Monday, 25 April 2011

PC Security

I want to take a moment to talk about pc security since it seems a big deal to a lot of people. Viruses, Trojans, Worms, Hackers, Rootkits, Spam and Malware are some of the most frequently used and alarming terms in modern computing.
In fact many of these terms and others like them are used incorrectly and interchangeably but at their heart they all have one thing in common: to make your computer act differently than it normally does when operated by you. 
It is the purpose of the 'infection' that is what differentiates one from the other.

So How Do You Get These Problems?
As you've probably already guessed there are many ways of becoming 'infected' or being 'hacked' but most problems are caused by just the two following processes: 

  • Opening email you don't recognise or haven't asked for (Spam) can lead to infection though most spam is just irritating content farm drivel nobody can be bothered to look for and share themselves. 


Dangerous spam is unwanted email that contains to links to sites that will try to convince you to sign up to something with the eventual aim of making you pay for it via a subscription service that is difficult to stop. Another way to compromise you is to take you to a site where you'll be prompted to download the naughty code or 'scan your system for errors' or some such call to do something

  • Downloading programs or software (apps) from places you are not confident are secure and trustworthy suppliers.


Here again I think a distinction should be made between the mildly irritating like included toolbars and the out and out theivery of  a malicious rootkit. The former can be uninstalled if you mistakenly allow it to install during setup of a program that you actually want. The latter is a more complex and much less desirable attempt to effectively take over your pc as if it were you - only more powerful.

Prevention is for the Lazy, Cure is for the Masochist

You can easily defeat 99.9999999999% of threats to your computer system with free software. What follows is a list of what I use and should not be taken to be  perfect for your setup.
  1. Windows Update-turn it on and let it do its thing - Microsoft has a vested interest in making sure their Operating systems are as secure as possible (and they power most of the worlds computers) - so let them clever boys at Microsoft add little bits of protection when vulnerabilities are discovered.
  2. Protect Your Registry - the registry in your pc is the set of programs you've installed. Changing things in there can stop your pc working and cause you to lose work (what is called a system crash). Windows 7 and Vista have that pop up that warns that something wants to make changes to your pc so you need to make sure that is enabled too. Zone Alarm* allows you to monitor these proposed changes and you'll soon get used to what is and isn't acceptable to you. Happily, there's a free version too! :) Another good tool I have used in the past is another free one called Winpatrol* that puts a little scotty dog in your system tray (down in the bottom right hand corner next to the clock on your screen) who'll alert you with a 'woof' and a pop up to changes like new start-up items, changes to home page settings etc
  3. Protect Passwords and Change them regularly - having a good password ie. one that isn't readily guessed by others but that is easy for you to remember seems to be a daunting skill for most people I encounter but I still remember the registration of my first car so can use that, or a variation of it, from time to time. It's also a good password because it's both letters and numbers rather than just using a short all-letter password like your dogs name (easily guessable, known to anyone/easy to find out etc). I wonder how many people react with shock when they read that because they use their dogs name?
  4. Just because it's downloadable Doesn't mean it's good - As with much in life there is seldom much of value given away freely. Before you download something ask yourself 'Do I Trust This Site?' and 'What Do I Have to Agree To to Get It?' A couple of my trusted sources are Sourceforge* and Filehippo*. I've watched the computer virus news and I've been on the tech forums (for years) and haven't seen anything to make me feel like I couldn't trust them anyway, and it's all about comfort for me :)
Ok I Am Infected What Do I Do Now?

If you don't have a friendly tech mate who can do this for you here's what you can do:

Identify the culprit program and uninstall it. This likely will not work save for all the most basic trash that one picks up. It's in your registry and it has made itself at home.
If you can't uninstall it use a program like WinPatrol* or CCleaner* to remove it from the start up list of programs but take care as you wouldn't want to remove something vital from there. Check twice that you have correctly identified the miscreant program before you go disabling things, and in any case only disable one thing at a time before restarting your machine to see if the situation is improved.
If this doesn't solve your issue but you have successfully identified the rogue stuff I have successfully treated these infections by renaming the folder where the startup code for that bad stuff resides so Windows can't find it when the instructions in the registry tell it to go get the startup instructions for the problem software. Basically you then get a popup from Windows saying some error message click ok or ignore or skip or whatevr the option provided is. Then try again to uninstall it.
This works because in some cases the app needs to be running to actively prevent the uninstall procedure. 

No Wait, I Only Think I Might Be Infected...

In this case you can run a scan for known Trojans, Worms etc. I use Spybot Search & Destroy when I suspect problems are caused by bad software - it's another freebie yeyyyyy!!
I don't need to do this very often and it's almost always clean and just some ill made feature of some program I'm using that either doesn't work properly or causes conflicts with my other favourite trusted programs. Juts make sure that you are using a very up to date database of virus definitions before you scan or the latest threats won't be included in the scan process. There will always be a 'check for updates' button in the main display screen of the system scanner

HTTPS ... what's the story?

We all know and love HTTP (Hyper Text Transfer Protocol- note here the word 'transfer'), well HTTPS is the secure version. Simples!
It's secure because information is coded in a more complex way and using a stronger (because it's longer) algorithm; this means it takes more time (or better more expensive computers) to work out the encoded material - you'd have to be sure you were likely to find what you were looking for before beginning the mammoth task of cracking that!
HTTPS is used for checkout pages on ecommerce web sites, banking and other account and password pages
and recently the address bar has been styled to go green when using a secure connection








Stuxnet

Stuxnet is the name of the most complex infection so far recorded. It was used to disable the machinery of the plutonium enrichment facilities of the State of Iran by upsetting the spin of centrifuges causing failure of the process. All of the tech reports I have read on the subject say that it 'must have been an international effort' to have achieved its aim and have involved such technical genius as to prevent it being the work of one man... high praise indeed.
The fact of the matter is that the infection was delivered via an innocuous route posing as a harmless process that had been downloaded or inserted to a computer where somebody hadn't been as careful as they might have been who then took it into a secret facility. You can imagine how easily it could have failed.

Well I hope you feel better about your system security now. If you have any comments or questions, and I see that others are saying the same, I'll respond with a new post.

FV