http://www.washingtonpost.com/ac2/wp-dyn/A13083-2005Mar30?language=printer
washingtonpost.com Cyber-Security: Tips For Safe Computing Wednesday, March 30, 2005; 1:12 PM We originally wrote this computer security "how-to" nearly three years ago, but experts are still doling out the same advice. We've added a few new tips, focusing mainly on spyware and the importance of backing up your data. Follow these simple instructions and dramatically decrease the likelihood that you will run into serious security problems online. 1. Install and use a firewall. Considered the first and last line of defense, a firewall is a software program or piece of hardware that prevents unauthorized Internet traffic from entering or leaving your computer, particularly computers that are always left connected to the Internet (typically, Internet users who connect over DSL or cable modem fit this category). Properly configured, a firewall can give you greater control over your computer and prevent attackers from successfully scanning your system to learn details about potential weaknesses on your network or PC. For a sobering look at the insecurity in the average operating system, consider the research conducted by The Honeynet Project. The project takes servers and computers "out-of-the-box" -- without any changes to improve or reduce their security -- and connects them to the Internet for the sole purpose of seeing how often they are probed and hacked, and what techniques attackers are using. Based on the project's tests, the average unprotected Windows computer with the most common security holes will be hacked within 20 minutes. Even secured computers will be probed or scanned for known vulnerabilities dozens times each day. It's nothing personal, said Honeynet Project founder Lance Spitzner. "The vast majority of attacks on the Net today are launched by people out to break into as many computers as possible," he said. Using automated software tools available online, a malicious hacker can set in motion a scan of more than a million computers before he goes to bed at night and have hundreds of systems under his thumb by morning, Spitzner said. "It's not so much people not realizing they're vulnerable than it is they don't believe they're a target," he said. "The fact is, anybody can be a target." The reasons attackers would want to break into your machine are as varied as the methods for doing so. Computer criminals often use other peoples' PCs for storing files that would be incriminating if found on their own machines, such as child pornography or lists of stolen credit card numbers. More frequently, criminals hijack computers for financial gain or as a means of attacking others with impunity. 2. Use anti-virus software and update virus definitions regularly. Most new computers come equipped with anti-virus software already installed, but that software requires regular updates that tell the program how to identify the latest threats. In most cases, antivirus program installed on new PCs only provides the user updates for less than 90 days, so it's important to renew your subscription at that point or install a different anti-virus program. Once executed on a vulnerable computer, most viruses transmit copies of themselves to all of names in the victim's e-mail address book. As a result, people who don't use antivirus software or allow their virus definitions to expire are putting their friends, co-workers and loved ones in the line of fire. If you have put off using anti-virus because you don't want to pay for it, there are several free and very good anti-virus programs available -- see the links to the right. 3. Create secure, original passwords. Creating unique passwords is one of the easiest ways for consumers to ensure their privacy and security online. See our password primer for tips. 4. Update your computer(s) with the latest vendor security patches. Fully 95 percent of all network intrusions can be avoided by keeping computer systems updated with the latest vendor patches, according to the CERT Coordination Center's Software Engineering Group, a government-funded computer security watchdog group at Carnegie Mellon University. Visit www.uscert.gov for a comprehensive list of security alerts and vendor patches. Windows users can go to windowsupdate.microsoft.com to install the latest updates. Using Microsoft's automatic update notification service, users can get updates when they are released. Windows XP users can configure updates to install automatically. If you don't know how to enable automatic updates from Microsoft, visit the company's tutorial. 5. Practice basic e-mail and downloading "street smarts." Most viruses are transmitted as e-mail attachments. Some may come from people you know; others will enter your inbox bearing enticing subject lines. Either way, users should be wary of opening all attachments, and scan each one with antivirus software before opening them. Avoid opening e-mail attachments that contain ".vbs," ".scr," ".exe," or ".pif" file extensions. Files that end in these extensions are most likely to contain some sort of virus. Also, it's a good idea to avoid clicking on Web links in e-mails if you are unsure of their origin. Plenty of bad things transmit themselves just by convincing users to visit malicious Web sites. People who use "peer-to-peer" file-sharing networks such as Kazaa, eDonkey, and Bittorrent place themselves at a particularly high risk, especially when downloading "executable" programs, experts say. Such nasties include "Trojan horse" programs that allow attackers to control your computer from afar, and keystroke loggers, which can record everything you type on your keyboard, including passwords and bank account numbers. P2P users also should take care to limit the directories they share. It is not uncommon for users who rush through the process for installing programs that run those services to end up sharing the contents of their entire hard drive. 6. Download and use anti-spyware software. Browse the Internet long enough and your PC will inevitably be infested with some form of spyware or adware, programs that sneak their way onto your machine by exploiting programming tricks, software flaws, or by piggybacking on "free" software packages. Regardless of how it gets on your machine, spyware and adware can slow your computer to a crawl, sap your Internet connection and snoop on your Web browsing activities. Two very handy programs for ridding your PC of these pests are free: Lavasoft's AdAware, and SpyBot Search & Destroy. It's a good idea to run them both periodically -- just not at the same time -- and it's generally safe to delete whatever they find. 7. Periodically back up your data. You never know what you've got until it's gone. Don't wait until disaster strikes to think about backing up all those photos, documents, e-mails and other valuable personal data. Check out our primer on backing up your data. Other Resources: The following is a list of resources to help educate consumers, teachers, parents and their children about ways to ensure their privacy and security online. * www.staysafeonline.info: A comprehensive cyber-security education site sponsored by the National Cyber Security Alliance, a group run by some of the nation's largest information technology and Internet companies. * www.cybercitizenship.org: a nonprofit group that's developing a national curriculum on "cyberethics" for educators. See also www.netsmartz.org. * Safe at Any Speed: The Federal Trade Commission sponsors the broadband safety initiative. * Shields Up!: To find out how just how vulnerable your system is, check out this site created by home user security guru Steve Gibson. With your approval, the system will probe your computer for common holes and vulnerabilities. -- Compiled by Brian Krebs. © 2005 TechNews.com [Non-text portions of this message have been removed]
