|
SECURITY
FLASH PROTECTION
We’re all using USB flash drives
these days, and very handy they are too, for transferring data from one PC to
another. But the next time you plug your drive into someone else’s PC just ask
yourself, how clean is it? The ease with which you can move data around also
makes it easy for viruses and malware to hitch a ride on your flash drive and
back into your PC. The first thing you should find out when copying data
onto your drive is whether or not the PC you are connecting to has anti-virus
protection, you will be surprised how many don’t. One solution is to carry some
protection with you, the freeware anti-virus scanner AntiVir can be run from a
flash drive and it only takes up around 30Mb of space, which is nothing in
these days of 1 and 2Gb drives. Select the Customise option during installation
to load the program onto your flash drive, and you can run it from the
Avcentre.exe file; to set up an immediate scan simply set one up from the
Schedule tab and if there’s an Internet Connection available make sure you
download the latest updates.
TRAVELS WITH MY DIGICAM
A couple of years ago, whilst on an overseas trip a digital camera
containing scores of irreplaceable images was stolen from my hotel room. Now
I’m slightly paranoid about losing another one and I make sure it’s safely
locked up when I’m not carrying it, with the memory card stored separately from
the camera, but my biggest fear is the safety of the images. They only exist on
the camera’s memory card, so now at the end of every day I download new
pictures to my laptop’s hard drive, and make a second copy on a USB flash
drive, which I keep with me on a key ring. On my most recent trip I also
uploaded several images to my personal web space and sent some prints to friends using
TruPrint’s on-line digital printing service. They were delivered within 48
hours -- well before my return -- and at 10 pence each (plus 99 pence postage)
were a good deal faster and only marginally dearer than sending postcards.
GET
READY FOR THE 2038 BUG
Here's a quick heads-up for a potentially nasty little computer bug that could ruin
your day on January 19th 2038… This one will only affect computers based on the
Unix operating system, which includes some versions of Linux, and Windows 2000
machines running exotic applications may also be affected. The bug is similar
to the notorious Y2K bug in that vulnerable computers will register the time
and date incorrectly when the bug strikes. It’s all to do with the way Unix
computers work out time. Instead of relying on an in built calendar they count
seconds from the notional date the system was conceived, at GMT 00:00:00, on
Thursday, January 1st, 1970, and like a car’s odometer going round the clock,
on bug day it will run out of digits and the counter will roll over and
probably reset to January 1st 1901 or another equally invalid date.
HOW
SAFE IS YOUR WI-FI NETWORK?
One
way to find out is to switch off your router and launch your Wi-Fi
configuration utility. This should have signal strength or ‘Site Manager’
options that will display all of the wireless networks and devices in your immediate vicinity.
If any show up bear in mind that if you can pick up their
signals, they can pick up yours…
In
the early days Wi-Fi security wasn’t such a big issue and the chances of your
network being hacked into, even if you hadn’t enabled WEP encryption, was
fairly small, but now the world and his wife has got Wi-Fi and there is a
good chance that one or more of your neighbours has installed a system, which
could be a problem, for you and for them.
Your Wi-Fi monitor should tell you if your neighbour’s systems are encrypted or not; if you find one that it is open then you should alert them immediately. You can usually tell how close they are to you from the signal strength reading.
Even though you have enabled
the strongest WEP encryption your system supports (and you have switched it on, haven’t you…). Be aware that WEP is not infallible and
it is worth changing the key every few months. I am sure that your neighbours
are decent, honest people, nevertheless do not enable file sharing on any more
folders than are strictly necessary, never share a whole drive and pop along to My Network Places in Windows Explorer every so
often, to make sure that all of the PCs listed as being present on your network
are known to you.
PROTECT YOUR PC
It’s all very well setting
up accounts and passwords on your computer but as you may know there are ways
and means to hack into files and folders once Windows is up and running. If you
are concerned about the security of your PC, particularly if you are using a
laptop, then you should enable the PIN or password facility in your PC’s BIOS
program. Once set this will prevent the machine from booting up by any means,
including boot discs and USB devices. To switch on BIOS security you will need
to enter the setup program that starts immediately after switch on. On most
machines you’ll see a fleeting message that says something like ‘To enter Setup
press Delete’ or a combination of keys, otherwise consult the manual. Once the
BIOS opens the security options menu is usually clearly displayed. If you use
it take good care of your PIN as BIOS security can be extremely tough to crack!
PASSWORD OR PASSPHRASE
How safe are your passwords? Most of us do precisely
the wrong thing and use familiar and easily remembered words and names that a
hacker, or someone who knows you could probably guess. It’s also a mistake to
use any word that appears in an English or foreign dictionary because there
are lots of 'brute force' password cracking programs that simply plough through
hundreds of thousands of common names and words in the hope they'll get lucky.
The
ideal password
should consist of a random mixture of numbers and characters, upper and
lower
case -- the more the better -- and changed regularly, but how on earth
are you
supposed to remember something like ‘K9xp5G49au9’? The answer is you
can't, but
there’s an easily memorised alternative and that’s a 'Passphrase', a
simple
three or four word combination -- preferably meaningless -- that can’t
be
easily guessed, or cracked. Something like ‘cat ties knot’
would be very
difficult for a hacker or software to
crack, and the spaces between the words make it even more impenetrable,
but you should avoid well known phrases or sayings, like 'To be
or not to be’.
SPYWARE BEWARE
There are now a
staggeringly large number of free and paid-for adware and spyware clean-up
tools and websites. Some of them are promoted through pop-up windows on web
pages that suggest your PC may be at risk by displaying ‘hidden’ information
about your computer that the web site has apparently managed to extract. In
most cases these are scams, intended to scare you and the details shown are
quite routinely made available by your browser (type of browser, PC operating
system etc.) and do not represent any threat to your PC’s security. Some
commercial programs do work well, and we’ve included a couple of them this
week, but most should be avoided. At best they don’t work as well as Spybot or
AdAware (see last week’s Boot Camp) but a significant number of them generate
false reports and some of them deliberately infect your PC with spyware and
adware, or worse, so beware! If you are concerned that you might have visited a
dodgy site or downloaded a suspicious program then check them against a list of
rogue products and suspect antispyware sites at: www.spywarewarrior.com/rogue_anti-spyware.htm
SCAM REPORTS
In an ideal world there
would be a mechanism for putting an end to scam emails but since most of those
responsible operate overseas and use anonymous email addresses they are beyond
the reach of the UK authorities. Email blocking and spam filtering software can
help to reduce the flow but in the end only way it will stop is when people
stop responding to them.
Various UK organisations
keep a close watch on Internet fraud and if you are a victim or the target of a
scammer then you can make a report to the SD6 Economic and Specialist Crime OCU
(Organised Crime Unit). Its telephone number and email address can be found on
the Metropolitan Police Fraud Alert website at: www.met.police.uk/fraudalert/index.htm.
Other useful sources of information include the National Hitech Crime Unit:
www.nhtcu.org/nqcontent.cfm?a_id=12347,
Home Office Internet Crime department: www.homeoffice.gov.uk/crime/internetcrime/
and the Internet Watch Foundation: www.iwf.org.uk/
ROGUE DIALLERS
Premium Rate diallers work
by forcing the PC to dial up expensive premium rate lines. The good news is
that they do not work on broadband connections, however, if you have recently
switched from dial-up to broadband you should disconnect the phone cable from
your PC’s modem. If you have a dial-up connection you should constantly monitor
your PC to make sure that it doesn’t log onto the Internet without your say so,
and you should ask BT or your phone provider to put a block on premium rate
numbers.
INSTALL A FIREWALL
If you are new to broadband
then you must upgrade the security of your computer as the ‘always-on’
connection greatly increases the risks of virus infection and hacking. A good
quality virus scanner is absolutely essential and you should install a firewall
program that monitors all incoming and outgoing connections. The firewall
included in Windows XP is not adequate as it only checks incoming connections
and wouldn’t prevent a Trojan or spyware program hijacking your files and
sending data from your PC. (An upgrade of the XP firewall is planned for later
this year).
SPOOF TESTER
There’s a quick and easy to
use spoof ‘tester’ at: www.secunia.com/internet_explorer_address
_bar_spoofing_test/
You will probably find that
Internet Explorer fails the test miserably and at the time of writing Microsoft
had yet to release a patch. There several third-party fixes floating around the
Internet but at least one of them contains adware components. My preferred
solution is to change to a spoof-proof browser, like Avant Browser. It is
freeware and has many useful extras, including a built-in pop-up stopper and
tabbed windows; it can be downloaded from: www.avantbrowser.com/
POWER CUT PROTECTION
Considering the cost of a
PC and the value of the data most of them contain it is a false economy not to
install an Uninterruptible Power Supply or UPS between your mains socket and the computer. They are not expensive, prices start at around £30 but the wrong type can be almost as bad as having no protection
at all. UPS devices are normally rated by capacity, stated in volt-amperes or
‘VA’. Heavy duty models, for network servers and systems may be rated at
upwards of 2000VA but for a single desktop PC and monitor a UPS rated between
300 to 500VA will normally be able to provide between 10 and 15 minutes worth
of power. Many recent UPS have software that in the event of power cut will automatically save all of your data to disc before shutting the PC down.
HIDE FILES
Sometimes you might want
to make certain files on your computer inaccessible, especially if you share
your PC with others. There are plenty of password protection and encryption programs
available for download, but sometimes the simplest solutions are the best. One
easy way to protect a sensitive file is to rename it, and bury it deep inside
Windows, or another unrelated application. Simply open Windows Explorer,
right-click on the file and give it a new name with a fictitious three-letter
extension – your initials perhaps -- then drag and drop it into a folder. Make
sure you remember where you put it and check that you’re not using a genuine
file type with the extension search engine at:
http://extsearch.com/
|