February 15, 2008

Don't do this at home!

After the Xmas holidays, the requests for help of our friends that got themselves a new computer was due. This mandatory free consultancy at least helps us to keep in touch with how the security problems affect to real people instead of corporate business.

Let me share with you my lessons learned (mainly on Vista security incidents) in a reverse ordered list with 5 ideas that I would like to spread to create some awareness among computer users:

5. Implement security from the beginning. Security is not something that you take care of when an incident has happened. Then it is too late. With the current status of the security threats (in one word: scary), it isn't wise to hope that it won't happen to you.

4. Use the security features of your operating system of choice. For example, don't disable User Access Control to tweak your computer. If you need a faster computer, buy it. If you don't, live with it or choose a different approach that fits your needs (like another OS). You don't remove the doors of your car to make it faster.

3. Don't trust silver bullets. Vista is more secure that XP, but still vulnerable. Especially if it isn't used properly. Also every anti-virus will fail to detect some malware. There is no 100% accuracy and the thread of a brand new malware that tries to get into your computer always exists.

2. Stop using administrative accounts for everything. Now it is possible to use Vista from a non-administrative account. It does work. Especially avoid using the administrator web surfing and P2P (instant messaging should also worry you).

1. Don't ever buy the security product ---anti-virus, anti-spyware, or you-name-it--- to solve your problem from the computer that is allegedly compromised. Once you have confirmation or suspicion that a computer is infected with malware, keep in mind that one of the most common pieces of malware is a key logger that will capture your data (personal and credit) and send it to the bad guys.

These were the presents that the three wise men brought to me. Just in case you wonder, the vista machines were compromised in less than an hour after their proud owners opened the shrink-wrap. No virtual machines were hurt during the writing of this post.

Labels:

0 Comments:

Post a Comment

<< Home