My standard security lecture

Myth: Nobody wants to get into my computer because I don’t have anything important saved on it.

Fact: I don’t care who you are or what you do with your computer, security is important. Do you want the Russian Mafia using your computer? The North Korean military? Al Qaeda?

If you’re OK with that kind of vermin using your computer, then do whatever you want. I hope you don’t have problems sleeping at night. If you don’t want that kind of vermin using your computer, I suggest you read on.Odds are, the next 9/11 isn’t going to involve airplanes or even bombs. It’s more likely to be a computer attack of some sort.

Modern computer viruses generally join infected computers together into large networks, which then “phone home” for orders. They can sit dormant for a long time, or they can start carrying out orders immediately. Those orders could be sending out spam e-mail messages. Or those orders could be to conduct an attack on some other computer, perhaps a bank, or perhaps a government or military operation.

Imagine Al Qaeda building a network of a few million computers, then using that network to overwhelm an important computer. When Amazon or eBay have a bad day and you can’t get to them, it’s possible they’re being attacked and struggling to cope with it.

The same approach that crashes Amazon.com could theoretically be used to crash the stock market or the Space Shuttle. Fortunately, that kind of trick is nearly impossible. But not completely.

Building the network is the easy part. Locating a target to point it at is the hard part.

The network already exists. There was a virus expected to trigger on April 1 of this year. It didn’t, for whatever reason. But everything isn’t OK. The network still exists, it’s still growing, and nobody’s figured out yet who built it, what they intend to do with it, and how to get in and disable it. Believe me, there are experts around the world trying to figure it out.

Whoever or whatever is behind it, you don’t want your computer unwittingly participating in it.

Here’s to avoid inadvertently aiding and abetting criminals and terrorists with sloppy computer security practices.

1. Use antivirus software and keep it up to date. Many Internet providers will give you antivirus software for free these days. Call your provider and ask. If not, download Microsoft Security Essentials.

2. Configure Automatic Updates. This allows Microsoft to fix security vulnerabilities in your computer as they’re discovered. Macintosh users, don’t get smug. You need to configure Apple update too–Apple releases a dozen or so fixes every month to fix security issues on Macs too.

3. Don’t open unexpected e-mail attachments. It’s been 12 years since this has been safe to do, but people do it anyway. STOP. NOW. I don’t care how funny the joke is, or how cute or hot or whatever the picture is.

4. Don’t open unexpected e-mail, for that matter. Booby-trapping an e-mail message with a virus isn’t especially difficult to do. Frankly, if any e-mail message looks suspicious (a subject line like HOT HORNY SINGLES WANT TO TALK TO YOU NOW! is usually a giveaway), I just delete it.

5. And if you ignore steps 3 and 4, for Pete’s sake, don’t buy anything. Nearly 10% of people actually buy something based on spam e-mail messages. That just encourages all of this other activity.

6. Use web-based e-mail. Most web-based providers use good spam and virus filtering, giving you an extra layer of protection.

7. Use an alternative web browser and e-mail program. Internet Explorer is literally a superhighway for viruses and other malicious software to hook directly into the operating system. Use Firefox, Chrome, or Opera.

Have I scared the living daylights out of you? Good. If your computer is beyond help, get a reputable IT professional to clean it up. Then start doing these things. If your computer is OK right now, start doing these things.

And then stop aiding and abetting criminals and terrorists.

%d bloggers like this:
WordPress Appliance - Powered by TurnKey Linux