December 29, 2004
Simple Tips on Computer Security
Recently, it's become fashionable to write an article on how to protect yourself from all the malware, phishing, spyware, viruses, spam, espionage and bad disk drives out there. Here's some: [IBM], [Schneier], [GetLuky].
Unfortunately, most of them go over the heads of ordinary users, and many of them challenge even experienced users! So I've been keeping my eye out for succinct tips, the sort for car owners who don't know what an oil change is. I have two which I've posted here before, being Buy a Mac and download FireFox. Both good things, but I feel the lack of any good tip for phishing; there just isn't a good way to deal with that yet.
There they are, sitting in a box in the right of the blog.
- Buy a Mac - Uses BSD as its secure operating system...
- Download FireFox - Re-engineered for security...
- Check name of site - written on bottom right of FireFox, next to padlock...
- Write Passwords Down - In a safe place...
People do ask me from time to time what to do. I feel mightily embarrassed because I have no Windows machine, but I also find myself empathising with ordinary users who ask what it means to upgrade the software! So my tips are designed for people who know not what SP2 means.
Let me know your suggestions, but be warned: they'd better be very very simple. Coz that's all that counts for the user.
Posted by iang at December 29, 2004 05:47 PM
When you get (supposedly) an email from your bank or any other institution that you have to log in for, don't click on the links in that email. Instead, use your bookmarks to get to the bank. If you don't already have a bookmark, use Google to find the bank's site.
I guess the problem with that is that there is distance between the advice and the implementation. That is, when the email turns up, you are expecting the user to remember the advice.
This of course applies to my number 3 above, which requires the user to remember to get there. It's a filler, it shouldn't there. One day the browser will tell you properly, without you having to strain your brain. But not yet.
For Windows users (home users only): Let Microsoft manage your patches by turning on automatic updates.
Don't use a debit card for online purchases
Use a dedicated credit card with a low maximum credit line for online purchases
Shop online only at reputable sites, not ones that you discover from spam
Don't visit .biz or .info sites. For some reason these are more likely to be fraudulent or to be the launching point for attacks than the .coms.
Don't install closed source file sharing programs. They're loaded with spyware.
Hey, Ringo, nice ones. Of those, only the first - let Microsoft manage the patches automatically - will work as a top tip, because it's the only one with fire-and-forget qualities.
But, I wonder, is it safe? Can we trust them to do that? I guess as long as it's safer than the alternate, it might be a good idea, but if it went and installed SP2, all hell would break loose.
Cypherpunk, all those words you use ... Try them on your Mom, and see: What's a biz-info site? what's that sharing thing? That sounds nice, dear...
Don't buy penis enlargers! They don't work. Especially if you're a woman.
Hey Cypherpunk, you're just not using them right! Did you read the instructions carefully?
Definitely good suggestions - but only in the short-term. There are scripts for exploiting Firefox trickling into release.
The first defence in security is awareness. Being plain dumb in approaches to online security is the first and only breach required.
"There are scripts for exploiting Firefox trickling into release."
Could you explain that? It doesn't parse for me, I have an image of Mozilla releasing tools to exploit Firefox...
Tips / short term: I am under no illusions about Firefox security - a lot of its brand derives from the current honeymoon period. Just how it will behave under sustained attack we won't find out until its market share heads into the teens, or so.