[pchelpers] Basics of Safe Computing

(Some corrections included. Any more suggestions?)

The biggest problem is that most people still don't realise that even
the best security programs are not as important or effective as avoiding
dangerous computing and surfing habits. Safe habits (see short list 
below) are easily learned, and good programs would remind users each 
time they do something potentially dangerous. But the computer and 
software industry is still in its infancy, and more advanced 
manufacturers like Apple have a hard time attracting normal users 
because the authorities do not produce or enforce enough regulation and 
essentially do not hold manufacturers responsible for even major damages 
suffered by users.

The dangerous habits are often called "operator errors" by savvy users, 
but many experts also forget safe habits especially in connection with 
email attachments and when in a hurry. In any case, it's simply a sign 
of sloppy consumer protection, of essentially nonexistent control of the 
computer industry by the authorities, and of the primitiveness of the 
industry that users are usually not warned when they do something 
potentially dangerous. Computers have simply not been around long enough 
to allow competition and regulation to produce equipment that is even 
remotely as safe as older household appliances.

This is why it can be an advantage to use an antivirus program like AVG
that is only fairly good *if* the user knows it's only fairly good. (AVG 
gets rid of most but not even close to all known, older malware, and is 
slow in providing updates.) When people realise they aren't protected as 
well as possible, it makes them cautious.

Even the best antivirus programs take a few hours to get updates sent
out to all users, and new malware can spread very far in even a few
minutes. And programs with heuristics are only able to identify some
unknown malware. Using a better antivirus program than AVG gives people
a false sense of security. In fact, the only real protection against
malware is provided by applying basic safe computing methods:

1) Use only a safe browser and an email program that are not directly
connected with the operating system, in other words, not MS products and
the many IE clones. That has the extra advantage that you don't have to
delete an important but infected email and can read it without any
danger as long as you don't open the attachment. Especially in company 
but also in private mail, one can lose very important mail sent by a 
user with an infected computer that attaches malware to perfectly 
legitimate messages, which can enclose extremely important offers or 
information.

2) Don't open any attachment coming from someone you know unless it's
announced in the email. Even then, you should realise this precaution
only eliminates malware automatically attached by infected computers,
not "cool" or funny stuff that people send on purpose without knowing
it's infected.

3) Obviously don't open any attachments coming from strangers until
you've corresponded with them enough to trust them.

4) Don't download anything from shady websites even if you have a safe
browser. If people finally realised that surfing with IE is like walking
down dangerous side streets and entering stores with offers too good to
be true, they wouldn't go to shady websites. Even Google results usually
show enough to know not to click on the link. With a safe browser, it's
like sending your robot there; you can use it to spy on the crooks, but
you wouldn't make the robot bring any junk home from there...

5) Use *one* good firewall, antivirus, and antispyware program each, and
update them and your operating system regularly. Almost all antivirus
programs have real-time protection ("guard", "shield", "on-access
scanning", etc.) but many antispyware programs don't. Most users are not
savvy enough to be protected sufficiently unless both their antivirus
and antispyware programs are actively analysing all downloaded and
opened files for malware all the time.

Only some antivirus and antispyware programs are able to identify and 
especially remove most trojans, so you should regularly scan with a 
dedicated antitrojan program or an online trojan scan. It does not yet 
seem necessary to have an antitrojan program with real-time protection, 
and there don't seem to be any free ones yet.

Be aware that some antimalware programs, especially antispyware, is made 
by crooks that either install their own malware or make a big fuss about 
harmless registry remnants of already deleted malware. Especially 
Spyware Doctor is a big problem because it is an excellent program that 
simultaneously engages in this kind of scam. And the authorities do 
nothing... Once consumers realise how they've been screwed for many 
years by big and small companies and more blatant crooks and due to the 
incompetence of the authorities, there will be a violent reaction...

6) Install and run https://psi.secunia.com/ or regularly run
http://secunia.com/software_inspector/



-- 
-------list-services-below-----------
Regards, John Durham (list moderator) <http://modecideas.com/contact.html?sig>
Freelists login at http://www.freelists.org/cgi-bin/lsg2.cgi
List archives at http://www.freelists.org/archives/pchelpers
PC-HELPERS list subscribe/unsub at http://modecideas.com/discuss.htm?sig
Latest news live feeds at http://modecideas.com/indexhomenews.htm?sig
Good advice is like good paint- it only works if applied.

Other related posts: