Computer security, and why you should care and take time to make sure you are safe


(Nick Aurelius-Haddock) #1

All Microsoft Windows users should know by now the problems and the various threats that are lurking out there on the internet for the unsuspecting visitor. So I thought it was a good idea to start a thread on the best advice I can come up with to make you safe and secure on the web. Please feel free to jump in with your advice and experience on the web.



So here are my top tips, in no particular order



1) Always make sure your anti-virus.anti-spyware software is upto date and run regular scans on your hard drive - a good free product can be found here www.avg.com.

2) Make sure you upgrade your system often - at least once per week

3) Upgrade to a more secure browser like mozilla Firefox or Google Chrome

4) Never visit a web site sent to you in an email from someone you don't know

5) Never give any website more information than you absolutely think is required to deal with them

6) Always be suspicious of emails from China or Russia

7) Never give out usernames or passwords to anyone - period.

8) Move to a more secure system all together like Linux or MAC OSX

9) Stay clear of dodgy websites, there is no such thing as a free anything on the web

10) When connecting to a wireless network you don't know, always be very circumspect to what you do and what you connect/login to while connected. People can and do listen to your traffic.



On top of these security issues, make time everyweek to backup the data on your hard disk you can't do without. Hard disk's are not magical devices, they are mechanical, and like your car or lawn mower they will fail, I guarantee it. I would recommend a cloud solution to help you, like Dropbox. You can easily store data, which you can then access from anywhere on the web, or any computer. It is encrypted, so is every bit as safe as the risk of your hard disk failing.



Happy surfing

(Nick Aurelius-Haddock) #2

lol, this just keeps getting funnier, your definition of what Linux is, is very misleading. Brent you do seem to have something against Apple , why describe the OS on iPads as warped, because MS can't produce a tablet anyone would want perhaps ;-)

Trojan & Worm & rootkits != Virus - so most of these posted are irrelevant to my point

An exploit in Samba is not an exploit in Linux, but an exploit in Samba - so all those supposed viruses you mention are problems with 3rd party applications not the kernel, which is what Linux is.

To save eye strain, I will save the reader from posting the many pages it would take to list the viruses, trojans, worms, spybots etc on any version of Microsoft windows you could care to mention. If you are really interested, just have a look at them listed in your current anti virus programme.

I think you misunderstood what I meant about zero day patches, not that MS never issue them - they do a pretty good job by in large of patching , but it would be extremely fool hardy not to apply them.

Here is good article on why you should consider a change - http://goo.gl/IUK8

Regards

Nick


(Brent Glover) #3

Nick

These were pretty much the responses I thought you would muster. C'mon you only need to scan your posts on why Linux is better than Microsoft, installing Linux, etc.

I'm not pro or anti any OS. I can't afford to be, I support what people use and I keep them running. I have various linux distros, osx and windows all to hand and certainly don't judge or try to convert users on their choice (or pre-installation) of OS. I couldn't even start to think of the calls I would receive if I tried to convert users across to ubuntu from their tried and tested windows environment.

iPads, iPhones run on such a warped OSX (with its unix roots) under the name of iOS. My discussion os about PCs not mobile phone/devices.

Made me chuckle implying that MS has ever released 0-day patches for security issues. So you have never had people complaining that certain updates have killed their OS's?

IE8 is a good browser.point.period. Runs fine on XP and is supported (for now true but IE9 is still in preview phase). I will deal with what to do next when XP ends its shelf life (extended support April 8, 2014)

A little copy and paste from wikipedia

Trojans

  • Kaiten - Linux.Backdoor.Kaiten trojan horse[18]
  • Rexob - Linux.Backdoor.Rexob trojan[19]
  • Waterfall screensaver backdoor - on gnome-look.org[20]

Viruses

Worms

Yep the majority of these have been patched, but it's not only the known viruses, trojan and worms, it's the new ones coming out. Rootkits? Ubuntu users have been infected by these. Anyone who has a linux pc hooking in to samba shares are potentially at risk. There is a reason why anti virus programs and rootkit hunters are available in repos.

It's nearing 9am now so I have my users to support. Who knows, Xp, Vista, 7, OSX or linux problems. We all get them.

Brent.


(Nick Aurelius-Haddock) #4

Brent, I had a good laugh at your reply so I thank you for that. To proclaim that you are not Microsoft biased is a little disingenuous , considering the site link you offer at the bottom of your post !

I would take your arguments more seriously if you were not using the same old FUD, I hear regularly on the web.

There is one fact your are missing here, I'm not anti anything, I use all OS's regularly, but I removed my Microsoft rose coloured spectacles a long time ago.

2. Are you seriously suggesting that the average user should second guess the authors of a security patch? If it is a zero day attack that is extremely bad advice, and I would recommend people ignore it before they get their bank accounts hacked.

3. Please explain how I can install IE9 onto Windows XP ;-) I think you know like I ,you can't. As most users still use XP and IE6 - currently an extremely insecure combination - they are much better off using a modern upto date browser like Firefox or Google Chrome, that are current and patched long into the future. They also have clear roadmaps for improvements and updates. IE8 is now legacy and being replaced by IE9, thus the recommendation would back people into a short term fix, it's why I don't recommend it.

8. Same old Microsoft FUD here about being user friendly - compared to what? Have you actually tried installing Linux Mint lately? What relevance does the current market share add to your argument about anything? Ford have a clear lead in car sales in the UK, does that make them better than Audi or Mercedes?You also seem to then blow a hole through your own argument stating that hackers are far more likely to attack Windows, which is not exactly an advert is it? You point about Apples for die hards , how exactly does that square with iPads,iPods and iPhones? - some the easiest equipment I have ever used. Android Linux and ChromeOS are only for geeks? I think you need to update your FUD.

9. Is a reference to free Ferraris , free holidays to the Caribbean and large cash sums, not free software - so that clarification is worth making, cheers for that.

10. I'm afraid that advice is just plain incorrect and a little scary as it would appear you are not aware of the many serious flaws in WEP(most commonly used) and WPA. Hacking one of these networks is trivial, I do it regularly for work, and if you sit in McDonalds and expect your traffic to be safe for anything other than plain browsing the web, you deserve everything that is coming your way. Just look at the current news on mobile phone hacking to see how trivial it is. There are many well documented hacks on peoples traffic in wifi cafes etc, not by experts, but by teenagers.

As I have stated many times, if you are happy with Windows, that is great as I use it myself, and have done for decades, but I have a much broader view of the IT spectrum and call a spade a spade. I think it is good that people have the freedom to explore alternatives and choice , and to be offered safe and secure options, not based on bias but on sound security reasons.

OSX and Unix users don't know what anti virus software is. Why? Because we don't need it, there are no viruses for them. It is one of the biggest problems faced when using a home PC, keeping it safe, so if you can take that whole issue away, that in and of itself makes the user safer. The reason a majority of large corporations use Linux to drive their businesses is not out of love for free software, but because it is safe, secure and reliable, so why not have that on your desktop as well? The next time you search Google or buy something on Amazon or make a bet with Betfair or book a flight or update your bank account, it will be Linux that does the work.

Regards

Nick


(Brent Glover) #5

Nick

After seeing this discussion being resurrected, I felt I had to reply (or update) your top ten safe browsing tips. It does seem apparent that you have a "dislike?" to Microsoft products and although I am in no way a stout supporter of them once cannot ignore their choices given their user friendliness and market share.

1. Microsoft Security Essentials (found on the Microsoft site). Perfectly good free software. Low false detection rates, low impact on PC performance, moderate scan speeds. Just perform a search on google for "norton killed my PC" or "mcafee killed my network" to see why some of the "big boys" are now only providing buggy, bloaty software and at a fee. AVG was IMO a good choice and I always used to point my clients in the direction of their free version but since their 2011 release, hiding the free version deeper and deeper whilst the software became bloatier and bloatier, left me no option but to turn tail and move to another offering.

2. Yes. Updates can be a good thing (security updates more so). Saying that though it is not uncommon for some updates to do more harm than good so I would certainly recommend to update but only a day or two after they are available (to see how well they are received by the general public and not mere test machines)

3. The secure browser debacle. I failed to see your mention of Internet Explorer in the list (another thumbs down to microsoft). This is only true on "older" browsers and since IE8, it has been repeatedly proven that IE8+ is actually the leader in browser security. All browsers have flaws, I for one do use Firefox the majority of the time not because of security but more on the customisations and addons I use for site design etc.

4 - 7. Agree totally. As for the websites requiring information. Always set up another hotmail or gmail account and use that email address if you feel the site you are signing up to is perhaps "spammy". More secure still use something like yopmail - which will give you a random email address thats valid as long as your browser window is open.

8. The anti-Microsoft gene is kicking in again there. You cannot deny Microsofts market share, Apples are still for the die hards and linux for the geeks. Of all the clients I currently support, the OS pie chart is roughly 90% Microsoft, 8% Mac and 2% Linux.True, Ubuntu is now installable in a WUBI manner allowing it to comfortably live alongside MS products with no real side effects, but it is still far from user friendly (heh the MS vs Linux debate could rage all day - maybe we will save that for another discussion). You cannot blame the hackers in the world concentrating on the market leader OS it's got the greatest chance of succeeding.

9. It's not just the "dodgy" sites that carry nasties, pop ups and pop unders from other more reputable sites have also carried unwanted payloads. and yes there are plenty of free things on the web. I carry a huge list of them on my site that could save you considerable money. Why pay for Microsoft Office when there is openoffice, why use Photoshop when there is the Gimp, Paint.Net, etc. Some of the greatest (in my opinion) programs written are out there open source, free to download, actively maintained by expert teams and are just waiting to be downloaded.

10. Trust plays an important part here. If you are hooking into an open (read non-passworded) wifi network whilst being parked up in a car park then you must expect whatever you get. If you are using a public wifi network run by a reputable company then I feel you can afford to give a bit of trust across. There is a chance "sniffers" out there checking out wireless networks, just as there is a chance someone could be cloning your mobile phone, or watching you at a cashpoint or listening in on your phone calls, all relatively just as easy.

Well that was just my 10cents worth feel free to agree, disagree.

Brent

France PC Support


(Stuart Wilson) #6

Once again thanks Nick.

I've heard of the pre-paid card thing, or virtual card, but how does it work? Do I have to apply for it through the bank?

Stu


(Nick Aurelius-Haddock) #7

Couple of tips:

1) Never , ever submit you card details on a website that does not use https - never

2) Always check that the site is secured using Verisign or similar, which you will normally find on the bottom of the sites page.

3) Always use a secure web browser like firefox and Google Chrome, and check that the address bar has gone green.

4) Try using paypal or google checkout to pay for things on the web

5) Use a pre-paid credit card, so that even it people get your number, they can't do anything with it

6) Only ever deal with web sites you have checked out first, ask around on forums to see if others have used them and are happy

7) If doing your banking - try using my ultra secure method listed above

8) Always check your statements - and look for small amounts you can account for - not everyone goes for the 500 quid in one go, clever thieves look to take a few pounds of thousands of people every month


(Stuart Wilson) #8

Hello again Nick

As I said briefly on the chat last night, the credit card fraud service called me last night and informed me that my card had been used for two transactions yesterday. One for £700 and one for £1500. They managed to block the second one but the first got through.

Apparently someone managed to hack into a website and steal details of quite a number of cards. For info, the card has not seen the light of day since the 2nd January.

Obviously when you buy something on-line, the minimum they need is the card number and the three numbers on the back. I need some recommendations for buying on-line, for example, I didn't realise that Pixmania is not https, does this make a difference?

Coudl you advise the best wy to carry out on-line transactions. Also, I think it may well have been paypall that was involved.

Needless to say, the cards were cancelled and I await new ones.

Thanks in advance for any advice.

Cheers

stu


(Phil Benn) #9

I was also going to mention Spybot Search and Destroy - Bob beat me to it. Excellent free tool that I have used many times to successfully clean up friends malware ridden machines.

Antivirus software is only as good as its last update. Don’t run the risk of being vulnerable just because you won’t pay the renewal fee or download the latest version.


(Nick Aurelius-Haddock) #10

Good point Bob, when it comes to money , Banks or whatever always be super cautious and if in doubt ring them up and double check. Never , ever respond to a Banks telephone number in a dubious email, as you have absolutely no way of knowing if that is indeed your banks phone number, they will sound convincing. Always take the phone number from your Banks official web site ( which you can check is official with Mozilla Firefox or Google Chrome by looking for a green message in the browser address bar) or better still from a bank statement.

If you are serious about online security , you can use a little tip I wrote about a while ago, have a look here.

Secure on-line banking


(Bob Toovey) #11

When I was a Windows user, I had a three way defence…

Zone Labs Zone Alarm - a FREE to download firewall
Avast Anti virus - another FREE download
SpyBot S&D - Yes, free again…

These three alone kept my free from the nasties for about 3 years.

I would also ensure that you use a decent email program that shows you the ACTUAL link in an email, not just what is written. For me, Evolution email will display the actual link in the status bar, often as not emails carry disguised email addresses.

To add to the great list…

  1. Banks, PayPal, etc…will never ask in an email for private login details

Just my pennies worth!

bob