‘Computer Security’

Mark A'Bear - 15 Nov 2006 - speaking at the BerksFHS Computer Branch, Woodley

Mark introduced himself as someone who had come to work at Microsoft (MS) and had returned to his ancestral area; the A’Bears having lived at Hill House in Wargrave for many centuries.

His talk concentrated on the Microsoft approach to computer security. He started by demonstrating the new operating system (Vista) that will become available at the end of January 2007. This has been completely redesigned with an emphasis on security but with many other enhanced features.

At present most PCs will be using Windows XP, although earlier versions still exist on older machines. In all cases it is important to obtain the latest updates from the MS web site. Two points to note: 1) Support for ME, W98 & W95 is not being updated; 2) Updates for XP are only available if you have installed service Pack 2 (SP2). This pack includes many security features.

There are two areas that need protection: Your Computer; the User.

Protect your computer
1 Turn on a firewall. XP has a built in software firewall but check that it is turned on. Other programs can also be used. If the Internet connection is through a router check its firewall is on
2 Keep the operating system up-to-date Use the Update facility
3 Install anti-virus software AVG Anti-Virus is free; remember to get updates for any such program
4 Install anti-spy ware software Free programs such as Spybot or Adaware or the new MS Defender
5 Back up the hard disc Save your data (at least) to a CD/DVD or an external drive

Protect yourself
Be aware of potential threats: Spam; Phishing; Hoaxes; ID Theft
Spam email is annoying but can be dangerous. Never open emails if you do not know the sender. If you can preview them, this will be safe but opening them can trigger macros or embedded functions. Viewing an image can confirm your email address. ISPs may have filters to stop some messages; this can result in the blocking of all messages from certain sources - which could be your own ISP (one reason why your email does not get through). Your email program can be trained to put potential spam into a separate folder, where it can be inspected and deleted.

Phishing is an email variant trying to obtain financial information. This can be very sophisticated, including an address that looks similar to the genuine institution and may contain logo images. A genuine institution will never ask for account or password information.

Hoaxes may be relatively harmless, such as chain letters reporting non-existent viruses. Potentially serious hoaxes include reports of account closure or offers to make a fortune.

Actions to protect your system
Use strong passwords, at least 8 characters long, and include other characters such as numbers.
Install file-sharing programs cautiously. Such peer-to-peer (P2P) programs may leave your Internet connection open to other visitors.
Check for web sites that protect sensitive data. These have a web address ‘https’ (“s” for secure) and will have a padlock or closed key at the bottom of the page. Unfortunately this can be forged on a fake site but can be checked by double clicking the key to see the security certificate.
Keep security programs up-to-date by frequent download of updates; this is best done automatically. Microsoft release an update of the Malicious Software Removal Tool on the second Tuesday of each month. This should be downloaded automatically if you use Automatic Updates.
Restrict sharing of files on your PC.

updated 1 Sep 2007