Practising Safe Hex
Posted: 20 Apr 2004, 14:32
Someone once said that the best form of security is not to have a PC – or one must have one, never switch it on. Well, things aren’t quite as bad as that, fortunately. Here are ten hard-won lessons from the front-line trenches about safe hex:
1. Get a decent antivirus program and keep it up-to-date; checking twice daily for updates is sane, not paranoid.
Antivirus programs are retroactive in nature; they only protect you against known viruses. This is too bad if a new virus is released into the wild – and there are currently about 8 new viruses being released each day. Most antivirus vendors claim to have advanced heuristics (a type of artificial intelligence which relies upon suspect behaviour) that may spot new viruses, but the technology isn’t yet accurate enough to rely on.
2. Keep your patches up-to-date.
Windows and the different programs that exist on your computer have vulnerabilities – these are flaws through which a virus or a backdoor can be injected into your computer. Fix the flaw and the threat will bounce right off your PC; think of it as inoculation. Windows users can go to http://windowsupdate.microsoft.com - it’s a free, anonymous scan of your PC which will list the patches available for all Microsoft programs and install them automatically after you’ve downloaded them.
3. Get a firewall and learn how it works.
There are a number of free firewalls available – try http://www.free-firewall.org
Think of your PC as being a castle and the firewall as being the wall around the castle. There are gates in the wall (called “ports†in PC-terms), but with a firewall nothing gets in or out of those gates unless you allow it to. You can set “rules†which permit different programs to communicate with the internet under certain conditions so you’re never bothered again by that particular program eg. sending and receiving email.
You can test your firewall’s effectiveness by going to http://www.grc.com - click the “Shields Up!†icon and see how well-protected you are.
4. Get a spyware-checker and keep it updated.
Spyware is becoming a serious threat to everyone’s privacy. Spyware and adware are small programs that run on your PC without your knowledge or permission; generally-speaking they don’t do any damage, but they report on your online browsing and shopping-habits. Adware foists popup-adverts on your screen, which can be highly irritating.
Two good free anti-spyware programs to use:
a. Spybot Search & Destroy: http://www.safer-networking.org
b. AdAware: http://www.lavasoftusa.com
5. Don't use HTML-email if at all possible - read and send it in plain-text.
Since the ****-worm of a few years ago, it’s become a fact that worms don’t have to be in the form of an attachment to an email – they can be embedded in the code of the email-message itself, especially in HTML-email. It may not be as pretty, but plain-text email is smaller, it’s considered more professional by those in the know - and it’s safer.
Safer? Never mind viruses, most spam emails these days contain web-beacons which report back to the spammer’s database that you’ve viewed the email. A web-beacon is a small image-file, usually a 1x1 pixel – if you view the email in HTML, it tries to download the tiny graphic assigned to your email-address – confirming that your address is active and making you a huge target for more spam.
6. If you have to use MS email-clients like Outlook or Outlook Express, disable the Preview-pane - and set the program itself to "Restricted security" (click on Tools, Options, Security).
7. Disable the default option in Windows called "Hide extensions for known file-types".
Once you’ve disabled that option, you'll spot any files with double file-extensions because these usually contain viruses eg. yourfile.txt.pif.
A file-extension tells you (and Windows) what kind of file you’re dealing with, be it a Word-document (My CV.doc), an mp3 music-file (Alanis.mp3) or a jpg picture (Family.jpg), to name a few. Most users see a .jpg and know enough that a virus can’t infect a picture, so they open the file and get infected. How? Because it wasn’t a picture at all. It was actually family.jpg.exe but Windows shows you just the first file-type, not the last – and the virus runs its infection-routine.
8. Save and scan any attachments before opening them, even from people you do know.
These days, any virus worth its salt will fake the email-address that it came from – that way you can’t warn the person who actually is infected, so the virus has a much longer time in which to spread. By the same token, you may receive warning messages that you’ve sent a virus – sadly, these warning-messages are largely redundant nowadays and are more of a marketing-gimmick than anything.
9. Don't send out virus-warnings if you don't know what you're talking about.
Just because it’s on email doesn’t mean that it’s factual - the rule is: “When in doubt, don’t send it outâ€. A good site to check out the authenticity of any suspected hoax is http://hoaxbusters.ciac.org
10. Prepare for the worst.
Keep backups of all of your important files - and test them to be sure that they do actually work before storing them somewhere safe. Everyone is equally vulnerable to a new virus during the window-period (that’s the time between a new virus being released into-the-wild and the time that your antivirus program will recognize it), so backups are sensible, not boring. And if the backups you’ve so painstakingly made don’t work when you need them, it’s too late.
Finally, keep yourself informed. Your security is your problem - don't let it become everyone else's.
1. Get a decent antivirus program and keep it up-to-date; checking twice daily for updates is sane, not paranoid.
Antivirus programs are retroactive in nature; they only protect you against known viruses. This is too bad if a new virus is released into the wild – and there are currently about 8 new viruses being released each day. Most antivirus vendors claim to have advanced heuristics (a type of artificial intelligence which relies upon suspect behaviour) that may spot new viruses, but the technology isn’t yet accurate enough to rely on.
2. Keep your patches up-to-date.
Windows and the different programs that exist on your computer have vulnerabilities – these are flaws through which a virus or a backdoor can be injected into your computer. Fix the flaw and the threat will bounce right off your PC; think of it as inoculation. Windows users can go to http://windowsupdate.microsoft.com - it’s a free, anonymous scan of your PC which will list the patches available for all Microsoft programs and install them automatically after you’ve downloaded them.
3. Get a firewall and learn how it works.
There are a number of free firewalls available – try http://www.free-firewall.org
Think of your PC as being a castle and the firewall as being the wall around the castle. There are gates in the wall (called “ports†in PC-terms), but with a firewall nothing gets in or out of those gates unless you allow it to. You can set “rules†which permit different programs to communicate with the internet under certain conditions so you’re never bothered again by that particular program eg. sending and receiving email.
You can test your firewall’s effectiveness by going to http://www.grc.com - click the “Shields Up!†icon and see how well-protected you are.
4. Get a spyware-checker and keep it updated.
Spyware is becoming a serious threat to everyone’s privacy. Spyware and adware are small programs that run on your PC without your knowledge or permission; generally-speaking they don’t do any damage, but they report on your online browsing and shopping-habits. Adware foists popup-adverts on your screen, which can be highly irritating.
Two good free anti-spyware programs to use:
a. Spybot Search & Destroy: http://www.safer-networking.org
b. AdAware: http://www.lavasoftusa.com
5. Don't use HTML-email if at all possible - read and send it in plain-text.
Since the ****-worm of a few years ago, it’s become a fact that worms don’t have to be in the form of an attachment to an email – they can be embedded in the code of the email-message itself, especially in HTML-email. It may not be as pretty, but plain-text email is smaller, it’s considered more professional by those in the know - and it’s safer.
Safer? Never mind viruses, most spam emails these days contain web-beacons which report back to the spammer’s database that you’ve viewed the email. A web-beacon is a small image-file, usually a 1x1 pixel – if you view the email in HTML, it tries to download the tiny graphic assigned to your email-address – confirming that your address is active and making you a huge target for more spam.
6. If you have to use MS email-clients like Outlook or Outlook Express, disable the Preview-pane - and set the program itself to "Restricted security" (click on Tools, Options, Security).
7. Disable the default option in Windows called "Hide extensions for known file-types".
Once you’ve disabled that option, you'll spot any files with double file-extensions because these usually contain viruses eg. yourfile.txt.pif.
A file-extension tells you (and Windows) what kind of file you’re dealing with, be it a Word-document (My CV.doc), an mp3 music-file (Alanis.mp3) or a jpg picture (Family.jpg), to name a few. Most users see a .jpg and know enough that a virus can’t infect a picture, so they open the file and get infected. How? Because it wasn’t a picture at all. It was actually family.jpg.exe but Windows shows you just the first file-type, not the last – and the virus runs its infection-routine.
8. Save and scan any attachments before opening them, even from people you do know.
These days, any virus worth its salt will fake the email-address that it came from – that way you can’t warn the person who actually is infected, so the virus has a much longer time in which to spread. By the same token, you may receive warning messages that you’ve sent a virus – sadly, these warning-messages are largely redundant nowadays and are more of a marketing-gimmick than anything.
9. Don't send out virus-warnings if you don't know what you're talking about.
Just because it’s on email doesn’t mean that it’s factual - the rule is: “When in doubt, don’t send it outâ€. A good site to check out the authenticity of any suspected hoax is http://hoaxbusters.ciac.org
10. Prepare for the worst.
Keep backups of all of your important files - and test them to be sure that they do actually work before storing them somewhere safe. Everyone is equally vulnerable to a new virus during the window-period (that’s the time between a new virus being released into-the-wild and the time that your antivirus program will recognize it), so backups are sensible, not boring. And if the backups you’ve so painstakingly made don’t work when you need them, it’s too late.
Finally, keep yourself informed. Your security is your problem - don't let it become everyone else's.
)