Top 5 Security Resolutions for New PCs
Now that you’ve unwrapped that new laptop or desktop, let’s discuss how you’re going to keep it clean and safe. I wanted to keep this simple, so this is a short list of 5 Security Resolutions for the New Year. Let’s start with what I consider my most important resolution:
1. I Will Patch My Systems
With the constant influx of new viruses, worms, and computer bot-nets, the task of keeping our computers safe is never-ending. It’s become so bad that security vendors now track the expected survival time of an un-patched computer connected to the Internet. The survival time is an estimate of how long an un-patched computer will remain uncompromised once it’s connected to the Internet. While the actual time varies, historically it tends to run between 4 and 20 minutes. That’s not even enough time to connect and run Windows Update without getting compromised. And that only addresses the Windows patches. What about the vulnerable versions of Adobe Reader, Flash, or any of the dozens of other software packages that may be installed on your computer? For this reason, it has been determined that almost all PCs are vulnerable in some way. Apparently less than 2% of PCs are FULLY patched. That’s a frightening statistic!
It’s basically a catch-22. You can’t connect to the Internet unless your system is patched, but you can’t get all your patches in time to protect your computer. How can we win this battle?
- Slipstreaming: If you’re installing Windows from scratch, you can make your own patched installation CD. The process is called slipstreaming, and basically it’s a method of integrating patches into the installation files of the original software. This is a great method, but it’s out-of-date almost immediately, and it’s of little use to home users — and of no use if the system is pre-built.
- Offline Update: If you can’t go online to patch your system, then you need to patch it while it’s offline (not connected to the Internet). How do you accomplish this? There are now a few different ways you can make your own offline windows update CD/DVD. Obviously, this would need to be created from an already patched and protected computer. Just download and install the tool, run it to gather all current patches, and create the DVD. Then take this DVD to any offline system and voila! It’s patched and ready to go online.
We also need to patch or update various 3rd party software programs. This includes very common programs such as Adobe Acrobat Reader, OpenOffice and a variety of other add-ons that people may have on their computers. Some of these programs have their own built-in update capabilities, but many do not. They may also be disabled by default, or you may have inadvertently blocked it with your firewalls. While I don’t have room to discuss each of them in this article, there are a handful of tools to help with this task as well.
Now that you’re patched and ready to go online, is that enough? Absolutely not! It’s always good to have several layers of security. That brings us to my next resolution:
2. I Will Use Common Security Tools
Security is best applied in layers, and thanks to the free, open-source community, you don’t have to go broke to get all this security. I’ll cover some of the basics:
- Personal Firewall: I know that Windows comes with its own firewall now, but frankly I just don’t like it or trust it. I want to know what’s happening with my system! There are two very nice personal firewall solutions that are free for personal use. For “mom and pop” solutions I recommend Zone Alarm. Zone Alarm was recently acquired by Check Point (the “real” firewall people). It’s a simple firewall that’s easy for non-technical people to use and understand. This is the one I recommend for my folks to use. For the slightly geekier among us, I recommend Sunbelt Personal Firewall. It’s also free for personal use, but gives a more detailed look at the connections in and out of your computer. This is the firewall I use for my personal systems.
- Antivirus: We all know we need Anti-virus and anti-spyware solutions. I think Symantec is packaged on most off-the-shelf systems, encouraging many people to buy into their subscription service, but there are many free solutions in this space, too. My personal favorite is still AVG. I’ve used this software for several years and have never been disappointed. My second choice here is ClamWin. It’s another great antivirus product, free for personal use, and comes in a portable version that can be carried on a USB thumb drive.
- Anti-Spyware: Spybot Search & Destroy — sounds awesome, doesn’t it? I love this program! It’s a very powerful anti-spyware tool that will also “immunize” your browser against common attacks. Second place in this category is Ad-Aware from Lavasoft. Both of these products will provide an excellent level of anti-spyware protection for free.
Now we’ve covered the basics for our security tools, but there’s much more to be done. What about when your system crashes (notice, I didn’t say “if” I said “when)? You do have good back-ups don’t you? Well, that’s my next resolution:
3. I Will Back Up My Data
It’s time to face reality. First, you really do need to back up your data! There are only two types of computer users: those who have had a system failure, and those who will. If you aren’t backing up your data, you’re playing with fire. Home users are especially at risk of using valuable data. My greatest loss from system crashes and disk failures is definitely the loss of digital pictures. There’s nothing worse than losing the only copy of those pictures from your child’s last birthday party or the family trip to Disney World. Disk space is cheap, and back-ups are easy.
First, get an external hard drive, and go big. You can buy a half-terabyte of storage (500 MB) for around $70. The benefit of an external drive is that you can carry it easily to each computer and copy over all your important files. But this is just another drive, and just as subject to failure as your primary computer. Fortunately, DVDs are cheap, too. Get a good DVD burner and use it to back up your files from that external drive. This doesn’t require any fancy back-up software, and you don’t need to know the difference between incremental or differential back-ups. The final word: Just Do It!
Now that my computer and data are relatively secure, let’s talk about that wireless router you got for Christmas. My next resolution:
4. I Will Secure My Wireless Router
Wireless technology is fantastic! No more drilling holes in the baseboards or trying to run cables through the ductwork of your house. Just get a wireless router and some wifi cards for your computer and you’re all set, right? Wrong! This gets you connected, but a default wireless router configuration is an open invitation to having your Internet connection misused.
Don't forget to change your router's default passwords/configuration! Every router ships with a default configuration. Unfortunately, the bad guys know this, and the default passwords are well known. The default configuration also usually has wireless security disabled. That means anyone can connect to your wireless network. Here are a couple of simple wireless security guides to get you started.
Since we’re talking about passwords, that brings me to my final resolution:
5. I Won’t Write Down My Passwords
Walk around any office and look at the monitors. See any sticky notes with a single word written on them? Yes? That’s probably the user’s password. If there’s nothing on the monitor, look under the keyboard. Those are the two most common places people keep their passwords. I have work accounts and personal accounts, multiple emails, multiple networks, personal logons and separate administrative logons, and TONS of web-based accounts for forums. I can’t keep these all in my head, and it’s very dangerous to use the same password for everything. So, we’re supposed to use unique passwords that are difficult to guess. That’s good practice for password usage, but how can we possibly keep track? Enter the password database!
A password database provides a method of storing all your account and password information in an encrypted database. You only need to remember one master password or pass phrase — just make it a good one! My favorite has been Password Safe for the past few years. It was originally written by Bruce Schneier. It’s free, open-source, and regularly updated. My second choice is more suitable for my work environment due to its use of AES encryption. KeePass may become my new standard, but I’m still getting use to the interface. It’s also been set up as a portable app for use on your thumb drive.
Happy New Gear
That’s wraps up my Top-5 list. I don’t think David Letterman has anything worry about from me, but I think you’ll find this simple list will go a long way toward making life just a tiny bit easier in the coming year.