I read an interesting article today: Hackers aren’t as sneaky as you think. Ah! The good old days. I grew up on the hacker culture. I remember the inspiration of the movie War Games and the almost romantic vision of young, smart people getting past the system and into the secret world of government and big business. Of course, the truth underneath was a little less glorious. Cracking computer security is now much more about vandalism and identity theft. Yet, that early curiosity gave me an awareness of computer security and steps that could be taken to protect one’s self. Most computer crime is result of sloppiness on someone’s part. It could be the system administrator who’s not a big fan of browsing logs and running patches. There’s not too much that you can do about that. However, you can do things about your own security.
I’ve thought about a few ways that I do to keep safe, and they’re not too hard to do. Yes, you have to make some changes to your behavior, and you will have to learn a few things, but it’s not any more difficult than the things that you have learned to keep yourself safe on the motorway. I’m sure that some will argue with a few of my conclusions, but at least they’ll be thinking about it!
Start with a safe vehicle
I quit using Windows. I know that not everyone will do this, but I simply had repeated problems with viruses (should that be virii?) and other issues that I just could not keep a handle on. When I discovered Linux and started making it work for me all of those issues went away. I have had zero virus infections. I also got a lot more information through logs as to what people were trying to do to attack my system and came up with ways to complicate that. I think of it this way… when driving on a dangerous highway, which would you rather have between you and the idiots: a Pinto or a Volvo? If you decide that you must stay with Windows, then make sure that you have all of the safety features installed. You should have firewalls, virus scanners, spyware scanners and make sure that they are always up-to-date.
Maintain your vehicle
It’s great to have a solid vehicle, but if you don’t keep it running smoothly then it will cease to be reliable. The most critical thing is to keep your patches and software up-to-date. Elderly software tends to be behind the times on security issues. If cost is what is preventing you from staying current, then you really should consider finding a freely available solution. The Open Source World provides a good number of solutions that you should consider. If cost is not what is holding you back, then set up a regular procedure for making you are up-to-date. Many software packages have ways to automatically check for updates. Turn this on.
Pay attention to how your computer is running. A slow computer may mean that you’re just overloading it with software and outgrowing the system. It may also mean that your computer may be doing a lot of work on behalf of a SPAM-bot or something else. If nothing has changed on your computer, no major software changes or changes to how you are using it, then it is not normal for your computer to suddenly start running more slowly. If you were driving on a straightaway and your car suddenly started losing acceleration you would be concerned. Computers are the same. When you see signs of problems, check them out.
Keep a look out
A while back I got SPAM from my sister’s email address. I wrote to let her know that I had gotten it. Generally if SPAM comes from someone and it’s a random mix of email addresses (usually alphabetical) then it’s just someone spoofing that email address. The SPAM did not actually come from your friend’s computer. However, if the SPAM was sent to people from their address book, then you are likely dealing with something that is more of an attack. The computer needs to be checked out. Don’t ignore it when something suspicious happens. Tell the people who need to know. They can’t do anything about it if they don’t know.
Accept that security may require some inconvenience
Yes, it’s nice to be able to turn on your computer and get to work. But that also means that anyone can turn on your computer and get to work. Are you sure that the kids aren’t on there when you’re not around doing things that they aren’t supposed to? How about your spouse or your roommate. If you keep something on a computer that you would not leave laying around for people to read at a party then you should probably close the door on your computer with a password. It’s not just your personal information, either. Maybe you have nothing to hide, but what if this other person goes poking around in places that they shouldn’t. They see the warning that says “Are you sure that you want to activate this malicious program that will steal your identity?” and they click “OK” because they just want to get to the video.
If you’r going to have a password it should be a good one. When I was working as a system tech supporting a company I was called to do some work on a workstation in the security department. She had left, even though she knew that I was coming and her screen was locked– which was good. She had a Corn Huskers football plush sitting on top of her monitor and a few other Huskers things laying around. I took a guess and typed “huskers” and I was in! I left her a note telling her that it was pretty easy to guess and she made it more secure. The best passwords are phrases with numbers and letters. Abbreviations that only you would know are good too. “H0w much is that doggie in the wind0w?” would be a pretty difficult password to guess. Names of family, birth dates, etc are terrible password. Take a line from your favorite song in High School. Many security requirements demand that you change your password regularly, but once you find a way to pick things you can remember you will find it easier to change and maintain.
There are many ways now to encrypt information. Encryption turns things into secret code so that no one else can read it. You can do this with emails (and most people should) so that email to you can only be read by you. You can also do it with file systems, so that you have a section of drive that requires a password to access what’s in there. Encryption is a larger subject than I’m prepared to cover here, but you should take a look at what can be done with the Gnu Privacy Guard, which is free and powerful encryption software. You can hook this functionality automatically into your applications and make encryption easy to deal with.
Is that it?
There is a lot more ground to cover to keep yourself from being cracked, but these things right here will make a dramatic difference in your vulnerability. If there is more interest in this topic, especially about specific practices or solutions I’d love to write more about it. Shoot me a note and we’ll try to cover more detail. If it’s enough conversation it might be worth a group on My developerWorks to help everyone participate in the conversation.