Tag: security

Security and convenience

Good security is always inconvenient. We have to learn to live with it.

“Your security advice is too difficult, I don’t want to log in when I start my computer or have to mess around when I have to install new software,” a lady told me on the weekend.

Security is always inconvenient. It would be far more convenient if car doors weren’t locked and starting them was a matter of flicking a switch.

Of course we know if that was the case, most cars would be stolen within hours of buying them.

We accept the inconvenience of car keys because we know the cost of having a vehicle stolen is way higher than the occasional frantic search for lost car keys.

Right now we don’t value our data, computers or smartphones the same way.

This is changing and as we start using our phones as electronic wallets we’ll start valuing our passwords and online security more than our car keys.

 

Similar posts:

Malware’s third party path

How to take care in a changing world of cybercrime.

One of the few constants with computer security is that threats are constantly evolving.

Malware – malicious software like computer viruses, worms or Trojan horses – are the most common security threat the ordinary technology home or business users will encounter on their PC, laptop or smartphone.

During the big computer virus epidemic of the early 2000s the main target were Windows 98 or XP machine running Internet Explorer as these were so easy to infect.

Today, it’s harder to infect Windows systems and the malware writers have become more sophisticated in the tools and methods they use to catch victims.

Right now, we’re seeing the malware writers focusing on  weaknesses in third party software such as Java, Flash and Microsoft Office.

Mac users have been affected by the Flashback worm which used flaws in the Java computer program and now Adobe have released an emergency update to their Flash application to fill a security hole that could affect all operating systems.

Along with being more sophisticated in their methods, today’s malware writers are also more organised with real criminal objectives as opposed to the earlier generations that were derided as “script kiddies”.

So there’s real risks in not taking basic steps to protect your computer system.

Have the latest updates

When your system asks you if you want to install updates, do so. Both Macs and PCs have an automatic update function which you should enable and pay attention to.

Individual software packages like Java, Flash and Microsoft Office have their own update reminders which you should also pay attention to.

Sometimes though the malware writers distribute fake updates to fool people into installing their software so if you are suspicious about an update, check online to see if you have the latest version.

Run computers in Restricted User mode

One of the big weaknesses for all systems is there is a tendency to run as an Administrator. In older Windows systems this gives almost complete control over the system and can still create problems in newer systems as well as with Mac or Linux systems.

Every user should be run as a Restricted User and this can be set up in the Windows Control Panel or Mac Preferences.

Have an antivirus

While the antivirus industry loves flogging overpriced and overfeatured software that generally slows your computer down as much as it protects the system, it’s still worthwhile having.

For Windows users, the free Microsoft Security Essentials is fine for most users. For Mac users, the free ClamAV or Sophos Anti-Virus for Mac are good choices.

Use a third party browser

Generally using the built in web browsers – Internet Explorer in Windows and Safari on the Mac – tends to amplify security risks. So use a third party browser like Firefox, Google Chrome or Opera.

Be careful

Malware writers, like all crooks and conmen, try to exploit human weaknesses so their tricks often appeal to our greed, fear or lust.

Try to avoid websites offering pirated software, movies, music or pornography and never click on emails or pop up adverts that claim you’ve won the lottery or been infected with a virus.

Cybercrime is real and growing although we should keep in the threat in perspective and not fall for the hysterical headlines we often see in the media.

The risks are going to continue to evolve as the crooks move onto trying to exploit weaknesses in smartphones, social media platforms and cloud computing services.

Despite this, most people won’t be affected by malware or other computer crime by being careful. Just don’t count on being lucky.

Similar posts:

Undermining the cloud

Google’s broad claim on users’ data risks the viability of their services

Whenever I do a presentation on cloud computing and social media for business, I focus on one important area – The Terms Of Service.

Google’s relaunch of their Cloud Drive product has reminded us of the risks that hide in these terms, particularly with the one clause;

When you upload or otherwise submit content to our Services, you give Google (and those we work with) a worldwide license to use, host, store, reproduce, modify, create derivative works (such as those resulting from translations, adaptations or other changes we make so that your content works better with our Services), communicate, publish, publicly perform, publicly display and distribute such content. The rights you grant in this license are for the limited purpose of operating, promoting, and improving our Services, and to develop new ones. This license continues even if you stop using our Services (for example, for a business listing you have added to Google Maps). Some Services may offer you ways to access and remove content that has been provided to that Service. Also, in some of our Services, there are terms or settings that narrow the scope of our use of the content submitted in those Services. Make sure you have the necessary rights to grant us this license for any content that you submit to our Services.

This is an almost identical clause to that introduced – and quickly dropped by file sharing Dropbox – last year. It’s also pretty well standard in the social media services including Facebook.

Basically it means that while you retain ownership of anything you post to Google Drive, or most of other Google’s services including Google Docs you’re giving the corporation the rights to use the data in any way they choose.

While the offending clause does go onto say this term is “for the limited purpose of operating, promoting, and improving our Services, and to develop new ones” there is no definition of what operating, promoting or improving their services actually means.

Not that it matters anyway, as one of the later terms says they reserve the right to change any clause at any time they choose. So if Google decided that selling your client spreadsheets to the highest bidder will improve the service for their shareholders, then so be it.

If you’re a photographer then the pictures you upload to Facebook or Google+ now are licensed to these organisations as are all the documents stored on Cloud Drive.

To be fair this is not just a Google issue, Facebook has similar terms as do many others. Surprisingly just as many premium, paid for services have these conditions as free ones.

Because these Terms Of Service are about establishing a power relationship, there’s usually an over-reach by large companies with these terms.

While an over-reach is understandable, its not healthy where the customer has to trust that the big corporation will do the right thing.

Right now, if you’re using a cloud or social media service for important business information you may want to check that service doesn’t have terms that grant them a license to your intellectual property.

Similar posts:

Are we prepraed to embrace risk?

The world is a dangerous place, can governments protect us?

It’s safe to say the Transport Security Administration – the  TSA – is one of America’s most reviled organisations.

So it’s notable when a former TSA director publicly describes the system the agency administers as “broken” as Kip Hawley did in the Wall Street Journal on the weekend.

 More than a decade after 9/11, it is a national embarrassment that our airport security system remains so hopelessly bureaucratic and disconnected from the people whom it is meant to protect. Preventing terrorist attacks on air travel demands flexibility and the constant reassessment of threats. It also demands strong public support, which the current system has plainly failed to achieve.

The underlying question in Kip’s article is “are Americans prepared to accept risk?” The indications are that they aren’t.

One of the conceits of the late twentieth Century was we could engineer risk out of our society; insurance, collateral debt obligations, regulations and technology would ensure we and our assets were safe and comfortable from the world’s ravages.

If everything else failed, help was just an emergency phone call away. Usually that help was government funded.

An overriding lessons from the events of September 11, 2001 and subsequent terrorist attacks in London and Bali is that these risks are real and evolving.

The creation of the TSA, along with the millions of new laws and billions of security related spending in the US and the rest of the world – much of it one suspect misguided – was to create the myth that the government is eliminating the risk of terrorist attacks.

It’s understandable that governments would do this – the modern media loves blame so it’s a no win situation that politicians and public servant find themselves in.

Should a terrorist smuggle plastic explosive onto a plane disguised as baby food then the government will be vilified and careers destroyed.

Yet we’re indignant that mothers with babies are harassed about the harmless supplies they are carrying with them.

It’s a no-win.

This is not an American problem, in Australia we see the same thing with the public vilification of a group of dam engineers blamed for not holding back the massive floods that inundated Brisbane at the end of 2010.

While we should be critical of governments in the post 9/11 era as almost every administration – regardless of their claimed ideology – saw it as an opportunity to extend their powers and spending, we are really the problem.

Today’s society refuses to accept risk; the risk that bad people will do bad things to us, the risk that storms will batter our homes or the risk that will we do our dough on what we were told was a safe investment.

So we demand “the gummint orta do summint”. And the government does.

The sad thing is the risk doesn’t go away. Risk is like toothpaste, squeeze the tube in one place and it oozes out somewhere else.

While Kip Hawley is right in that we need to change how we evaluate and respond to risk, it assumes that we are prepared to accept that Bad Things Happen regardless of what governments do. It’s dubious that we’re prepared to do that.

Similar posts:

Ending the era of Mac complacency

Does the Flashback bug end the Mac’s virus free status?

The news that the Flashback Trojan has infected an estimated 600,000 Apple Mac computers has been greeted with joy by the dozens of industry experts that have predicted a virus holocaust for smug Mac users for nearly a decade.

While the Flashback malware – the earlier versions could be described as a computer Trojan Horse while the later editions are more like a computer worm – is a real risk to Mac users and it’s important to take this risk seriously.

The Netsmarts business site looks at how Mac and Windows users can protect themselves from Flashback and its variants.

One of the key things in the advice is to make sure anybody using the computer has limited rights; as a Managed User on the Mac and as a Limited User in Windows. This dramatically reduces the opportunity for bad things to happen while online.

I’ve discussed previously while user privileges are one of the reasons why the Mac has historically been less prone to infection to virus infections than their Windows cousins.

Microsoft made the decision in the 1990s not to tighten Windows’ security settings and their customers paid the price for the next decade. This was compounded by some poor implementations of various technologies in Microsoft Windows.

This isn’t to say the Mac, or any other computer system, doesn’t have security bugs. Every operating system does and it’s a conceit of everybody immersed in new technologies, be it cloud computing back to horse drawn chariots, to believe their products are magically infallible.

Part of the crowing from the security experts and charlatans who’ve been desperately predicting a “Macapocalypse” for nearly a decade overlook this.

Even with the proven problem of the Flashback virus, its unlikely we’re see the deluge of malware like that of the early 2000s simply because the Mac OSX, Windows 7 and all the other mobile and computer operating systems don’t have the structural flaws that Windows 98, ME and early versions of XP had.

Much of the Mac versus PC argument in security is irrelevant anyway; the main game for scammers and malware writers has moved to social media services like Facebook and this is where computer users need to be very careful.

However the stereotype of the “Smug Mac” user was true, one caller to my radio show claimed he didn’t have a problem with spam because he had a Mac. Nothing could convince him that email spam wasn’t related to the type of computer you used.

To be fair to Apple they never made the claim their computers were invulnerable to malware, apart from the odd dig at Microsoft. Their users did it for them.

That type of smug Mac user are those who do need a wake up call. For the industry though, it’s business as usual although some will be feeling a little smug their hysterical predictions of the last decade came true in a small way last week.

Similar posts:

702 Sydney Weekend computers: April 2012

Join Paul and Simon Marnie to discuss the tech that affects your home and office

On ABC 702 Sydney Weekend computers this Sunday, April 8 from 10.15am Paul Wallbank and Simon Marnie will be looking at the end of innocence for Apple Mac users, the DNS Changer Virus and how political campaigning is coming to a Facebook site near you.

Some of the topics we’ll discuss include;

If you’d like to learn how to protect your Mac or Windows computers from malware, visit our Netsmarts article on the Flashback virus that explains the security settings and suggests some free anti-viruses.

Listeners’ Questions

While we had a great range of calls from listeners, there was only one we promised to get back to. Kay clearly has a virus infection on her Windows computers and we recommend the free MalwareBytes program to clean it up.

Our IT Queries site has more instructions on cleaning up a virus infection if you’re worried about a sick computer.

We love to hear from listeners so feel free call in with your questions or comments on 1300 222 702 or text on 19922702.

If you’re on Twitter you can tweet 702 Sydney on @702sydney and Paul at @paulwallbank.

Should you not be in the Sydney area, you can stream the broadcast through the 702 Sydney website and call in anyway.

Similar posts:

Navigating the Internet jungle

When we’re in the wild, we need to keep our wits about us.

I usually don’t pay much attention to stories about Apple malware given that most hysterical stories about Mac viruses are written by charlatans spruiking third rate security products.

The story of the Flashback Trojan is an interesting one though, not because the malware is particularly original or that it comes with the usual hysterical claim of being part of the coming wave of viruses that will wipe the smug smiles off Mac users’ facers.

Flashback’s interesting because it combines all the tactics of a modern computer virus or malware, bringing together unpatched vulnerabilities and some social engineering with the intention of stealing user passwords.

These are risks regardless of what type of computer, smartphone or tablet you use. It illustrates how the security risks have moved on since the first epidemic of Windows computer viruses just before the beginning of the century.

Similarly, the motivation for writing viruses and malware has evolved. Where it was once an intellectual exercise for bored, highly skilled young code cutters, today it’s a lucrative criminal enterprise aimed at getting access to victim’s bank accounts and other assets.

Which is the reason why it’s a good idea to have different passwords for various online services – no more using the same password for your online banking, Minecraft and Facebook accounts.

Having the latest security patches installed is also important, particularly with third party products like Adobe Flash, Java or Microsoft Office, so don’t ignore those warnings as a caller to one of my radio slots boasted.

We also need to keep our wits about us online and watch out for the sneaky tricks used to fool us into opening malware, it’s a jungle out here on the web.

Similar posts: