Security and convenience

May 212012
 
car_keys_security_password

“Your security advice is too difficult, I don’t want to log in when I start my computer or have to mess around when I have to install new software,” a lady told me on the weekend.

Security is always inconvenient. It would be far more convenient if car doors weren’t locked and starting them was a matter of flicking a switch.

Of course we know if that was the case, most cars would be stolen within hours of buying them.

We accept the inconvenience of car keys because we know the cost of having a vehicle stolen is way higher than the occasional frantic search for lost car keys.

Right now we don’t value our data, computers or smartphones the same way.

This is changing and as we start using our phones as electronic wallets we’ll start valuing our passwords and online security more than our car keys.

 

Similar posts:

Malware’s third party path

May 062012
 
Computer security is evolving in a time of social media

One of the few constants with computer security is that threats are constantly evolving.

Malware – malicious software like computer viruses, worms or Trojan horses – are the most common security threat the ordinary technology home or business users will encounter on their PC, laptop or smartphone.

During the big computer virus epidemic of the early 2000s the main target were Windows 98 or XP machine running Internet Explorer as these were so easy to infect.

Today, it’s harder to infect Windows systems and the malware writers have become more sophisticated in the tools and methods they use to catch victims.

Right now, we’re seeing the malware writers focusing on  weaknesses in third party software such as Java, Flash and Microsoft Office.

Mac users have been affected by the Flashback worm which used flaws in the Java computer program and now Adobe have released an emergency update to their Flash application to fill a security hole that could affect all operating systems.

Along with being more sophisticated in their methods, today’s malware writers are also more organised with real criminal objectives as opposed to the earlier generations that were derided as “script kiddies”.

So there’s real risks in not taking basic steps to protect your computer system.

Have the latest updates

When your system asks you if you want to install updates, do so. Both Macs and PCs have an automatic update function which you should enable and pay attention to.

Individual software packages like Java, Flash and Microsoft Office have their own update reminders which you should also pay attention to.

Sometimes though the malware writers distribute fake updates to fool people into installing their software so if you are suspicious about an update, check online to see if you have the latest version.

Run computers in Restricted User mode

One of the big weaknesses for all systems is there is a tendency to run as an Administrator. In older Windows systems this gives almost complete control over the system and can still create problems in newer systems as well as with Mac or Linux systems.

Every user should be run as a Restricted User and this can be set up in the Windows Control Panel or Mac Preferences.

Have an antivirus

While the antivirus industry loves flogging overpriced and overfeatured software that generally slows your computer down as much as it protects the system, it’s still worthwhile having.

For Windows users, the free Microsoft Security Essentials is fine for most users. For Mac users, the free ClamAV or Sophos Anti-Virus for Mac are good choices.

Use a third party browser

Generally using the built in web browsers – Internet Explorer in Windows and Safari on the Mac – tends to amplify security risks. So use a third party browser like Firefox, Google Chrome or Opera.

Be careful

Malware writers, like all crooks and conmen, try to exploit human weaknesses so their tricks often appeal to our greed, fear or lust.

Try to avoid websites offering pirated software, movies, music or pornography and never click on emails or pop up adverts that claim you’ve won the lottery or been infected with a virus.

Cybercrime is real and growing although we should keep in the threat in perspective and not fall for the hysterical headlines we often see in the media.

The risks are going to continue to evolve as the crooks move onto trying to exploit weaknesses in smartphones, social media platforms and cloud computing services.

Despite this, most people won’t be affected by malware or other computer crime by being careful. Just don’t count on being lucky.

Similar posts:

Are we prepraed to embrace risk?

Apr 162012
 
there are risks and dangers in society and business

It’s safe to say the Transport Security Administration – the  TSA – is one of America’s most reviled organisations.

So it’s notable when a former TSA director publicly describes the system the agency administers as “broken” as Kip Hawley did in the Wall Street Journal on the weekend.

 More than a decade after 9/11, it is a national embarrassment that our airport security system remains so hopelessly bureaucratic and disconnected from the people whom it is meant to protect. Preventing terrorist attacks on air travel demands flexibility and the constant reassessment of threats. It also demands strong public support, which the current system has plainly failed to achieve.

The underlying question in Kip’s article is “are Americans prepared to accept risk?” The indications are that they aren’t.

One of the conceits of the late twentieth Century was we could engineer risk out of our society; insurance, collateral debt obligations, regulations and technology would ensure we and our assets were safe and comfortable from the world’s ravages.

If everything else failed, help was just an emergency phone call away. Usually that help was government funded.

An overriding lessons from the events of September 11, 2001 and subsequent terrorist attacks in London and Bali is that these risks are real and evolving.

The creation of the TSA, along with the millions of new laws and billions of security related spending in the US and the rest of the world – much of it one suspect misguided – was to create the myth that the government is eliminating the risk of terrorist attacks.

It’s understandable that governments would do this – the modern media loves blame so it’s a no win situation that politicians and public servant find themselves in.

Should a terrorist smuggle plastic explosive onto a plane disguised as baby food then the government will be vilified and careers destroyed.

Yet we’re indignant that mothers with babies are harassed about the harmless supplies they are carrying with them.

It’s a no-win.

This is not an American problem, in Australia we see the same thing with the public vilification of a group of dam engineers blamed for not holding back the massive floods that inundated Brisbane at the end of 2010.

While we should be critical of governments in the post 9/11 era as almost every administration – regardless of their claimed ideology – saw it as an opportunity to extend their powers and spending, we are really the problem.

Today’s society refuses to accept risk; the risk that bad people will do bad things to us, the risk that storms will batter our homes or the risk that will we do our dough on what we were told was a safe investment.

So we demand “the gummint orta do summint”. And the government does.

The sad thing is the risk doesn’t go away. Risk is like toothpaste, squeeze the tube in one place and it oozes out somewhere else.

While Kip Hawley is right in that we need to change how we evaluate and respond to risk, it assumes that we are prepared to accept that Bad Things Happen regardless of what governments do. It’s dubious that we’re prepared to do that.

Similar posts:

Ending the era of Mac complacency

Apr 082012
 
apple mac computers

The news that the Flashback Trojan has infected an estimated 600,000 Apple Mac computers has been greeted with joy by the dozens of industry experts that have predicted a virus holocaust for smug Mac users for nearly a decade.

While the Flashback malware – the earlier versions could be described as a computer Trojan Horse while the later editions are more like a computer worm – is a real risk to Mac users and it’s important to take this risk seriously.

The Netsmarts business site looks at how Mac and Windows users can protect themselves from Flashback and its variants.

One of the key things in the advice is to make sure anybody using the computer has limited rights; as a Managed User on the Mac and as a Limited User in Windows. This dramatically reduces the opportunity for bad things to happen while online.

I’ve discussed previously while user privileges are one of the reasons why the Mac has historically been less prone to infection to virus infections than their Windows cousins.

Microsoft made the decision in the 1990s not to tighten Windows’ security settings and their customers paid the price for the next decade. This was compounded by some poor implementations of various technologies in Microsoft Windows.

This isn’t to say the Mac, or any other computer system, doesn’t have security bugs. Every operating system does and it’s a conceit of everybody immersed in new technologies, be it cloud computing back to horse drawn chariots, to believe their products are magically infallible.

Part of the crowing from the security experts and charlatans who’ve been desperately predicting a “Macapocalypse” for nearly a decade overlook this.

Even with the proven problem of the Flashback virus, its unlikely we’re see the deluge of malware like that of the early 2000s simply because the Mac OSX, Windows 7 and all the other mobile and computer operating systems don’t have the structural flaws that Windows 98, ME and early versions of XP had.

Much of the Mac versus PC argument in security is irrelevant anyway; the main game for scammers and malware writers has moved to social media services like Facebook and this is where computer users need to be very careful.

However the stereotype of the “Smug Mac” user was true, one caller to my radio show claimed he didn’t have a problem with spam because he had a Mac. Nothing could convince him that email spam wasn’t related to the type of computer you used.

To be fair to Apple they never made the claim their computers were invulnerable to malware, apart from the odd dig at Microsoft. Their users did it for them.

That type of smug Mac user are those who do need a wake up call. For the industry though, it’s business as usual although some will be feeling a little smug their hysterical predictions of the last decade came true in a small way last week.

Similar posts:

702 Sydney Weekend computers: April 2012

Apr 062012
 
radio talkback & discussion on technology, the web and social media

On ABC 702 Sydney Weekend computers this Sunday, April 8 from 10.15am Paul Wallbank and Simon Marnie will be looking at the end of innocence for Apple Mac users, the DNS Changer Virus and how political campaigning is coming to a Facebook site near you.

Some of the topics we’ll discuss include;

If you’d like to learn how to protect your Mac or Windows computers from malware, visit our Netsmarts article on the Flashback virus that explains the security settings and suggests some free anti-viruses.

Listeners’ Questions

While we had a great range of calls from listeners, there was only one we promised to get back to. Kay clearly has a virus infection on her Windows computers and we recommend the free MalwareBytes program to clean it up.

Our IT Queries site has more instructions on cleaning up a virus infection if you’re worried about a sick computer.

We love to hear from listeners so feel free call in with your questions or comments on 1300 222 702 or text on 19922702.

If you’re on Twitter you can tweet 702 Sydney on @702sydney and Paul at @paulwallbank.

Should you not be in the Sydney area, you can stream the broadcast through the 702 Sydney website and call in anyway.

Similar posts:

Navigating the Internet jungle

Feb 252012
 
we need to take security seriously on the web

I usually don’t pay much attention to stories about Apple malware given that most hysterical stories about Mac viruses are written by charlatans spruiking third rate security products.

The story of the Flashback Trojan is an interesting one though, not because the malware is particularly original or that it comes with the usual hysterical claim of being part of the coming wave of viruses that will wipe the smug smiles off Mac users’ facers.

Flashback’s interesting because it combines all the tactics of a modern computer virus or malware, bringing together unpatched vulnerabilities and some social engineering with the intention of stealing user passwords.

These are risks regardless of what type of computer, smartphone or tablet you use. It illustrates how the security risks have moved on since the first epidemic of Windows computer viruses just before the beginning of the century.

Similarly, the motivation for writing viruses and malware has evolved. Where it was once an intellectual exercise for bored, highly skilled young code cutters, today it’s a lucrative criminal enterprise aimed at getting access to victim’s bank accounts and other assets.

Which is the reason why it’s a good idea to have different passwords for various online services – no more using the same password for your online banking, Minecraft and Facebook accounts.

Having the latest security patches installed is also important, particularly with third party products like Adobe Flash, Java or Microsoft Office, so don’t ignore those warnings as a caller to one of my radio slots boasted.

We also need to keep our wits about us online and watch out for the sneaky tricks used to fool us into opening malware, it’s a jungle out here on the web.

Similar posts:

ABC702 Weekends: Facebook and your Family

Feb 122012
 
radio programs for techonology, web, social media, cloud computing and computer advice

For the first 702Sydney Weekend program for the year ABC 702 Sydney Paul Wallbank and Ian Rogerson looked at how to use Facebook safely.

Facebook and other social media services are becoming an increasingly important part of our lives, so it’s important we understand the benefits and the risks involved in using the web.

All the details of what we discussed in the program are available at the Facebook and Your Family post.

One listener’s question we said we’d get back to was Emma who asked about Microsoft Word stopping her Mac from closing down.

This is usually due to problems with an office plug in or the normal template. To attempt to fix the template, follow the instructions at the Word Mac site.

As Ian suggested, it may be time to consider a more up to date program as Office 2001 is seriously outdated.

Similar posts:

Facebook and Families

Feb 122012
 
computers and social media are part of our kids lives

As the Internet has become a normal part of our family lives, social media services like Facebook are becoming important in the way people, particularly our kids, socialise and communicate.

Most of this web use is positive however there are risks with these online tools so we do need to know how to manage social media services and reduce any problems we may have in our families and businesses.

Understand the risks

Facebook is an online service and all web based platforms share the same risks such as stranger danger, bullying, fraud and offensive behaviour – both kids and adults need to understand the risks.

A good start is sitting down with younger kids and using some of the online resources available, the US Virginia Department of Education has a good interactive presentation on online safety.

For Australian specific content, the Federal government’s Cyber Smart website offers advice to families at all ages; from grandparents to kids.

Respect the rules

All online services have rules that govern behaviour, one of the most common is a restriction on under 13s. This is partly because of the US COPPA law that restricts websites and social media services from advertising to children.

Of the other rules that can cause problems Facebook has bans on hate speech and an almost pathological obsession with nudity. It pay to read the terms and conditions so you know what is acceptable.

Under 13s should not use Facebook

While for many kids Facebook is the way to talk to their friends online, parents should resist the pressure to sign their kids up until they are of the legal age.

Regardless of what you think of the rules, many kids don’t have the maturity of to understand or deal with the issues of using social media sites. For that matter, neither do many adults.

Should Facebook find out that an account is owned by a child under 13, they will shut it down immediately.

Choose your friends carefully

Everybody – kids and adults – should be cautious about friends they make online. Just accepting friend requests from anybody, or from those who look cute or cool, can lead to problems later.

Set your privacy

In Facebook you should set your default privacy settings to “Friends”. You can do this by clicking the arrow pointing down in the top right hand corner of the Facebook screen and selecting privacy.

Having set your default privacy settings to Friends, you may want to further improve your privacy by continuing down the privacy screen and selecting functions like not allowing friends to post to your Facebook wall.

Be careful what you like

Liking products and pages can have consequences, at the very least others know what causes you’ve joined.

Joining hate or bullying campaigns or pages is not a good look, so don’t do it if you think you may upset people around you.

You are what you post

Anything you put online is in writing against your name. If it’s going to upset people or cause trouble then don’t do it.

In the United States one teenager found this out the hard way when her father discovered a Facebook post criticising him and her mother. He shot her laptop and then posted the video onto her Facebook page.

Practice Safe Computing

Services do get hijacked, so have strong passwords, up to date virus checkers and make sure the computer is fully up to date with security patches.

Never share passwords with friends or siblings and use different passwords on each service so if Minecraft gets compromised, Facebook or email doesnt’ as well.

Put computers in common areas

Kids’ computers should be in common areas and use of any Internet enabled devices like iPods and mobile phones in places like bedrooms should be strongly discouraged.

Be open to talking

If anyone in your family seems to have a problem with computer use such as getting upset, socially withdrawal or acting unusually then talk to them. This happens with adults as well.

One thing to remember is that punishing people, particularly kids, rarely works well with these technologies so it’s best to make it clear they won’t be in trouble if they come to you with a problem they are having on the net.

It’s not just kids

We have to remember its not just kids who get into trouble online, there’s no shortage of adults who have created problems for themselves and their families through irresponsible online behaviour. So parents need to watch their own social media usage as well.

Should someone in your family be having a problem, then don’t hesitate to talk to the school, employer or Internet provider if there’s issues that need to be addressed.

There’s lot of online services services and resources such as Cybersafe listed above. Also don’t hesitate to call any support lines such as Lifeline or Beyond Blue if you are seriously concerned about a family member’s wellbeing.

On balance, the web and social media are positive influences on most people’s lives so by using commonsense and playing safely, the majority of families will avoid the really terrible stories we hear about online problems.

Similar posts:

The importance of logging off

Jan 272012
 
logging off is an important computer security practice

English Labour MP Tom Watson today learned why logging off your computer is important when his office intern cracked what she thought a joke on his behalf.

What appeared to be a mis-step by the Member of Parliament bought predictable criticism from his enemies in politics and media, particularly given his role as a critic of News International.

The biggest risk in computer security are your staff and co-workers; they have access to your systems and the data saved on them.

In Tom’s case – like most business security breaches – the intern wasn’t being malicious, she was making a very valid point about a serious topic, it was her unfortunate choice of words that caused a problem.

Luckily for her, the boss has taken a mature attitude towards the problem – there’s many bosses who wouldn’t. So the intern seems safe unless the media can beat the story up further.

The moral for all of us is to log off or shut down our computers whenever we step away from them.

If we’re using public terminals in flight lounges, Internet cafes or hotels, then we should make sure we’ve logged out of our email, social media or banking services before the session ends.

Should someone leap on your system when you turn your back, you could find anything from your social media or email account used to send out fake messages about you being robbed through to your online bank balance being pillaged.

We often worry about evil, sophisticated hackers breaking into our accounts but often it’s these simple mistakes that let opportunistic thieves get our details.

Often it’s the simple things that bring us unstuck, so logging off is a good habit to get into. Tom’s intern is right.

Similar posts:

Megaupload, cloud computing and trust

Jan 232012
 
how copyright and piracy can affect our business

The closing down of file sharing site Megaupload has raised the question of trust in the cloud; “It has made cloud services look that much less legitimate” one daily paper quotes futurist Mark Pesce as saying.

For those of us advocating cloud services and advising businesses on using them, this trust issue isn’t anything new. All of us have to be careful about who we trust with our data and Kim Dotcom, the founder of Megaupload, doesn’t come to mind as someone who would stand a great deal of due diligence.

Like investments – another area where trust is essential – we have to spread our risk around. Saving copies of data to your own computer and making sure the information you save on the cloud is in a form easily read by different systems is important, as is not trusting any one service for critical services.

The taking down of Megaupload also raises other questions – as privacy advocate Lauren Weinstein points out;

“But the Megaupload case is more akin to the government seizing every safe deposit box in a bank because the bank owners (and possibly some percentage of the safe deposit box users) were simply accused — not yet convicted — of engaging in a crime.

What of the little old lady with her life savings in her box, or the person who needs to access important documents, all legitimate, all honest, no crimes of any sort involved.

They are — to use the vernacular — screwed.”

It’s this over-reaction by government agencies which is the real concern and the co-operation of large corporations in shutting down services – as we saw with the shutting down of Wikileaks – probably does more to damage trust in all online services, not just cloud computing.

Cloud services are no less trustworthy than our computer systems, all of which can breakdown, catch viruses or be compromised by staff making mistakes. We have to understand that all technologies carry some degree of risk.

For businesses and home users, we need to spread the risks around – don’t just trust one service or technology to deliver your products or services and have a fall back plan if things go wrong.

Similar posts:

 Older Entries