Secure IT Foundation

Posts Tagged ‘Home Computer Policy

As can be seen from recent news of leaks of 100, 000s user names and passwords, regardless of the length or strength of your password, you should change it at least once a year for all your email, websites and computer accounts.

The reason being is that passwords are mathematically secure for a limited period of time. The longer time between you changing the password gives the bad guys longer time to crack it. Same also applies to your bank PIN numbers! So do your security a favour and do change your password (and your PIN numbers) at least once a year. Can’t remember your passwords then use a password manager like LastPass or write them down and store the paper securely. Better to change your passwords regularly with a bit of paper than never changing them or worse using one password for everything online!

You can read more about the topic of password cracking on wikipedia.

SecurityBrad

Advertisements

September 2010 we said it was time for a brand new start to computing, well it is starting to take shape…

PrentOS is the official public name for the project to develop a new open source licensed operating system with the goal of making a simple, secure computer.

Why PrentOS? Simple really, as it PrentOS is being developed primarily by Brad Prent, the owner of SecurityBrad and Brads Computer Service Station

For now, we have parked the domains www.prentos.com and www.prentos.org while we work on producing the Alpha version and we aim to launch limited public testing via the shop in Rotterdam by the end of 2011.

SecurityBrad

As usual, whenever the topic of “which Anti Virus product should I use” comes up, people always mention the product they use. Wrong place to start, as you need to focus on which products perform well in independent testing. You would be shocked at the results from some free and paid companies.

Anti Virus is also the last line of defence against malware not the first. When did you last run Windows Update? Have you updated your applications recently? Malware finds holes in your computer using ‘exploits’ and burrows in. The more up to date you are then the less risk of malware. Use a highly recommended free program called Secunia PSI to see how many updates you are missing… In the configuration you can turn on the secure browsing option and see if your browser is even secure for Internet use. We normally recommend people use Firefox with the extensions ‘Adblock Plus’ and ‘NoScript’ for safer surfing.

Not only can exploits be used but the current form of spreading malware is to exploit the user. By downloading files from torrents and file sharing networks, magic fix programs, cracked games etc you are always taking a big risk. If you agree to a install a program then unless your anti virus realises what is going on quick enough, then the malware can install and disable your security before it works. You can read our advice on home computer security and try our risk profiling at our site

Once you have a fully up to date computer, and are using a secure browser then you can think about what will be the way to save your butt when all else fails. Any single Anti anything solution is always flawed as the bad guys know what is popular and write malware around these single provider solutions.

Our recommended layered approach consists of the use of four products. All are free and trustworthy. For computer security you need to think of having a team rather than just a single player.

For your defence you need a strong Anti Virus program that stops almost everything. We suggest Microsoft’s own free Anti Virus called Microsoft Security Essentials . Consider it their gift to Windows users to atone for their other security sins.

There is little benefit for paying for Anti Virus programs as the best they can offer is support once you have a virus. Save your money, and use a computer shop for emergency virus removals when all else fails. You can get two or three visits for the cost of the Anti Virus program.

Your midfield should be a cloud based Anti Virus program called Immunet. This works by checking files in real time and catches items that signature based Anti Virus like Microsoft Security Essentials can miss.  You can choose the cloud only or use the Clam AV database as part of the product for free. By the way Clam AV for Windows is the Immunet product!

Time for some proactive forwards in your team as security doesn’t have to be passive! Spybot Search and Destroy  is a free Anti Spyware program written by one bloke and sadly the user interface looks like it. Be patient with it as its rewards are worth it. Bit like a temperamental star, needs a bit of work but scores well. Once installed, you make a backup of your ‘Register’ for sanity. Then update it, let it restart, immunise your computer and let it check for problems. Remove anything found, reboot and repeat. The tea timer can time tea, but its main function is to stop malware getting on your computer through changing security settings.

If any malware has got past that lot then your fourth program will help root it out. MalwareBytes is a program that offers free and paid versions. For our use, the free version works fine but if you want to use the full version it has our blessing. Once a week run a quick scan after updating the program. Once a month run a full scan over your entire computer and external drives. As each file is accessed it will be checked by your other anti virus programs so you can see if anything is suddenly detected, that way you know if anything had been missed. If everything is clear then it would be a good time to make a full backup to an external drive only used for backups.

Next time you are asked what Anti Virus program to use copy this information or point them here, our free security advice website!

SecurityBrad

Update 15/02/2011

Microsoft release a patch to fix this issue as part this month’s Patch Tuesday MS 11-006. If you use the Enable FixIt then you must use the Disable FixIt before you can successfully install MS 11-006 patch.

07/01/2011

Microsoft has recently confirmed a new security problem with the way XP and Vista versions of Windows handle image files. An image file can be altered to cause Windows to run code on your computer and allow a virus of trojan to infect your computer. All you need to do is visit a webpage with one of these malicious image files or receive an email containing one, no user interaction is required. There is no way of knowing if an image has been altered to affect Windows either. It is not just a case of a ‘picture containing the image of X person’ causes the problem, any image can be altered to include the malicious code.

Currently there is no patch available or planned for this month’s STOM. There is a simple FixIt made available for free from Microsoft, and we recommend that all XP and Vista Windows users run the Enable file. While the risk of an infection is extremely low to none at the moment, a similar problem discovered a few years ago was exploited for years, mostly in the adult end of the Internet.

Once a full patch is finally released we will update this information, as that is always the better long term solution than a temporary FixIt – See above!

SecurityBrad

For those who freely give out their personal information on social networking sites like Facebook, you may be surprised to learn that up to 20% of all news feeds from Facebook take you to malicious or unwanted software. Over time this figure is just going to rise along the lines old fashioned email, before viruses and spam overtook legitimate traffic. You can read more about it here.

Our advice is always trust nothing on the Internet! If it sounds too be good to be true, like adding extra functions to see who has seen your profile or adds bonus goodies in Farmville, it is. Read our Home Computer Policy, and prepare yourself for the Internet properly.

These are the good times for Facebook, as currently more than 80% is still valid traffic so enjoy…

SecurityBrad

October is Cyber Security Awareness month in the US.

While you may think you have landed in an episode of 24 and the world is on the brink of disaster according to the Department of Homeland Security, just remember that these are Americans and can overplay their hand a little… The sentiment is good though and you would be well advised to read their information on cyber security.

There are leaflets you can read and print on topics including online gaming for kids and security tips for parents. While you are in learning mood, do remember to read our own publications, the Home Computer Policy and Risk Profile Questionnaire plus our older posts on security advice.

The risk of a virus spreading automatically to your computer is much lower than it was ten years, even five years ago, now the biggest online risk to your computer is you! So make yourself security aware and spread the word to the unenlightened…

SecurityBrad

Here at the Secure IT Foundation we face the constant problem that there is too much money in selling poorly configured computers, as it makes for a lot of support and repeat business. Free Anti Virus software, like ClamAV / Microsoft Security Essentials, does not generate money with repeat subscriptions like Norton or McAfee does. If we fix a computer well in the shop then we don’t see the customer again for some time, if at all, as most software will just auto update with little or no user intervention. Not good for repeat business but very good for home computer security.

From our shop in Rotterdam it is clear 99% of people have as much ‘accurate’ knowledge of computers as they do cars, TVs or HiFi systems. This raises a serious question then, why should they. Apple has made great progress in simplifying computing for the masses but it comes at a price. Ever heard of a low cost Mac computer apart from the iphone? So where is simple computing the populus? It doesn’t exist yet, so we have decided to make it ourselves…

Our goal is to produce a simple operating system based on Linux, where the home user has to do nothing special for it to work as expected. Sounds easy, most probably very hard in reality.

Times have changed, as demonstrated by the popularity of iPhones, most people just want to get on the internet and do Facebook / Twitter type social interaction, read their emails, write up their home work, call their friends on Skype. Well we want to provide the operating system to do this for free.

Monopolistic software empires have crumbled, money is in short supply around the world so cheap computing is about to make its mainstream appearance. The quality of open source software is now good enough for most people’s home computing needs, so the use of corporate business models for repeat selling to home computer users is about to end, and we want to make sure it does! Security can be delivered for free and as an integral part of the operating system, so extortionist tactics currently used by software vendors will become a thing of the past.

We will be adding a new website, project page on sourceforge, and limited invitations for beta testers in due course, but for know we just want people to let us know what you actually do with your computer and what software you currently use. The more you can help us now, the better the project will become when launched.

SecurityBrad, Secure IT Foundation



  • Coldwind: Couldn't agree more. I downloaded a piece of software just now, disabled the 'toolbar' 'offer' (which fortunately for me has become a reflex); but co
  • ModemJunki: I only discovered this today - I had updated the firmware to the latest out of habit, and I could STILL access my TrendNet cams on the local network w
  • PrentOS – a Simple Secure Computer « Secure IT Foundation: [...] September 2010 we said it was time for a brand new start to computing, well it is starting to take shape… [...]

Categories