Day: September 20, 2010

Following on my gentle rant about the idiot who wrote a cautionary article about Antivirus 2010 without once accepting responsibility for infecting himself or giving his readers any advice on how to avoid infecting themselves, in response to a couple of emails asking, essentially, “So, how do I avoid becoming infected?” here’s a lil enchiridion you can print out and tape to your forehead, if you wish. *heh*

Some folks would say to just use a ‘nix (Linux or Unix–BSD or some such) and not bother with further security measures, and they have a point. Most of ’em though, keep it covered with an artful comb over. 🙂

Seriously, ‘nixes are structurally less vulnerable and are a far, far smaller target, as well, and each of those things offer some protection. But threats designed to attack Linux and Unix OSes (including the OSX GUI-crippled BSD) do exist, and simple privacy concerns would compel any intelligent ‘nix user to have decent firewalls and practice other safe computing practices, so in some (small) part, what I’m about to say regarding safe computing practices for Windows users applies across the board.

1. Use your head. Learn the general nature of threats that exist and think about what you are doing when you use a computer. Simple common sense, which apparently is not all that common. Don’t blythely and unthinkingly “click” your way through your computer use and expect that you’ll not infect yourself. You probably will, if that’s your mindset.

2. Learn how to configure your firewalls and make sure they’re turned on. Always. I had some loon “support” person for my cable internet service once tell me to turn off Stateful Packet Inspection in order to solve a connectivity issue. I quickly escalated the call to someone who didn’t have his head up his ass (who then determined that, as usual, the problem was on my ISP’s end. Naturally. *sigh*). If I’d blindly obeyed the instructions from the idiot, major portion of my router’s firewall would have been disabled. Dumb. Really dumb.

And do have a “hardware” firewall (your router is probably running an embedded Linux with its own firewalling capabilities) for your network and each computer with its own software firewall. See here for a short FYI.

3. Make sure EVERY computer on your network is fully patched for known OS and application security flaws. Secunia Personal Software Inspector (PSI) is a good tool for Windows users to use to locate and patch insecure software on your computers. Most contemporary ‘nix distros do a Good Enough job of helping folks do this via built in tools.

4. Make sure EVERY computer on your network is fully equipped with reliable antimalware software from reputable companies, and that ALL antimalware is always kept up to date and that ONLY ONE antimalware software is set to continually monitor computer behavior and automatically scan email, etc.

But. Do NOT rely on your antimalware software(s) to automatically update themselves and automatically scan your computers. At least once a week, manually update and scan.

5. NEVER–no! NEVER, ever open email attachments without FIRST manually scanning them with your primary up-to-date antimalware software. Never. I once had an infected attachment sent me from The Most Trusted (computer related) source I knew. A guy who was and is an Ultimate Computer Geek. He slipped up, but because I did as HE had taught me and scanned it manually, the fact that my anti-virus had somehow missed it on autoscan of emails didn’t matter.

6. Refuse to allow yourself to click on popups. No. Just DO NOT DO IT! First, what in the heck are you doing using a browser that allows popups, anyway? Get a modern browser, configure it to kill popups or get an extension that’ll do it. If you do see a popup, CLOSE THE TAB instead of clicking on the popup. You do not need to be on that site anyway, since the site owner is such a rude ass. Continue reading “Obligatory “Safe Computing” Post”