Safe Computing


In the mid-1980s two brothers in Pakistan discovered that people were pirating their software. They responded by writing the first computer virus, a program that would put a copy of itself and a copyright message on any floppy disk copies their customers made. From these simple beginnings, an entire virus counter-culture has emerged.
A virus or worm is a computer program that can spread across computers and networks by making copies of itself, usually without the user’s knowledge. Viruses can have harmful effects. These can range from displaying irritating messages to stealing data or giving other users control over your computer. A virus program has to be run before it can infect your computer. Viruses have ways of making sure that this happens. They can attach themselves to other programs or hide in code that is run automatically when you open certain types of file. Sometimes they can exploit security flaws in your computer’s operating system to run and to spread themselves automatically. You might receive an infected file in an email attachment, in a download from the internet, or on a disk. As soon as the file is launched, the virus code runs. Then the virus can copy itself to other files or disks and make changes on your computer. Trojan horses are programs that pretend to be legitimate software, but actually carry out hidden, harmful functions. Trojans cannot spread as fast as viruses because they do not make copies of themselves. However, they now often work hand-in-hand with viruses. Viruses may download Trojans which record keystrokes or steal information. On the other hand, some Trojans are used as a means of infecting a computer with a virus. Worms are similar to viruses but do not need a carrier program or document. Worms simply create exact copies of themselves and use communications between computers to spread. Many viruses, such as MyDoom or Bagle, behave like worms and use email to forward themselves.
Top 10 Security Tips Use anti-virus software and keep it up-to-date. Keep your operating system and other software current. Use complex, hard-to-guess passwords and change them regularly. Use an anti-spyware program. Use a firewall to protect your computer from Internet intruders. Do not open emails or attachments from unknown sources. Do not download files from an unknown source. Use file sharing sparingly. Only run services that you need. Back up your computer data regularly.
1. Use anti-virus software and keep it up-to-date. Using an antivirus software package from a reputable manufacturer like Symantec, MacAfee, AVG or Avast provides an effective defense against viruses. You should scan your system for viruses once a week at least, and use the software to examine any email attachments you are unsure about. Many antivirus packages come with auto-protection features which will scan any files entering or leaving your system for viruses. Make sure you keep the program updated. Antivirus software manufacturers are constantly creating new sets of virus definitions to keep up with new threats. Without updated definitions, the software will not stop newer viruses from infecting your PC. Most reputable antivirus programs will update themselves automatically when you are connected to the Internet, but it doesn't hurt to make sure you have the latest update before you scan for viruses.
2. Keep your operating system and other software current. Keeping software updated is critical to safe computing. Updates often fix security vulnerabilities. Viruses and malicious users may exploit newly discovered security holes within Windows and Internet Explorer. Windows XP/Vista is an extremely complex operating system, and as such has a number of bugs and design holes which are constantly in the process of being fixed by Microsoft. On the other side of the fence, there are users who are enthusiastically trying to discover these flaws, either for the purpose of informing Microsoft or just for the heck of it. Generally, major vulnerabilities or flaws are patched almost immediately after their existence is made known, or even before. However, users who do not update their systems with the new patch are at the mercy of anyone using software tools designed to exploit the vulnerability. Change the name of the administrative account. Malicious users may attempt to use the built-in 'administrator' user account to gain access to your PC. The administrator account cannot be locked or disabled and is thus the first target for anyone trying to hack into your computer. While the account should already have a password, this does not protect it from attack. Renaming the administrator account adds an extra layer of security by removing the standard user name 'administrator' which any malicious user will try first when attempting to gain access to your PC. Make sure you are logged in as a user with administrative privileges. Right click on 'my computer' and select 'manage.' Expand 'local users and groups' then 'users.' Highlight the 'administrator' account and right click. Choose 'rename' and change the account to a name of your choosing.
3. Use complex, hard-to-guess passwords and change them regularly. In many ways a password equals a signature, or in information technology terms required credentials. In addition to stealing or discrediting an identity, there are much easier things an attacker (or maybe even a friend) could do with a password: send threatening e-mail on your behalf (that appears to come from you) access Web sites and, if you've enabled one-click ordering, purchase items with your credit card access, modify, or delete documents stored on your computer, or on any other central file server that you have permission to access To help protect personal resources, practice secure behavior and treat a password like a personal signature. Here are a few easy steps to help ensure the safety of a password: Never share a password or personal identification number (e-mail, voice mail or otherwise). Choose secure passwords. Passwords that mix random letters, digits and punctuation are harder for people and programs to crack. An easy way to form a secure password that you can remember is to think of a phrase, song, poem, or sentence and use the first letter from each word. For example: "Christmas is on the 25th of December." = "Xms25thoD." "I have owned my dog for 5 years!" = "Ihomdf5y!" There are also specific things you should avoid when choosing a password, including the following: Words from a dictionary (including foreign language dictionaries) or a word from a dictionary preceded or followed by a single character. For example, "Firecracker2" is not a secure password. Names of any kind, including your login name, your first or last name in any form, or your spouse or child's name. Pets name are a bad choice also, as are names of fictional characters. Any kind of easily obtained information. This includes your phone number (may be listed in a directory), your address (again, easily obtained from a directory), or your Social Security number. Simple keyboard patterns such as "qwerty" or "12345678". These generic patterns are easily guessed. Change passwords regularly. Don't record passwords any place they would be vulnerable. This includes cellular phones and palm devices. It also includes a sticky note taped to your monitor or pasted under your keyboard. These are common places where people keep their passwords written down and also common places where people would look to find yours. It is also a bad idea to choose the option to save your password when visiting Web sites - it is much more secure to enter the password again each time you visit.
4. Use an anti-spyware program. Spyware (also called adware) is software that enables advertisers to gather information about a computer user’s habits. Spyware programs are not viruses (you cannot spread them to other computers) but they can have undesirable effects. You can get spyware on your computer when you visit certain websites. A pop-up message may prompt you to download a software utility that you “need”, or software may be downloaded automatically without your knowledge. The spyware then runs on the computer, tracking your activity (for example, visits to websites) and reports it to others, such as advertisers. It can also change the home page displayed when you start your internet browser, and can use a dial-up modem to call 0900 (premium rate) phone numbers. Spyware also uses memory and processing capacity, and can slow or crash the computer. While Spyware is not a virus it has some similarities to a computer virus because it can affect your computer in the following ways. It can cause: Computer instability; your operating system slows down or hangs up. Conflicts between different software programs. Dramatic slow network performance. Advertising popups, including pornography. New toolbars to appear in your Web browser. Your browser to open to a different homepage.
5. Use a firewall to protect your computer from Internet intruders. A firewall is a software program or hardware device which blocks remote access to your computer. It does this by closing all ports to data unless the communication is initiated from inside the firewall first. So you could, for example, surf the net without problems through a firewall since your computer sends the request for data to a web server first. The firewall would note the Internet address that your request was sent to, and allow return communications from that specific address back through the firewall. However, anyone trying to scan a range of IP addresses for vulnerable computers would turn up a blank for your address, since the firewall blocks all unsolicited communication from the Internet. Almost all home Internet sharing devices include firewalls, so if you are using a router to share your Internet connection within your home, you are likely already protected. Otherwise you need to use a software firewall.
6. Do not open emails or attachments from unknown sources. You don’t even have to open an attachment to become infected via email. Just viewing your mail is a risk . Some viruses, such as Kakworm and Bubbleboy, can infect users as soon as they read email. They look like any other message but contain a hidden script that runs as soon as you open the email, (or even look at it in the preview pane as long as you are using Outlook with the right version of Internet Explorer). This script can change system settings and send the virus to other users via email. Check for updates to anti-virus applications and critical updates for the operating system and programs weekly. Many vendors provide automatic mechanisms for online software updates. Be skeptical. E-mail addresses are easily forged. Do not trust an e-mail with messages like "Class is cancelled," "Change your password to xxxxx" and "Make money fast." Except for reporting to authorities, do not forward "chain" letters or dire warnings of viruses or disasters. To protect a computer from viruses, do not open attachments, click on links from unknown sources or forward chain letters. Spam can include advertisements, solicitations and junk mail.
7. Do not download files from an unknown source. There are many ways criminals can get your personal information. They can: Steal records from their employer. Hack into an organization's computer that contains your information. Rummage through trash (also called dumpster-diving). Steal wallets and purses. Steal mail, including bank and credit card statements. Scam information from others by posing as a legitimate business person or government official. Complete a Change of Address form to divert your mail to another location.
8. Use file sharing sparingly. By default, Windows uses the simple file sharing system. This allows any user that has authenticated to your computer to have full access to all shared files. In Windows XP Home, the 'guest' user account is the account used by all remote users to access shared files. Of course, the guest account has no password by default, allowing unlimited, non-password access to your shared files for virtually anyone who finds your IP address. While a firewall will block this type of access in most cases, it still pays to limit your venerability by configuring simple file sharing and the guest user account more securely than the default. Secure and configure the guest user account. If you are using Windows XP Professional, you should password protect and disable the guest account. This will force any intruder to use one of the user accounts you created or the administrator account, both of which should now be secure if you followed the above procedures. Make sure you are logged in as a user with administrative privileges (the first user created during the XP install process has these, as does the administrator). Right click on 'my computer' and select 'manage.' Expand 'local users and groups' then 'users.' Highlight the 'guest' account and right click. Choose 'set password' and provide the account with a secure password. Now right-click the guest account again and choose 'properties.'
9. Only run services that you need. Turn off and remove unneeded services. By default, many operating systems install auxiliary services that are not critical, such as an FTP server, telnet, and a Web server. These services are avenues of attack. If they are removed, blended threats have less avenues of attack and you have fewer services to maintain through patch updates. Services can be turned off by clicking start > run and then typing in services.msc in the run box. Services are listed alphabetically.
10. Back up your computer data regularly. Do I need to say anything more! There are many sites that allow you store data off-site. Some are free and some require a user fee.

In the mid-1980s two brothers in Pakistan discovered that people were pirating their software. They responded by writing the first computer virus, a program that would put a copy of itself and a copyright message on any floppy disk copies their customers made. From these simple beginnings, an entire virus counter-culture has emerged.

A virus or worm is a computer program that can spread across computers and networks by making copies of itself, usually without the user’s knowledge.

Viruses can have harmful effects. These can range from displaying irritating messages to stealing data or giving other users control over your computer. A virus program has to be run before it can infect your computer. Viruses have ways of making sure that this happens. They can attach themselves to other programs or hide in code that is run automatically when you open certain types of file. Sometimes they can exploit security flaws in your computer’s operating system to run and to spread themselves automatically. You might receive an infected file in an email attachment, in a download from the internet, or on a disk. As soon as the file is launched, the virus code runs. Then the virus can copy itself to other files or disks and make changes on your computer. Trojan horses are programs that pretend to be legitimate software, but actually carry out hidden, harmful functions. Trojans cannot spread as fast as viruses because they do not make copies of themselves. However, they now often work hand-in-hand with viruses. Viruses may download Trojans which record keystrokes or steal information. On the other hand, some Trojans are used as a means of infecting a computer with a virus. Worms are similar to viruses but do not need a carrier program or document. Worms simply create exact copies of themselves and use communications between computers to spread. Many viruses, such as MyDoom or Bagle, behave like worms and use email to forward themselves.

Top 10 Security Tips

Use anti-virus software and keep it up-to-date.
Keep your operating system and other software current.
Use complex, hard-to-guess passwords and change them regularly.
Use an anti-spyware program.
Use a firewall to protect your computer from Internet intruders.
Do not open emails or attachments from unknown sources.
Do not download files from an unknown source.
Use file sharing sparingly.
Only run services that you need.
Back up your computer data regularly.

1. Use anti-virus software and keep it up-to-date.

Using an antivirus software package from a reputable manufacturer like Symantec, MacAfee, AVG or Avast provides an effective defense against viruses. You should scan your system for viruses once a week at least, and use the software to examine any email attachments you are unsure about. Many antivirus packages come with auto-protection features which will scan any files entering or leaving your system for viruses.

Make sure you keep the program updated. Antivirus software manufacturers are constantly creating new sets of virus definitions to keep up with new threats. Without updated definitions, the software will not stop newer viruses from infecting your PC. Most reputable antivirus programs will update themselves automatically when you are connected to the Internet, but it doesn't hurt to make sure you have the latest update before you scan for viruses.

2. Keep your operating system and other software current.

Keeping software updated is critical to safe computing. Updates often fix security vulnerabilities. Viruses and malicious users may exploit newly discovered security holes within Windows and Internet Explorer.

Windows XP/Vista is an extremely complex operating system, and as such has a number of bugs and design holes which are constantly in the process of being fixed by Microsoft. On the other side of the fence, there are users who are enthusiastically trying to discover these flaws, either for the purpose of informing Microsoft or just for the heck of it.

Generally, major vulnerabilities or flaws are patched almost immediately after their existence is made known, or even before. However, users who do not update their systems with the new patch are at the mercy of anyone using software tools designed to exploit the vulnerability.

Change the name of the administrative account. Malicious users may attempt to use the built-in 'administrator' user account to gain access to your PC. The administrator account cannot be locked or disabled and is thus the first target for anyone trying to hack into your computer. While the account should already have a password, this does not protect it from attack.

Renaming the administrator account adds an extra layer of security by removing the standard user name 'administrator' which any malicious user will try first when attempting to gain access to your PC.

Make sure you are logged in as a user with administrative privileges. Right click on 'my computer' and select 'manage.' Expand 'local users and groups' then 'users.' Highlight the 'administrator' account and right click. Choose 'rename' and change the account to a name of your choosing.

3. Use complex, hard-to-guess passwords and change them regularly.

In many ways a password equals a signature, or in information technology terms required credentials. In addition to stealing or discrediting an identity, there are much easier things an attacker (or maybe even a friend) could do with a password:

send threatening e-mail on your behalf (that appears to come from you)
access Web sites and, if you've enabled one-click ordering, purchase items with your credit card
access, modify, or delete documents stored on your computer, or on any other central file server that you have permission to access

To help protect personal resources, practice secure behavior and treat a password like a personal signature. Here are a few easy steps to help ensure the safety of a password:

Never share a password or personal identification number (e-mail, voice mail or otherwise).
Choose secure passwords. Passwords that mix random letters, digits and punctuation are harder for people and programs to crack.

An easy way to form a secure password that you can remember is to think of a phrase, song, poem, or sentence and use the first letter from each word. For example: "Christmas is on the 25th of December." = "Xms25thoD." "I have owned my dog for 5 years!" = "Ihomdf5y!"

There are also specific things you should avoid when choosing a password, including the following:

Words from a dictionary (including foreign language dictionaries) or a word from a dictionary preceded or followed by a single character. For example, "Firecracker2" is not a secure password.
Names of any kind, including your login name, your first or last name in any form, or your spouse or child's name. Pets name are a bad choice also, as are names of fictional characters.
Any kind of easily obtained information. This includes your phone number (may be listed in a directory), your address (again, easily obtained from a directory), or your Social Security number.
Simple keyboard patterns such as "qwerty" or "12345678". These generic patterns are easily guessed.

Change passwords regularly. Don't record passwords any place they would be vulnerable. This includes cellular phones and palm devices. It also includes a sticky note taped to your monitor or pasted under your keyboard. These are common places where people keep their passwords written down and also common places where people would look to find yours. It is also a bad idea to choose the option to save your password when visiting Web sites - it is much more secure to enter the password again each time you visit.

4. Use an anti-spyware program.

Spyware (also called adware) is software that enables advertisers to gather information about a computer user’s habits. Spyware programs are not viruses (you cannot spread them to other computers) but they can have undesirable effects. You can get spyware on your computer when you visit certain websites. A pop-up message may prompt you to download a software utility that you “need”, or software may be downloaded automatically without your knowledge. The spyware then runs on the computer, tracking your activity (for example, visits to websites) and reports it to others, such as advertisers. It can also change the home page displayed when you start your internet browser, and can use a dial-up modem to call 0900 (premium rate) phone numbers. Spyware also uses memory and processing capacity, and can slow or crash the computer.

While Spyware is not a virus it has some similarities to a computer virus because it can affect your computer in the following ways. It can cause:

Computer instability; your operating system slows down or hangs up.
Conflicts between different software programs.
Dramatic slow network performance.
Advertising popups, including pornography.
New toolbars to appear in your Web browser.
Your browser to open to a different homepage.

5. Use a firewall to protect your computer from Internet intruders.

A firewall is a software program or hardware device which blocks remote access to your computer. It does this by closing all ports to data unless the communication is initiated from inside the firewall first. So you could, for example, surf the net without problems through a firewall since your computer sends the request for data to a web server first.

The firewall would note the Internet address that your request was sent to, and allow return communications from that specific address back through the firewall. However, anyone trying to scan a range of IP addresses for vulnerable computers would turn up a blank for your address, since the firewall blocks all unsolicited communication from the Internet.

Almost all home Internet sharing devices include firewalls, so if you are using a router to share your Internet connection within your home, you are likely already protected. Otherwise you need to use a software firewall.

6. Do not open emails or attachments from unknown sources.

You don’t even have to open an attachment to become infected via email. Just viewing your mail is a risk . Some viruses, such as Kakworm and Bubbleboy, can infect users as soon as they read email. They look like any other message but contain a hidden script that runs as soon as you open the email, (or even look at it in the preview pane as long as you are using Outlook with the right version of Internet Explorer). This script can change system settings and send the virus to other users via email.

Check for updates to anti-virus applications and critical updates for the operating system and programs weekly. Many vendors provide automatic mechanisms for online software updates.

Be skeptical. E-mail addresses are easily forged. Do not trust an e-mail with messages like "Class is cancelled," "Change your password to xxxxx" and "Make money fast." Except for reporting to authorities, do not forward "chain" letters or dire warnings of viruses or disasters.

To protect a computer from viruses, do not open attachments, click on links from unknown sources or forward chain letters. Spam can include advertisements, solicitations and junk mail.

7. Do not download files from an unknown source.

There are many ways criminals can get your personal information. They can:

Steal records from their employer.
Hack into an organization's computer that contains your information.
Rummage through trash (also called dumpster-diving).
Steal wallets and purses.
Steal mail, including bank and credit card statements.
Scam information from others by posing as a legitimate business person or government official.
Complete a Change of Address form to divert your mail to another location.

8. Use file sharing sparingly.

By default, Windows uses the simple file sharing system. This allows any user that has authenticated to your computer to have full access to all shared files. In Windows XP Home, the 'guest' user account is the account used by all remote users to access shared files. Of course, the guest account has no password by default, allowing unlimited, non-password access to your shared files for virtually anyone who finds your IP address.

While a firewall will block this type of access in most cases, it still pays to limit your venerability by configuring simple file sharing and the guest user account more securely than the default.

Secure and configure the guest user account. If you are using Windows XP Professional, you should password protect and disable the guest account. This will force any intruder to use one of the user accounts you created or the administrator account, both of which should now be secure if you followed the above procedures.

Make sure you are logged in as a user with administrative privileges (the first user created during the XP install process has these, as does the administrator).

Right click on 'my computer' and select 'manage.' Expand 'local users and groups' then 'users.' Highlight the 'guest' account and right click. Choose 'set password' and provide the account with a secure password. Now right-click the guest account again and choose 'properties.'

9. Only run services that you need.

Turn off and remove unneeded services. By default, many operating systems install auxiliary services that are not critical, such as an FTP server, telnet, and a Web server. These services are avenues of attack. If they are removed, blended threats have less avenues of attack and you have fewer services to maintain through patch updates.

Services can be turned off by clicking start > run and then typing in services.msc in the run box. Services are listed alphabetically.

10. Back up your computer data regularly.

Do I need to say anything more! There are many sites that allow you store data off-site. Some are free and some require a user fee.