Posted by: Ken Harthun
14 Golden Rules of Computer Security, Security, Security practice
It isn’t getting any better on the Wild, Wild Web, despite state and federal government attempts to arrest and prosecute those responsible for electronically-perpetrated criminal acts. Spyware and malware of all kinds are increasingly more stealthy and difficult to remove thanks to rootkit technology. With the advent of Web 2.0 and its emphasis on sharing and collaboration through such social networking websites and services as Twitter, Facebook, MySpace, and the like, web-based attacks are more prevalent than ever. These sites are based on active, dynamic content and rely on special programs that run in your web browser to perform their magic. These programs can be modified by malicious hackers to steal your passwords, bank account information and virtually anything stored on your computer.
New laws have done little to deter or eliminate spammers, largely because many of them aren’t located in the United States. Despite the few high profile cases in the news, the truth is that few spammers are ever caught. Considering studies that show some spam campaigns can produce as much as $3.5 million in a year, it’s easy to see why today the spam problem is worse than ever–some estimates place the amount of spam email at 80% to 90% of all emails sent.
These days, everyone is at risk of falling victim to cyber-crime, even those of us who know and practice computer security on a daily basis. The average person who goes to the local big box electronics store and buys a PC or laptop for use at home is often lulled into a false sense of security because their purchase is bundled with some “security suite” by some big-name company. They go home, take everything out of the box, plug it all in and usually end up getting infected with all kinds of nasty things in very short order.
I put this book together in hopes that it will make a difference, however small, in how people look at computing and the Internet. Maybe it will save someone from the hardships of financial loss caused by using a compromised PC to access their bank and credit card accounts. Maybe it will save someone from having to pay a big bill to a technician to clean up a severely infected computer. Maybe, just maybe, it will help take some of the profit out of spam and malware. One can always hope.
At the very least, I hope that you, Dear Reader, find this information useful and that it helps make your computing experience more enjoyable.
Note: Any discussion of security, cyber- or otherwise, must be based on the concept of a security baseline—the bare security essentials without which all else is futile. The articles that follow assume that a good baseline already exists, whether the computer is just out of the box, or has been running for awhile What’s a good PC security baseline? I propose these four bare security essentials: “…a NAT router; a good antivirus program; a good anti-malware program; and, a good software firewall.” These days antivirus, antimalware and a software firewall are usually combined into a single suite. I choose to align with Windows Secrets’ Security Baseline page: “…a hardware firewall that’s built into your [NAT] router, security software that guards against all types of malware threats, a software-update service to ensure that your applications are patched against the latest exploits, and a secure browser.”–KH