[bcab] Re: Computer security

I believe that a problem with this article is that it implies that the user 
should rely on software rather than attempt to modify their own behaviour.  
Software can never be 100 percent accurate at identifying threats whilst some 
simple changes in one's use of a machine will greatly decrease one's dependance 
on software intervention and exposure to risks in the first place.  

Although of course there seems to be an almost daily list of security risks 
(sepecially Windows) it should be noted that many of these do get fixed before 
most users experience the result of the exploits.  The numnber of exploits are 
due to the sheer size of the target that Windows users presents to the hacker, 
the reverse could easily have been true if the world had gone Apple OS.  

For example the fixes made in XP Service pack two and the turning on of the 
Windows Firewall have vastly reduced the incidences of Internet worms simply 
because they cannot invade the system anymore, those that are still kicking 
about are running around unpatched and non updated systems.  It is now well 
understood that an unpatched Windows XP connected with a modem directly to the 
internet for even a short period of time will catch many worms straight away.  
A patched and updated system will probably catch no worms whatever.

Today the nature of the risk assuming you have a patched system is rather 
different and comes from the code you are willing to have or let run on your PC 
via the websites you visit rather than stray worms.  Websites now can make use 
of a bewildering array of technologies which can improve the experience of the 
experience for their users by making things more convenient but at the price of 
security, there is a very definite trade off here.  The problem is that all 
this convenience often involves running ActiveX controls or Javascript or some 
other kind of site scripting technology.  

Running code from any site is risky therefore it is important you sort out the 
genuine ones from the malicious ones that either want to steal your personal 
details or stick spyware on your PC.  Because software can usually only respond 
to a specific threat you should not wholey rely on the software catching that 
threat.  Many power users run with minimal or no anti-virus software but 
because they can understand where the threat comes from and they take specific 
precautions they can seemingly avoid these issues.  At best it may be worth 
thinking of your anti-virus or anti-spyware software as a second line of 
defence rather than first line and relying on it without question one's own 
security provisions and judgement.  Here are a few ideas.

  a.. Do not open any attachments in emails.  Attachments can be a risk that 
you are exposed to, if the email is unsolicited and has an attachment it almost 
certainly is something trying to enter the system maliciously.  
  b.. Do not follow links in unsolicited emails to websites you don't know, 
especially in HTML even if they look convincing.  Emails requiring you to log 
from banks for example are almost certainly phishing scams.  HTML is 
particularly risky because the link can be disguised.  If an unsolicited email 
invites you to unsubscribe from their list, do not use their link, it will just 
identify you as a valid email address for their spam.
  c.. Use your computer behind a router, a router will give some protection 
against being exposed fully to the internet because it uses NAT so that your 
computers I/P address is not directly exposed to the internet.
  d.. Keep up with the updates on Windows this is how security holes will get 
fixed.  There are now fewer worms out their because many of the type of 
security holes they used to go through are closed eg. Windows XP Service pack 2 
which included the Windows Firewall.
Notice there was no anti-virus or firewall in that list, you may still need 
these but they are a second line of defence.  The best way of fighting spam and 
viruses and similar attacks is to make sure these never reach you PC at all.

Regards.

Tristram Llewellyn
Sight and Sound Technology
Technical Support
www.sightandsound.co.uk

  ----- Original Message ----- 
  From: Charles Crisp 
  To: bcab@xxxxxxxxxxxxx 
  Sent: Monday, March 26, 2007 10:51 AM
  Subject: [bcab] Computer security 


  Hi

  Have a read of the following BBC article and look at the Government web
  site. A good test of accessability.
  There is a lot of useful information for those who don't know and some for
  those who do.

  BBC article about internet security 

  http://news.bbc.co.uk/1/low/technology/6472723.stm


  Get safe on line.

  http://www.getsafeonline.org/


  Kind regards
   
  Charles Crisp

  See our holiday home website: 
  www.thecrisps.co.uk/french-house <http://www.thecrisps.co.uk/french-house>  
    

   
  This E mail is private and may contain copyright material in the text or any
  attachments.
   
  The contents and attachments of this E mail have been scanned for viruses,
  but you may wish to make your own test before oopening attachments.

Other related posts: