- — 18 November, 2002 13:55
Software security (Back to contents)An easier way to protect your PC if you only have one to worry about is to use a software solution firewall. As they are installed straight onto your PC, they can be much smarter about understanding what programs you want to use and will self-configure to support all your Internet applications. Windows XP has personal firewall software built-in. Called the Internet Connection Firewall (ICF), it is configured by default and works by preventing any remote system from accessing your computer, although it allows any traffic out. It works with Internet Connection Sharing to protect small home networks. Unfortunately it doesn't control outbound connections, so if you somehow end up with a worm like a Klez or Bugbear variant on your PC it won't block the connections made by the worm as it goes off to infect others, nor alert you in any way. If you want protection from internal misuse, or use another flavour of operating system besides XP, then take a look at the commercial offerings available. Current market leaders for Windows are Norton Personal Firewall, McAfee Firewall, ZoneAlarm Pro and Sygate Pro. These products filter and block inbound and outbound traffic, and include easy configuration interfaces and good logging capabilities to let you know what has been going on. Some software firewalls include detailed explanations of logged events to help you understand if the traffic that is being blocked is just a curious probe or is really an attack. Others also include automatic blocking capabilities which can immediately stop listening to any bad traffic as soon as it starts, preventing would-be attackers from getting very far in their efforts to break in. You should be able to get a best-of-breed commercial product from anywhere between $80 and 140, depending on whether you want it bundled with an anti-virus program. There are also many free products available, including reduced feature versions from the biggest commercial vendors, which are worth checking out before you make your final decision (a graphical representation of how a firewall works can be found here). A good place to start is www.firewallguide.com, which features third-party reviews of Internet security products for the home. Another good way to get an understanding of the products available is to read user complaints. The www.computergripes.com site for example, features a range of "gripes" on PC products from one US user's perspective. Although this type of software is maturing quickly, there are still some strange quirks to get over, and learning about possible problems before you buy can be a great help. In particular, the automatic blocking features can be quite problematic, so pay closest attention to how easily the software can be configured to support additional applications. Once you've got it running and protecting all outbound traffic, it might stop you from using any newly installed software correctly. The best firewall programs automatically detect when you are using a new application and ask you if it should be allowed to connect to the Internet.
Antivirus applications (Back to contents)Even if your computer isn't connected to the Internet all the time, it can still be attacked and misused by anything as simple as a virus-infected floppy disk or an e-mail worm. Many antivirus applications offer protection from these threats (antivirus applications are covered in more detail in the Antivirus Buyers Guide). A strong antivirus program that integrates well with your operating system and e-mail client can reduce the risks of having your PC come under someone else's remote control, or becoming a source of infection for one of the latest round of Internet worms. Some worms install key-logging applications that then send your usernames and passwords to places on the Internet, so even if your PC is behind a firewall someone might be able to start using your accounts at places like auction sites or your Web mail provider.
Wireless security risks (Back to contents)
Wireless networks like 802.11b or Bluetooth are another risk. These systems have security measures built-in, but aren't always configured well. A surprising number of Bluetooth devices have a default access code of 0000 still set, which means someone could easily use them for their own gain to dial your Internet account using your Bluetooth phone or to gain access to the data on your Bluetooth-enabled PDA. If you are using any of these technologies, read the manuals to enable access controls and encryption wherever possible. Despite the well publicised problems with the Wireless Encryption Protocol, just making it that little bit harder could be enough to deter an attacker.
Keep it secret (Back to contents)Even if your PC has some kind of unbreakable password system in place, and is locked to the desk, a person with physical access can remove the hard disk and use another computer to read the contents. With notebooks, this concern is even greater. To keep data really secret requires the use of encryption software. Encryption software can protect individual files or whole directory structures by encoding the data on the disk and requiring a password to use the encryption key that can decode the data. It is used in the same way to encrypt e-mail to keep it secret as it travels across the Internet. Windows 2000 and XP have the Encrypted File System, which uses encryption keys for each user account to encode data. Without the correct login to the user account, the data is inaccessible - this keeps it secret even if the disk or computer has been physically stolen. For users of other operating systems, or those wanting to share encrypted files with other people over the Internet, there are many encryption products available. Some focus on encrypting individual files and e-mails and have integration into e-mail clients for convenience, but are cumbersome when working with large numbers of files. Others tie into the operating system to protect entire directories, but aren't easy to use with e-mail. People with real secrecy requirements might already know that files aren't really deleted from your disk every time you 'delete' a file. That would take too much time; instead, the operating system chooses to just forget the files were there to begin with and writes over that portion of disk when it needs some more space. The result is that undelete utilities can be used to retrieve files from portions of the disk that haven't been written over. Skilled technicians can retrieve files from the disk even after they have been written over many times, by detecting the magnetic signatures left on the disk. To make sure that sensitive data is unrecoverable, a secure delete utility is required. These write random data over and over the same portion of disk, turning that background magnetic field that could give away secrets into nothing but noise. Secure deletion programs are often found bundled with other utility programs (Norton Utilities includes one) or can be downloaded for free from the Internet.
Choose carefully (Back to contents)Very few people would require the levels of security that could be attained by using all of these products. Nonetheless, it is important that desktop and notebook users have some security measures in place. The absolute essential thing every computer should have is an antivirus package. Conveniently, many of these come bundled cost-effectively with a personal firewall. Those two products alone will suffice to make a home PC immune from most potential security problems. Beyond these, use common sense to determine risks versus costs. Notebook users should seriously consider cable locks, even if the computer is covered by insurance. Unless your backups are kept up-to-the-minute and stored separately, the inconvenience of losing your notebook will cost far more than the $40 or so required to deter an opportunist. To prevent other users accessing your information on a shared PC, or protecting your data even after theft of hardware, consider whether upgrading your operating system will be enough, or if you need a separate encryption package. Personal firewalls, antivirus and encryption programs are also available in free and shareware versions, so make sure you really do need the features of the commercial products before parting with the cash. And most of all, make sure to understand the experiences other users have had with software products before you buy - a piece of security software that you've had to disable to get anything to work isn't much help at all.