Feeds

Everything you ever wanted to know about PC security

But were too stupid to ask

  • alert
  • submit to reddit

5 things you didn’t know about cloud backup

Security clearing house CERT has published advice on how home PC users can protect themselves from the security threats posed by the Internet.

Traditionally the importance of consumers becoming aware of security risks has been a neglected area, but the emergence of Trojan horses which can turn domestic PCs in zombie clients that can harm enterprise Web sites has meant everyone needs protection. Throw into the mix the increasing prevalence of email-aware worms and the use of always on connections, which makes machines far easier to hack, and you have the makings of a serious problem.

To its credit CERT have recognised this and produced a document (CERT's guide to home network security) that explains to the consumer what the main Internet security risks are and how best to defend against them. It's also commendably honest by stating that its very much up to users to make sure they're secure - ISPs can't be relied on to protect their customers.

For the most part the document is clearly written and provides good arguments why it is a user's own interests to keep security patches and antiviral protection up to date (no-one likes to have their email riffled through). It also explains why it might be a good idea for consumers to use personal firewalls (such as Zone Alarm) to protect PCs linked to the Internet via always-on broadband connections.

Parts of the document get rather more technically involved and we wonder whether newbies really need to know the finer points of Network Address Translation (NAT) or UDP (User Datagram Protocol). Also we feel that the guide doesn't mention digital certificates, an understanding of which would help consumers to be more clued up about ecommerce. But these are minor quibbles.

The top twelve security risks for domestic users to be wary of (according to CERT) are:


  • Trojan horse programs
  • Back door and remote administration programs - such as BackOrifice, which allow others to control a PC
  • Denial of Service - attacks which prevent you using your computer
  • Being an intermediary for another attack - having your computer seized for use in an attack on someone else's system
  • Unprotected Windows shares - which allow viruses to spread more easily
  • Mobile code (Java, JavaScript, and ActiveX) - CERT advises users to disable mobile code on their browser
  • Cross-site scripting - risks from visiting maliciously constructed Web sites
  • Email spoofing - forged email can be used to trick users into giving away important information
  • Email-borne viruses - such as the Love Bug and the SirCam worm etc.
  • Hidden file extensions- a popular trick used by virus authors used to trick users into opening infected attachments
  • Chat clients - Internet Relay Chat allows the exchange of executable code, so newbies need to be wary of exchanging files
  • Packet sniffing - can capture passwords travelling over a network and this, to us, seems to be a more esoteric risk

CERT doesn't neglect risks that can arise even if you're nowhere near the Internet, such as disk failure or (obviously) physical theft. Helpfully it's come up with an action plan for consumers to consider:


  • Consult your system support personnel if you work from home
  • Use virus protection software
  • Use a firewall
  • Don't open unknown e-mail attachments
  • Don't run programs of unknown origin
  • Disable hidden filename extensions
  • Keep all applications (including your operating system) patched
  • Turn off your computer or disconnect from the network when not in use
  • Disable Java, JavaScript, and ActiveX if possible
  • Disable scripting features in email programs
  • Make regular backups of critical data
  • Make a boot disk in case your computer is damaged or compromised

Useful advice, which bears a quick read even for those consumers who are quiet knowledgeable about computers. If more people took on board what CERT had to say (well we can hope?) then the Internet would be a far more secure place. ®

External Links

CERT guide to home network security

Related Stories

IIS worm made to packet Whitehouse.gov
Internet survives Code Red
Privacy threatening worm on the loose
Users haven't learned any lessons from the Love Bug
Reports of death of email viruses greatly exaggerated?
IRC network comes under denial of service attack
Massed hack attack hits major Web sites
Hackers run amok during Defcon

Secure remote control for conventional and virtual desktops

More from The Register

next story
One HUNDRED FAMOUS LADIES exposed NUDE online
Celebrity women victimised as Apple iCloud accounts reportedly popped
Rubbish WPS config sees WiFi router keys popped in seconds
Another day, another way in to your home router
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
New Snowden leak: How NSA shared 850-billion-plus metadata records
'Federated search' spaffed info all over Five Eyes chums
Three quarters of South Korea popped in online gaming raids
Records used to plunder game items, sold off to low lifes
prev story

Whitepapers

Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Advanced data protection for your virtualized environments
Find a natural fit for optimizing protection for the often resource-constrained data protection process found in virtual environments.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.