increased risk. There is always a new version, but will it help you?

3. For convenience and to avoid interrupting other tasks, you may wish to turn the auto-update feature of your software off. If you do so, please remember to manually update when you need to.

4. Schedule one day a month to look at software upgrades and to deal with those programmes that nag you about updates. Put that on your calendar as well.

C. Isolation Is Safety

1. If you have critical work, isolate it on a computer system of its own. This is a luxury, to be sure. But if you have more than one computer you can use one as your general-purpose net surfing, game playing, risk-taking adventurer and reserve the other as your serious and secure work computer. That critical system should connect to other devices only when necessary. Whether or not this plan works for you depends largely on what tasks you need to regularly perform. But the more important your work, the more necessary this approach is.

2. Run the software firewall that comes with your system. This will tell you when unexpected internet or local network activity occurs. However, a software firewall is rather an oxymoron, since the whole idea of a firewall is to stop baddies before they get to your computer. And so...

3. Run a separate hardware firewall. This might be built into your router or your broadband modem. Make sure it is on and configured properly. Most come with only minimal security features turned on; you can do better.

D. Practice Safe Browsing (And Email)

1. Malware comes from untrustworthy site, so if you are browsing "free offer", "free download" or "free porn" sites be prepared for the worst.

2. Not every site is what it appears to be. Phishing sites disguise themselves as a trusted partner (for instance, your bank) in order to harvest your password when you log into them. Double check the URL in the address bar. Be sure the lock icon (or equivalent) is lit if you are supposedly on a secure site. Be sure it really is the address bar and not just a carefully bitmap fake.

3. Do not follow any link from an email, even to a supposedly trusted site. Spammers are forever sending out fake "your account needs updating" emails in order to get you to a spoof site. The only exception is that I do follow registration confirmation links in emails. In this case, I know to expect one of these from the site I just visited and initiated registration with.

4. Never open an attachment you did not expect. This includes attachments from people you know, unless accompanied by a personal note you can guarantee is real. Malware may have taken over their computer in order to send just such authentic-seeming messages!

5. As a corollary, never send unsolicited email attachments. Don't make life more difficult for others.

6. Never run any programme you have downloaded unless you are sure of its content. Never open any document you have downloaded by double-clicking. It may be a different file type in disguise. Instead, open the appropriate application and use the File menu to Open the document. If this does not work, it is likely the wrong file type or corrupt.

7. In Windows, turn on Explorer options that allow you to see the full file name of everything in a folder. This can help you spot disguised file types. (I won't go into the details of how to do this, but it is important so look it up.)

E. Reduce Automation

Our computers automate processes to make things easy, but these automatic steps are invitations for crackers. Here's where the big security/convenience dichotomy hits home. For optimum security you need to turn off all automatic processes and vet things manually.

1. For Windows the most important thing to do is to turn off AutoPlay on all drives. Letting a USB stick or CD run software the moment it's plugged in is a disaster waiting to happen. The easiest way to do this is to download Microsoft's Tweak UI utility. Once it is installed and running, go to the "My Computer" heading, choose "AutoPlay" and then expand the subheading "Drives". Now, un-check every drive and click "OK". (Tweak UI does many cool things and there are other great tools on that same page -- check them out.)

F. Use Anti-Malware Software

First, it must be stated that running anti-virus software is not a panacea! In fact, I would say that it's more important to follow the previous steps than it is to use anti-virus software. Because if you do everything in sections A through E then you've cut both your risk and the potential impact of any threat enormously.

1. Decide whether you want to run a resident programme that can continuously check you activity. If you do so you will gain the obvious advantage of a continuous security presence. But there are many possible negative side-effects. If you have a slower processor then the speed of your computer may be adversely affected. You may not know what to do with the messages you receive. Further, these may become a burden to you, reducing the joy of using your computer. I have seen systems where the anti-virus software was as annoying as a virus!

2. If you are not running an automatic process, then scan all untrusted content before using. This notably includes USB sticks and any downloads from the net.

3. Be sure you are protected from adware and other browser infiltrators as well as trojans and viruses. These are different animals and sometimes you need different software to deal with them.

Now, re-read B1. Anti-virus databases that are a month old are useless.


Congratulations, your system is now much safer than before. Thank me by donating a cup of coffee using the PayPal button in the sidebar. Or, buy your Christmas gifts from Amazon starting with the buttons in the top right. Thank you!

I'll add a third article with some software recommendations next time.


No comments:

Post a Comment