I am quite often asked by individuals or companies how to protect yourself and your computer online – you know, the usual stuff – avoiding viruses, spam and such things. Often, the rationale is – “If I bought the computer and service from my Internet provider – it should all work flawlessly right?”
Well – not quite, the story is a bit more complicated than that. If you are not a car mechanic you don’t service your car – you leave it to professionals. But unfortunately, the perception is not the same with computers – just because you keep them in your bedroom doesn’t mean they are any less complicated to maintain and that you can use them carelessly without knowing what you are doing. You do need to learn to drive your car, don’t you? Well, computers are zillion times more complicated than driving a car but fortunately, there are some simple rules you can apply to make them easier to handle.
As a software publisher, security to our users is of utmost importance – so we have a set of rules you can all use to be safer when connecting to Internet (but also when designing software too). Here they are in arbitrary order and in plain language without too much technobabble.
- Use original software – Original software at least gives you a certain level of guarantee that the program hasn’t been tampered with (software developers and virus-makers are both engineers after all) and with pirated software you cannot be that certain. This doesn’t mean original software is any more secure if the authors don’t apply the security measures themselves.
- Apply software patches and updates religiously – especially if computer is connected to Internet or if the software is Internet-related. In Microsoft Windows this is called Windows Update and for Microsoft Office it is called Office Update. Many other programs from less known companies also have their own update mechanisms – use them! This also applies to online-software (blog software, forum software and similar). Also to bust one more myth – people often claim that Macintosh is more secure than Windows-based PC. Not really true – in fact, there are security leaks a few months old in OS X and still not taken care of. Similar goes for iOS and sometimes for Linux too. So if you paid it more that doesn’t mean it is automatically more secure. Windows are most popular but for this reason alone their emphasis on security is at higher level. I’m not advertising the use of any of these systems, just pointing the fact that software developers do need to patch their software too as well as their users.
- Use latest version of your Internet browser. These days any is really good and a matter of choice – IE 9 is as good as Chrome 17 or Firefox 10 (yes, I know about Safari and Opera too). Yes, there are differences, but they are all very competitive. When using the latest version you make sure you have all the security updates all the time.
- Use firewall and anti-virus (anti-spyware) program. Paid or free is a choice of yours but more often, paid has more advantages – and these guys are constantly into security leaks and patches. Use their wisdom. Companies I would recommend are Kaspersky, Norton 2012 products and the one I personally use – NOD32. As for free variants I like Avira – has some quite nice features but AVG or Avast are also quite good (I did not go too much into virus-detection charts as they change all the time). Note that they can’t be used as substitute to Windows Update – you still need to have fully patched operating system. Fortunately, with Windows and antivirus software – update mechanisms are very easy to use and completely automated. Firewalls on the other hand will stop software to send outgoing data unless you permit them to and with most of them you can do this on individual program level.
- Quick guide to less reliable software sources – Even though you should install software from reliable sources, sometimes you might need to install something from less known manufacturer. Note that digital signature doesn’t mean software is more secure – Gator Corporation for example had fully legit digital signatures while their software was installing spyware. Good way to install unreliable software is to use Sandboxie. The solution which I use myself is virtualization – a full operating system within isolated environment such as VirtualBox or VMware Workstation. The idea here is to install software in a controlled environment and not onto your main operating system. If the software or manufacturer proves to be reliable one, you can proceed to install it onto your main system, if not, you can easily remove it or restore virtualized operating system image to starting one.
- Read those “Do you want to…” dialogs… for God’s sake! Don’t just click “Yes”. I am always amazed how many spyware, toolbars and similar things are installed just because user doesn’t read whatever is offered on the screen. Do not install software if you are tired.
- Do not use unsecured or low-security WiFi – There is always someone listening to such connections – this is probably the easiest way to steal passwords. WEP encryption is easily broken, with WPA and WPA2 you are a bit more secure. But it doesn’t hurt to add additional level of security – make sure you always use HTTPS (secure) version of web sites if available (Facebook has it and Google has it and so do many others). Make sure you always use SSL/TLS-encrypted connections (for Email access, for Usenet access, for web access) wherever possible and available.
I tried to minimize this list as much as I could but security issues are not something that should be taken lightly and you should at least do those minimal measures I’ve covered above. Of course, me – as software developer has quite a bunch of others like – checksuming (MD5, SHA1), comparing binaries by content, compiling software in an isolated environment (like virtualized operating system), making a copy of installation file before running it for testing or storing it in non-compatible environment (for example Windows binary hosted for download on Linux host – where it can’t be executed) and much more – but I don’t think these should be presented to average user that just wants to use his computer without having to worry too much – after all, software can be very complex and needs to be as easy for the end user as possible.