Feeds

Everything you ever wanted to know about PC security

But were too stupid to ask

  • alert
  • submit to reddit

The Power of One eBook: Top reasons to choose HP BladeSystem

Security clearing house CERT has published advice on how home PC users can protect themselves from the security threats posed by the Internet.

Traditionally the importance of consumers becoming aware of security risks has been a neglected area, but the emergence of Trojan horses which can turn domestic PCs in zombie clients that can harm enterprise Web sites has meant everyone needs protection. Throw into the mix the increasing prevalence of email-aware worms and the use of always on connections, which makes machines far easier to hack, and you have the makings of a serious problem.

To its credit CERT have recognised this and produced a document (CERT's guide to home network security) that explains to the consumer what the main Internet security risks are and how best to defend against them. It's also commendably honest by stating that its very much up to users to make sure they're secure - ISPs can't be relied on to protect their customers.

For the most part the document is clearly written and provides good arguments why it is a user's own interests to keep security patches and antiviral protection up to date (no-one likes to have their email riffled through). It also explains why it might be a good idea for consumers to use personal firewalls (such as Zone Alarm) to protect PCs linked to the Internet via always-on broadband connections.

Parts of the document get rather more technically involved and we wonder whether newbies really need to know the finer points of Network Address Translation (NAT) or UDP (User Datagram Protocol). Also we feel that the guide doesn't mention digital certificates, an understanding of which would help consumers to be more clued up about ecommerce. But these are minor quibbles.

The top twelve security risks for domestic users to be wary of (according to CERT) are:


  • Trojan horse programs
  • Back door and remote administration programs - such as BackOrifice, which allow others to control a PC
  • Denial of Service - attacks which prevent you using your computer
  • Being an intermediary for another attack - having your computer seized for use in an attack on someone else's system
  • Unprotected Windows shares - which allow viruses to spread more easily
  • Mobile code (Java, JavaScript, and ActiveX) - CERT advises users to disable mobile code on their browser
  • Cross-site scripting - risks from visiting maliciously constructed Web sites
  • Email spoofing - forged email can be used to trick users into giving away important information
  • Email-borne viruses - such as the Love Bug and the SirCam worm etc.
  • Hidden file extensions- a popular trick used by virus authors used to trick users into opening infected attachments
  • Chat clients - Internet Relay Chat allows the exchange of executable code, so newbies need to be wary of exchanging files
  • Packet sniffing - can capture passwords travelling over a network and this, to us, seems to be a more esoteric risk

CERT doesn't neglect risks that can arise even if you're nowhere near the Internet, such as disk failure or (obviously) physical theft. Helpfully it's come up with an action plan for consumers to consider:


  • Consult your system support personnel if you work from home
  • Use virus protection software
  • Use a firewall
  • Don't open unknown e-mail attachments
  • Don't run programs of unknown origin
  • Disable hidden filename extensions
  • Keep all applications (including your operating system) patched
  • Turn off your computer or disconnect from the network when not in use
  • Disable Java, JavaScript, and ActiveX if possible
  • Disable scripting features in email programs
  • Make regular backups of critical data
  • Make a boot disk in case your computer is damaged or compromised

Useful advice, which bears a quick read even for those consumers who are quiet knowledgeable about computers. If more people took on board what CERT had to say (well we can hope?) then the Internet would be a far more secure place. ®

External Links

CERT guide to home network security

Related Stories

IIS worm made to packet Whitehouse.gov
Internet survives Code Red
Privacy threatening worm on the loose
Users haven't learned any lessons from the Love Bug
Reports of death of email viruses greatly exaggerated?
IRC network comes under denial of service attack
Massed hack attack hits major Web sites
Hackers run amok during Defcon

The Power of One eBook: Top reasons to choose HP BladeSystem

More from The Register

next story
BMW's ConnectedDrive falls over, bosses blame upgrade snafu
Traffic flows up 20% as motorway middle lanes miraculously unclog
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
Putin: Crack Tor for me and I'll make you a MILLIONAIRE
Russian Interior Ministry offers big pile o' roubles for busting pro-privacy browser
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.