Wednesday, May 14, 2008

The Streetwise Guide To PC Security

We are halfway through May already and speaking of which, we are almost halfway through the year already. But what progress have we made in terms of cyber security. Spam is on the rise, malware infections are on the rise, botnets are growing bigger and more Internet users are turning into advance fee con artists. Pretty grim picture isn't it? No, I do not want to sound pessimistic, but the reality is that no piece of computer security software can protect you completely against Internet based threats. What am I saying... throw away all your spam filters, firewalls and anti-malware applications? No, not at all, they play an integral part in our protection against cyber threats, but even the best tools in the world can fail dramatically if they are not used by streetwise cyber citizens.

I guess most of you are glaring at your screen right now, asking yourself, "what the hell is he talking about?" Lets take two persons and put them in a dangerous neighbourhood, the one person is a high profile celebrity dependant on his bodyguards to keep him safe and the other person is a normal guy who grew up on the streets and learned to take care of himself. Which one is the most likely to survive, all by himself, in this dangerous neighbourhood? The latter of course. Why? Because he is streetwise, he doesn't need fancy tools and bodyguards to take care of him, he knows how to think for himself and what to look for in order to stay out of the heat. Computer security is a lot like that, you don't need to be an Einstein to stay safe in the online world, it is no rocket science to be streetwise, you just need to how to stay on top of your game, you catch my drift? Right, enough street slang, so lets get to the point.

I stumbled across a very interesting article about PC security, published by BitDefender. A BitDefender employee told me that the article is quite old, but nevertheless, it is a generic set of PC security rules that are still very applicable to computer security these days. I have a lot of positive things to say about this article, but it is not without some criticism, so without any further ado, lets take an objective look at the list of rules called the Ten Commandments for Your Computer Sanity.

"1. Don't assume anything. Take some time to learn about securing your system."

Perhaps the single and most important rule of them all. If you are not sure, ask for advice and try to understand why it is important to take certain precautions, don't just assume that's the way things are done.

"2. Acquire and use a reliable anti virus program. Select an anti virus that has a consistent track record. Checkmark, AV-Test.org and TuV are among the most respected independent testers of anti virus software."

So many people go out and download the first anti-virus program that pops up on their screen. Malware infested products are marketed very aggressively, so these less known, but dangerous applications often occupy top spots in search engine results and online contextual advertising, so never trust a download just because it appeared in the search results of your favourite search engine. Visit Spyware Warrior for a comprehensive list of rogue anti-spyware products.

"3. Acquire and use a reliable firewall solution. Again, independent reviewers are your best bet for reasonable choices. Some operating systems come with a firewall, which only filters incoming traffic. Use a firewall that can control both incoming and outgoing Internet traffic."

Firewalls were once a thing for computer experts and large corporations only, it was uncommon to find a firewall installed on a normal end user's computer. Like mentioned in the rule, we even have firewalls built into our operating systems these days (not that it really helped the online community in any way when I come to think of one specific operating system). But the necessity of a firewall increased in the last couple of years and it is irresponsible and suicidal these days to browse the Internet without a proper firewall that provides bi-directional protection. You need to know what is transmitted to and from your PC. You don't want malicious code to infiltrate your system and you don't want confidential and sensitive information to leave your PC without your consent.

"4. Do not open e-mails coming from unknown or distrusted sources. Many viruses spread via e-mail messages so please ask for a confirmation from the sender if you are in any doubt."

If more people can adhere to the first part of this rule we will have a lot less virus breakouts and spam. Each time you open a 'harmless' spam e-mail you give the spammer reason to send more spam because you respond to his e-mails. I have discussed this topic a hundred times before so I'm not going into it once again. With regard to the latter part of this rule, it won't be wise to ask for a confirmation from the sender in my humble opinion, you are just looking for more spam by replying to an unknown source. With so much e-mail forgery happening these days, it is anyway a complete waste of time to respond, because the sender's e-mail address is most likely invalid or spoofed.

"5. Do not open the attachments of messages with a suspicious or unexpected subject. If you want to open them, first save them to your hard disk and scan them with an updated anti virus program."

Once again, the first part of this rule is a piece of gold and can save you a lot of headaches if you stick to it, but I do not agree with the latter. It is almost like saying: "Don't shoot yourself with a 9mm, but if you want to, go ahead and take a peek down the barrel to make sure you are using blanks". If you get an e-mail with a suspicious or unexpected subject and on top of that some executable file, Word document, PDF, ZIP or any suspicious file attached to it, don't mess around with the bloody thing, delete it.

E-mail scanners have been with us for quite some time. The e-mail scanner of an anti-virus package uses the same database as the file scanner, so if an e-mail gets past your e-mail scanner, using the latest virus definition database available, what makes you think that the file scanner will do any better? Should you trust an attachment just because your anti-virus program told you the file is clean? A suspicious attachment from an unknown source has a 99.9% chance of being malicious, so why even bother scanning it? Many inexperienced users don't even know how to save an attachment and run it through an anti-virus scanner, so they walk a big risk of infecting themselves. My advice, if you don't know how to handle suspicious files properly, stick to the first part of this rule and ignore the latter.

"6. Delete any chain e-mails or unwanted messages. Do not forward them or reply to their senders. This kind of messages is considered spam, because it is undesired and unsolicited and it overloads the Internet traffic."

Pure words of wisdom. Many people simply assume that friends and family enjoy receiving junk chain letters and unbelievable, ridiculous stories that you need to forward to everyone in your address book. Who needs spammers if you have friends like this? Apart from spamming all your friends and breaking anti-spam laws, it also comes down to bad e-mail etiquette. The fact that your friends are on your mailing list does not give you the right to send them anything you want. Take your recipients into consideration and think before forwarding jokes, petition lists, chain letters and other kinds of junk mail to them.

"7. Avoid installing services and applications which are not needed in day-by-day operations in a desktop role, such as file transfer and file sharing servers, remote desktop servers and the like. Such programs are potential hazards, and should not be installed if not absolutely necessary."

There is a lot of truth in this, but unfortunately this is easier said than done. The blame lies on the side of software developers and not the end user installing the software. Ordinary users simply install the software and use it whenever it is needed. Little do they know that the software is running 24/7 in the background eating up valuable system resources. These programs put themselves in the Windows Start-up without informing the user about it, or the option to load the software at Windows Start-up is often pre-checked during the installation, so the user has to opt-out to prevent this from happening. These pre-checked options are often missed, because the user simply rushes through the 'easy' installation process. There is a reason why certain developers make the installation procedures so easy.

When I analyse HijackThis logs of malware victims, I often see loads of auto-update managers, system tray utilities, P2P clients and all kinds of 'junkware' loaded in the Windows Start-up. These users are always stunned by the sheer performance of their computers after I removed all these useless applications from the Windows Start-up. Ask someone to check the Start-up section of your PC and remove all the redundant entries. You will be amazed to see what difference this can make in your PC's performance. Don't leave file-sharing software like LimeWire, Shareaza or KaZaa running in the background all the time, they create a weakness in your security setup and make it easier for hackers to gain access to your system. As the rule says, these programs should rather be avoided if possible.

"8. Update your system and applications as often as possible. Some operating systems and applications can be set to update automatically. Make full use of this facility. Failure to patch your system often enough may leave it vulnerable to threats for which fixes already exist."

Most people are guilty of not updating their system on a regular basis. But there is a reason why people are afraid of updating. Remember what happened when Service Pack 2 of Windows XP was released for the first time and if I am not mistaking, history repeated itself with Service Pack 1 of Windows Vista this year.

I know one should lead by example, but I am perhaps the worst of them all. I haven't updated several of my applications in years, because I am happy with the versions I am using at the moment and don't want some update to screw everything up. If you stick closely to rule number one you automatically take your computer security to the next level. If you pay attention, to which sites you visit, which files you download and which programs you install, you can easily skip this rule for years without any malware incidents at all. Still it is wise to update your software when you have the chance. It is better to fix a broken wall even if you are never bothered by the outside world. The problem is however, you never know when the outside world might start to bother you, so rather be prepared than sorry.

"9. Do not copy any file if you don't know or don't trust its source. Check the source (provenance) of files you download and make sure that an anti virus program has already verified the files at their source."

Will you use a box of aspirins, from an unknown source, left on your doorstep? Off course not, even if you are familiar with the specific brand of aspirins, you have no idea where they came from. How can you be absolutely sure that they are really aspirins? Well, the same goes for computer files. If you can't verify the reliability of the source of a specific file, how can you trust the contents of that file? You have no idea where the file has been and you have no idea whether the contents of the file is really what it should be.

"10. Make backups of important personal files (correspondence, documents, pictures and such) on a regular basis. Store these copies on removable media such as CD or DVD. Keep your archive in a different location than the one your computer is in."

Backups, ah the one thing that no one ever does. Have you ever thought about what you can loose if you suddenly got infected with malware? What if a cracker gains access to your PC and delete your favourite music collection? Backups play a very important role in PC security, especially when it comes to system recovery after a malware infection or system failure. Any proper security setup should have solid backup policy. Without backups you will never fully recover from a severe system crash. Backups are your insurance against data loss. So if you are not in a habit of backing up your most important documents and data on a regular basis, rather start doing it before it is too late. BitDefender's Total Security can be set to perform automatic backups for you.

We live in an age where we can't rely on software alone to protect us from online threats. You are responsible for your own safety online, software applications like firewalls and anti-virus programs are only tools to help us in situations where things are out of our hands. Your personal computer security depends on your willingness to stick to these rules, being vigilant and using common sense. Treat everything as a threat until you can prove otherwise, this is the safest approach in the digital Wild Wild West.

If you have anything to add to this list of rules, feel free to leave your comments.

About the Author
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, analysers of security software and raising awareness about spam and malicious software.