toggle.org, TOGGLE On-line Newsletter

Number 255 - August 2004

Home Computer Security
By Ira Wilsker, Region 8 Advisor, ira-wilsker@apcug.org From August 2003 APCUG Reports
Recently, the History Channel aired a show on cyberterrorism. While much of the program showed the types of attacks that have occurred and will likely occur in the future against government, military, infrastructure and commercial targets, it also showed how home users could become the victim of such attacks. As home users we may not believe that we can become terror targets, but imagine if our personal information was stolen, and our data files and financial records were altered or destroyed. These are not some hypothetical risks, but real threats that have already happened to countless home users, and will likely increase in number and severity in the future. Readers of this column are well aware that these topics have been written about before, but the risks are still there and becoming more prevalent. The Software Engineering Institute at Carnegie Mellon University, in Pittsburgh, hosts a group referred to as CERT@. CERT@ has produced a very comprehensive website with explicitly detailed information on securing home computers from attack at www.cert.org/homeusers. Funded with federal money, this site was produced for the Federal Computer Incident Response Center (FedCIRC) and the General Services Administration. The information can be viewed on the web, or downloaded in PDF format from a link on the page. CERT@ recommends a series of tasks that all computer users must accomplish in order to protect their computers from attack. First on the list is "Install and Use Anti- Virus Programs". This has been preached in this column numerous times. Viruses, Trojans, and computer worms are	becoming an increasing threat; they are becoming more common, more powerful, and more destructive. Good antivirus software properly installed, configured, and updated at least daily is a strong fIrst line of defense against these software threats. Since decent antivirus software is available inexpensively or free, there is no reason not to have it. Some of the more popular free antivirus software titles are AVAST from www.avast.com, and AVG from www.grisoft.com. The second necessary task that we all must accomplish is "Keep Your System Patched". Microsoft and many other software publishers often release security or other critical updates to patch or close potential security holes. In most versions of Windows, these patches can be simply located and installed by going online, and clicking on START/WINDOWS UPDATE, and following the on-screen instructions. Some Windows products have a feature that automatically seeks and downloads critical updates. Another task, also mentioned frequently in this column is "Use Care When Reading Email with Attachments". Many of the endemic computer viruses, Trojans, and worms arrive at the victim's computer as an innocent appearing email, often from an acquaintance or a known organization. Unpatched versions of the popular email programs Outlook and Outlook Express can activate these malicious programs by simply allowing them to appear in the preview pane, without actually opening the email, or clicking on the attachment. Be very suspicious of any email attachments.
Number 255 - August 2004