Results 1 to 11 of 11
  1. #1
    iNET Interactive
    Join Date
    Jan 2010
    Location
    Seattle, WA, USA
    Posts
    377
    Thanks
    1
    Thanked 29 Times in 24 Posts



    BEST PRACTICES

    Doing your part to secure cyber security


    By Susan Bradley

    October 1 marks the start of National Cyber Security Awareness Month, an event dedicated to raising the public's understanding of safe Internet practices.

    While it's primarily a U.S. initiative, the event has lessons that PC users around the world can use to make us all a bit safer online.

    The full text of this column is posted at WindowsSecrets.com/2010/10/07/07 (paid content, opens in a new window/tab).

    Columnists typically cannot reply to comments here, but do incorporate the best tips into future columns.
    Last edited by revia; 2011-01-19 at 14:52.

  2. #2
    New Lounger
    Join Date
    Dec 2009
    Location
    Frankfurt, Germany
    Posts
    2
    Thanks
    0
    Thanked 0 Times in 0 Posts
    There is perhaps one tip to be added:

    Be aware of government/officialdom snooping - through trojans, filtering, scanning, etc.

    J.

  3. #3
    New Lounger
    Join Date
    Dec 2009
    Location
    Santa Rosa, CA, USA
    Posts
    4
    Thanks
    0
    Thanked 0 Times in 0 Posts
    It's unfortunate that this article and the recommended website continues to foster the myth that a well chosen password needs to be changed regularly. This is a common misconception among security professionals. To my mind, it's a total urban legend.

    Why does anyone think that changing your password frequently increases security?

    1) If a hacker compromises your password, they're not going to wait to rip you off!
    2) If you change all your passwords frequently, you are guaranteed to need to write them down! Likely in a place where they can be stolen en' mass!

    I've spoken many times at RSA Security conferences and other industry venues as to why I consider this recommendation totally bogus.

    So far, few are listening. Not an uncommon situation when you call the emperor naked!

    Regards,
    Bill Finkelstein

  4. #4
    New Lounger
    Join Date
    Oct 2010
    Location
    Ben Lomond, California
    Posts
    2
    Thanks
    0
    Thanked 0 Times in 0 Posts
    ► Protect your funds. Review your banking and credit card statements monthly. Consider asking your bank for credit card with a low credit limit, and use that card for all your online accounts and shopping. As I recommended in my July 8 column, "iTunes account theft strikes close to home," remove automatic billings for online purchases wherever possible.

    Monthly is too late:
    Our bank offers rapid alerts... every time there is a charge on my credit card or atm card we receive an instant notification. Our credit card number has been ripped off twice in the last year and both times we reported the use of the credit card number within minutes.

  5. #5
    New Lounger
    Join Date
    Sep 2003
    Location
    Vantaa, Finland
    Posts
    3
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I recommend two methods for averting malware:

    1. Use OpenDNS.com for your dns service to filter out malware sites

    2. Use WOT (Web Of Trust - http://www.mywot.com) browser add-on to filter out malware sites.

  6. #6
    3 Star Lounger
    Join Date
    Dec 2009
    Location
    Fresno, California, USA
    Posts
    259
    Thanks
    0
    Thanked 71 Times in 45 Posts
    You know there's nothing wrong with writing down your password and putting it in a small home office safe. The chances that a bad guy will find it in your house are pretty low.

    Changing them frequently doesn't mean changing them every month. But using the SAME ONE on all web sites is not wise either.

  7. #7
    Lounge VIP bobprimak's Avatar
    Join Date
    Feb 2009
    Location
    Hinsdale, IL, USA
    Posts
    2,482
    Thanks
    176
    Thanked 152 Times in 129 Posts
    Quote Originally Posted by Susan Bradley View Post
    You know there's nothing wrong with writing down your password and putting it in a small home office safe. The chances that a bad guy will find it in your house are pretty low.

    Changing them frequently doesn't mean changing them every month. But using the SAME ONE on all web sites is not wise either.
    And there are password managers which can automatically remember and change passwords. Roboform is a popular one, and LastPass is one of the free ones.
    -- Bob Primak --

  8. #8
    New Lounger
    Join Date
    Oct 2010
    Location
    Burleson, Texas, USA
    Posts
    2
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I agree that you must use an Antivirus program of some sort immediately upon notice of infection, but you MUST go even further than that. As a computer repair technician, I daily come across PCs that are severely infected, not by anything an antivirus program will pickup, but spyware and malware. It seems that none of the major companies in the Antivirus business do as well in the Antispyware/Antimalware business. Their programs do not easily remove the infections, even if they are found. Programs such as SuperAntiSpyware Free and Malwarebytes Free do extremely well in this arena. Also, if those fail, Combofix, from bleepingcomputer.com works well, though I strongly recommend you have a computer technician looking over your shoulder as you run it, because it could easily do things you had no intention of doing.

  9. #9
    Star Lounger
    Join Date
    Jan 2010
    Location
    San Diego, CA, USA
    Posts
    89
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Sorry to disagree but I find the two security suites that I run, both from Symantec, do great at antispyware and other malware. In addition they are experts at heuristics which is the ability to identify the action of malware without having an actual definition for it yet. The difference between Symantec Endpoint Protection which is a corporate suite and Norton Internet Security 2011 which is a consumer product, is how they handle tracking cookies. The corporate suite doesn't allow any of these to pass, they are blocked altogether. The consumer suite does allow tracking cookies on but when you run a Quick Scan, they are removed. My experience is that if you pay for your security suite and do updates daily you'll not have problems. If you run a security suite that doesn't cost you anything, you shouldn't really expect much. I don't have confidence in any of the ones that are available for free.

  10. #10
    Star Lounger
    Join Date
    Jan 2010
    Location
    San Diego, CA, USA
    Posts
    89
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by Bob Primak View Post
    And there are password managers which can automatically remember and change passwords. Roboform is a popular one, and LastPass is one of the free ones.
    I like Typhoon Password for my Windows XP Professional desktop and use Norton Identity Safe included with my security suite with my Windows 7 Home Premiumlaptop. Both allow me to keep and remember passwords, Norton Identity Safe puts the correct username and password in automatically when I arrive at the log in screen. Both Typhoon Password and Norton Identity Safe are password protected. I can never remember my passwords and having these managers is a godsend! Both storte their pertinent information on the local drive using an MD5 Hash so that anyone getting in from outside cannot read the passwords off the drive. When you use a password manager you must be extra vigilant, you close the laptop before walking away from it, thus someone has to log on to get the manager to work. In the desktop I make the password manager only available for the Administrator account which is password protected and require all others using the computer to use the Guest account. It really isn't necessary to change passwords every so often, I haven't and never have had a password related break in since I started working with computers way back when, so I consider that rule hockey puck! The least secure is my backup Exel file I keep in case my two managers becomenonoperational. I don't let anyone know this file exists and don't let anyone but me on the laptop anyway. In XP Professional I have made it so only the administrator can open it. This has proven to be more than adequate for me and it's darn convenient too! Don't have to try and remember a password spur the moment, I've got it when I need it!

  11. #11
    Star Lounger
    Join Date
    Jan 2010
    Location
    San Diego, CA, USA
    Posts
    89
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I am extremely security concious and yet there are some things people do that I do not consider important and other things people don't do that I do consider important. These are my own rules that I use everyday:

    1. It is not necessary to change a good password regularly! That just invites you to get locked out of a website at a most inopportune time when you need to get on it most...Murphy's Law is bypassed this way! I've been doing computers from the days of DOS 5.0 and have never had a password related break in! If you use password managers as I do, password protect them and make them only available to the Administrator account.
    2. Avoid free security software, it leaks like a sieve! I have yet to find one that is adequate in performance to my needs. With a free suite I feel vulnerable...not a good feeling! Pay the yearly fee to assure you get updates.
    3. Update your security software daily! Do it directly after you fire up your computer. For those setting automatic updates, pick a time and set to do daily updates.
    4. Scan your computer anytime you are suspicious about a site you visited. Do a Quick Scan most of these times. If in Quick Scan something serious is detected, (tracking cookies are not serious, just an annoyance!), immediately perform a Full Scan because remnants can hide where a quick scan will not find.
    5. Password protect the Administrator account on a desktop and always password protect any portable device like a laptop or Netbook. Not doing this is asking for it!
    6. When walking away from your computer log off your account or close the lid forcing anyone to authenticate that opens it.
    7. If you have a laptop running Windows XP Professional and you use it a lot on public networks, do not file share. I know this from experience! A Workgroup can be gotten around by hackers and those files are then in jeopardy! Always select Public when on an unknown network in Windows 7. This assures that you are hidden from the prying eyes of others on the network. You can still find printers and servers on that network, just not as easy.
    8. Do not carry on any monetary transaction on a website unless you see Https. The site is using SSH and is secure when you see the "s". Http is completely unencrypted and therfore prone to interception enroute.
    7. Be smart and learn to recognize social engineering scams! Don't open something just because someone tells you to. If you don't know the person emailing you and their is an attachment do not open it! Delete it and then empty the trash folder immediately. Better safe than sorry!

    I have used these policies for years and have stayed safe and still had maximum convenience on the web. Today's modern security suites are quite intuitive and take care of many things automatically for you and remember, in this area, you get what you payfor. It doesn't pay to scrimp when it comes to security!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •