Tuesday, December 08, 2009

What To Do About Computer Security (Part 1)

Well, it had to happen eventually. After years of living free and easy, our home network was recently hit with some sort of malware that caused quite a bit of havoc and has taken me five days to repair. I don't know how it started but I do know that one of the vectors used was our USB sticks. This experience has sent me back to the drawing board to re-engineer a more secure system.

Computer security is a confusing business these days. There are so many types of programmes trying to destroy our systems that even keeping track of all the categories of threats and deterrents has become complicated. In these two articles I'll run through some of the common terminology and make some recommendations.

This most recent attack wiped out the data on one computer and compromised my passwords, forcing me to update all my site passwords. Yes, that's right, I have had to change dozens, even hundreds of passwords at financial, social networking, subscription, product registration and other sites. Define "tedious" -- this comes pretty close!

Don't want this to happen to you? Please read on.

First, keep in mind that security is a compromise. There is no such thing as total security. The only way to accomplish that mythic goal is to never connect your computer to the internet, to other computers over a local network, to other devices through BlueTooth, to portable drives and USB sticks... to anything at all in fact.

For some limited uses you may get close to that ideal. For example, a workstation in a recording studio can work in isolation except for rare updates. But most of us have a general-purpose computer that regularly shares data with external parties. Cutting ourselves off from the world is not an option.

The question then becomes: "How much convenience do you want?" The more convenient, the less secure. The UNIX operating system is based on a secure core, though how secure any given distribution is depends on what options it was built with. The most secure versions have minimal interface and functionality. Certain routers, firewalls and independent storage devices (NAS) fall into this category.

Now that it's based on UNIX, the Mac OS is quite secure. In any case it has never been a huge target for crackers1, since the platform has less market share and hence presents a less tantalizing target. Microsoft Windows has traditionally erred on the side of being convenient and easy-to-use, at the cost of security. In fact, its security model is pretty haphazard.

To use your Mac or Windows computer correctly, you should have a single administrator account that is used for making systems changes plus downloading and installing programmes. This account should be tightly secured with all available precautionary settings and in addition should have active security software running at all times. Separate user accounts should be used for day-to-day use.

OK, hands up: How many of you actually do this?

I'll admit: not me. That's for two reasons. First, I download and update software so often that this is inconvenient. Second, I have had troubles with programmes that either do not install correctly in this manner, or do not run properly unless logged in as administrator. (That's the weakness of the Windows security model showing itself.)

Oh look! I have compromised my security for the sake of convenience. In practice, this means that malicious software has a pretty easy time of infiltrating my system.

Malware consists of spyware, root kits, trojans, viruses, worms, adware and other baddies. People generally refer to them all as viruses but they aren't2. Each have different characteristics, exploit different system vulnerabilities and carry different associated risks. This is important to remember since a particular security application may work against some types but not others.

My experience using big-name anti-malware programmes from companies like Symantec is that they are far too intrusive. The real-time virus scanners use valuable system resources and interfere with the working of other software, slowing the computer unreasonably. Since I use my computer for time- and processor-sensitive tasks like audio creation and mixing, these sorts of resource hogs are a no-no. I can't have the computer suddenly decide to run a security task when I'm in the middle of a big job.

There are many other problems with these packages. They throw up all sorts of messages about possible intrusions that most users have no idea how to respond to. They find a lot of "false positives"; that is, they report normal activity as suspicious. They nag with insistent messages that people get tired of and hence learn to ignore. They are generally not configured correctly.

So what are we to do? In my next article I'll make some recommendations.


1 A cracker targets a computer or its contents for harm. This is not to be confused with a "hacker", though all Hollywood movies seemingly do.

2 Some people even pluralize "virus" as "virii". I sure wish that had caught on; it's got to be the coolest word ever.


1 comment:

Network management tools said...

You said it right that computer security is a compromise and there is no such thing like total security.

My suggestion here for everybody is to play safe. You cannot ignore internet these days, but going with the secure system like you have suggests the Mac OS is a good option you have, or you can even go with a complete network management tool, it helps you to diagnose and troubleshoot the trouble whenever it comes your way.

Post a Comment