HallmarcDotNet

Marc Elliot Hall's Blog

Headlines

Christmas card is up Check out the Flash...

Blog-o-licious We've got blogs...

Site Redesigned HallmarcDotNet has a new look...

 

Welcome to My Weblog

— also known as my vanity gripe page

I'm currently available for your project! Please view my résumé and Open Letter to Recruiters if you are looking for an experienced, senior technical manager, project manager, business analyst, team lead, software engineer, web application developer, webmaster, system administrator, technical writer, or technical editor.


Mon, 28 Apr 2008


Windows Security for the Insecure

Tools for Keeping Windows Unbroken

I recently had a conversation with an acquaintance about his company-issued laptop, and how it had become significantly slower. He also reported some behavior (pop-up windows, extra toolbars, etc.) that are symptomatic of a computer that has been infected by a virus, spyware, adware, or worse. His complaints sounded all too familiar, as Microsoft Windows users have had similar issues since the advent of Windows for Workgroups.

Knowing that I have some experience with computers, he asked me for some advice on what to do. After explaining that his laptop is to the systems I work with as a dinghy is to an ocean liner, I agreed to impart some wisdom.

First, I explained that he shouldn't be worrying about fixing the laptop: it's a company laptop, and therefore the company's responsibility. They need to hire someone with domain-specific competence to do routine maintenance and security auditing on these computers. In other words, they need to hire a geek.

Presuming that, for whatever reason, his employer would not be supporting this computer, I also gave him a brief overview of the wide variety of misuses that his laptop could be engaged in. Here are a few, and let me emphasize that this is not a comprehensive list:

After outlining the risks to him and others that could result from a compromised machine, I agreed to provide him with more information in a follow-up email. This blog entry is an expansion on that email.

Places to seek understanding of the problem

Carnegie Mellon University supports an organization called the Computer Emergency Response Team (CERT), which watches the Internet for trends in computer abuse. CERT maintains a web site dedicated to helping people keep their computers secure. Two sections of that site of particular benefit to my acquaintance are:

Another popular resource is Security Novice, which outlines best security practices from the perspective of a novice.

Microsoft also provides a reasonably complete explanation of security basics. Naturally, this is geared specifically for Windows users, but then, most PC users are Windows users.

Organizations seeking to fix the problem

Security is a process, not a product. Nevertheless, here are a few free tools that will improve your overall situation, at least initially. If these are so good, why are they free? Principally, two reasons:

  1. They are loss-leaders for commercial products, or
  2. The Free/Open Source Software (F/OSS) community is a strong force on the Internet, and has, essentially, developed entire environments for PC users to be productive without spending any money. Some groups in this movement are motivated by pragmatism, and some by idealism; but the result is a full suite of operating systems and applications that rival the corporate software world's offerings in virtually every category.
    F/OSS software includes several variants of Linux, OpenOffice, several of the tools listed below, and many other programs. Development of these programs is sponsored by major companies, like IBM, Sun, Google, and Oracle, as well as largely volunteer organizations, like the Mozilla Foundation, Apache Foundation, and Free Software Foundation.

A comprehensive list is beyond the scope of this blog, so I won't cover things like firewalls and root kit detection. However, the tools I describe below will give you a glimpse into the variety of precautions you can take immediately.

Web Browsing

For browsing the Web, I recommend Mozilla's Firefox, a more secure web browser than Microsoft's Internet Explorer. The biggest reason for choosing a more secure browser is that it is more difficult (although unfortunately still not impossible) for a malicious outsider to use a website to deliver malware to your PC.

Anti-Virus

Every Windows PC should have an virus scanner and removal tool, and Grisoft has an excellent free program, AVG Anti-Virus (the free one does the job, but you can pay 'em for additional features).

Spyware Detection and Removal

Spyware can be even more dangerous than a typical virus, at least to the computer user whose PC has been compromised. Spybot Search & Destroy is my favorite tool for this purpose.

Adware Removal

Adware is mostly an annoyance; it uses CPU time and RAM that you want for your own purposes to put advertisements on your screen when you're trying to do work. Lavasoft Ad-Aware Free is my choice for this (the free one does the job, but you can pay 'em for additional features).

Email Safety

Finally, if you're using Microsoft Outlook Express for email, that's just asking for trouble. Either use Microsoft Outlook (without the "Express"), or Mozilla's Thunderbird.

Summary

These tools will make your life much easier, and won't cost you (or, in the case of my acquaintance, your employer) a lot of money. My advice is to take advantage of them and save yourself many of the headaches associated with using a PC on the Internet.

posted at: 11:45 |


Marc Elliot Hall St. Peters, Missouri 

Page created: 21 January 2002
Page modified: 14 November 2006

spacer About Us | Site Map | Privacy Policy | Contact Us | ©1999 - 2006 Marc Elliot Hall