Technical‎ > ‎

Computer Security

posted May 3, 2010, 9:54 AM by Catherine Marshall   [ updated Oct 30, 2010, 6:08 PM ]

Overview

A well-protected computer will have the following installed, active and up-to-date:
  • firewall
  • anti-virus software
  • malware scanner
The computer will be set to automatically check for security updates to the operating system and all key software, and these updates will be installed either automatically by the computer or promptly by a diligent user.  In addition, there will be a recent backup that will allow the computer to be restored to the state it was in at the time that backup was made.  (Keep in mind that all changes made after the backup will be lost, so frequent backups are a good idea.) 

If you don't know how to protect your computer as described here, get someone experienced and trustworthy to help you.

Even with all the above, there are ways computer security can be breached.  As the use of computers and computer networks increases, so does the incentive to commit crimes by "hacking" into networks and the computers they connect.  In response to this, the security-conscious user will take further precautions:
  • encrypt sensitive data
  • keep a separate backup of your data
  • make periodic use of online virus scanners from sources you know to be reputable
  • use a browser with add-ons to block flash and scripts
  • don't open email attachments unless the sender is trustworthy and knowledgeable
  • disconnect from the network if your computer begins doing something you don't understand
  • have an action plan for computer failure or security breach
In addition, be on the lookout for scams and schemes that use YOU to get past the security protections on your computer.  Fake security warnings are a favorite tool of fraudsters who are trying to sell you a useless product or steal your personal information. If a security warning (e.g. virus alert) pops up on your computer, disconnect from the Internet and then examine the warning carefully before you take any further action.  A legitimate security program installed on your computer will provide clear instructions and should not need an Internet connection to function. 

Also be wary of email that claims to be from a bank, a credit card company, a government agency, etc. telling you about a "problem" that requires you to download something, open something, or click on something.  Before you take action, have someone knowledgeable help you determine if the email is legitimate.  For example, if the email claims to be from a credit card company, look up their phone number and call them to find out if there really is a problem.

Firewalls

A firewall monitors the traffic (data) going into and coming out of your computer when it is connected to any kind of network, whether this be a local network (LAN) or the Internet.  To organize such traffic, your computer uses a number of different "ports" for different kinds of traffic.  For example, one port may be used for incoming email, another for outgoing email, and yet another for web surfing.  If a firewall detects suspicious traffic, such as an attempt to use a port by unrecognized software, it will take some action.  In most cases, that action will be automatically determined by a set of rules.  Some firewalls, however, can be set up to notify you and ask you what to do when certain kinds of questionable traffic are detected.

A firewall can be implemented in hardware which resides outside your computer or in software on your computer.  This article will discuss software firewalls only. 

Firewalls for Windows

The more recent versions of Windows (e.g. XP or later) come with a firewall as part of the operating system.  By default, this firewall is turned on and operates automatically.  It provides decent protection and requires no action from you unless you have some reason to change its settings.  For ease of use, the Windows firewall is hard to beat.

For those who want more information about and more fine-grained control over network traffic, there are a number of alternatives to the Windows firewall.  Some of these are free for personal (i.e. non-commercial) use, and for my purposes these are more than adequate.  If you decide to use some of these, expect to spend some time learning how to use it.  In the first weeks  to months of use, these firewalls build up their rule set by asking you what to do each time one of the processes running on your computer tries to use a network connection  In the beginning, you are likely to get a LOT of alerts, and the answers you give will determine how well the firewall protects you down the road.

ZoneAlarm Personal Firewall

This is the most popular of the free firewalls.  It's easier than most to set up and, at least in my experience, does not have conflicts with other software.  However, the recent versions of it do not work well on less powerful computers.  To get this free firewall to work, you have to get a registration key by email.  Following that, you will continue to get mail from ZoneAlarm advertising their paid products.

Comodo Internet Security 4.0

This is an anti-virus program and firewall bundled together.  When you install, take the option to install just the firewall -- there are better choices for anti-virus.  Also, when you install pay attention and make sure you UNCHECK the boxes for changes to your home page, search preferences, browser toolbars, etc.

Online Armor Free

Said to be easy to install.  Includes keylogger guard, tamper protection, malicious script and worm protection, and limited autostart protection.  This has been popular recently on download.com, but doesn't have many user reviews.

Anti-virus Software

If you have a computer running some version of Windows, there are several complementary approaches to anti-virus protection you may want to use:

Installed Software

Every Windows computer should have an anti-virus program installed, since Windows is the operating system targeted by most malware.  Due to the way in which anti-virus programs work, it is not a good idea to have more than one installed, even though the different programs have different strengths and weaknesses.  When changing from one anti-virus program to another, uninstall the old program and restart your computer before you install the new program.  Also keep in mind that some anti-virus programs are difficult to completely uninstall.  This is something you might want to look into before choosing your anti-virus solution. 

All anti-virus program rely on a database of virus definitions.  At present, there are two approaches to storing this database.

Cloud-Based Protection

This new approach uses a virus database that's kept on remote servers rather than on the personal computer.  Initial testing shows this to be an effective form of protection for computers with an always-on connection to the Internet. Keeping the database in the Internet "cloud" removes the need for frequent checking and downloading by your personal computer.  The downside is that the virus database is not available when your personal computer is offline.  Panda offers a free anti-virus application based on this approach.  I plan to test this at some point, but have not yet done so.

Client-Based Protection

This is the traditional approach.  You install the anti-virus software and then update the virus definition database stored on your computer on a regular basis.  The initial update may take some time, but updates after than should go quickly if they are performed on a regular basis.  Keeping the virus database up to date is important, as is making sure that incoming email, downloaded files, etc. are scanned automatically.  There are a number of free anti-virus programs that provide reasonable protection.  At present, Avast is probably the most effective of these.  AVG tends to be highly regarded as well. 

From time to time, I evaluate the most recent versions of various anti-virus programs.  The effectiveness of these programs varies from year to year.  Also, a program that works well for a powerful desktop computer may not work well on a less powerful netbook.  So I often use different anti-virus programs on different computers.  This has the advantage of allowing me to scan my external hard drives, where I keep copies of my data, with more than one anti-virus program.

There are a number of free anti-virus programs that provide reasonable protection.  At present, Avast is probably the best pick, though AVG tends to be highly regarded as well. 

I've had good experiences with Eset in the past.  Their price is high, but they are one of the few companies that provide good customer support. I've evaluated G Data, which is highly rated, and I've not liked the drag is places on performance, nor have I been happy with the lack of customer support.  Also, the boot scan CD I created with G Data did not work.

Online Scanners

Online scanners offer a one-time scan from a website.  They don't provide ongoing protection and should be regarded as a complement to installed antivirus software rather than an alternative.  Since no anti-virus application is 100% effective, it might be a good idea to use one or more of these online scanners from time to time.  Eset and Kapersky offer online scans.

Boot Level Scanners

There are certain kinds of viruses (i.e. rootkits) that either cannot be detected or cannot be removed once your computer has booted up from the operating system stored on your hard drive.  In such cases, you may be able to restore your computer by booting up from a CD or flash drive that bypasses your installed operating system and runs an externally controlled scan of your hard drive.  In addition, some anti-virus programs allow you to schedule a boot-level scan to be performed when you restart your computer.

Malware Scanners

The term "malware" refers to all undesirable software.  More specific terms are used to refer to the way software gets onto a computer or how it behaves once it's there.  For example, a "virus" has the ability to copy itself from one computer to another, e.g. by attaching itself to files that a user may send to another computers.  Once a virus gets onto your computer, it can install various types of software, such as a "trojan," which allows another party to control your computer without your being aware of it, or "spyware," which sends information about your computer activities to another party without your knowledge.  Anti-virus programs have traditionally been designed to look for programs that spread by copying themselves.  Currently, most anti-virus programs also look for malware that works in other ways (such as being written directly onto your computer by a malicious web site).  However, since no anti-virus program is able to catch 100% of all malware, you might want to use one or more malware scanners as a complement to your antivirus program.

The most popular free malware scanner is Malwarebytes Anti-Malware (MBAM).  Once you have downloaded, installed, and updated this program, you can use it to scan your computer for malware that your anti-virus program might have missed.  One of the nice things about MBAM is that it doesn't conflict with your anti-virus program.  Keep in mind that this free program does not have an automatic mode.  You have to start the program and initiate a scan.  You also have to request updates, which you should each time before you begin a scan.

Browser Security

Internet Explorer is the browser most targeted by malicious software.  For that reason, many security experts suggest using another browser for most web activity.  The browser I use most often is Firefox.  It works well on many different kinds of computers and it is well supported.  In addition, there are a number of add-ons available for Firefox that make web browsing more secure:

FlashBlock

When you have this add-on installed, you can view any flash that's available with just a simple click, but flash is blocked from playing automatically.  Not only does this protect you from bad actors using flash for malicious purposes, it also keeps your browser from being slowed down by advertisements and useless flash animations.

BetterPrivacy

When you have this add-on installed, it deletes files known as LSOs that can be used to collect data from your computer.  These are mostly used in the same way as "cookies," but they have the potential to be used in a more invasive matter.  BetterPrivacy removes LSOs after the browser closes.  You can selectively protect LSOs you want to keep, and you can time the deletion of the LSOs.  (BetterPrivacy also lets you delete something known as the DOM storage file, but I do not recommend using this feature unless you really know what you're doing.)

NoScript

When you have this add-on installed, it blocks scripts as well as flash.  While scripts can be useful and, indeed, are necessary for some websites to function properly, they also can be used for malicious purposes.  The NoScript add-on lets you allow scripts for websites you trust and block them for all others.

For Further Information

There's a wealth of helpful information and links in an online article from Issues in Science and Technology Librarianship (Fall 2002, Number 36) entitled Computer Security by Jane F. Kinkus (Mathematical Sciences Librarian, Purdue University).

The website of US-CERT (Unites States Computer Emergency Readiness Team) provides a wealth of information, including security tips for non-technical users.

The Computer Security Division of NIST has a Computer Security Resource Center (which I believe refers to the website), but it is more oriented towards researchers and members of government agencies -- though they do have a link for Small Business.


Comments