Home > Tech > Articles > Basics of Safe Computing     Login
1-877-538-1622  |  614-538-1622
Search
PainFree Tech Services™ - Real support for communicating with technology
Technology Support, Configuration and Installation Services - PainFree Tech Services™

Articles

 

I need to...

 

Give us a call - 1-877-538-1622 (Toll-Free) | 614-538-1622 (Local)

ESET® Authorized Partner

dnp Authorized Front Projection Reseller - The dnp Supernova Screen™

The Basics of Safe Computing

This Advent Media "Basics" article deals with basic computing for business and personal use in the 21st Century. In the interest of full disclosure, we are Microsoft Registered Partners, so I'm speaking from a Microsoft Windows perspective.

Basic Rules of Computing

While we're a Microsoft Partner, we have reservations about how Windows sets itself up on an out-of-the-box computer. Essentially they're NOT safe computing platforms unless they're configured to adhere to several "rules" of safe computing. Here they are:

#1 Never put anything on your "C" drive that you can't afford to lose. 

Sooner or later something really bad is going to happen to your computer. A virus, a misbehaving program, a hacker, or stupid mistake can leave your computer unable to start up. Often times tracking down and fixing the problem is more time consuming than flushing the drive and starting over (what we call the "Flush & Fill.") The operating system and programs can be easily reinstalled, but personal information or business files can be lost in the process if they're on the same drive as the operating system. 

Our solution is to either partition the drive into two logical drives, or install a separate drive (or even redundant drive array) to hold your personal data. That way when the need arises, you can blow away your OS with impunity and be able to recover full use as painlessly as possible. (Partitioning a single drive protects you from OS failure, but not from hardware disk failure. Only a "disk image" backup can allow recovery of both OS and data files in the event of a dying disk.)

#2 Don't Breach your Firewall(s)

Threat management has become a major issue these days. Call me paranoid, but there really IS someone out there trying to hurt you. Hackers, viruses, Trojan Horses, Worms, they're all over the place and you can't always stop them. But you can try. 

The first level is the "Firewall." The Internet truly is the Information Superhighway, and for information to get to you, it has to travel a path to get to your address. (You can see the path it takes by using the "Trace route" command. Open a command prompt by clicking Start | Run and then typing "CMD" in the DOS window. Then type "tracert" followed by a space, and then the address of a website you commonly visit, like: "tracert advent1.com." Watch the hops the request takes to go from your computer to the server.) In essence the route starts from your house, goes down your street on your local ISP, is handed off through sever servers in the "cloud" of the Internet, finally getting to the neighborhood, the street, and finally to the driveway of your host. When the requests arrives there, it will find several thousand "ports," which are like windows and doors on your house. The request for information will be addressed to a specific port, and if it's open the request goes in and data flows back out to you. Your computer also has thousands of ports. In the early days all these ports were open to the world, and hackers soon figured out they could walk in uninvited and literally take over your computer, implanting viruses, malicious code, or turn your computer into a "robot" on a "botnet" that could spew spam and viruses without you knowing it.

The answer is the "Firewall," which is a utility that blocks all those thousands of ports except those that are needed for communicating on the Internet, such as for email and Web pages. And Microsoft now recommends TWO firewalls. One on the computer itself, and another as a gateway, where your internet connection comes into your site. These are commonly sold as "broadband routers," and they use "network address translation" to hide you from the bad guys on the Internet.

Bottom line, if you give people permission to access your computer from outside, be aware that the door is unlocked and someone you least expect might just walk in. So keep your firewall secure.

#3 Keep your machine patched

What seems like a long time ago (Windows 98 days), there was an outbreak of a virus that spread like wildfire, shutting down whole enterprises. It exploited a vulnerability in Windows that Microsoft had announced 9 months earlier, and had issued a "patch," which is a small code fix to the operating system. It took 9 months for hackers to figure out how to exploit the vulnerability and release a virus. Today, Microsoft will announce that they've found a vulnerability and issue a patch in the morning, and by that afternoon, someone will have released a threat. That means it's a race to get your systems patched before the bad guys get to you.

Fortunately, Microsoft will automatically patch your machine. Normally those patches are released on Tuesday evenings, but your machine has to be turned on for it to automatically update. If the machine is not on overnight, as soon as it turns on, the patch will begin to download, which may slow your internet access, then a little yellow shield will appear next to your clock, prompting you to run the patch. If you don't it will execute the next evening. Many patches require a restart of the machine. If you see the yellow shield, it's a good idea to click it and follow the instructions to immediately install the patch.

#4 Plain Text is Your Friend

Email has become another threat that needs to be managed. It seems the bad guys have figured out how to embed malicious code into formatted email messages. Sometimes it's buried in a picture, other times in hidden code inside the email. If you have a mail preview window open, you can get infected without even opening the mail. Most antivirus scanners will strip known malicious code, but the cat-and-mouse game the hackers play means that it's very likely that sooner or later one will slip through even the best antivirus solution.

The way to beat this means a little more inconvenience, but it's to switch so that you read all mail in plain text. While you won't see the pretty formatting the sender intends, it will render any malicious code completely inert. If you want to view the message as it was intended, your email program will allow you to switch back to HTML formatting, but you only want to do that if you truly trust the sender of the mail. (Remember that you can receive a mail from someone you know that they did not intentionally send, if they got assimilated into a botnet.)

#5 Avoid the Land Mines

You all know there are places on the Internet where you should never go. While you can never really know if a Web site has a "payload" (malware code that's going to try to invade your machine), there are places you can visit that will almost ALWAYS get you.

The first land mine is what are called "peer networking" sites, such as Napster, Limewire and Skype. These allow file and content sharing with other users, meaning that to belong to one of these services, you have to open your computer so anyone searching for a song, for instance, can go to YOUR hard disk and download the song directly from your computer. Notwithstanding that this is an illegal practice that when the copyright police find out about it can land you with lawsuits and very hefty fines, the main aspect is that open "back door" to your computer that other people can come in through (the technical term is a "port"). There's really no way to close the door, so that door stays open all the time, and the hackers out there will sniff out the port and use it to attack your system.

The way to beat this one is simply to never go there. But if this is a family computer and your kids have access when you're not watching, they're going to try. You can implement parental controls, but savvy kids can find ways around those. There are two ways to block web sites. One is to edit the HOSTS file, sending request for a given URL to a null IP address, meaning the site will never connect. The other way to handle this is to edit the lookup table in your broadband router (and then change its password). That way the bad sites cannot be accessed from any computer on your network, and your family members won't be able to work around the blockage.

There's another land mine out there that's often stumbled upon while randomly surfing. That has to do with video codecs. A codec is short for COmpressor/DECompressor for web-based videos. You can't have streaming video without a codec. There are many legitimate codecs out there, Flash, Windows Media, QuickTime, Real are the main ones, and they should already be installed on your computer. But if you hit a site and it asks to download a video codec that you've never heard of, beware that it could be a virus instead! That's one of the way the bad guys will get you, especially on porn sites.

Sometimes even those popups have payloads. Even clicking the red "X" to close the window will instead launch the program and you'll be spending lots of money to have us resurrect your machine. Using the keyboard shortcut Alt+F4 will close the window safely. But if you forget that keystroke, just shut the machine off by hitting the power button.

This is especially true of the "Antivirus 2009" virus and its variants "2008," "Pro", "XP","Vista", and "AntiSpyware 2010". Just clicking anything in its popup window will execute code that welcomes up to 500 malware programs, then it alerts you that you have a virus and they want $49 to remove it. Buying their "product" only invites more malware so your machine becomes a robot, it erases your emails, your contacts, your pictures, etc., and does incredible damage.

If Antivirus 2009 appears on your screen, IMMEDIATELY kill it, either with atl+F4 or just kill the box (pull the power plug or hold the power switch for 4 seconds.) Then run thorough antivirus scans - or call us to perform deep scanning from another machine to be sure nothing came in.

Practice Safe Computing

None of this answers the question "why." Why in the world do people do the things they do? Don't they have anything better to do with their time? What's in it for them. There are several answers:

1. They're in it for kicks. Geeks looking for thrills like to target Microsoft because they're the biggest company in the world. But they're also targeting Apple products (for which there is little protection), and they're moving on to bigger targets, like the routers that control the Internet.

2. Organized Crime. Some of the code the bad guys implant will sniff keystrokes, capturing passwords and contributing to identity theft. Others are putting up spoofed Websites that mimic banks or department stores, prompting you to put in your credentials, again stealing your identity. The profit potential to criminals is enormous.

3. The bottom line: sin. Computing has revolutionized the way we communicate, create, learn, are entertained and earn livings. But like any good gift, it can be easily corrupted. If there's any proof that the world is broken and in need of a savior, the bad guys of computing just made the case. Think of that the next time you read the Bible - online.
Advent Media, Inc. - A family owned professional multimedia production company based in Columbus, Ohio and serving clients for nearly 30 years
Presentations   |   Video   |   Web   |   Tech   |   Projection   |   About   |   Contact
Advent Media, Inc. - Columbus, OhioCopyright (c) 2010 Advent Media, Inc. Terms of Use   |   Privacy Statement   |   Site Requirements
W3C Validated - XHTML 1.0 | CSS 2.0