Secure IT Foundation

Archive for September 2009

Lying in life is generally a bad thing, however on the Internet normal rules do not apply, so it is time for you to be an expert liar. When you meet someone new then do you give them your real name? Why do you do this? It is because your real identity may be known by the person in the future and if you want to continue friendship, then lying at the start is a bad thing to long-term relationships.

On the Internet there are only a few circumstances where lying or using a false identity is illegal, like entering into legally binding contracts e.g. bank transactions, buying goods, or where you are using the false identity to perform other illegal acts e.g. access teenage chat rooms for sexual gratification. Each country has its own rules but outside of these there is no reason to be yourself all the time. No one expects a person with the nickname ‘romeoginger234’ to be called that in real life, normal rules do not apply.

As your default response to strangers is defensive, why would you want to tell everybody your real name and personal information? Only trusted people get that information after proving themselves to you. You are not a sheep, so time to act like a wolf. Create yourself an Internet identity which has no relevance to your real information, a new web based email account goes a long way towards this, and make up a fictional character to be you. This fictional character is distrusting, paranoid and security minded who says no all the time and doesn’t get intimidated. The only limit is your imagination, so be bold. The advantage of having a new character is it stops you transferring your own weaknesses or insecurities in real life onto the Internet and helps separate the behaviour needed to act secure, if out of character for you. One day you will have to insert your government issued id card into the computer before using, until then don’t be yourself!

The reverse side of this is that on the Internet no one is what they claim to be, as there is no legal reason to be yourself!

SB

Advertisements

The Internet is a military creation, never forget that! It was designed by the US so that wars could be fought with computers directing the war, sending information from one place to another. If one part of the military network were destroyed then it would not stop the information getting to other locations. The benefits of connecting computers were easy to see, and soon adopted for education and commercialisation, creating what you now know as the Internet.

In reality, the Internet is collection of computers linked by wires and wireless signals, sharing a set of commands. In the centre are the computers, which are the means that allows you to type in http://www.google.com and your computer understand where to direct your request in computer language. Your Internet Service Provider (ISP) acts as your gateway to other ISPs and computer networks. So when you go to web page first your computer has to connect to your ISP who forward your request to see a web page onto many other people until the response is sent back to you and you see the web page. If you thought only you and Google know what you are searching, you are much mistaken. Your ISP will be able to see the request, like a post office can see your envelope but unlike the postal service the Internet postman can read the contents. Any other computer along the way until you get to Google’s computers can also read your request including government and military, and they all can see the web page sent back by Google to you.

Posting a letter is more private than using the Internet, do not assume what you do on the Internet is anonymous or secret EVER! No better tool has ever been created which can allow governments understand what people think and do. Power is control and the power lies with governments and the computer and telecommunications corporations. Google may aim to do no evil but what would you if they did? Sue them, use another large corporation who may be worse, stop using the Internet? All you can do is use the Internet securely, but never give your trust to it as one day it may not be there for you…

Test your own computer security using the free tests at Audit My PC, you may be surprised at the results.

SB

While it would be good security to never download files online, video, music, games, software etc, the Secure IT Foundation understands that is not practical. So you have told to look at a funny / naughty / offensive file by your friends. It can have been emailed directly to you / sent via Facebook /Myspace / sent a web link etc.  What should you do next? Does it matter who sent it or which web site it wants you to visit?

If you have a secure computer i.e. are using a non-administrative account, have a hardened operating system, up to date Anti Virus software, and secure settings on your applications, and are using Firefox, then you are in a better position than most to open the file with little risk of it causing harm to your computer or running a virus. Note that even the most secure computer can still be caught out as it may be a new virus not detected yet, the user can still enter the admin password to let it run or an application has a security bug and the file exploits this.

If you haven’t secured you or your computer then Anti Virus software will be your best defence against downloading malware. There is a website that offers a free file testing service for you at www.virustotal.com. You can upload your dodgy file to them and it will be checked against most current Anti Virus software available for a comprehensive view if the file is suspicious. Once again this is not fool proof and will only identify known viruses, not new ones. The best advice is don’t download it but if you really have to do it then do check it first… and pray!

Does it matter who sent it or which web site it wants you to visit? No not really – unless your friends are security experts and have checked the file themselves first, then they can easily send on a malicious file without realising it. Look out for friends who suddenly have the same computer problem! Any website can be compromised so even the source matters little. It is more likely to be a virus if you are trying to do an illegal act like downloading copyright material on peer to peer or adult web sites, as the bad guys know you won’t go to the cops!

SB

In the real world, you know the bad guys. These are the gangs of feral youths on the street corner, the bank robbers waving guns around, ex-partners seeking revenge, the school bully waiting at the gates. As you can see them, you can plan to avoid running into them. Evolution has added natural responses that saves your life more than you think.

Evolution has never seen the Internet though. In the post – Don’t be yourself we raised the concept of being a different character on the Internet. The benefit of following this advice is that you have to build a new personality for yourself. You can take on personality traits that are not natural to you, so you have to learn a new set of security minded behaviours. You can add secure responses to help make up for your missing natural defences.

The downside of the Internet is that the bad guys already know about the idea of being someone else. They had a head start in the real world, being experienced conmen and transferred their incisive understanding of human behaviour into online crimes. Real world crime, like stealing your banking information, allows the major league criminals to do online crimes, safe in the knowledge that they cannot be easily traced, especially if they are using your bank account to commit fraud. Online crime, using trojans and viruses to steal your banking information, has the same effect as it allows more crime to be committed offline. With the added benefit of not needing to be physically located near the victim on the Internet, it can be almost a legitimate career to be in one continent stealing from people in others. If you choices were work a field 12 hours a day or work a computer for a couple of hours to send scam emails, which would you choose.

Recently there has been a rise in the use of online scams to steal computer game accounts like World of Warcraft. There is a simple reason for this… the bad guys follow the money. Internet gaming is now a billion dollar industry, so the crime moves to the easiest pickings. The typical gamer, with money to spend on their game, is often a social outsider who uses the Internet to substitute their real life failings with enhanced abilities or personality traits. Much like the security aware home computer user who applies the ‘Don’t be yourself’ concept – without the security awareness! This lack of natural or learnt security awareness means this group of people are vulnerable to opportunities to extend their social network or will install unverified software updates to get a new ‘feature’ working. They will even try to copy the criminals and download software that claims to steal gold / money / characters for them. Guess what will happen next… Follow the money and you will find the crime.

SB

If we lived in paradise then there would be no need for security. Good karma would rule, theft would be unknown and we could be proud of being whatever we want to be or do regardless of opinion. History has shown this is not the case, and humans will kill, steal or take opportunities when presented, even if it is known to be a bad thing. You have secrets because you consider other people would view your actions in a negative light if you made them public, else they would not be secrets! The golden rule of home computer security has nothing to do with computers. It is about trust.

If a stranger comes to your home and asks you for your credit card details, as he wants to steal money from you, would you invite him in and hand over your card? Unlikely we think, but why not? The answer is you do not trust the stranger. Strangers are usually distrusted as part of human behaviour. You assessed the risk of the stranger and believe it to be high enough not to perform the actions requested. On the Internet you cannot see the person coming into your home so you cannot use your usually method of deciding to trust the person. Normal behaviour rules no longer apply.

SB

The Secure IT Foundation in conjunction with SecurityBrad and Mozilla Foundation presented OneWebDay Amsterdam on Tuesday 22nd September. As the Netherlands representatives, our contribution to OneWebday was giving Amsterdam home computer security advice for free!

We started out at 2pm at Amsterdam Centraal Station, giving out leaflets and advice. We continued around Amsterdam, stopping in Kalverstraat, Dam Square, Warmoestraat and Nieuwmarkt.

You can see the pictures under the Pictures link above or by clicking here. Strangely no Fords in the pictures!

OneWebDay_English_NoFord

OneWebDay_Dutch_NoFord

Thanks goes to AW from www.homplex.pl for the artistic talent and design. Also to our snapper JH and JD for just being there.

SB

Sunday’s blog entries are a little light relief from the usual serious security. We are using this day’s posting for those questions we are asked the most but may not always have a security angle. Today’s question is ‘why does my computer run so slowly?’ Philosophically the answer should what do you mean by slow? The speed of a computer has changed so much over the years that a slow computer to one person is a Ferrari to another. It is a matter of perspective!

Our consensus that a reasonable computer should go from switch on to reading a web page in about 1-2 minutes. Most programs should start within 30 seconds or less. If it takes ten seconds to type one character or ten minutes to start up then you have a problem. If your computer was built before 2003 and has always taken ten minutes to start then it will never be much faster. If your computer was fast but has slowed down considerably then you have a problem either with the hardware, you have run out of disk space, need to de-fragment your hard drive or you may have a virus / spyware infection.

The most common fix for people is to increase the memory. Changing processors will never give huge differences on the same motherboard compared to more memory. Every time your computer runs out of real memory then it pretends it has more instead of crashing. It does this by using your hard drive as ‘virtual memory’ but hard drives work 100 times slower than your memory… can you see how your fast computer can slow to a crawl as soon as it runs out of real memory.

If your problem only affect you when on the Internet then perhaps you have a damaged cable, your router or modem may need rebooting (turn off power, count to 20, plug in power), you may have a wireless problem or its just your ISP is giving you a poor service.

So what hardware do you need for reasonable fast computer and does it matter if I buy a Mac or PC?

Buying a new Mac just means it uses the same type of hardware as a PC but will have Mac OSX instead of Windows as the operating system. Most new Macs can still run Windows XP / Vista / 7 using a program called Boot Camp.

Our suggestion is:

  • Operating system
    Windows for maximum compatibility with printers, scanners etc, gaming and cheaper parts
    Mac for specialist Mac software, Apple service and the shiny factor
  • Processor
    A single 1.6ghz or faster processor will run XP for light use (email / Internet)
    A single 2.4ghz or faster processor will run XP / Vista / 7 / OSX for general use
    A dual / triple / quad 2.4ghz or faster processor will run the latest games, do video editing, and generally feel fast in use
  • Memory
    Once memory was expensive and you always got the minimum with your new computer. Now it is cheap and you should have 2GB as the minimum regardless of the computer. Any 32 bit version of Windows can have problems with more than 3GB, so unless you want to run a space program or have very specialist needs, over 3GB is usually a waste.  The latest processors will work with up to 12GB memory on a home computer but remember you will have to use Windows 64 bit which is very different to the usual 32 bit version and may have problems as a game machine. Macs don’t have any problem with size, so over 2GB, the more the merrier!
  • Hard Drive
    A minimum of 20GB will work for any operating system, but the more information / CDs / Films etc you want to store on the computer, the greater the space you will need. Ideally you should have two hard drives per computer, one for daily use, and one for backups of the other drive. RAID 1 can do this for you automatically or you can schedule hourly / daily / weekly backups from your operating system. If you want to encrypt your hard drive(s), and you should, then don’t forget that the bigger the drive the longer the initial set-up will take. A 1TB drive will take 24-48 hours to encrypt!
  • Video Card
    If you or children want to play the latest games then you will need a video card to match. It doesn’t make much difference is your processor is a bit slower than recommended, but the wrong choice of video card will limit your choice of games severely. Want to use your HD TV as a monitor then make sure you have HDMI or DVI out. Want to see TV on your computer then you will need a card that is capable or have a separate TV / Cable / Satellite decoder card fitted.
  • Sound
    Unless you want to make music or have specialist needs, then the built in sound chips, AC97 / HD Audio, will give a reasonable sound when run through a hifi or amplifier.

To give you an idea, the computer this post was written on is two years old. It has a 2.4ghz Quad Core2 processor, 2GB RAM, 3x1TB RAID hard drives, and a8800 GTS video card. It runs both Windows 7 and Ubuntu Linux 9.0.4 reasonably fast, plays most games and in conjunction with the video card, does a fast job of encoding video files. The very latest computers make it seem slow, but older computers seem very slow to us.

So if your computer feels slow, think about how old it is, when it was last cleaned inside as dust heats up the computer, and what has changed to the software recently. Odd smells or noises are clues that problems are very close and tell you to make a backup urgently while you can!

SB



  • None
  • Coldwind: Couldn't agree more. I downloaded a piece of software just now, disabled the 'toolbar' 'offer' (which fortunately for me has become a reflex); but co
  • ModemJunki: I only discovered this today - I had updated the firmware to the latest out of habit, and I could STILL access my TrendNet cams on the local network w
  • PrentOS – a Simple Secure Computer « Secure IT Foundation: [...] September 2010 we said it was time for a brand new start to computing, well it is starting to take shape… [...]

Categories