I: Personal Computer Safety
1. Anti-Virus
Viruses are the bane of many a PC user’s existence. They can attack you through malicious web sites, corrupt important system files and even erase important data. However, you can keep yourself safe with anti-virus software. Anti-virus software comes in several types of packages – best of all, some of the most effective anti-virus tools are freeware. Virus detection can also be achieved through online checks. It is imperative to understand their necessity, especially since they can slow down system performance and prompt the user with unfamiliar commands.
Normally, anti-virus software has three modes of detection:
1. Signature based detection – The most common method. It matches the contents of any infected files against a data base of virus signatures that
are updated on a regular basis.
This mode even examines files in pieces to detect the infected areas. However, constant updating of virus database definitions is essential.
2. Malicious activity detection – Monitors your system for suspicious behaviour. In case any suspicious activity is detected, the system initiates signature based detection. This is useful for catching unknown viruses that may not be listed in the database.
3. Heuristic based detection – The most system taxing mode of detection but the most effective for detecting unknown viruses. This is done through two methods: File analysis and file emulation. In file analysis, virus-like instructions that may be embedded in different programs rather than suspicious behaviour is investigated. If a program has instructions to format the C drive, for example, the anti-virus examines this program more closely. File emulation involves executing a program in a virtual environment and logging the actions that occur, according to which the anti-virus takes appropriate disinfection measures. As stated however, both methods of this detection requires large amount of system resources.
One of the most reliable anti-virus solutions available is AVG Free. It’s divided into three sections: Overview, Computer Scanner and Update Now. Overview provides info on the version running, last scan performed and the last definitions update. It also showcases all the option available like Link Scanner, E-mail Scanner, etc. and easily indicates whether they are up-to date (green) or outdated (red) along with their active status. If outdated, clicking on an option provides solutions.
Computer Scanner allows you to edit scan settings for the entire computer or specific folders and files. Scan settings let you determine scan access priority (fast, automatic or slow), the use of heuristics, automatically healing/removing infections and more. Scans can be also scheduled to run at specific times, on start-up or even after every few hours.
The Update Now section is the most straightforward tab. It automatically connects online to fetch the latest virus database definitions for detecting matching virus signatures.
For more options, click on Tools > Advanced settings. You can schedule scans for different components on the basis of frequency, time of day and what not. You can also determine update priorities, proxy settings, types of file extensions to be detected by the Resident Shield, etc.
On short notice at any time, free anti-virus scans are also available online through several reliable sites such as:
•http://www.kaspersky.com/virusscanner
•http://security.symantec.com
•http://us.mcafee.com/root/mfs/scan.asp?affid=56
•http://www.bitdefender.com/scan8
•http://onecare.live.com/site/en-us/default.htm
•http://ca.com/securityadvisor/virusinfo/scan.aspx
•http://www.ewido.net/en/onlinescan
•http://www.pandasecurity.com/homeusers/solutions/adivescan
Some essential tips to preventing virus infections: Always scan external media. Schedule daily scans and updates (at the minimum). Never ever execute files from unknown email senders or follow unfamiliar links.
2. Anti-spyware
Judging from its name, you’d assume spyware was simply malware that monitors your PC activities. Spyware indeed collects personal information regarding what sites you visit and for how long. However, it can also wrest control from the user. It redirects one’s browser activity and even permits the installation of additional software without one’s consent or knowledge. Spyware doesn’t infect neighbouring computers; it attacks by exploiting software loopholes. Some of its other more damaging effects include:
-Higher CPU utilisation
-Unwanted disk usage
-System crashes
-Software freezing
-Start-up failures
-Lower connection speeds
Spyware has several routes of infection. A common method is by “piggy-backing” on software downloads (such as Kazaa and Limewire). It can also come bundled with shareware. Keep in mind that the download itself is still safe, once the software is installed the spyware will be as well. Spyware authors often repackage popular freeware with installers for spyware.
Browsers such as Internet Explorer prevent any downloads from taking place without the user’s permission. Through security holes in the web browser, certain web pages can override this and install spyware on the user’s PC. This has come to be known as “drive-by download” since the user is helpless during the attack. It should be noted that later versions of IE have amended these loopholes.
Certain freeware “anti-spyware” programs can also contain spyware. There are currently over 300 listed applications. Such programs are classified as “rogue” antispyware programs. Examples of such malicious programs are Spy Wiper, WorldAntiSpy, Spylocked and Antivirus Gold. Many web pages associated with Adware Report, e-Spyware, tionToxic-Internet and others also come under rogue/suspect anti-spyware sites that uses alternate data streams to hide.
Beware of "rogue" anti-spyware programs that contain infections
Coupled with a rootkit, it can escape alternate data stream scanners and prevent rootkit scanners from running. Spyware can best be defined as junk that weighs down the PC. If accumulated for a long time, eventually the computer has to be formatted and software reinstalled to regain its former speeds. A strong anti-spyware solution should be in place and regular scans conducted to eliminate spyware before it accumulates. Spybot: Search and Destroy is one of the most popular and effective anti-spyware programs available. It detects keyloggers, rootkits, tracking cookies, ActiveX objects, homepage hijackers and even some trojans. It can also create a back-up registry to repair damaged files and restore them to their state prior to infection. Spybot’s “Immunize” blocks the installation of the spyware before it happens by modifying its host file and a file shredder for secure deletion of files. The TeaTimer module provides active, real-time protection and alerts the user to any dangerous registry changes.
Spybot: S&D is a commercially free, and its weekly updates add new features to keep pace with the latest threats while improving previous heuristic algorithms. So use the S&D to kill all that bad, bad spyware
3. Firewalls
The internet is a gateway to sending and receiving limitless information. Like most gates, it has its share of intruders. And hence we have the gatekeepers – firewalls.
A firewall is part of a computer system or network designed to prevent unauthorised access while allowing verified and safe communications. It usually consists of a device or set of devices. It can also be implemented via hardware or software, or often a combination of both. Firewalls are most commonly used to prevent unauthorised internet users from accessing private networks, especially intranets. Each firewall has a different kind of authorisation criteria. Information entering or leaving the network througl firewall that doesn’t meet this standard is blocked.
Firewall techniques consist of four main types:
1. Packet filter: Packets are the most basic unit of data transfer between computers and networks.
A packet filter uses a set of user defined rules for identifying the source, destination address, protocol and port number. If a particular packet matches the rules, the filter either discards it or rejects it (also drops the packet, but sends an error response to the source). Fairly effective and transparent, packet filters are nonetheless tough to configure. They’re also susceptible to IP spoofing wherein packets with forged IP addresses are created to either impersonate an “accepted” source or conceal the identity of the sender.
2. Application gateway: Also referred to as application proxies, they are located between the end user and network. The end user directly contacts the gateway, after which it performs requested function for the user. Specific programs use specific mechanisms. It is however not transparent to users, who must install custom applications to contact the gateways. This type is simple, since it only functions to proxy requests from end users. It also intercepts IP packets from the net. However, it causes strain on system performance.
3. Stateful firewall: It keeps track of the network connections moving across it (TCP streams, for example). It distinguishes legitimate packets for different connections and only allows packets matching a specific connection state. All others will be rejected. Sessions without traffic for a specific period will eventually time out to prevent the table from being filled. Stateful firewalls are advantageous as opposed to packet filters since it need only check the connection against its table rather than an extensive ruleset.
4. Proxy server: “Proxy” meaning “substitute”. One of the more popular types, proxy servers act as go-betweens for outside clients seeking information from servers. The request is filed and checked according to various filtering rules hence filtering traffic from certain IP addresses. Direct access to the server is subsequently handled by the proxy on behalf of the client. It may speed up resource management by caching and delivering responses according to specific requests. The servers are hence kept anonymous and safe from attack.
An easy-to-use and powerful firewall can be found in ZoneAlarm, the newest release being ZoneAlarm Security Suite 2009. Besides an inbound intrusion detection system, it can also control which programs can make outbound connections.
ZoneAlarm does this by dividing access into two “zones”. There’s the trusted zone, which includes computers and devices such as printers connected by LAN. Then there’s the “internet zone”. The user must manually specify permissions to give to a program before it tries to access the internet. ZoneAlarm may also prompt the user for permission the first time the program attempts net access.
A freeware version is available, but there’s plenty of incentive to purchase the full versions. These are the OSFirewall and SmartDefense Advisor features. OS Firewall is present in all paid versions and monitors programs for suspicious behaviour. SmartDefense is only featured in the premium versions. It uses a large database of reliable program signatures to guide users with respect to allowing or denying program access to the internet. Different versions of ZoneAlarm also provide protection against viruses and spyware.
4 Backing up important data
What do you do in the event you lose all your data despite taking all precautionary measures. How about if a fire or storm destroys your computer physically? There’s also always the risk of data theft. With information becoming more valuable, backing up important data has become vital (according to a Global Backup Survey, 66 per cent of internet users have suffered from serious data loss).
Backup involves making copies of the.original data for primarily two situations: Firstly to restore a state following a disaster. The second is to restore a small number of files either accidentally deleted or corrupted – this utilises lesser storage space and keeps efficient track of changes in the data.
There are several means by which one may back up data. Storage media such as external hard disk drives, solid state storage (which includes USB flash drives, thumb drives, etc) and optical discs are usually employed. The last is especially a popular option, especially thanks to the advent of Blu-
Nero 9 has some nice backup options for those who want to backup to optical media
ray discs that can hold up to 50 GB of data. For writing information to discs, the best software is Nero. It supports all CDs, single- and dual-layer DVDs and now Blu-ray discs. Nero also helpfully indicates how much space the selected files are occupying, especially when it goes over the writable limit. Nero also support multi-session discs for when files are to be added later. Nero Burning Rom 9.4.13.2 is the latest release and the commercial trial can be easily located online.
When dealing with large amounts of data, it becomes important to compress it. This facilitates faster storage and copying speeds, along with fully maximizing any available space. Compression is commonly carried out using WinRAR, wherein the data is stored within archives. Most people would use WinZip but WinRAR supports a wider range of formats, including ZIP files. WinRAR is especially versatile in deciding the compression methods, splitting the info into separate archives of specified sizes (helpfully classified into different categories like DVD5, DVD9, CD, etc) and password protecting archives. It can consistently produce smaller
WinRar will help you save space when backing up, and will also let you protect your backed up data with a password
archives than its nearest competition, and supports files/ archives of up to 8589 billion GB in size.
Remember the following points: The more important the data, the greater the need for a backup solution.
Chalk out a proper restore strategy, since restoring data through backup can be as taxing as storage. In this case, automated backup and scheduling should be considered. Like regular virus scans, it’s easy to forget backing up data or leaving it for another day.
Do not store the backup close to the original data. Fires, rain and electrical surges would likely damage both at the same time. Try storing the backups in an off-site location.
Even if secured properly, backups are not infallible. Verification or monitoring strategies are important for keeping track of the backup’s lifeline.
Store backed up archives in open/standard formats. This helps with recovery in the future when the software used to make the backup is obsolete. This allows different software to be used.
5. Hiding files and folders
A hidden file or folder is one that can’t normally be seen. This is usually applied to sensitive data such as system files and user preferences to prevent any edits or changes. It also helps when you want to conceal any information from prying eyes. While there are many applications that claim to
Hiding Files In Windows
Make Sure The Hidden Files Stay Hidden
securely hide folders, some cause problems within the operating system. For example, in case of a system crash, will the hidden folders be backed up by the folder hiding application?
Windows offers a very simple method for hiding folders. Simply right-click on a folder, select Properties, select the Hidden box in Attributes and click OK. The option to hide all subsequent sub-folders and contained files will also be presented. Your folder will now be hidden from public viewing. You can disable the Hidden attribute by deselecting the box. The folder thus reverts back to its visible status.
This is very weak protection since the “protected”
folders are still easily viewable. To view any hidden folders (including any system folders), simply go to the Windows Explorer menu. Select Tools > Folder options and go to View. Click on Show Hidden Folders and Files and then Apply To All Folders. This will make all hidden files visible. It should also be noted that Windows allows you to navigate to hidden folders. Simply type the name of the folder in the address bar after the name of the drive and voila.
If they’re so easy to uncover, why hide a folder when you can just encrypt it? Simple: You can’t want what you can’t see. It should never become an either/or choice because you can never be too careful. However, a hidden folder lays in ambiguity. As long as someone doesn’t know about it, they won’t bother looking for it. However, a password protected folder that is visible screams “important data” and will tempt people to take a crack at it. The best solution is to encrypt and then hide important folders for double security. Simply don’t forget the password and you should be fine.
On a side-note, malware often uses the hidden folder options to escape detection. Keep this in mind when running virus scans and having the choice to scan hidden folders as well.
6. Recover lost data
When you delete files, they’re never permanently deleted. Even if you mistakenly delete a file, it still exists on the hard disk. This is termed as data remanence. The file names are usually only removed from the system directory or shifted to a holding area for safe keeping (even if said area hasn’t been specified in advance by the user). One biggest causes of data loss is logical damage. It is primarily caused by power outages that prevent files from being completely written to the storage medium. Problems with hardware like RAID controllers and system crashes usually cause the same but the result is the same. The file system is left in an inconsistent state. This can lead to more problems such as drives reporting negative amounts of free space, system crashes and actual lost data.
Logical damage can be prevented through the use of journaling file systems like NTFS 5.0. It decreases the incidence of logical damage by rolling back to a consistent state. Only the data present in the drive’s cache at the time of system failure will be lost. That being said, two common techniques for recovering data from logical damage include: 1. Consistency checking – Scans the logical structure of the disk and makes sure it is consistent with its specifications. A file repair system repair program reads each directory and makes sure these entries exist and point to the correct directories.
2. Data carving – Allows for data with no file system allocation to be extracted by identifying sectors and clusters belonging to the file. Usually searches through raw sectors looking for specific file signatures.
It should be mentioned that data recovery cannot be done on a running system. A boot disk, Live USB, etc. containing a minimal operating system and a set of repair tools is usually required. One of these is Nero BackItUp Image Tool which –stores the image created by the application to roll back the
stem to a consistent state. A good consistency checker is Checkdisk (CHKDSK, for short). It runs on DOS, OS/2 and Windows OS systems, displaying file system integrity status of disk drives. It can fix logical file system errors and can also check the disk surface for physical errors or bad sectors. CHKDSK can be run from the Windows Shell, the Windows Command Prompt or the Windows Recovery Console.
Some general tips for recovering data: Don’t delete files instantly. Move them to a temporary location such as the recycle bin before deciding whether you need them or not.
Mark important files as read-only. The OS will then warn you if you try to delete the file. Under systems that allow file system permissions, users can often only delete their own files. This prevents the erasure of critical system files or other’s work.
7. Securely delete data
The reasons for deleting files are many: Freeing disk space, removing unnecessary or unneeded data, even making sensitive data unavailable to others. However, securely deleting data involves more than simply emptying the Recycle Bin. Basic file deletion methods only remove he direct pointers to data disk centres. A residual form of the data, called data remanence, still persists. Thus, any one with data recovery tools can still unearth the data once more. Physical destruction may seem like the only way but thankfully, there exist many data erasure methods that remove information permanently while still keeping the disk operable.
Software-based overwriting is one such method. It writes patterns of meaningless data onto each of a hard drive’s sectors. It differs from pure data erasure in that some data will still be intact and at risk of data breach or information theft. Nonetheless, data erasure employs multiple overwrites according to different overwriting standards. There are usually three types of data erasure that differ depending on the number of overwrites:
Using Nero BackItUp to back up files
1. Fast erasure – Consists of one round of data deletion and the filling of space with random data. 2. Forced erasure – A US Department of Defense standard of file erasure. Unlike quick erase, data is overwritten with useless info 3 to 7 rounds in a row. Also referred to as the DoD 5220.22M Standard.
2. Forced erasure – A US Department of Defense standard of file erasure. Unlike quick erase, data is overwritten with useless info 3 to 7 rounds in a row. Also referred to as the DoD 5220.22M Standard.
3. Ultimate erasure – The erased file goes through 35 rounds of overwriting, first with a lead-in four random write patterns, 5-31 patters executed in random order and a lead-out of four more random patterns. This method is also referred to Gutmann Algorithm.
Using chkdisk
The data overwriting the existing data consists of little more than random numbers or a series of zeroes and ones bit patterns.
Freeraser: Free Shredder is a Windows file shredding utility that wipes files in all three of the above methods and is good for basic use. It even places a fancy recycle bin icon that prompts a warning message any time you drag any data to it. Eraser Secure Data Removal Tool goes even further by can also erase space allocated to the file by the OS (called file slack space), Windows virtual memory swap files, unused space on a hard disk or an entire hard disk and also erasing filenames from the directories. It can wipe any amount of data specified and even supports the three above erasure methods. It’s also open source and works perfectly with Windows.
Let’s say you want to completely wipe your hard disk, when giving away your computer to someone for example. No other software is best suited for bulk emergency destruction than Darik’s Boot and Nuke,
referred to as DBAN for short. It comes in the form of bootable CDROM image and once loaded proceeds to completely destroy data in every partition and hard disk.
Erasing data securely
A PC can have more than one user. For more than one user, especially with children, it’s always good to keep more than one user profile. However, it’s important to specify which files a user can be allowed to access and manipulate. Windows usually keeps most important system files hidden but they can still be modified. Hence, controlling accessibility becomes a major part of computer security especially when your computer is cracked.
To modulate accessibility, first go to the Control Panel >User Accounts and make sure more than one account is active (preferably one with administrator access and one “guest” account). Then right-click on the My Computer icon, select Properties and go to the Advanced tab. Options for Performance, User Profiles and Start-up & Recovery will be available. Select User Profiles and depending on your accounts
set, you can specify which drives different users will access. You can also set up groups to decide who can access which drives and documents.
Creating a Limited access account, with no access to the important system files has its advantage on open networks and wi-fi connections. Sharing networks over a hi-fi easily allows another user to access one’s files and hard drives for malicious purposes. Viruses and spyware present on the main server system will also infect other computers in the network. You should have an anti-virus, anti-spyware and firewall installed on the system. But locking out access to the vital system files will eliminate the extra 1% of intrusions that make it through.
II. Internet Security
1. Spam filters
Spam is a growing problem for email users, and many solutions have been proposed, from a postage fee for email to Turing tests to simply not accepting email from people you don’t know. Spam filtering is one way to reduce the impact of the problem on the individual user (though it does nothing to reduce the effect of the network traffic generated by spam). In its simplest form, a spam filter is a mechanism for classifying a message as either spam or not spam.
There are many techniques for classifying a message. It can be examined for “spam-markers” such as common spam subjects, known spammer addresses, known mail forwarding machines, or simply common spam phrases. The header and/or the body can be examined for these markers. Another method is to classify all messages not from known addresses as spam. Another is to compare with messages that others have received, and find common spam messages.
A popular spam filter is Spam Assassin. It’s an extensible email filter that is used to identify spam. Once identified, you can optionally tag it as spam for later filtering. It also provides a command line tool to perform filtering, a client-server system for larger volumes and Mail:: Spam Assassin, a set of Perl modules allowing Spam Assassin to be used in a wide variety of email system. It’s also become much easier to blacklist and white-list messages than before. Spam Assassin also comes equipped with Bayesian filters that can identify spam and non-spam (called “ham”) based on certain keywords or “tokens” that appear
SpamAssassin is effective in identifying email spam
frequently in spam messages. The more spam (and ham) you filter, the better it gets at detecting spam.
If you can’t use a filter, what then? The most common solution is to have multiple email addresses. One approach is to select one to be your “private” guarded email address
- much like an unlisted phone number – that you never use in situations where the email address would be harvested for spam mailing lists. The other approach is to generate “throw-away” email addresses that you use only for a limited time (say when registering a product), and can safely ignore thereafter. And of course both approaches can be used at the same time.
2. Identifying hoaxes
A hoax can best be defined as a deliberate attempt to trick people into believing or something to be real. Internet hoaxes are no different. If you’ve received any mails claiming that you’ve won millions in some random foreign lottery (with the key to receiving these millions being to pay some money up front), you’ll know what we mean. The perpetrators behind these messages want nothing more than for you to mail them your credit card/bank account numbers.
The best way to spot hoaxes is a good dose of common sense. As the saying goes, “If it sounds too good to be true, it usually is”. The Internet Crime Complaint Center, Federal Trade Commission and Better Business Bureau all recommend the following tips for protecting your personal info.
- Do not respond to the scam email, click on links, or open attachments, which could leave your computer at risk for viruses.
If the email appears to have come from a company, check their web site to see if they’ve addressed any scams using their name, and contact the Better Business Bureau to find out if there have been any complaints about such a scam.
Think twice before clicking on inviting links
In case you’ve responded to what you believe was a scam, then make sure to contact your bank immediately and ask what steps you should take to protect your money. You should also review your free credit report to monitor your active accounts, mortgages, and other financial information. Always treat email solicitations with skepticism, since there’s no way to avoid receiving these mails. If you didn’t remember signing up for a service or contest, then you probably didn’t. Reputable financial institutions never prompt you for account information via email, but if you’re unsure about whether you need to provide extra info to a company you deal with, always contact them directly.
Another kind of hoax is the infamous chain letter. These try to persuade the recipient to forward the letter to as many people as possible by using emotional stories or get-rich-quick schemes. There’s also the threat of physical violence or bad luck if one attempts to break the chain. It can often become difficult to tell the difference between chain letters and real correspondence, since it’s not uncommon for people to treat it like a game. Chain letters are widely popular on sites such as Orkut and Youtube, with some comments prompting the user to copy and paste a link to get secret information. Naturally, you should never follow such links nor open any attachments that come with chain letters since they can contain trojans.
Always look out for the typical style in scam emails
3. Identifying Scams
Hoaxes attempt to fool people into dropping some cash. Scams can be a lot more dangerous, since they attempt to obtain all search engine.
Be cautious, especially during online financial transactions
- A scammer can direct you to a real company’s web site, but then an unauthorised pop-up screen created by the scammer will appear, with blanks in which to provide your personal information. Never provide information in these. Installing pop-up blocking software helps prevent this.
- A spam filter can help reduce the number of scam mails you get. Anti-virus software as explained earlier can scan for malicious files and report any suspicious activity taking place on your PC. Firewalls will prevent unauthorised communications from entering your computer. Look for programs that offer automatic updates and take advantage of free patches that manufacturers offer to fix newly discovered problems.
Most browsers give out a warning when suspicious activities are detected
Most browsers these days maintain a list of known scam sites and check web sites against the list. Mozilla Firefox 2 onwards uses Google’s anti-phishing software, which has found be more effective than Internet Explorer 7 onwards in detecting fraudulent sites.
4. Protecting your profile on social networking sites
Social networking sites are the hottest places to meet people online nowadays. Interest groups, blogs, chatting, hobbies, friends, business networking – these sites mimic all the aspects of real life socialising but online. Just like real life, however, you’re open to attacks and theft of information online. When setting up a profile on a social networking site like Facebook or Myspace, it’s essential to determine what info you wish to post. Your name, age, gender, zip code and email address are usually required to create an account. The info that should never be shared on your profile include: Address, phone number, social security number and credit card number.
It’s not just about the info you share but who you want to share it with. When you first join a social networking site, the default setting is to allow anyone to see your profile and updates. Sites such as Facebook go even further: Your activities will not only be shared with various friends and groups, but also across every single network you’ve ever traversed. You can disable these settings in the account settings and unchecking “Allow anyone to see my public search listing” along with restricting your email IDs, IM names and other details to people on your friends list.
It’s vital to understand the privacy policy of some of these social networking sites.
Carefully read the privacy policy of the web sites that gather your personal information
When filling your profile, make sure you don't let anonymous people have access yo your personal information
Is the policy easy to read and understand? Will they share or sell your information? How recently was it updated? Sites like Linkedin state plainly that will never sell your info. Facebook and Myspace do not state they won’t sell your info so it’s safe to assume they’re reserving the right to do so.
By default, everyone can find your profile listing in a public search. This includes Facebook and Myspace, along with the potential to find people across MSN, Google and Yahoo. Make sure you go through the Privacy Settings of your account to ascertain which information you’d like to display publicly. Alternatively, you can set your profile to “No Networks” in Facebook which will disable most sharing settings. Selecting the “My Friends Only” box in Myspace will lock out strangers from viewing your profile.
A trick used to gain information involves some one creating a new account with your friend’s name and a few general details. Then they send a friend request to you, stating they’ve created a new account (for some reason or another). In this case, confirm with your friend personally or over his old account whether the new account is real or not.
5. Using secure passwords
Passwords are the keys to access personal information stored in your computer. This means they are the one barrier between your data being safe and sound to having your entire system compromised.
The strongest passwords are those that are the longest.
Most passwords should at least be 8 characters in length but those with 14 or more characters are the best. Combine letters, numbers and symbols culled from the entire keyboard. Your password will be much stronger if you choose from all symbols on the keyboard, including punctuation marks not on the upper row of the keyboard and even symbols unique to your own language. Substitute letters with similar looking numbers (for example, “A” with “4″) and also mix uppercase and lowercase letters. Throw some misspellings in there as well.
The greater variety of characters in your password, the harder it is to guess. If you cannot create a password that contains symbols, you need to make it considerably longer to get the same degree of protection. An ideal password is one that combines both length and different characters. Finally, use words and phrases that are easy for you to remember but difficult for others to guess.
The various don’ts to follow when making a strong password are:
- Avoid sequences or repeated characters. “12345678,” “222222,” “abcdefg,” or adjacent letters on your keyboard do not help make secure passwords.
- Avoid using only look-alike substitutions of numbers
or symbols. Criminals and other malicious users who know enough to try and crack your password will not be fooled bv common look-alike renlacements. such as to replace an `i’ with a`1′ or an `a’ with `@’ as in “MlcrO$Oft” or “P@sswOrd”. But these substitutions can be effective when combined with other measures, such as length, misspellings, or variations in case, to improve the strength of your password.
- Avoid your login name. Any part of your name, birthday, social security number, or similar information for your loved ones constitutes a bad password choice. This is one of the first things criminals will try.
- Avoid dictionary words in any language. Criminals use sophisticated tools that can rapidly guess passwords that are based on words in multiple dictionaries, including words spelled backwards, common misspellings, and substitutions. This includes all sorts of profanity and any word you would not say in front of your children.
- Use more than one password everywhere. If any one of the computers or online systems using this password is compromised, all of your other information protected by that password should be considered compromised as well. It is critical to use different passwords for different systems.
- Avoid using online storage. If malicious users find these passwords stored online or on a networked computer, they have access to all your information.
-Change your password every 30-60 days and avoid using any old password.
You can also generate any random password of your liking very easily through PC Tools Secure Password Generator at: http://www.pctools.com/guides/password/
Windows has some effective parental control options
6. Restricting children to safe areas
Children working off the same computer or connecting to the internet the first time, especially in this age of net crimes, are always at risk. However, explicit content and malware also pose a significant threat for a child who wouldn’t be able to deal with them. There are several parental controls embedded within Windows. You have the option of turning them on or off, as well as collecting information about computer usage by enabling Activity Reporting. First go to the Control Panel and click on User Accounts>Parental Controls. You can apply Parental Controls on pre-existing, non-administrator account or create a new one for the purpose.
The different control options include the following:
- Web filter – Contains an Allow and Block list which you can edit. You can also choose to block some websites or allow all websites for the user to visit. Also allows you to modify the restriction level of the web based on key categories and block file downloads.
- Time Limits – You can set the time for which a user is able to use the computer. You can select different hour slots within the week and easily mark out which are to be blocked with a single click.
- Game Controls – Allows you to set the ratings for the games the user is allowed to play. You can also block or allow specific games on the computer.
- Application Restrictions – Let’s you determine if the user can access all programs or only the ones you allow.
You can also third party web content filter software for maximum protection. A very effective one is Net Nanny. It can block illegal file sharing and even social networking sites. It also allows for remote management and monitoring of instant messaging programs such as AIM. The latter is especially important when taken into account with the number of malicious crimes perpetrated beginning from a simple chat conversation.
It’s important to advise your kids on safe surfing. Advise them on not speaking to strangers and explain how it’s very easy for someone to be misled on the internet. Tell them which sites they’re allowed to visit any why. Warn them about freely exploring on their own, as well as not to download any applications from the internet that come from questionable sites or. They should also inform you whether they receive any emails from people they don’t know. Explain the risks of viruses as well as the need to be careful even with attachments from people they know. Finally, if kids receive an email they don’t like from someone they don’t know, tell them to inform you immediately and not to reply themselves.
7. Using internet proxies
As stated earlier, internet proxies act as go-betweens for requests from clients seeking resources from other serves. This is meant for the purpose of either keeping the machines anonymous or speeding up access to a resource via caching. The two main proxies we’ll talk about are web proxies and content filtering proxies.
Using a proxy server significantly increases security
Web proxies are those focusing on www traffic. The most common use for a web proxy is in web caching. Caching keeps local copies of frequently requested resources allowing one to significantly reduce their upstream bandwidth cost and usage while increasing performance. Some web proxies also provide a means to deny access to certain URLs in a blacklist, thus providing for some form of content filtering.
One of the more well-known freeware web proxies is Squid. It functions as a proxy server and a web cache daemon. It serves a variety of uses from speeding up a web server to caching repeated requests. It also caches web, DNS, and other computer network lookups for people sharing network resources. Squid also aids in filtering traffic thus aiding in security. It also has some features that can help anonymize connections such as disabling or changing specific header fields in a client’s HTTP requests. Whether they are set and what they are set to do is up to the person who controls the computer running Squid.
Squid can also function as a reverse proxy – that is, serving an unlimited number of clients for a limited number of webservers. This results in less traffic to the source server, meaning less CPU and memory usage, and less need for bandwidth. All without any action by the clients. Squid works on a variety of platforms, including Windows, Linux, Mac OS X, etc.
Ask Eraser deletes all your search queries to protect your privacy
Content filtering proxies, also known as censorware or web filtering software, is a term for software designed and optimised for controlling what content is permitted to a reader, especially when used to restrict material delivered over the web. Content-control software determines what content will be available on a particular machine or network. The motive is often to prevent persons from viewing content which may be considered objectionable.
8. Avoid leaving a search trail
A search query is a term a user enters into a search engine to satisfy information needs. When a user records the path of the queries and the information they lead to, it is referred to as a search trail. The trails themselves are searchable, allowing users to save time when searching by examining pages found by other users. The intention is also to allow easier searching of the web. An application that lets users record search trails is Trexy, which installs itself as a toolbar and records the user’s activity on search sites it is aware of.
However, some major sites such as Google, AOL, Yahoo and MSN are all collecting data from users.
TrackMeNot makes your search behaviour difficult to analyse
All of this search engines are monitoring and storing your searches along with other such data as your behaviour while online. This information may in some cases, not only been seen by those involved with your favourite search engine but also in many cases, third parties. Some sites such as Ask.com allow users to delete data on search queries to bolster personal privacy. Called AskEraser, it deletes all subsequent search queries and related information linked to a user’s cookies or identifying informa6on from computers. It’s featured on the site’s home page and all search results pages, with a clear choice to signal whether the feature should be “On” or “Off” during a user’s search requests.
Another option is to hide your search in a cloud of “ghost queries”. A Firefox add-on called TrackMeNot does just that. On installing, it will show up in your status bar with certain search queries. These will be sent to search engines faking them out as to where you are really going or what you are searching for while online. You can disable the display if you so desire. The same options are also available from the Tools menu of the browser. You can also set the Search Engines that TrackMeNot queries, queries to be set, query frequency and the logging options for the performed queries. Keep in mind that if third parties are using other means to identify you, such as through IP addresses and information from your ISP, TrackMeNot will be of little use. However, in terms of identifying you through searches alone, TrackMeNot potentially makes this a lot more difficult for third parties.
9. Restrict access to content hosted on a personal space
With NTFS, you can now modify access rights depending on the criticality
Windows uses two types of file systems: FAT and NTFS. In computing, a file system is a method for storing data and making it easy to find and access. Regarding the performance of FAT and NTFS, FAT performs better on smaller volumes, but NTFS out-performs FAT on larger volumes, beginning around 500MB.
NTFS, short for New Technology File System, is the most secure and robust file system for Windows. It provides security by supporting access control and ownership privileges, meaning you can set permission for groups or individual users to access certain files. This can thus be used to restrict access to content hosted on personal space.
NTFS has several key features. It supports compression of individual files and folders which can be read and written to while they are compressed. It’s a recoverable file system, meaning it has the ability to undo or redo operations. It also supports Macintosh files. The NTFS 5.0 file system can also automatically encrypt and decrypt file data as it is read and written to the disk. It will put restrictions the file/folder/drive you have selected. For instance, if you’ve selected a folder inside your drive, it will put restrictions only on that selected folder and possibly any files those are inside of it. Those who can access the drive depend on the permissions you’ve set.
10. Encrypt your email and data
There are several ways to encrypt data, and several tools that can be added to mail programs that will even do it for you. Not all are compatible with each other so we’ll just talk about encrypting by hand, using the underlying technology that many, though not all, of those tools use Gnu Privacy Guard or GPG. This technique works with all mail programs. This is commandline tool. Once installed, open a Windows Command Prompt and run the tool from there. It’s perhaps easiest to simply “CD” to the directory containing the GPG executables.
Alternately you can copy all the “G*.exe” executables to a different directory already on your PATH. Run “gpg” once, and it will create its storage location for keys, which it refers to as your “key ring”. In encryption, the first approach that typically comes to mind is password or phrase encryption. With those techniques, a password is used to encrypt the data, and then must be supplied again to decrypt it. The data without the password is theoretically useless, but anyone with the password can decrypt it.
Public Key encryption uses a different style of algorithm. To begin with, you’ll generate two matching “keys”; a public key, and a private key. The characteristic of these keys is such that data encrypted with one can only be decrypted with the other. By generating a public/private key pair, someone can encrypt data using the public key that can only be decrypted using the associated private key. If all you have is the public key, you can’t even decrypt what you’ve just encrypted.
The intended recipient needs to generate a public/private key pair. In the Windows Command Prompt, enter gpg -genkey. First select which kind of key you want, as well as the keysize (you can also accept the default which is 2048 bits). You must also specify when the key will expire and to whose email and name it will be valid. Finally, enter a passphrase to protect your key and GPG will begin compiling a key pair. During the process, it’s a good idea to move the mouse or access your drives as this will give the random number generator more info to work with.
At this point your secret key and your public key have been generated, and placed on your key ring (which can be managed via the key ring editor). In order to get the public key to the person who wants to encrypt your data, you’ll need to export it:
An example of Keyring Editor
c:\>gpg -a –export example@xyz.com >mykey. pub
This creates “mykey.pub”, a text file that contains your public key. You can now mail this to the person who’s going to encrypt data to be sent to you, or post it publicly if you like.
In order to encrypt data, the sender will have to install GPG as above. They don’t need to create their own public/private key pair in order to encrypt your data. All they need is the public key you created above, and made available to them somehow. Start by “importing” your public key onto their key ring.
Note the dire warning about making sure you know whose key you’re dealing with at the end of the encryption process. There are ways to modulate this message but for now, assume you can trust the receiver. The result of this example operation is “example. xls.asc”. This text file is your encrypted data. You can email it with confidence to the intended recipient, knowing that only they can decrypt it with their matching private key.
So you’ve passed your public key to the sender, they’ve used it to encrypt your sensitive data, and have emailed you the encrypted results. From your mail client, save the encrypted data to a text file – it’s ok to leave headers and such in the file, the decryption program will ignore it.
To decrypt, you’ll do this:
c:\>gpg -o example.xls –decrypt example. xls.asc
The “-o” parameter specifies the name of the decrypted file to create. Note that you still need to enter the passphrase for your private key. This is only an additional layer of protection on your private key. Without a passphrase, anyone who gains access to your private key would be able to decrypt any messages intended for you.The weakest link in this process if your private key. If an unauthorized person gets a copy or can guess the passphrase on it, your security will have been breached. So it all boils down to this: Keep your private key secure.
