Cheap geek: Security

November 27, 2007

This is the fourth installment in a series on free software. Today the theme is something that is actually important: security. If you have a computer connected to the internet (and, fair reader, my guess is you do) you need to take steps to secure your system against malicious activity. Many people take a relaxed attitude toward computer security: why would anyone want to pick on little old me? The truth is that online crime is a booming business, and many attackers strike at random. They can break your system, steal information, or even take over your system and use it for their purposes without your noticing. I once left my computer insecure for a few weeks and later found that someone was using it to store their music files. I was lucky it wasn’t used for something worse.

One might argue that if security is really important, it would be more prudent to buy security software than to rely on free software. It’s not a terrible argument, but neither is it as strong as you might suppose. I purchased the security suite from McAfee, one of the leading security companies, but after a while it crapped out, I couldn’t repair it, Dell customer service was even more incompetent than me, and eventually I uninstalled it in favour of free applications. I’ve been quite happy since (except when I remember that I’m still paying for the McAfee license).

I’ll discuss a few different topics: anti-malware applications, firewalls, software updaters, and secure web browsing.

Anti-malware

A minimum requirement is to have both anti-virus and anti-spyware protection. For an anti-virus application, I recommend the much-praised AVG Anti-Virus Free. It has a well-maintained set of virus signatures, downloads automatic updates, and can be configured to scan your computer on a regular schedule. The only significant downside is that it uses a fair amount of memory — but then so do the commercial anti-virus scanners.

AVG also produces a well-regarded anti-spyware application called, reasonably enough, AVG Anti-Spyware Free. I have tried it, but I had some problems with the auto-update feature, so I removed it from my system. Instead, I use two other applications. Spybot Search & Destroy is a good tool that performs fairly well in industry tests. It scours your system looking for tracking cookies that are used to trace your internet activity. The current version also includes a module (‘Tea-Timer’) that will raise an alert whenever changes are made to the Windows registry. Spybot’s functionality is somewhat limited – no scheduled scans or automatic updates, for instance – but I don’t consider those serious limitations. The second application I use is PC Tools Spyware Doctor, which comes bundled in the Google Pack. It offers, in addition to full system scans, a degree of real-time protection to nip problems in the bud. Regular scans can be scheduled to run in the background, and updates are automatic.

Firewalls

A firewall is a network traffic filter. It monitors your network connection – both ingoing and outgoing – and blocks or permits traffic in compliance with a customized set of rules. This is a tough category for anyone committed to using free software only, for while there are a number of options, I have yet to find one that is really satisfactory. Some crashed, others made previously installed software stop working. For a long while I used Jetico Personal Firewall, and if it were just a firewall I would recommend it heartily. But it also monitors your system’s processes in real time, and this component is very chatty: windows were always popping up asking whether I wanted to permit this or that. In time I grew weary of these interruptions and uninstalled it. I’m back to relying on the firewall that comes bundled with Windows XP. Since it is included in every Windows installation you could think of it as free, but only if you squint a little.

Software Updaters

Every piece of software has some bugs, and these can sometimes affect the security of your system. Certain types of software defects can be used by malicious parties to take control of the application, or even of the computer on which it is running. Software developers are constantly discovering these problems in their code, and issuing new, repaired versions of the software. For this reason, it is important to regularly update your software. I will recommend three tools that help with this task:

  • If you are running Windows, it is imperative that you regularly install the patches issued by Microsoft. On the second Tuesday of every month (‘Patch Tuesday’) they release a set of updates for Windows and other Microsoft software. Windows has an auto-update feature that will download and install these patches without your intervention; use it!
  • Secunia Personal Inspector is an application that runs in the background and monitors the software you have installed. When a new security-related bug is discovered and reported to the major agencies that track such information, the program will inform you that you are running insecure software. If a fix is available, it will help you to apply it. At the present time it monitors the security status of more than 4000 different programs. Try it out; I was very surprised to find how many insecure programs I was running.
  • The FileHippo update client doesn’t track as many programs as Secunia (indeed, it only tracks the ones that can be downloaded from the FileHippo site), but it did find several out-of-date applications on my system that Secunia missed. It doesn’t tell you why your program has been updated – was there a security problem or just a functionality change? – but even so I think it is quite useful. I run it on my system once every few weeks and update if anything new is available.

Secure web browsing

Web browsing is actually one of the more hazardous things you can do online. Your browser encounters code on web sites and executes it locally on your system. Most of the time this is benign, but it can be used for nefarious purposes. There are a few simple things you can do to protect yourself.

First, install the McAfee Site Advisor into your browser. This very helpful utility adds extra information to your Google search results, indicating whether the link you are about to click is friendly or not. If the site you are going to is known to send spam, or has malicious code embedded in it, or would otherwise be inhospitable to visitors, McAfee Site Advisor puts a big red X next to the link. If that doesn’t help, you have noone to blame but yourself.

Second, Firefox users should install the NoScript extension. NoScript prevents JavaScript and Java code from being executed by your browser, unless you grant permission. It will break the functionality of some sites – indeed, this is the whole point – but if you trust the site the functionality can be restored. It will protect you from a variety of attacks, including the increasingly common and consistently horrible (especially to those who have tried to understand them) cross-site scripting attacks.

Finally, you can try Sandboxie, an amazing tool that isolates your browser from the rest of your computer, thus preventing any nastiness you may encounter online from getting access to your files. I haven’t used this very much myself, but I sure like the idea.

*

That’s it for this installment. I’d be very pleased to hear if you have any recommendations or comments.

About these ads

5 Responses to “Cheap geek: Security”

  1. Adam Hincks Says:

    Three steps for secure computing:

    a). Install a real operating system, like Linux. If your box is running Windows, you already have the Microsoft virus.
    b). Make sure the firewall is turned on.
    c). Use common sense: e.g., don’t download files that you don’t know anything about.

  2. Doug Says:

    Get a Mac!

  3. cburrell Says:

    I take your points, of course, and to some extent your advice is sound. There are fewer — perhaps even far fewer — nasties to avoid if you have a Mac or a Linux box. But the advantage is accidental, and your advice defeats itself. The comparative security of those operating systems derives primarily from the fact that their use is not widespread. If we all took your advice, that would change: the incentive to find weaknesses in Mac and *nix systems would increase, and they would suddenly be found to be plagued with security problems. So let’s have no putting on of airs.

    Which is not to say I won’t someday take your advice. A contingent benefit is still a benefit.

  4. Adam Hincks Says:

    Let me at this time extract my tongue from my cheek. There.

    Though I am not a great expert (you ought to be Craig, or else our country is in trouble) I think that Linux OS’s are inherently more secure — being open source means that there are that many more people able to contribute to security. On my Kubuntu distribution, for example, there are not updates every week, but daily.

    Moreover, there is likely great incentive to hack these lesser-used OS’s because they are heavily used as web and database servers, which are much juicier targets.

    But no matter which OS one uses, it is basic steps which are most important: make sure your firewall is on (if you are not behind a router). Use common sense when browsing the web. I ran Windows for years using these simple rules, with no anti-virus software or anything like this, and never had any trouble.

  5. cburrell Says:

    You are right, Adam, that online “street smarts” are one of the most important factors. You can put all the technical safeguards in place, but if the user is going to insist on doing dumb things — like clicking on that blinking icon, or opening that attachment from a mysterious correspondent — then the bad guys will have their way. Common sense, as you say, is a critical part of security.

    The issue of open source vs. closed source security is one that is debated. In theory, open source software should be more secure because anyone can look at the code and find problems. In practice, however (and I wish I could find the statistics), the great majority of open source projects have only a handful of people working on them, so the code is not actually being reviewed for security problems. There are only a few major projects, such as the Linux kernel, that are regularly reviewed by large numbers of people, and I agree that in those cases the security of the software is certainly enhanced.

    In recent years we see an increasing trend away from attacking servers (most of which run a variant of Linux) to attacking home users (most of which run Windows). This may be partly due to the relative security of Linux server software, but is also partly because the goals have changed. Attacking servers is a great way to disrupt Internet service, but gaining a foothold on ordinary users’ systems has other advantages. If you are trying to build a botnet, for instance, it is far better to do so using home systems because your activities are less likely to be discovered. Home systems are also great platforms from which to steal login credentials, banking information, and other details which criminals can use to make money.

    Good discussion!


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 151 other followers

%d bloggers like this: