Internet Security (And The Masses)

Computer security seems to be one of those hot subjects at the moment, the BBC ran a story about how Internet crime is a big worry for britons at the moment. They also decided to open a comments page inviting everyone a chance to put in their 2 pence worth. The comments page for the BBC article can be found here.

I have read through quite a few of the responses and they range from the quite insightful to the downright stupid, I tend to steer away from commenting on these sort of boards as they just annoy me, the noise defintitly outways the signal.

User Types

In true internet form, I have done some sort of vaugely scientific analysis and there seems to be a big variation in responses and you can break them down into the follwing groups of people.

The Anti Virus Firewalling Firefox User

This group of users routinely update their antivirus profiles, user a router rather than the free usb modem that came with the broadband. They even use Firefox instead of Internet Explorer. They think they are safe because the router has a hardware firewall and they have Anti Virus protection.

Heres the kicker, the firewall on your router is worth nothing, NOTHING when you leave the password set to the default, in fact that port you opened so that your file sharing network would work ok, thats clever, ever heard of a DMZ. Guess not. In some networks including some I have designed for large secondary schools, multiple firewalls and screening services for mail have been involved.

The Mac User

Mac users think they are safe either because “nobody writes viruses for Macs” or because it’s based on that “Unix thing”. Yeh ok, in the real world when your stealing your credit card numbers it’s normally because you didn’t check the credentials of the site you stuck them in.
The Linux Geek

They have Linux therefore they are one of the so called Elite, maybe they actually understand what they are up too but maybe not. Just because you got a free CD and slapped it on dosn’t mean that you are now totally secure. Did you set up the system firewall, did you install all of the latest patches and fixes from a trusted repositry.

My Top Tips

All the bull aside here are my top tips,

1. Whatever Operating System you use, make sure you install the latest updates.  It dosn’t matter if you use Windows, Mac or Linux if the machines software is two weeks out of date.
2. Never install P2P or file sharing software onto the machine you use for your important bits and pieces. This type of software nails a big backdoor into your machine.
3. Never AND I MEAN NEVER use a beta version of an operating system as the computer you use for all of your important things, beta means unfinished. Unfinished operating systems in a production situation (that means in daily use) is a bad idea they are insecure and usually not supported.
4. Install good Anti Virus and update it daily.
5. Backup your documents. Eventually your machine will die / get hacked / get a virus, how will your firewall save your documents.
6. Use a credit card for internet purchases, an interesting loop in the consumer credit act is if you don’t get the services or items you paid (or someone else paid) for, you don’t have to pay.
7. Be careful.

I think the most important bit is to backup the important documents, several times and regulary and then storing them away from the computer. No amount of firewalls / anti virus / routers / Macs / Linux, will protect your stuff forever and don’t you belive it for a moment.

As soon as you connect a machine to the internet it’s vunerable, need to secure it why not just unplug the internet connection?

In case you where wondering i’ve been a Network Administrator / Developer for 10 years now, built several secure networks, restored files from crushed backup tapes, and brought back network servers from the dead with my strange mix of voodoo and command prompt wizadry. Nowadays I design web interfaces and write code (and occasionally build servers).