Secure IT Foundation

We have come to the end of the project, Secure IT Foundation. Our goal has been to make home computers more secure, primarily focusing on Windows. Despite some intense lobbying and publicising the cause, we have to admit defeat. Computer manufacturers only care about shifting boxes, computer repair shops only care about how many insecure Windows reinstalls they can do and how many copies of useless anti virus they can sell. Security for all cannot happen using the current Windows model, regardless of form factor.

Our focus is moving over to PrentOS, our vision of a secure OS for home use. You supply the hardware, we supply the software and install it for free at an OS party… The second beta of PrentOS is due to be completed by the end of the summer and many thanks to our current beta testers for putting up with all those errors!

This site will stay online for now, but will no longer be updated. So long and thanks for all the fish.

SecurityBrad

 

Well you won’t be alone, there is at least a quarter of a million others as well. If you get the email then do read the explanation from the UK AV company, Sophos and don’t take it personally. Have a read of the stats below from the US and feel lucky it was only your Twitter account, not your bank account or another site with access to your money. Simply put, you have a unique key for each lock for the car, house and work. Do the same with your passwords before your bank or ebay refuses to refund money lost due to user stupidity!
 Hacked Infographic

Thanks to OnlineCollegeCourses.com for use of this graphic

As can be seen from recent news of leaks of 100, 000s user names and passwords, regardless of the length or strength of your password, you should change it at least once a year for all your email, websites and computer accounts.

The reason being is that passwords are mathematically secure for a limited period of time. The longer time between you changing the password gives the bad guys longer time to crack it. Same also applies to your bank PIN numbers! So do your security a favour and do change your password (and your PIN numbers) at least once a year. Can’t remember your passwords then use a password manager like LastPass or write them down and store the paper securely. Better to change your passwords regularly with a bit of paper than never changing them or worse using one password for everything online!

You can read more about the topic of password cracking on wikipedia.

SecurityBrad

While your Windows Security updates will automatically download and install themselves, to date there has been limited options for home computer users to automatically patch all the other applications installed.  Thankfully a nice Danish company has released the home version of their enterprise tool for automatically updating computers. A fully patched computer makes a much harder computer to break into, while you still need Anti Virus software, you are not relying on a single security approach to protect yourself. Most drive-by malware and self replicating viruses depend on your lack of security to work. Much like your teeth, if there is no hole the risk of cavities is much lower.

Secunia PSI is a free tool for home use which checks all the applications on your computer and tells you which need to updated for security. The latest version of Secunia PSI, recently updated to version 3.0 includes automatic updating for many applications like Oracle’s Java, Adobe Flash and Adobe Reader, possibly the worst security offenders in 2012.  We have completed our testing of the product and while it does not automatically update everything it is the best tool out there for home computer security. If they have any sense Microsoft will purchase Secunia and make it a standard security tool on all home computers… At our shop in Rotterdam, Secunia PSI has been a standard addition to all our customer installations of Windows.

SecurityBrad

As a reminder to use webcams sensibly, given some of the horror stories now coming out in news, a security issue has been identified in many Trendnet IP webcams.

If you have one of the affected models and use a password to prevent other people gaining access to it via the Internet, then you may be at risk of being seen by anyone!

You can check if you are directly affected by typing in your Internet IP address in a browser and adding the text in bold at the end /anony/mjpg.cgi

e.g.  http://X.X.X.X/anony/mjpg.cgi

If you are affected then do apply the update as soon as possible, else there are search engines that can find your camera and you will be come someones public entertainment.

Remember the golden rules for web cams, what is not connected to the Internet cannot be viewed over the Internet and covering the camera may not stop the mic recording from working.

In case you are wondering our shop in Rotterdam‘s cameras are not from Trendnet or use affected Trendnet firmware.

SecurityBrad

Once upon a time, roughly April 2010, there was a Linux operating system called Ubuntu that was on the verge of becoming mainstream for home computers. Easy to use, easy to recommend. Simple clean user interface that only needed 5 minutes training for Windows and OSX users to get going. What happens next appears to down to one of two things… conspiracy or cock-up.

The conspiracy theory is that other operating system makers placed their own people within the Linux and Ubuntu community to ruin Ubuntu and the immediate future of Linux on the desktop.

The cock-up theory is that the management of Ubuntu are so visionary and looking into the future that they did not see the immediate problems with their track in front of them and just derailed.

Either way, in 2012 the Linux desktop market is so fragmented with multiple versions of Linux that newcomers looking for a stable operating system cannot find anything close to the stability of Windows or OSX and give up reverting to a proprietary operating system, as ‘free’ does not mean better to them.

To highlight this Linux problem, the latest Ubuntu feature is to reintroduce typing in the mouse / touch driven menus system. While the rest of the world moves to touch based computers, Ubuntu thinks the future is in typing in a command line to start a program, just like it was still 1982, 10 PRINT “hello world”.

Their new ‘HUD – Head Up Display’ can be seen here:

You can almost see their train of thought, converting the HUD into a voice driven system in a few years but reliable fully voice driven computers are still mostly science fiction.

Until we all talk routinely to our computers, our own operating system PrentOS under development will be strictly mouse and keyboard. Touch may be added in the future as it would fit well with our ARM based version but typing commands to start a program will always remain in the geek domain.

init 6 please Ubuntu…

SecurityBrad

Update  – 04/01/2012

Microsoft release a proper patch in the December monthly update release, so if you ran the FixIt then ideally you need to run the remove FixIt tool before updating Windows.

We did test applying the update over the FixIt and it does appear to work successfully but this is not the Microsoft recommended approach…

When you run Windows Update you may notice a new .Net update. This is a new emergency patch issued by Microsoft for another .net security flaw.

SecurityBrad

—————————————–

You may have heard of a new security problem with all version of Windows, originally identified as a virus called Duqu. What made this virus count is that it uses a previously unknown bug in Windows to install itself.

The Duqu file may come from any source, not just what appears to be a word document as was stated from the initial reports. To protect yourself until there is a proper fix for Windows, Microsoft has made a FixIt, a temporary software plaster, available.

Our advice is to run the FixIt as soon as possible (Do choose the ‘Enable’ FixIt!) and also check that your Anti Virus software is up to date and updated. Eventually a proper fix will be released but that may be too late for some people…

SecurityBrad


  • None
  • Coldwind: Couldn't agree more. I downloaded a piece of software just now, disabled the 'toolbar' 'offer' (which fortunately for me has become a reflex); but co
  • ModemJunki: I only discovered this today - I had updated the firmware to the latest out of habit, and I could STILL access my TrendNet cams on the local network w
  • PrentOS – a Simple Secure Computer « Secure IT Foundation: [...] September 2010 we said it was time for a brand new start to computing, well it is starting to take shape… [...]

Categories