Security And You
Computer security is a subject of eternal debate. It seems to be an endless font of discussion, despite the veil of secrecy enshrouding so much about the topic. The consequences of hole-ridden computer security can sometimes be inconsequential... but they can also be catastrophic. It is as true today as ever that the most secure way to protect a computer from external attacks is to disconnect every wire and bury it under the ground; anything else is a compromise.
An unsecured computer can be compared to a house with open doors and windows, where anyone can enter at any time, take a look at what’s inside, and carry out anything they wish, or if they prefer make a mess instead. (Not to mention that the neighbors can look in through the windows at any time, and it can easily rain in through the windows.) For this reason, programs contain various sorts of security. If we go back to the comparison with a house: the architects quickly realized their error and gave the house windowshades and a door with a lock. Thus its basic security is taken care of. Yet it is still possible to work one’s way inside. Someone can manufacture a counterfeit key, can break the door down, or can trick the owner by pretending to be a utility company employee. Or they can take advantage of incaution by the owner’s children, or of the door being ajar for a moment. Another thing that sometimes happens is that the attacker takes advantage of properties or weaknesses of materials whose very existence is unknown to the owner. In short, 100% security cannot be achieved. However, the risk of an attack can be brought down to a very safe level. If you do not keep much cash at home, you do not need to pay a security firm to guard your house; investing in a safety lock is safety enough. Likewise there is no need to build a moat around a house unless you are expecting someone to drive a tank at it. Security is not a happy end that can be achieved once and for all; it is a constant process of perfecting one’s protection against possible, upcoming, and existing external threats.
A Secure Operating System
Now let’s get back to computers. The first entirely basic step towards safety is the use of new operating systems, which have standard security elements already incorporated inside of them. For this reason, no security expert can really recommend the use of Windows 95/98/ME or even Windows 2000 (for which Microsoft is dropping support). Next, the system must be kept updated, that is, one must have arranged for the periodic, automatic correction of any security problems that it may contain.
We recommend regularly backing up your data if you do not wish to lose it, either to a virus infiltration or to a hardware defect.
Firewalls are a basic security element in any network environment. An unsecured computer connected to a network, like a house with an open door, is an enticement for many undesirable snoopers. A typical firewall forbids all network services that you do not actually use; for the ones that you do, you allow them for individual programs, with any other programs having to request your explicit permission.
In the past, Windows operating systems had no firewall, and thus computers with them quickly became favorite targets of virus, worm, and trojan attacks from the moment they gained an Internet connection. Windows XP and higher have a firewall integrated into the system, so it is no longer necessary to install third-party software as it was in the past. (However, such programs still offer more options and convenience than the built-in Windows firewall.)
If a firewall is set up correctly, then the system ports that you really use (those for the Web, for e-mail, for FTP, etc.) will be enabled, and the unused ones will be blocked until you enable them yourself after having installed software that needs for that port to be open in order to communicate over a network. If a firewall is configured the way it should be, then it will block incoming communication on unused ports. Any hostile programs from elsewhere in the Internet jungle will have no chance of reaching a particular port, even if the program serving the port has a known security weakness.
These are practically a necessity in this day and age. We can essentially divide anti-virus products into desktop ones and server ones. Just about every user is familiar with desktop anti-virus products, with their attractive user interfaces, background scanners, resident shields, etc. This kind of anti-virus software handles situations where virus-infected information has arrived on a user’s computer, whether by post, on CD/DVD, by clicking on a Web link, or in some other way. As soon as something like that occurs, the program informs the user of the existence of the danger, and enables them to block access to the infected information, to delete it, or to otherwise deal with the problem. This kind of anti-virus software lets users have their whole computer scanned whenever they themselves wish it, or have automatic checks performed in real time on any information that gets accessed, so that no actual infection can occur. Recently, anti-virus programs have expanded their range of offered services and become integrated solutions that also contain a firewall and/or anti-spam and anti-spyware protection.
Although server anti-virus software does fill this role, it works a bit differently. Its purpose is not to improve users’ security after infected information has reached them. Instead, it tries to stop approaching dangers before they even reach users’ computers. Anti-virus solutions for mail servers are a good example here. All communication will go through the mail server before it reaches the recipient. If a virus is detected and deleted already on the server, then that prevents X thousand users from even having to come into contact with the infection. These anti-virus systems do not aim to offer a user maximum convenience and fully integrate themselves into an operating system. Instead, they aim to give maximum performance and the most reliable system possible, because numerous other network services that are under heavy loads are depending on them in order to stay as functional as possible.
To ensure that the anti-virus system can detect the latest infiltrations, you must keep in mind that it needs to be periodically updated. Having an out-of-date anti-virus program is about the same as having no anti-virus program at all.
Spyware is a category of dangerous code that sits around snooping in your computer and broadcasts information from it to third parties. Typically, this type of software lies on the border between legality and illegality> It is often an integral part of software, both paid and free, and thus often such code cannot be pried out of a computer without damaging said software’s functionality.
There are many anti-spyware solutions out there for dealing with such vermin. Some of them are free, others are not, and still others are parts of overall security packages. The most important thing, however, will still always be prevention: do not visit dangerous webpages while using (the relatively insecure) Internet Explorer in its default configuration, and periodically update your system. Here are some of the best-known free anti-spyware programs:
Rootkits are a new affair for Windows systems, primarily due to the fact that this system was little widespread on web servers until recently. A rootkit is a hacking tool that can hide activities on a server that has already been broken into. If a hacker has access to your computer and wants to hang onto it for as long as possible, then they will certainly try to install a rootkit. Every time a request is made for a listing of files on disk or of running processes (programs), a rootkit will falsify the information delivered so that they do not betray the presence of both the rootkit itself and other dangerous programs installed.
These unpleasant programs are detected using specialized applications called anti-rootkit software. At present, such programs are generic, that is, they do not try to detect particular rootkits; instead, they analyze the whole computer as such and try to discover general discrepancies that might point to the presence of a rootkit, perhaps of a known type or perhaps unknown.
A good example of an anti-rootkit product is the Microsoft program Rootkit Revealer.
Current Virus Activity
If you suspect that a file might be infected and you thus want to determine what a given program is doing, you can send a file for us to analyze. We will evaluate the given program's behavior and send you back detailed results.