2011-07-30

Implementing effective computer security

I am really surprised, how safe people feel in their daily computer work.

Whereever I hear people speaking about viruses and computer security they are quite convinced that a virus scanner is sufficient for secure computing. I can say, that I have removed a lot of viruses from a lot of PCs. Whenever I found an infected PC and ran several antivirus tools in parallel, I got different opinions of the scanners about how many and which viruses were found. If you ask real experts, you will get the answer that
  • there are differences in quality of virus scanner software and that
  • no virus scanner finds all viruses - and last but not least
  • they cannot search for all ever known viruses all the time (because this would simply take too much time - so during normal scans they usually search for the currently most common found viruses.
Running multiple virus scanners at once is usually not really an option because already just having running one, reduces performance drastically.

Apart from that you do not only have viruses. You are surfing to sites in the web that may have got infected and run spying and malicious code in addition to the original website code. A co-worker of mine got infected by a virus by surfing to his online-banking software which got hijacked by a hacker. (Of course, it was a Windows virus...).

In addition to the viruses which come with no or very few action needed to be taken by the user, hackers and spammers try to convince users (by email for example) to take more action, like sending over money or adding malicious code even to their own web pages or browsers (e.g. https://www.facebook.com/topic.php?uid=31987371885&topic=14985).

I am the first one getting angry when I see too much security. The computer is an important and powerful tool. Whenever I need to work on a machine with limited permissions, I get easily angry if something does not work just because disabled. But: Everyone should implement a little security!

On Windows the easiest is to:
  • install A virus scanner like AVG, Avast, BitDefender or other.
     
  • use Firefox or Chrome instead of Internet Explorer to browse the internet.
     
  • get the Addons Adblock Plus and NoScript. The latter can be quite annoying because of many websites not displayed well by default. While not very liked by most end users, I find it being very effective in relation to the additional work necessary. It is a good tool to avoid effects of cross-site-scripting.
     
  • use an E-Mail client that allows text-only display of messages. Again this might make your emails not very nicely displayed but shows you the real link (in HTML-mails the displayed link can differ from the one called when you click it) and keeps you free from a lot of typical e-mail viruses. Outlook is not the right tool at this point (no version of it). One option is Thunderbird (which I personally love because of the many options and long list of plugins available).
This paired with caution (e.g. not clicking on every link even without reading). Of course, the next level of security would be to get Linux instead of Windows, but I can understand if this is not a realistic solution for you (which applies when you are too dependent from other Windows-only software pieces). I personally found it very effective to install Ubuntu Linux at end users using Firefox with Adblock Plus and NoScript (as mentioned above).

Related posts: Why companies do not use Linux on the desktop, Going Linux.

No comments: