|
| |
Home &
Personal Computer Security
Seguridad
en el entorno doméstico
Check the security of your browser
and
get Firefox
"It's
the most simple, straightforward, useable guide to security for a home computer
that I've seen. LarryS3, Senior member of the Virtual Dr
Forum"
(c)
Vicente Aceituno 2003.
The aim of
this page is to protect in only one visit against fraud, viruses, intrusions and
catastrophes the personal use of home computers. This is not a step-by-step
guide, because if you don't know how to do it, you won't know how to keep it
either, so it wouldn't make any good in the long run. If you know of any Mickey
Mouse guides, email me and I will happily link to them.
The
expectations in a home environment are basically that no one can access the
computer files from Internet, the computer users can't access each other secret
files, the software installed is only the users' choosing, and not to be abused
because of our Internet use. Some users are concerned about the registry of
their data and personal habits too.
The habits
and measures proposed protect these expectations. We can clasify them in malware
protection, theft protection, intruder protection, privacy protection, disaster
protection and fraud protection. These measures are not for eveyone;
every user is the ultimate responsible for the measures and habits he will take
or not, depending on how valuable is the information he uses to him, and how
uncomfortable is the measure or habit. Use your common sense. For
example, maybe a skilled user with modem connection will prefer to use a
firewall. However, not to take the measures marked in black and grey can render
the rest of measures useless.
We will
assume:
- The
computer might be shared among members of the same family.
- None
of them is an IT technician.
-
Internet connection is modem, adsl or cable.
-
There are two main file type by size, "big ones" and "the rest". "Big ones"
are normally photos and movies.
-
Windows is the operating system.
- A CD
burner is available.
Every
suggestion has a different difficulty and results. Difficulty is evaluated as
High, Medium or Low. The results are qualified as Excellent, Very good or Good.
|
Code |
Difficulty / Results |
Protection Type |
For
simplicity only one or two tools to check/solve every spot are cited. On-line
and free tools are cited whenever possible. If you feel there are better tools,
for comments and feedback, email me to: vaceituno@telefonica.net
To
use this page:
-
Check if
the advice applies to you.
-
Check if
you have the problem cited.
-
Ask
yourself: Am I going to do this from now on?
- Use the
solutions provided. If you download freeware, please donate for development
efforts.
Index
Security measures:
|
M1 |
Low / Excellent |
Malware Protection |
Install an
antivirus with automatic updates over Internet. You can check
for virus right now at
Panda . If
you know you have a virus perhaps you can remove it with
some
help. If you don't want to pay for
Panda, try
AVG or
F-Prot Antivirus for DOS.
Clean your computer if you have
spyware and adware
too. Don't use more than one antivirus, it will bring more
trouble than security.
|
|
M2 |
Medium / Excellent |
Intruder protection |
If you have
an ADSL/Cable connection, or you connect a laptop to a public
network, it is advisable to install a firewall.
ZoneAlarm
or Kerio
(more difficult to use) are two good options. Firewalls will
help us to control what programs can connect to Internet, and
what can connect to us. At
Sygate or
Shields up you
can check what can be seen of your computer from Internet. If
your IP address and browser version are visible, it's not big
deal. If shared folders are visible it IS big deal. Don't use
more than one firewall, it will bring more trouble than
security.
|
|
M3 |
Low / Excellent |
Fraud protection |
|
If you have a
Modem connection, ask your phone carrier to block your telephone
access to expensive prefixes. Some malicious programs try to
connect to those numbers.
|
|
M4 |
Low / Very good |
Disaster Protection |
Power the
computer and peripherals using one or two n-way sockets with a
switch. If electricity supply in our area is specially poor, the
n-way sockets should be
surge protected![]() . Avoid
placing computers near heating devices and any fluid (like coffe)
containers near laptops.
|
|
M5 |
Low / Very good |
Offensive Content Protection |
Install some
content control program such as
Net Nanny, or configure Windows for content protection. If
the father can install it, probably the son can circumvent it,
thou.
|
|
M6 |
Low / Very good |
Disaster Protection |
Write
down or print the following information:
-
Customer care number of Internet access.
- Customer care number of your computer and
peripherals providers.
- Modem connection details.
- ADSL or cable connection details.
- POP3/IMAP mail details.
- Operating system, application, laptop and
peripherals serial numbers.
- BIOS' CMOS configuration (or save it with
cmos14).
|
|
M7 |
Low / Good |
Intruder protection |
To find out
if you have an administrative hidden Windows NT/2000/XP drive
share you can download and exec
this script. If the share is unavailable or disable you'll
get "Specified network name couldn't be found". To disable it
you can download and exec
this file and reboot. To enable it again, download and exec
this other file and reboot. If a firewall is up and running
this could be a redundant security measure.
|
Table of contents
Recommended configuration:
|
C1 |
Low / Excellent |
Disaster Protection |
Configure
applications for
automatic save to disk every ten or fifteen minutes. That
way if there's a power failure, you won't lose all your work.
|
|
C2 |
Low / Excellent |
Intruder and Privacy protection |
|
Configure the
browser to not to remember passwords. If someone checking on
what we've been doing with the computers is a concern, we can
shrink the applications "history".
|
|
C3 |
Medium / Excellent |
Intruder Protection |
|
|
|
C4 |
Low / Very good |
Malware Protection |
Configure
mail to text only, no HTML If you receive and send mail in
different fonts and colors you have HTML on. You can check the
security of your mail at
Windows Security.
|
|
C5 |
Low / Good |
Disaster Protection |
To create a
directory for very "big" files (normally photos and video) in a
separated directory of "My Documents" will make backup easier.
To check where your big files are use
JDiskReport.
|
Table of contents
Recommended habits:
|
CR1 |
Low / Excellent |
Malware Protection |
|
|
|
CR2 |
Medium / Excellent |
Disaster Protection |
|
Depending on
the filetype, the easiest backup copy is different:
- Save
normal files in a rewritable CD once in a while.
Write the date on the CD and store it safely. When not all
files will fit in a CD, backup copy becomes a lot more
complicated, so perhaps we will choose only the most often
used files o the files we have no copy of. Older rewritable
CD's can be overwritten.
- Save
big files, like photos and video on a normal CD once.
Write the date on the CD, and store it safely. As photo and
video files are kind of static, you will need only one or
two copies.
- Keep at
least one copy of all you software and drivers.
If you don't have the drivers any longer (like you inherited
the computer or something), search for
wdrvbck.exe to back them up.
If you don't
backup regurlaly, you should at least use the more reliable NTFS
filesystem instead of FAT. You can check the filesystem in the
properties window of the drive. To convert FAT32 to NTFS use the
"CONVERT <unidad> /fs:ntfs" command from the command line.
|
|
CR3 |
Medium / Excellent |
Intruder protection |
|
Don't send
confidential information using unecrypted e-mail. Keep
confidential information, like passwords, account numbers, etc,
on diskettes or CD only, never on the hard disk.
This is specially indicated when the computer is shared, or when
the computer goes for repair or maintenance by technical
service. The disk must be safely stored. If the disk is a
diskette it should be changed once in a while. When discarded
these disks should be destroyed.
|
|
CR4 |
Medium / Excellent |
Fraud protection |
As not
everything we read in Internet is true, it's healthy to be a
little skeptical. We must
be specially careful with economic and medical information. The
sites of medical information that adhere to this
code of conduct
deserve much more confidence than those that don't. To
prevent being deceived, is good to remember some carachteristics
common in chained e-mails and spam:
- They
ask you to be sent to everyone you know. Sometimes they
resort to threats or emotional blackmail.
- They
alert on dangers like virus, food poisoning, product
defects, lost children, etc. Sometimes they justify the
impossibility to verify the supposed defect, as "Antivirus
won't detect it", or "The government wants to keep it
secret".
E-mails
in which it is requested to add our name at the bottom by
some noble cause are totally ineffective, because they are
too easy to forge and therefore they are not accepted for
vindication. News of manufacturers who give products away
are normally false, neither there are governmental companies
nor organizations that use chained e-mail as communication
device. If a chained mail claims to come from Hotmail,
Microsoft, Nokia, or the Police, it is undoubtfully false.
If in doubt, we can verify at
hoaxbusters if
there is information about a specific e-mail.
When making
friends online, werther it's a date or not, follow this
safety tips.
|
|
CR5 |
Medium / Excellent |
Intruder protection |
Format (not
Fast Format) the hard disk when we giving away or selling the
computer to someone you don't trust totally. If it is a concern
that some information from the hard disk could be recovered, use
Eraser or a similar
program. To delete everything, including operating systema and
applications, use Darik's
Boot and Nuke.
|
|
CR6 |
High / Excellent |
Intruder protection |
Email
accounts are used as IDs in many websites. Use a mail account to
subscribe to e-mail lists and free services. Use another one for
personal mail and paid-for services. The passwords of both
accounts must be totally different, as if you use the same and
subscribe, let's say to a newspaper, perhaps the newspapers'
technicians can read your mail. These passwords should be
"good", this is:
- Long
enough, eight characters at least.
- It
shouldn't have an obvious relation to current events, nor
your environment, our family, tastes, or professional
terminology.
- It
shouldn't belong to any dictionary in any language. This is
easy to achieve duplicating or deleting characters. For
example "elephhant" instead of "elephant".
Perfect
passwords have non lower case letters, like capital letters or
numbers in the middle of a word. We can generate one of these
passwords with the help of
this page. In
order to see how good your passwords are test them
here.
Changing your
passwords is a time consuming process. Change you passwords
whenever you feel they have been compromised, or when they
become too old. You should never write a password, but if you
really really have to do it, follow the CR4 (above). There is no
software yet for using
inkblots.
|
|
CR7 |
Low / Very good |
Intruder protection |
When we use a
public computer, like at an university or cybercafe, we must
connect using a safe option when writing passwords.
- If
the link reads https insted of http, we
are in a "safe" page.
-
Disable any option of being "remembered" in web pages.
-
It's better to "logout" instead of closing the browser
window.
|
|
CR8 |
Low / Very good |
Disaster, Intruder and Malware Protection |
Keep the
system up to date using
Windows Update.
To find out if there are driver updates for your computer try
DriversHQ. Update your
BIOS only if you have stability or compatibility problems.
|
|
CR9 |
Low / Very good |
Disaster Protection |
|
When we are
going to be abroad for a long time, or when there is an
electrical storm, unplug the computer and the peripherals. If we
have multiple way plugs, it's enough to switch those off.
|
|
CR10 |
Low / Excellent |
Privacy Protection |
When filling
forms online, fill with true info only the fields that are
really necessary for providing the service. Whenever possible,
use ficticial values instead of the real ones.
When mailing
many people at once copy them in "bcc" (hidden copy) instead of
"cc" (copy) or "To".
|
Table of contents
Advice for laptop users
|
MP1 |
Low / Excellent |
Theft Protection |
Use a
padlock or an alarm when using it in places of public
access. Alarms work everywhere, padlocks need something to
attach the laptop to.
|
|
MP2 |
Low / Excellent |
Intruder protection |
|
If we are
going to leave the laptop alone in a public place set a
screensaver with password and disable infrared connections.
|
|
MP3 |
Low / Very good |
Theft Protection |
|
Write down
the serial number, to identify and claim the laptop in the case
of theft.
|
|
MP4 |
Low / Good |
Theft Protection |
|
Label it
clearly and permanently as your property. In some BIOS you can
record your name so it will be shown in the screen while the
computer boots too.
|
|
MP5 |
Low / Good |
Theft Protection |
Set a
boot password (not a setup password) in BIOS setup.
When the machine boots, you will normally get a prompt saying
what key to press to go into BIOS setup. Otherwise, check
here
for tips.
|
Table of contents
What to do if shit happens
In the
case of a catastrophe in a home environment, instead trying to recover the
system it is better to recover the data and reinstall. The described process
will recover data, not the system. Skip the non-pertinent steps, but for the
first.
|
|
|
Disaster Recovery |
1- First and
Foremost, don't get nervous. Read slow and carefully this line 2
to 10 times.
2- If the
computer is on, leave it on. If it's off leave it off.
3- Check
in other computer if there is a good enough
copy of the file like:
- A
recent backup copy.
- In the
outbound tray of Web Mail, or perhaps somenone we mailed a
copy to.
4a- Case "a":
The application is configured to save to disk automatically.
Most applications will open the last opened filed but for:
- We
deleted the file accidently. Go to the recicling bin and
recover it.
- We have
ovewritten a valid file by mistake, or deleted a file from
the recicling bin by mistake. If your filesystem is NTFS you
can try to recover it
here
using Internet Explorer.
If the file hasn't been recovered yet, switch off the
computer and follow this procedure to carry on trying to
recover info:
-
Extract the hard disk.
-
Connect it as a seconday disk in a working computer.
-
Boot the computer in safe mode (press F8 on boot). If
failing to do this it is likely that data will be
written in the disk. The computer we use to recover data
could be damaged too.
-
Check the disk for virus. The presence of a virus
doesn't need to be the cause for the data loss.
If
you can't do this, build a
rescue disk in a different computer and boot yours
from the floppy.
4b- Case"b":
Perhaps there is a remain of the information among the temporary
files despite of:
- The
recovery from backup copy has failed. (point 4a).
- The
application can't save to disk periodically, or we didn't
configure it.
- There
was a power failure for any reason (like blackouts).
- We
exited an application without saving.
- The
computer "crashed".
We can
search the temporary files for a similar size and date to
the work we were doing. If we find one:
-
Copy the file to the computer we are using for recovery.
-
Change the extension and try to open it.
4c- Case "c":
Rest of casuistics, included:
-
Temporay files are not related to the data we lost (point
4b).
- The
file is lost as a result of using utilities such as Scandisk
or disk manipulation such as PartitionMagic. Try to recover
it with free tools like
Grenier's (partition recovery) or
R-Tools (file recovery). If this doesn't work and the
information is valuable enough, we can try tools like
this.
- Disk
failure. We can only recurr to expensive solutions offered
by companies like this
and this.
5a- In any
case, perhaps when opening the file this is corrupted. To fix it
there are repair tools like
EasyRecovery FileRepair and
Recoveronix.
5b- If the
file is encrypted and the password is lost we can try to recover
the content with software found at
here or
here.
6- Reinstall
shoulnd't be difficult if we have a copy of all our software and
drivers. If some drivers are missing to find out what hardware
is in the computer you can use
AIDA.
Look for the missing drivers at the maker's website or Google.
|
Table of contents
Advice for advanced and
paranoid users:
|
MA1 |
Low / Very good |
Privacy Protection |
Use a tool
like Cleanup once
in a while to eliminate temporary files and all traces or your
Internet navigation and computer use. Using
TweakUI
you can configure the cleaning of files history.
|
|
MA2 |
Low / Very good |
Disaster Protection |
|
|
|
MA3 |
Low / Good |
Privacy Protection |
For the
specially paranoid, use a tool like
Eraser to guarantee
information erasure.
|
|
MA4 |
Medium / Excellent |
Privacy Protection |
If somebody
obtaining data from hard disk is a concern we can use tools like
Drivecrypt to prevent
it, or the older,
free version.
PGPDisk is good too.
|
|
MA5 |
Medium / Excellent |
Privacy Protection |
|
|
|
MA6 |
Medium / Excellent |
Disaster Protection |
If there are
two computers at home, have every computer to hold a copy of the
others' data.
Synchromagic can help. Obviously you will have to use shared
folders for this.
|
|
MA7 |
Medium / Very good |
Intruders Protection |
|
If we have a
router for Internet connection and we want to prevent our ISP's
technicians to access it, we can:
- Change
the admin's password.
- Keep a
backup copy of the router's configuration.
Don't
do this if you can't configure a router.
|
|
MA8 |
Medium / Good |
Intruders Protection |
|
|
|
MA9 |
Medium / Good |
Privacy Protection |
Install a
browser different from Explorer, like
Mozilla. Configure it to
block pop-ups. More on details on this issue
here.
|
|
MA10 |
High / Excellent |
Privacy Protection |
Configure our
mail client to send and to receive encrypted mail.
Hushmail provides
web-based encrypted mail.
|
|
MA11 |
High / Excellent |
Disaster protection. |
Use
Cobian Backup
to backup both data and system files. Test how to
restore files.
|
|
MA12 |
High / Very good |
Intruders Protection |
Review the
security option of the browser getting a balance between
security and usability. If your browser is Explorer
here
you can verify the effect of your configuration in the behavior
of ActiveX. In
this
page you can check the current options of your browser.
|
|
MA13 |
High / Very good |
Intruders Protection |
|
|
|
MA14 |
High / Very good |
Sin clasificar |
Use an open
source operating system like Linux or
OpenBSD, and to follow the
equivalent recommendations for those systems. Or get a Mac.
|
|
MA15 |
High / Good |
Disaster Protection |
Use
Yahoo Briefcase or
similar services as an alternative media for backup of non
confidential information.
|
|
MA16 |
High / Good |
Disaster Protection |
|
If a
catastrophe happens, FATxx is easier to recover than NTFS, but
NTFS is more reliable. We could use FATxx in C:, bearing
operating system and applications, whereas D: with our data can
have NTFS.
|
|
MA17 |
Low / Very Good |
Disaster Protection |
To guarantee
access to our data even if the computer won't boot, is good to
have bootdisks, like
these.
Knoppix is a great way to
do the same.
|
Table of contents
Other Home Computer Security Resources
I
don't agree with all the advice given in these links, particularly:
-
Changing passwords too often.
- Use
of complicated devices for home users like hardware firewalls.
- Use
of encryption for non-secret information.
- User
management and access control is too complicated for most home users.
Susi
Internet Security Alliance
Carnegie
Mellon
Security Tips
(Don't take the test, it is not worth it)
Microsoft's point of view
Tools reviewed
Tools galore
Sponge´s Anti Spyware Site
LockDown
However unlikely is that following this advice will bring any trouble or
inconvenience, I am not responsible in any way should it happen.
Volver - Home
| |
!
Web Design & Development
Internet Marketing & Advertising
English-Romanian Translation
Nicolae Sfetcu
E-mail, Tel.: 0745-526896
|
or 
