[pchelpers] Basics of Safe Computing

(New improvements included. Any more suggestions?)

The biggest computer security problem is that most people still don't 
realise that even the best security programs are not as important or 
effective as avoiding dangerous computing and surfing habits. In fact, 
most of these habits are of course only normal and comparable to normal 
human activity in other sectors of society, in which people are however 
better protected by laws and their enforcement.

The main reason normal, sloppy habits become dangerous in using 
computers is because the most common operating system, Windows, has 
major design problems. These include programs that are interconnected 
with the OS (e.g. Internet Explorer, Outlook, Outlook Express, Windows 
Media Player) and the default habit of making users run their computers 
as administrators with full rights.

Safe habits (see short list below) are easily learned, and good programs 
would remind users each time they do something potentially dangerous. 
But the computer and software industries are still in their infancy, and 
more advanced manufacturers like Apple still have a hard time attracting 
normal users because the authorities do not produce or enforce enough 
regulation (and do not hold manufacturers responsible for even major 
damages regularly suffered by very many users).

The common dangerous computer habits are often called "operator errors" 
by savvy users, but it's simply a sign of sloppy consumer protection, of 
essentially nonexistent control of the computer industry by the 
authorities, and of the primitiveness of the industry that users are not 
sufficiently warned when they do something potentially dangerous. 
Computers have simply not been around long enough to allow competition 
and regulation to produce equipment that is even remotely as safe as 
older household appliances.

This is why it can be an advantage to use an antivirus program like AVG 
that is only fairly good *if* the user knows it's only fairly good. (AVG 
gets rid of most but not even close to all known, older malware, and 
automatically provides at most only one update per day.) When people 
realise they aren't protected as well as possible, it makes them cautious.

Even the best antivirus programs take a few hours to get updates sent 
out to all users. New malware can spread very far in even a few minutes, 
and programs with heuristics are only able to identify some malware 
without prior information (in an update). Using a better antivirus 
program than AVG usually gives people a false sense of security. In 
fact, the only real protection against malware is provided by applying 
basic safe computing methods such as in the following short list (longer 
version below with text in parentheses provides additional info):

1) Use only a safe browser and an email program that are not directly 
connected with the operating system, in other words, don't use Outlook 
Express, Outlook, or Internet Explorer or programs based on these.

2) Don't open any attachment coming from someone you know unless it's 
announced in the email. But even this only eliminates malware 
automatically attached by infected computers, not "cool" or funny stuff 
that people send on purpose without knowing it's infected.

3) Obviously don't open any attachments coming from strangers until 
you've corresponded with them enough to trust them at least a bit.

4) Even if you have a safe browser like Firefox or Opera, don't download 
anything from any website that has not been recommended by a trustworthy 
source. Even computer-savvy people always check what Wikipedia or some 
other reputable site says about any unknown website or program before 
downloading anything. Since most people are too lazy to do that and 
since many have trouble spotting shady websites, you may need to read 
what follows in parentheses below.

5) Use *one* good firewall, antivirus, and antispyware program each, and 
update them and your operating system regularly. Make sure both your 
antivirus and antispyware programs have real-time protection (called 
"guard", "shield", "autoprotect", or "on-access scanning").

6) Only some antivirus and antispyware programs are able to identify and 
especially remove most trojans, so you should regularly scan with a 
dedicated antitrojan program or at least one online antitrojan scan.

7) To make sure your antivirus and antispyware programs are not missing 
anything, you should sometimes run an online scan.

8) Be aware that some antimalware (especially antispyware) programs are 
made by crooks and either install their own malware or make a big fuss 
about harmless registry remnants of already deleted malware. For 
example, even Spyware Doctor is a big problem because it is an excellent 
program that simultaneously engages in this kind of scare-tactic scam.

9) Install and run https://psi.secunia.com/ or regularly run
http://secunia.com/software_inspector/




More detailed information:

1) Use only a safe browser and an email program that are not directly 
connected with the operating system, in other words, don't use Outlook 
Express, Outlook, or Internet Explorer or programs based on these.

(This has the extra advantage that you don't have to delete an important 
but infected email and can read it without any danger as long as you 
don't open the attachment. Especially in company but also in private 
mail, one can lose very important mail sent by a user with an infected 
computer that attaches malware to perfectly legitimate messages.)

2) Don't open any attachment coming from someone you know unless it's 
announced in the email. But even this only eliminates malware 
automatically attached by infected computers, not "cool" or funny stuff 
that people send on purpose without knowing it's infected.

(In any case, it's a good idea to wait at least one day before opening 
any attachment if it's not urgent (especially if it's forwarded) to give 
your antivirus and antispyware programs a chance to get an update for 
potentially new malware.)

3) Obviously don't open any attachments coming from strangers until 
you've corresponded with them enough to trust them at least a bit.

4) Even if you have a safe browser like Firefox or Opera, don't download 
anything from any website that has not been recommended by a trustworthy 
source. Even computer-savvy people always check what Wikipedia or some 
other reputable site says about any website before downloading anything. 
Since most people are too lazy to do that and since many have trouble 
spotting shady websites, you may need to read what follows in parentheses:

(Gullible people have always been and will always be subject to fraud, 
but it helps a lot to remember that the Internet is part of real life 
and that anything that sounds too good to be true is just that. However, 
even safe browsers should warn even more clearly than they already do 
that they can only protect users against automatic drive-by downloads 
and that any download or installation that users manually allow can 
cause major financial and other loss.

Most people don't seem to realise that it's much easier and especially 
much less expensive to set up a good-looking website than even a fairly 
decent-looking store in the real world. One can argue that some 
well-known big companies also rip off their customers, especially when 
they're monopolies, but small criminal outfits are much more aggressive 
and dangerous, and they can easily hide on the Internet. Most countries 
have not yet begun to apply basic laws to the Internet, and 
international cooperation in law enforcement is an even bigger joke in 
the Internet than it still is in more traditional arenas.

Generally speaking, it's a good idea to avoid websites that have more 
advertisement than actual content and to immediately leave if they ask 
you to install something to "view their site correctly" besides 
well-known plugins or programs like Java, Shockwave, Flash, PDF, 
RealMedia, QuickTime, Windows Media Player, etc. And then make sure you 
go to the manufacturer's own site to download these (check Wikipedia for 
example), not to a link to a perhaps rogue site.

Most importantly, if people finally realised that surfing with IE is 
like walking down dangerous side streets and entering stores with offers 
too good to be true, they wouldn't go to shady websites. Even Google 
results usually show enough to know not to click on the link. With a 
safe browser, it's like sending your robot there; you can use it to spy 
on the crooks, but you wouldn't make the robot bring any junk home from 
there...)

5) Use *one* good firewall, antivirus, and antispyware program each, and 
update them and your operating system regularly. Make sure both your 
antivirus and antispyware programs have real-time protection (called 
"guard", "shield", "autoprotect", or "on-access scanning").

(Be aware that the best-known antimalware programs are from companies 
spending the most money for advertisement and for being preinstalled on 
computers, and some of these programs are not good and may even slow 
down your computer severely. Some free antivirus programs like AntiVir 
PersonalEdition Classic (www.free-av.com) use very little system 
resources and have detection rates that are as high or higher than pay 
versions (often incorrectly called "paid" or "commercial") of programs 
by the same or other manufacturers. The free version of Sunbelt Personal 
Firewall (www.sunbelt-software.com) is excellent and easy to use, which 
is not true of most firewalls. The only two antispyware programs with 
real-time protection are Spyware Terminator (www.spywareterminator.com) 
and Windows Defender (www.microsoft.com).)

(Almost all antivirus programs have real-time protection ("guard", 
"shield", "on-access scanning", etc.) but many antispyware programs 
don't. Most users are not savvy enough to be protected sufficiently 
unless both their antivirus and antispyware programs are constantly 
actively analysing all files and folders opened by the user.)

6) Only some antivirus and antispyware programs are able to identify and 
especially remove most trojans, so you should regularly scan with a 
dedicated antitrojan program (for example the free version of A-squared 
http://download5.emsisoft.com/a2FreeSetup.exe) or at least one online 
antitrojan scan:
www.emsisoft.com/en/software/ax/
www.windowsecurity.com/trojanscan/
www.pcflank.com/trojans_test1.htm
(It's necessary and OK to use Internet Explorer on these safe sites.)

(It does not yet seem necessary to have an antitrojan program with 
real-time protection, and there apparently aren't any free ones yet.)

7) To make sure your antivirus and antispyware programs are not missing 
anything, you should sometimes run an online scan. The following are the 
best ones for all malware, and they find almost everything. (It's 
necessary and OK to use Internet Explorer on these safe sites.)

www.kaspersky.com/virusscanner (probably best, but only shows what 
malware it finds and doesn't remove it)

http://support.f-secure.com/enu/home/ols.shtml
www.bitdefender.com/scan8/ie.html

Good for improving Internet performance and finding some spyware that 
other scans don't find:
http://pcpitstop.com/pcpitstop/default.asp


8) Be aware that some antimalware (especially antispyware) programs are 
made by crooks and either install their own malware or make a big fuss 
about harmless registry remnants of already deleted malware. For 
example, even Spyware Doctor is a big problem because it is an excellent 
program that simultaneously engages in this kind of scare-tactic scam.

(The authorities still do almost nothing to shut down websites offering 
rogue antimalware and engaging in other illegal activities. Even Google 
has taken a very long time before it even considered not showing sites 
offering known malware in its search results. Once consumers realise how 
they've been screwed for many years by big and small companies and more 
blatant crooks and due to the incompetence of the authorities, there may 
be a strong reaction...)

9) Install and run https://psi.secunia.com/ or regularly run 
http://secunia.com/software_inspector/


10) Many experts recommend making a separate administrator account and 
turning all accounts normally used by all users of a computer into 
limited accounts. This can prevent some malware from being installed 
automatically.
Since program installation then however requires switching to the 
administrator account or temporarily turning a limited account into an 
administrator account, this is impractical and too difficult for most 
normal users. In addition, this does not prevent the main cause of 
computer infections, people actively but unknowingly installing programs 
infected with spyware and other malware because they didn't check if 
it's reputable and don't have up-to-date antivirus *and* antispyware 
programs with real-time protection.



-- 
-------list-services-below-----------
Regards, John Durham (list moderator) <http://modecideas.com/contact.html?sig>
Freelists login at http://www.freelists.org/cgi-bin/lsg2.cgi
List archives at http://www.freelists.org/archives/pchelpers
PC-HELPERS list subscribe/unsub at http://modecideas.com/discuss.htm?sig
Latest news live feeds at http://modecideas.com/indexhomenews.htm?sig
Good advice is like good paint- it only works if applied.

Other related posts: