Everything you ever wanted to know about PC security
But were too stupid to ask
Security clearing house CERT has published advice on how home PC users can protect themselves from the security threats posed by the Internet.
Traditionally the importance of consumers becoming aware of security risks has been a neglected area, but the emergence of Trojan horses which can turn domestic PCs in zombie clients that can harm enterprise Web sites has meant everyone needs protection. Throw into the mix the increasing prevalence of email-aware worms and the use of always on connections, which makes machines far easier to hack, and you have the makings of a serious problem.
To its credit CERT have recognised this and produced a document (CERT's guide to home network security) that explains to the consumer what the main Internet security risks are and how best to defend against them. It's also commendably honest by stating that its very much up to users to make sure they're secure - ISPs can't be relied on to protect their customers.
For the most part the document is clearly written and provides good arguments why it is a user's own interests to keep security patches and antiviral protection up to date (no-one likes to have their email riffled through). It also explains why it might be a good idea for consumers to use personal firewalls (such as Zone Alarm) to protect PCs linked to the Internet via always-on broadband connections.
Parts of the document get rather more technically involved and we wonder whether newbies really need to know the finer points of Network Address Translation (NAT) or UDP (User Datagram Protocol). Also we feel that the guide doesn't mention digital certificates, an understanding of which would help consumers to be more clued up about ecommerce. But these are minor quibbles.
The top twelve security risks for domestic users to be wary of (according to CERT) are:
- Trojan horse programs
- Back door and remote administration programs - such as BackOrifice, which allow others to control a PC
- Denial of Service - attacks which prevent you using your computer
- Being an intermediary for another attack - having your computer seized for use in an attack on someone else's system
- Unprotected Windows shares - which allow viruses to spread more easily
- Cross-site scripting - risks from visiting maliciously constructed Web sites
- Email spoofing - forged email can be used to trick users into giving away important information
- Email-borne viruses - such as the Love Bug and the SirCam worm etc.
- Hidden file extensions- a popular trick used by virus authors used to trick users into opening infected attachments
- Chat clients - Internet Relay Chat allows the exchange of executable code, so newbies need to be wary of exchanging files
- Packet sniffing - can capture passwords travelling over a network and this, to us, seems to be a more esoteric risk
CERT doesn't neglect risks that can arise even if you're nowhere near the Internet, such as disk failure or (obviously) physical theft. Helpfully it's come up with an action plan for consumers to consider:
- Consult your system support personnel if you work from home
- Use virus protection software
- Use a firewall
- Don't open unknown e-mail attachments
- Don't run programs of unknown origin
- Disable hidden filename extensions
- Keep all applications (including your operating system) patched
- Turn off your computer or disconnect from the network when not in use
- Disable scripting features in email programs
- Make regular backups of critical data
- Make a boot disk in case your computer is damaged or compromised
Useful advice, which bears a quick read even for those consumers who are quiet knowledgeable about computers. If more people took on board what CERT had to say (well we can hope?) then the Internet would be a far more secure place. ®
IIS worm made to packet Whitehouse.gov
Internet survives Code Red
Privacy threatening worm on the loose
Users haven't learned any lessons from the Love Bug
Reports of death of email viruses greatly exaggerated?
IRC network comes under denial of service attack
Massed hack attack hits major Web sites
Hackers run amok during Defcon