Security Navigation

Virus | Spam | Firewall | Firewall Basics Configuring Firewall | Blocking IP's Spyware |

Latest news

11 Jun 2008: Calling all motorists to Strike, Save money on Fuel and maybe even save the Planet!!! Walk, Bike or take Public Transport. I'm using my bike now for all local journeys. Soon the politicians will be begging us to use our cars again as tax revenues drop.

Links:

• B.I.S.S. Forums

Security

With the growth of internet access and in particular widespread use of broadband where your machine is online to the internet for much longer periods than dial-up, security is now an essential part of your system rather than an afterthought. Of course many people buy an integrated solution such as Norton Security which does most of it for you, but it is unlikely one product will be the best solution across all the various threats. The following gives some idea of the main threats and what can be done to counteract them.

Defensive Layers

When setting up a security system it is recommended to consider several layers of defense against threats.

Block Bad IP's

The first line of defense is to block certain IP's (websites) that are known to contain potential threats. This way you can stop traffic to and from these blacklisted sites without any further effort on your part.

Install Firewall

The second line is to have a good firewall which will protect your applications and processes from being hi-jacked and also protect against unwanted processes connecting to the net.

Check all e-Mail and File Downloads

The third line of defense and equally important is to have all mail and file downloads scanned for malware in realtime so that you can reject the file before it does any damage.

Virus Scans

The backstop line of defense is the running of antivirus checkers against your file storage. There is always the possibility that something may have slipped through the net, so this acts as an important backstop.

Other Aids

Other lines of defense include checks for when Javascript or Active X is being invoked by your web browser. Having a web browser that is robust against security threats is also an essential line of defense. In the Utility section there are some tools which can help you cleanup unwanted files and even tidy up the Registry, plus software that will tell you what is running. Probably what is needed is a bringing together of these ideas with the firewalls, spam control etc outlined in this section. Unfortunately, just as we are beginning to get familiar with XP and some of its quirks and appetite for running processes and creating files all over the place, we find that Vista is upon us. Undoubtedly we will find that Vista will present us with a whole host of new problems particularly if Microsoft attempt to tackle the security issues themselves and exclude third party solutions.

Security Considerations

Some of the items you may consider installing for your security are Virus Checkers, Firewalls, anti-spyware and spam removal. When you start looking at the products you will notice there are often overlaps in functions, so the anti-spyware may perform some of the firewall function and vice versa. This makes it all very confusing and difficult to decide on the correct approach. I have taken one approach involving using several different products. All I can say is that there is currently no product that provides an ideal solution. Also as quoted in The Ultimate Beginner's Guide to Hacking and Phreaking "There are only two ways to get rid of hackers and phreakers. One is to get rid of computers and telephones... The other way is to give us what we want, which is free acces to ALL information. Until one of those two things happen, we are not going anywhere". So you have to guard against both the hacker who is doing it for kicks and the thief who is trying to steal money from your account; by making your computer less prone to attack by installing security software. If you are running Windows XP alone or even with the bundled firewall this is not going to be sufficient protection.

Virus Checker

Every one is now familiar with the idea of a computer catching a virus, after numerous articles in the press about how they have caused computer networks to fail. Some of the things that viruses can do to your machine include, deleting files, email confidential data, install programs which allow hackers, spammers and perpetrators of Denial of Service attacks to gain access to your machine. Having done its damage then it attempts to copy itself to other computers. It is the ability to replicate itself that makes it a virus; without the replication it could be defines as a Trojan if it set up a backdoor on your computer. The primary role of the virus checker is to identify if there is any malicious software on your computer that could cause a problem. As the role is to check, this implies that it is checking after the event i.e. when your computer is already infected. For example the first thing that might be noticed is that the computer is very slow to start up. There is a separate section on virus checkers detailing the experiences that have been found using Bitdefender and Clamwin and more recently AVG Free Antivirus.

Spam filter

Again spam is now a familiar word whether you use a computer or not. It is a bit like junk mail through your letter box, but even more of a nuisance because it costs the sender virtually nothing to produce and distribute. Spam e-mails can also carry viruses that again are very troublesome. It is therefore important to have a piece of software in front of your mailbox that sifts through automatically and gets rid of the rubbish. The software that I have been using is called Spamihilator and there is a detailed description of what this does and its limitations.

Firewall

By far and away the most important piece of security software is what is known as a firewall. Not so many people are aware of this and therefore there are still far too many people going on to the internet without this vital piece of protection. Not only is it necessary to have this installed but it requires special tuning to your particular circumstances. The section on Firewalls deals with my experiences with Agnitum Outpost Pro. Here I have made an exception and actually purchased some software because it is so important.

Anti-Spyware

As the name suggests there is a real threat from spyware as it can actually invade your computer and relay information back to remote sites revealing any personal details that you have kept on your computer. As you surf through the net you leave a trail of sites you have visited. Unscrupulous advertisers and marketers can use your habits to target you with e-mails etc.

Future Trends

The trend at the moment seems to be away from specialised individual products to integrated security solutions. For example Agnitum started out with a Firewall and they have now introduced anti virus and spyware and spam protection as an integrated Security Suite solution. I view this in much the same way as most people will buy an integrated hi-fi system whereas there will always be a minority that prefer separates. At first sight the integrated solution seems the most sensible but there are drawbacks.

Best of Breed

It is unlikely that one supplier will have expertise and best of breed systems in all areas, so there are bound to be weak links. It is a fact that no security product picks up identical threats to another product. So there are bound to be gaps as well as overlaps, which is why many people prefer to run more than one checker.

Reliance on Single Vendor

By putting your security in the hands of one vendor means that it is more difficult to switch away when you are dissatisfied with either the product or service. For example I know cases where performance has sunk to such abysmal levels that the user would rather avoid system shutdown and startup because the security suite is automatically invoked on startup causing the machine to crawl. When you look at the forums for these products and see the response to problems matches the pace of the security software, you begin to wonder what level of support is being provided.

False Sense of Security

So you pay your licence and you can then forget all about security - quite the opposite in fact. From what I have seen these security suites do very little to control startups and background processes which seems to me to be the main threats to security and how your system performs. All too often I see PC's bloated with automatic startups, processes running that are not required and temporary files hogging space and resources. Windows XP does not help; quite the opposite it positively encourages all this wastage by papering over the operating system with a flashy looking user interface. In this environment where the user does not actually know what is going on in the machine it is no wonder that spyware and viruses flourish. Some simple tools are now becoming available to help control this environment; I particularly like the concept behind RunAlyzer from the Spybot people. This is still in the early stage of development but already gives quite a good analysis of what's running. In future I expect to see more intelligence involved saying which processes are important and which ones can be terminated.

WhiteListing

A very old idea is making a dramatic comeback, and you just know it must be a good idea because of all the negative attention it has received. So instead of a free for all environment where we allow anything to run and then attempt to block everything else that looks suspicious, we turn it on its head and only allow certain applications or processes to run which appear on our whitelist. Everything else is blocked by default, so theoretically most viruses are knocked on the head at a stroke. Good spam filters such as Spamihilator already have a 'Whitelist' plugin which accepts email from allowed users, also the same technique can be used for dealing with Tracking Cookies and Data Miners in IE7 and Firefox, where we only allow certain sites to set cookies. See separate security sections for some expanding details and watch out for the main security vendors releasing new software and see if your security centre software supports this technique.

Verified Web Sites

When you enter your credit card details or go to an on-line banking site, how do you know this is actually the site they say they are?

Comodo Verification Engine

Comodo have come up with a neat plug in for either Internet Explorer or Firefox called Verification Engine which does a verification on the site. I've just started to use it and it does give a bit more confidence about entering sensitive data on-line and helps to protect against phishing. For secure sites, instead of a miserable little padlock symbol, you now get a baloon giving you the security information for the site. For non secure sites you get a green border display informing you that this site is who they say they are. Coverage is never going to be complete but if you use a site on a regular basis you can have it checked and added to Comodo's list. Unfortunately, after an extended trial I had to abandon use of this because I worked out it was causing frequent hangs on either browser and must have resulted in a heap of failure reports going back to Microsoft and Mozilla. I think it might be better to rely on the built in anti-phishing tools that come with IE7 and Firefox.

Firefox 3 - Web Verification and Extended Validation

Now this is what I've been waiting for. If you want to verify the identity of the site you can click the site favicon and see who has verified the site e.g. Verisign Trust Network and if your bank signs up to Extended Validation you get a green shaded favicon. This is great stuff, even more so since several well known on-line UK banks have signed up for Extended Validation.

Belarc Advisor - How Secure is Your XP Installation?

The Belarc Advisor is quite a useful tool for analysing your XP software installation and letting you know where there are holes.

• Virus Protection - The status of your virus protection software and whether your Microsoft update protection is up to date and whether real time scanning is on.
• XP Critical Fixes Installed - A listing of all the installed hotfixes and tells you which ones are missing.
• Installed Applications - In a compact format a list of all your installed software applications and the current version being run. By clicking on a particular application it will tell you the location on your disk where this can be found. If you don't recognise an application then this may be a candidate for removal, but be careful and check that it's not an essential component of your system.
• XP security Settings - A whole host of security setting to check - it gives your PC a security rating. Some of these require very detailed knowledge to investigate and change to a more secure setting

All in all I have found this a very useful tool which is free for non-commercial use.