Preventing Unauthorized Access
Why Security is Necessary | Security Basics | Key Elements of Security | Summary
Why Security is Necessary
Security is Everyone's Responsibility
The need for increased security and the prevention of unauthorized access to your computer has never been greater than it is today, and it will continue to be a challenging issue for the years ahead. The increased use of broadband Internet access (cable or ADSL) where computers are always connected has made this issue even more critical. If you are not using adequate firewall protection, sooner or later you will become a victim.
“Malicious software is so rampant that the average time it takes for an unpatched Windows XP to be compromised after connecting it directly to the Internet is 16 minutes — less time than it takes to download and install the patches that would help protect that PC.” — TechWeb News
We're More Vulnerable Than Before
The world we live in has seen massive changes, From a society where information used to be on paper in locked filing cabinets or in massive mainframe computers with extremely limited access we now have global access over the Internet. This makes us vulnerable from anywhere in the world and challenges our understanding of the very concept of security:
“Now we live in a world that is strictly bounded by our capacity to understand it, by our ability to keep up with the pace of technological change, and to manage the new risks and security challenges that come with limitless storage capacity, limitless transmission capacity, limitless data mining capacity. We are bounded by our own limited capacity to understand, to imagine the implications of data flow and data aggregation, and our ability to teach.” — 2005–2006 Report on the Privacy Act by the Privacy Commissioner of Canada.
Test Your Knowledge
Test yourself in The Case of the Cyber Criminal, a fun animated game. More games here.
How Easy is it to Hack Windows?
Hacking Vista: Easier than you'd think is an instructive video on YouTube that shows how a hacker can gain access to a computer without the user being aware of it. What is particularly interesting is how the user can misinterpret the "infection" incident so that the hacker gained total access in a very short time.
Security Basics
Most viewers of this page are running some version of Microsoft Windows. When combined with Microsoft's tendency to place the emphasis on ease of use rather than the needs of security, there is a huge security problem.
“We generally think of computer security as a problem of technology, but often systems fail because of misplaced economic incentives: the people who could protect a system are not the ones who suffer the costs of failure.” — Bruce Schneier's Crypto-Gram
If Microsoft bore the cost of security failures in their Windows and Office software, as Ralph Nader forced the auto industry to accept responsibility for their failures, fewer vulnerabilities would exist or be allowed to continue unchecked.
Instead, we are spending large amounts of money annually on antivirus, antispyware and other security programs. These programs have been less critical on other operating systems because they are not as vulnerable nor targeted as readily. (This is changing for Mac users recently as Apple products like the iPhone, iPad and Mac computers gain in market share.)
Running Older Windows?
If you are running a version of Windows older than Windows XP, you should immediately upgrade. Such upgrades are best done on newer hardware as the system requirements (the speed, storage and memory needed to run them) are more demanding.
Microsoft discontinued support for Windows 98/98SE/Me on July 11, 2006. Windows XP users should have Service Pack 3 installed as well as all critical updates.
If your computer is not capable of running XP, you might want to consider using an alternative like the free Linux-based Ubuntu or its variations. Ubuntu includes an alternative to Microsoft Office and many other programs — all for free!
Ubuntu updates itself in a similar manner to Microsoft Update. If you are a typical user, it will work better than the Windows currently installed on your existing hardware.
How To Protect Yourself
Information on security may not be light reading, but you ignore it at your own peril. The security resources on this site will help you to keep your computer secure from the risks you are exposing yourself and your family to.
The National Cyber Security Alliance's Stay Safe Online includes tips help yourself and your family stay safer while online by being more aware. Stop. Think. Connect.
Only share online what you'd like others to share about you, being aware that, once posted, most information is "in the cloud" forever.
False Confidence Deadly
You need to use the tools on this site to protect yourself from threats to your computer. If you think you're protected, consider the findings of one study that reported that 80 per cent of home PCs are infected:
Nevertheless, almost three quarters of those surveyed reported believing that their PC is very secure or moderately secure.
— AOL/NCSA Online Safety Study
Close Security Loopholes
Windows, particularly Windows XP, is full of security loopholes and we're exposed to many others if we give precedence to convenience over security.
One example is installing software that allows us (and probably others) to connect to our PC remotely. Windows XP allows remote users to connect to their computer to fix problems. Unfortunately, this is enabled by default and few users ever need it — an unnecessary security hole.
More recently, Symantec released information that their pcAnywhere remote connection software had been compromised.
Restrict Access to Computers & Networks
One policy to protect yourself is to restrict access to the computers in your home or office:
- Use security that isn't based upon information posted on social media sites like Facebook.
- Your children should not allow their friends to make changes to their computer of any kind. Your children should not have Administrator rights on their computers.
- Be wary of phone calls or emails that ask for personal information or insist you to go to a website to fix a problem — these calls are scams, no matter who they say they are.
- Be wary of any warnings that appear on your screen or in an email, particularly if you are told you have hundreds of infections. Knowing your security software helps to prevent getting scammed.
- Get professional help from a reliable source. While the kid across the street might know more than you, he might not know enough.
Key Elements of Security
To enhance the security of your computer(s) and computer networks, you need to include the following components in your protection plan:
- Wise choice of programs
- Effective security software
- A router (hardware firewall)
- Strong Passwords
There is more information about each of these, either on this page or on other pages on this site. Follow the links in each of these subsections to learn more.
Choosing Your Programs Wisely
The choice of software to use on your computer affects how vulnerable you are to security-related attacks. This is particularly true for Windows users, specifically in regards to your choice of web browser and email client.
Outlook Express Obsolete
Outlook Express is now obsolete. Use a recommended alternative. Web-based email is another alternative, but be aware that your privacy is compromised because Gmail, Yahoo! and others read your private mail to provide targeted ads and whatever else they can think of to benefit themselves financially.
If you're determined to use Internet Explorer, be sure to use the most recent version available to you and install all critical updates.
Universal Windows Equals Universal Vulnerability
Standardization of Windows using the built-in Internet Explorer and Outlook Express was seen as a way to make it easier for managers to find "trained" employees.
Unfortunately, it has also made us more vulnerable to inappropriate uses of that technology, including viruses, hacking, phishing, and more such as the GDI+ Windows vulnerability for JPEG images which was exacerbated because of the widespread use of Microsoft Office.
Windows Messenger & MSN Messenger
There are two "messenger" programs running by default in Windows XP: MSN Messenger and Windows Messenger:
- MSN Messenger is a popular instant messenger (IM) program that allows users to see if their friends are on-line and to engage in "live" chat.
- Windows Messenger was intended for network administrators to be able to send system-wide messages to the computers in their network, but it has been usurped by spammers to send pop-up spam.
Home users and most smaller businesses do not need Windows Messenger. MSN Messenger should be removed or disabled on business computers. MSN Messenger can put all accounts on a computer at risk (not just those running that software). Further information is found here:
- How to prevent Windows Messenger from running on a Windows XP-based computer on Microsoft's Help & Support.
- Shoot the Messenger is available from Gibson Research Corporation.
Free Software Can Cost You
Many of the free utilities, screen savers and similar programs available on the Web are either adware/malware or install third-party software at the same time that collects information about you.
Search for what others have said about a program using the program name or executable file as the search criteria. Bloggs (web logs) often provide interesting insight to the usability of such programs and their relative merits.
Toolbars Compromise Privacy
Toolbars provided by vendors like Yahoo! and others are often installed without your permission or as part of another installation. These toolbars may be convenient, but also provide their vendors with information about your surfing habits and tend to clutter your browser and reduce the size of the display window.
If you do find a toolbar useful, be sure to check out the privacy policy before installing it.
Effective Security Software
Traditional security products, firewalls, security suites, antivirus, and antispyware products, are made to fight PC-based threats, but you also need to worry about web-based threats which can develop very quickly.
You need to protect yourself using both traditional security tools and security software that is constantly updated to deal with the threats you face when surfing the Web. In most cases, a security suite will provide the most comprehensive protection, but be sure that it can do the job without degrading your computer's performance too much.
Anti-Virus Protection
Viruses can do everything from infect others through your email program and address book to compromising the security of your computer.
Purchase and use current anti-virus software. Since some products are free for personal use, you have no excuse not to ensure you have at least basic protection.
Spyware Protection
Your privacy has never been under attack as intensely as it is today. You need to protect yourself using legitimate privacy tools. All current security suites and most antivirus software contains some form of antispyware protection.
A Router
An Effective Firewall Has Two Parts
A firewall is an essential part of your protection, particularly if your computer accesses a broadband connection. You need two kinds of firewall protection:
- A software firewall that is effective and protects you from outgoing as well as incoming attacks. This should be part of any security suite.
- A router is a hardware firewall that ensures secure shared high-speed access to the Internet.
Strong Passwords
Passwords are an essential part of Internet life today. They are used for everything from access to your email to the millions of websites and forums that require you to identify yourself using a username and password combination on a daily basis.
Passwords and encryption can be effective tools only if you use them correctly.
Long and Strong
Make your passwords long and strong using random upper and lower case letter, numbers and symbols (some symbols are not permitted by some sites or vendors). Generally, the longer your passwords, the harder they are to hack.
Increasingly, sites are using your email address as your identity, making it very easy to hack your other accounts if you use weak passwords or use the same combinations on site after site.
Wireless Connections
We don't generally think of Wireless connections in this category, but you need to secure your wireless connections. WEP and newer variants like WPA & WPA2 use a similar format to how we access email from out ISP:
| Account Type: | User Name: | Security: |
|---|---|---|
| Wireless (e.g. WEP or WPA) | SSID | Security Key |
| Email Account (e.g. jsmith@example.com) | User name | Password |
In both wireless networks and email accounts, part of the two parts required for access are public:
- The SSID is the public name of a wireless network making it public unless it is not broadcast (making it harder for computers to connect to it). It is the WEP or WPA2 key that provides security.
- Your user name is usually placed before the @ symbol (e.g. the jsmith in jsmith@example.com) and therefore public. It is your email account's password that provides security.
The wireless security key acts as a password in the same way as the password on an email account keeps out unauthorized users.
Summary
Good Security Practices
Ensuring a secure computing experience involves all of the following:
- Choose your software with care, particularly your web browser and email client.
- Purchase and use current anti-virus software. Some products are free for personal use.
- Both a hardware and software firewall is an essential part of your protection.
- Check for spyware on your system.
- Passwords and encryption can be effective tools only if you use them correctly. Ease of use is contrary to good security, although there are some tricks that can help you retain security while remembering complex passwords.
Keep Everything Updated Frequently
Because things change so fast on the Internet, it is important that you both keep your antivirus, firewall and anti-spyware security software current (install all updates).
One study indicated that the time from the discovery of a vulnerability to when it is exploited is now four days or less. More recently that window of discovery has narrowed to less than a day.
- Check for updates at least daily.
- Weekly scans are a bare minimum.
More About Related Issues
Protecting Your Online Identity
The following related pages offer more information about protecting your online identity:
- Encryption — Protecting Your Data
- Passwords — Protecting Your Electronic Signature
- Avoiding Spam — Unsolicited Emails and Mailing Lists
- Identity Theft — Obtaining Information by Deceit
- Proper Email Address Etiquette — Using To:, CC: & BCC: Correctly
Securing Your Computer
The following related pages offer more information about securing your computer:
- Firewalls — Your First Line of Defense
- ZoneAlarm Security — Recommended Firewall Products
- Anti-Virus Protection — Current Alerts, Strategies, Hoaxes & Software
- Your Privacy At Risk — Spyware Detection & Removal
- Encryption — Protecting Your Data
- Passwords — Protecting Your Electronic Signature
- Web Security — Vulnerabilities in Internet Software
- Windows Security — Vulnerabilities in Windows
www.RussHarvey.bc.ca/resources/security.html
Updated: January 28, 2011