Feeds

Everything you ever wanted to know about PC security

But were too stupid to ask

  • alert
  • submit to reddit

The essential guide to IT transformation

Security clearing house CERT has published advice on how home PC users can protect themselves from the security threats posed by the Internet.

Traditionally the importance of consumers becoming aware of security risks has been a neglected area, but the emergence of Trojan horses which can turn domestic PCs in zombie clients that can harm enterprise Web sites has meant everyone needs protection. Throw into the mix the increasing prevalence of email-aware worms and the use of always on connections, which makes machines far easier to hack, and you have the makings of a serious problem.

To its credit CERT have recognised this and produced a document (CERT's guide to home network security) that explains to the consumer what the main Internet security risks are and how best to defend against them. It's also commendably honest by stating that its very much up to users to make sure they're secure - ISPs can't be relied on to protect their customers.

For the most part the document is clearly written and provides good arguments why it is a user's own interests to keep security patches and antiviral protection up to date (no-one likes to have their email riffled through). It also explains why it might be a good idea for consumers to use personal firewalls (such as Zone Alarm) to protect PCs linked to the Internet via always-on broadband connections.

Parts of the document get rather more technically involved and we wonder whether newbies really need to know the finer points of Network Address Translation (NAT) or UDP (User Datagram Protocol). Also we feel that the guide doesn't mention digital certificates, an understanding of which would help consumers to be more clued up about ecommerce. But these are minor quibbles.

The top twelve security risks for domestic users to be wary of (according to CERT) are:


  • Trojan horse programs
  • Back door and remote administration programs - such as BackOrifice, which allow others to control a PC
  • Denial of Service - attacks which prevent you using your computer
  • Being an intermediary for another attack - having your computer seized for use in an attack on someone else's system
  • Unprotected Windows shares - which allow viruses to spread more easily
  • Mobile code (Java, JavaScript, and ActiveX) - CERT advises users to disable mobile code on their browser
  • Cross-site scripting - risks from visiting maliciously constructed Web sites
  • Email spoofing - forged email can be used to trick users into giving away important information
  • Email-borne viruses - such as the Love Bug and the SirCam worm etc.
  • Hidden file extensions- a popular trick used by virus authors used to trick users into opening infected attachments
  • Chat clients - Internet Relay Chat allows the exchange of executable code, so newbies need to be wary of exchanging files
  • Packet sniffing - can capture passwords travelling over a network and this, to us, seems to be a more esoteric risk

CERT doesn't neglect risks that can arise even if you're nowhere near the Internet, such as disk failure or (obviously) physical theft. Helpfully it's come up with an action plan for consumers to consider:


  • Consult your system support personnel if you work from home
  • Use virus protection software
  • Use a firewall
  • Don't open unknown e-mail attachments
  • Don't run programs of unknown origin
  • Disable hidden filename extensions
  • Keep all applications (including your operating system) patched
  • Turn off your computer or disconnect from the network when not in use
  • Disable Java, JavaScript, and ActiveX if possible
  • Disable scripting features in email programs
  • Make regular backups of critical data
  • Make a boot disk in case your computer is damaged or compromised

Useful advice, which bears a quick read even for those consumers who are quiet knowledgeable about computers. If more people took on board what CERT had to say (well we can hope?) then the Internet would be a far more secure place. ®

External Links

CERT guide to home network security

Related Stories

IIS worm made to packet Whitehouse.gov
Internet survives Code Red
Privacy threatening worm on the loose
Users haven't learned any lessons from the Love Bug
Reports of death of email viruses greatly exaggerated?
IRC network comes under denial of service attack
Massed hack attack hits major Web sites
Hackers run amok during Defcon

Next gen security for virtualised datacentres

More from The Register

next story
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
Snowden on NSA's MonsterMind TERROR: It may trigger cyberwar
Plus: Syria's internet going down? That was a US cock-up
Who needs hackers? 'Password1' opens a third of all biz doors
GPU-powered pen test yields more bad news about defences and passwords
Think crypto hides you from spooks on Facebook? THINK AGAIN
Traffic fingerprints reveal all, say boffins
Microsoft cries UNINSTALL in the wake of Blue Screens of Death™
Cache crash causes contained choloric calamity
Germany 'accidentally' snooped on John Kerry and Hillary Clinton
Dragnet surveillance picks up EVERYTHING, USA, m'kay?
prev story

Whitepapers

5 things you didn’t know about cloud backup
IT departments are embracing cloud backup, but there’s a lot you need to know before choosing a service provider. Learn all the critical things you need to know.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.