Computer Security Notes

Current User Security Alerts

SPAM Advisory:

Security Concerns

If you are aware of the hazards involved nowadays in using the Internet, but want some guidelines on keeping your system safe, read on... If you want to know why you should be doing this, read the next column...

Security Check List:

Before reviewing the check list, consider what you have to lose if your system is damaged in any way:  how important is your data?

Assuming that you have the CDs for all your applications, your main, & only other, concern is whether and how you can restore your important data - correspondence, accounts, projects, and associated pictures & music, etc.

Always have backups which are stored off your computer.  How you achieve this is up to you. We have some tips to simplify the process, and tell you where some of the files- like your e-mail, favourite links, and address book, for example, can usually be found. We will put references to these tips in shortly.

1. Operating system Downloads:

Assuming your operating system is a version of Windows, make sure that the auto-download /notification feature is installed and enabled. Take note of the notifications, and install any updates as soon as received.

Beware: Ignore any email, from any (apparent) source notifying you of, and offering, security updates. They will, in fact, be the opposite! 

2. Firewall:

If you have a hardware firewall (recommended) then, in general, no updating is necessary: if, however, you rely on a software product, you must check for, and install, any patches or updates, as frequently as possible.

Assuming you are using a hardware firewall, and Windows XP (SP2), turn off the Windows firewall, and indicate you are monitoring yourself.

We no longer recommend a software firewall (& the free download is no longer available), as the basic 4-port Internet Gateway/Router includes an effective hardware firewall at a price less than the better software products.

(For the company offering our original recommendation, see links)

Note: You may encounter conflicts between some combinations of software Firewalls and Antivirus.

3. Antivirus -Guard & Removal:

Generally the most frequently updated of all security protection, you must follow a regular regimen of checking for, downloading, and installing all updates - Daily is recommended.

Only install one antivirus program!

4. Anti-spyware - Guard & Removal:

Unfortunately, the best protection at present requires separate products for guarding against infection, and for removing anything which still gets by! Although not as frequently updated, we would recommend checking for updates whenever you check your antivirus.

We have evaluated the effectiveness of products in each of the above categories, and have provided links to each of our antivirus & antispyware recommendations.. see links

Known hazards

viruses, all types including  - worms, trojan horse. Use active antivirus software.

hackers (crackers) - internet intrusion. Use firewall.

spyware - internet intrusion & 2-way transfers (copying malware onto your system, uploading personal records). Use anti-spyware blocking & removal software

attacks - computer is taken over and remotely coordinated for illicit purposes. Use both antivirus & anti-spyware.

spam - possible sources of spyware. delete any recognised spam mail and any other clearly mass circulation mail without question. You can use spam filter software, but none is 100% effective and you will waste more time adjusting the filter levels and checking for messages wrongly caught in the filter, than individually deleting! - unless you typically receive hundreds of messages a day. Then a commercial mail server with filter is the answer!

phishing - uploading or unwitting provision of personal records. Often can be caught by anti-spyware or Spam blockers, but your own alertness is the final check on these!

Internet crime growing at an alarming rate!

The frequency with which new threats in the form of viruses, spyware, and similar hazards are appearing is truly alarming! 

For the average user, who sends and receives email, and browses the Internet for information, it would seem that there are few dangers.. NOT SO!

While sending and receiving email between a limited group of friends and acquaintances may seem safe, not only is it possible that you could receive viruses and/or spyware from your friends, if & when, they unknowingly get infected, but also from other malicious sources 'spoofing' (or faking) your friends addresses!

Similarly, while browsing the Internet, do not assume that the address you have gone to, is really the one you selected: not only can hidden spyware redirect you to another site set up to mimic the one you selected, but the true address can also be hidden!  Always be on the lookout for any sign that things are not as they seem!

Automatically be suspicious of any requests for personal information- no matter the apparent source!

There isn't the space to list all the current known hazards, many of which are well publicised but which still trap too many. Here are a just a couple:

• Variations still abound on the Nigerian/any country government /bank request for help moving funds offshore.     
• A recent example of 'phishing' is an apparent EBay notification to renew your account and 're-enter' your credit card information, with perfect Ebay graphics, etc. .
• Notifications from your 'bank' that your on-line account details need to updated.

We don't want to scare everyone off using the Internet, and, with a full set of reliable and up-to-date security features installed, you can feel well protected.. BUT, remember that YOU are the 'WEAK LINK' !

Please understand, it is not sufficient to install antivirus and anti-spyware on your computer....You must keep it up to date!!  Check & download virus updates daily (min. every two days); for your spyware downloads, why not check at the same time? These programs are updated less often, but every update should be picked up & installed right away!

Scanning your system to find anything which has got through your defences is less critical than keeping them effective in blocking entry in the first place!

If you haven't used your computer for a few days, make it your first task after powering on, to look for, and install, all updates - including any system downloads from Microsoft. 

If you will be away for a while, we highly recommend making a full data back up before you leave!

If someone else has been using your computer in your absence, be sure to not only check for updates, but also to scan your system for both viruses and spyware.

Some Specific Items of Information

In the December 2002 issue of our General & Tech Newsletters, we provided background information & references on the KaZaA music sharing service. We are reproducing it here and will later archive it, as it provides an ongoing warning of the hazards of using unvetted software from the Internet... more

SpyWare! (April 2003)

Since having reviewed the implications of installing Kazaa and similar “free” desktop packages (see KaZaA music sharing service.), we have been studying the general characteristics of “spyware”. This is a class of invading software which is, generally, unknowingly installed on your computer and which may be used by the supplier to capture information ranging from marketing information – what you use your computer for, where you go on the Web, and your general characteristics - to more invasive, (and illegal uses) such as credit card numbers, bank account codes, passwords, etc.

The general class of spyware software includes “cookies”, small files created by some websites to help “remember” you on your next visit, and storing such details as your e-mail address, the IP address from which you accessed the site, and other more specific information relevant to that site.  These “cookies” may be quite beneficial, especially if you return to those sites regularly, and you wish to develop a user profile with the associated entity.

Some “cookies” can created for other less kindly purposes, and in some cases can be as invasive as the worst kinds of spyware.

Obviously any user should know which sites are keeping track of them, the purposes of doing so, and should be free to decide whether to permit, or continue to permit, this tracking.

  At the same time, you would clearly want to know whether any other “spyware” has been planted, and have it removed as soon as possible.

There is thus a third category of software which you should have and use regularly on your computer: Spyware detection & removal.

We have reviewed antivirus and firewall functions, the other two categories, earlier:

In a nutshell, antivirus software detects and removes software viruses received in e-mail, files attached to e-mail, files in diskettes or CDs, or inadvertently “picked-up” from some web sites.  The firewall on the other hand, detects and prevents direct intrusion into your computer by other operators or users through the internet connection.

There is some degree of overlap between these three areas, but the tools needed to detect and protect are designed for the specific characteristics of each category.

  We have now evaluated a number of spyware detection & removal packages, for their effectiveness, their ease of use, and their reliability within the user system (including minimum impact on the other detectors, etc.)

The product which we are currently recommending, rates very highly on all counts, and has the added advantage of being free! (Although the author is requesting a donation to support maintenance and on-going development of the product).  Several independent agencies have also evaluated and are recommending this product.

As with the other products, we are maintaining a current copy for downloading to our clients, together with recommendations for its use.

Please call us for information on our current recommendation.

If you have an annual support plan, we will have installed a copy on your system, with instructions for its use.