December 29, 2004

Simple Tips on Computer Security

Recently, it's become fashionable to write an article on how to protect yourself from all the malware, phishing, spyware, viruses, spam, espionage and bad disk drives out there. Here's some: [IBM], [Schneier], [GetLuky].

Unfortunately, most of them go over the heads of ordinary users, and many of them challenge even experienced users! So I've been keeping my eye out for succinct tips, the sort for car owners who don't know what an oil change is. I have two which I've posted here before, being Buy a Mac and download FireFox. Both good things, but I feel the lack of any good tip for phishing; there just isn't a good way to deal with that yet.

There they are, sitting in a box in the right of the blog.

  1. Buy a Mac - Uses BSD as its secure operating system...
  2. Download FireFox - Re-engineered for security...
  3. Check name of site - written on bottom right of FireFox, next to padlock...
  4. Write Passwords Down - In a safe place...

People do ask me from time to time what to do. I feel mightily embarrassed because I have no Windows machine, but I also find myself empathising with ordinary users who ask what it means to upgrade the software! So my tips are designed for people who know not what SP2 means.

Let me know your suggestions, but be warned: they'd better be very very simple. Coz that's all that counts for the user.

Posted by iang at December 29, 2004 05:47 PM | TrackBack
Comments

When you get (supposedly) an email from your bank or any other institution that you have to log in for, don't click on the links in that email. Instead, use your bookmarks to get to the bank. If you don't already have a bookmark, use Google to find the bank's site.

Posted by: Cypherpunk at December 30, 2004 04:36 AM

I guess the problem with that is that there is distance between the advice and the implementation. That is, when the email turns up, you are expecting the user to remember the advice.

This of course applies to my number 3 above, which requires the user to remember to get there. It's a filler, it shouldn't there. One day the browser will tell you properly, without you having to strain your brain. But not yet.

iang

Posted by: Iang at December 30, 2004 04:40 AM

For Windows users (home users only): Let Microsoft manage your patches by turning on automatic updates.

Posted by: ringo at December 30, 2004 08:14 AM

Don't use a debit card for online purchases

Posted by: ringo at December 30, 2004 08:15 AM

Use a dedicated credit card with a low maximum credit line for online purchases

Posted by: ringo at December 30, 2004 08:16 AM

Shop online only at reputable sites, not ones that you discover from spam

Posted by: ringo at December 30, 2004 08:17 AM

Don't visit .biz or .info sites. For some reason these are more likely to be fraudulent or to be the launching point for attacks than the .coms.

Posted by: Cypherpunk at December 30, 2004 01:09 PM

Don't install closed source file sharing programs. They're loaded with spyware.

Posted by: Cypherpunk at December 30, 2004 01:11 PM

>http://www-03.ibm.com/security/news/ten-tips.html

In that one I fid this gem: "Experts project that 2 billion spam messages will bombard IM applications this year." So according to your theory IM must be dying, too ;-)

Olivier

Posted by: Olivier at December 30, 2004 03:28 PM

Hey, Ringo, nice ones. Of those, only the first - let Microsoft manage the patches automatically - will work as a top tip, because it's the only one with fire-and-forget qualities.

But, I wonder, is it safe? Can we trust them to do that? I guess as long as it's safer than the alternate, it might be a good idea, but if it went and installed SP2, all hell would break loose.

Cypherpunk, all those words you use ... Try them on your Mom, and see: What's a biz-info site? what's that sharing thing? That sounds nice, dear...

iang

Posted by: Iang at December 30, 2004 03:42 PM

Don't buy penis enlargers! They don't work. Especially if you're a woman.

Posted by: Cypherpunk at December 30, 2004 03:42 PM

Hey Cypherpunk, you're just not using them right! Did you read the instructions carefully?

Posted by: More Than A Woman at December 30, 2004 03:44 PM

Behave!

Posted by: Iang at December 30, 2004 03:45 PM

Definitely good suggestions - but only in the short-term. There are scripts for exploiting Firefox trickling into release.

The first defence in security is awareness. Being plain dumb in approaches to online security is the first and only breach required.

Posted by: security bob at February 14, 2005 11:12 AM

"There are scripts for exploiting Firefox trickling into release."

Could you explain that? It doesn't parse for me, I have an image of Mozilla releasing tools to exploit Firefox...

Tips / short term: I am under no illusions about Firefox security - a lot of its brand derives from the current honeymoon period. Just how it will behave under sustained attack we won't find out until its market share heads into the teens, or so.

Posted by: Iang at February 14, 2005 11:21 AM
Post a comment









Remember personal info?






Hit preview to see your comment as it would be displayed.