What’s wrong with Internet and computers today?!
Last week I saw a piece over on wired news by Kevin Mitnick. This former hacker now turned security expert gives his Top 10 list of steps you should take to protect your information and your computing resources from the bad boys and girls of cyberspace.
- Back up everything! You are not invulnerable. Catastrophic data loss can happen to you -- one worm or Trojan is all it takes.
- Choose passwords that are reasonably hard to guess -- don't just append a few numbers to a no-brainer. Always change default passwords.
- Use an antivirus product like AVG or Norton, and set it to update daily.
- Update your OS religiously and be vigilant in applying all security patches released by the software manufacturer.
- Avoid hacker-bait apps like Internet Explorer and disable automatic scripting on your e-mail client.
- Use encryption software like PGP (pretty good privacy) when sending sensitive e-mail. You can also use it to protect your entire hard drive.
- Install a spyware detection app -- or even several. Programs that can be set to run frequently, like SpyCop, are ideal.
- Use a personal firewall. Configure it to prevent other computers, networks and sites from connecting to you, and specify which programs are allowed to connect to the net automatically.
- Disable any system services you're not using, especially apps that could give others remote access to your computer (like Remote Desktop, RealVNC and NetBIOS).
- Secure your wireless networks. At home, enable WPA (Wi-Fi protected access) with a password of at least 20 characters. Configure your laptop to connect in Infrastructure mode only, and don't add networks unless they use WPA.
Technically Kevin is right, socially this is wrong. What this list highlights is that the combined Internet and PC industry has delivered a product that when compared to cars one must not only have a drivers license but also to be a mechanic able to maintain one’s own car and driveway. Yet we feel anyone should be able to own a PC and get onto the net.
This list being published on wired news most users will simply go on their merry way in blissful ignorance, even those whom it does reach may not be able to do this or have the energy to expend to actually perform these tasks. The way I see it the real audience is the tech-savvy crowd that can do something about it.
For the tech-crowd the main issue should be twofold (1) how did we get into this muddle and (2) how to get out of it? I will not go into a detailed discussion on each of the points, although that would make for an interesting day of discussion. I will stick to the main points:
- PCs are very good at running programs, any program. This has led to its success (“oh just download this prog and you wil have … for free”) but also is a serious security risk
- PC programs have practically ultimate power on the PC so any program may wipe all the user’s data. (note that unix and by inference MacOS X and Linux also allow programs run by the user to wipe all the user’s data, their security only prevents it from killing the system too)
- PCs have way too many settings. An ordinary PC user scratches only the surface of what the PC can do. But in order to make everything work out of the box, all kinds of convenient services the user may never need are enabled by default. Each of these may provide a security threat.
- Same with WiFi, that too is set-up out of the box for convenience not for security.
- Internet protocols were created for a “friendly” network used by serious people, today the Internet is anything but that…
Now, as an engineer, users never cease to amaze me with the level crappyness of technology they are willing to put up with. On the other hand I do feel the engineers have let the users down in this area.
Engineers: accept your responsibility it’s time to put things right!