2006 - A Year
in Review:
By: W.P. ("The Gonz") Flinn
This
has been an active year for new computing products and the security
issues that go along with them. 2006 saw many new
innovations in web browsers, security software suites, and
ways to help make computing safer. This was also a
year for many vulnerabilities and new types of attacks.
This had to be a near-record year for Microsoft in terms of
the number of security patches released. During this past
year, I have attempted to keep you up to speed on some of
the news and events that have touched the world of computer
security and personal computing in general. So, for
this edition I want to take a look back and review some of
the things we have seen, and some of the new things that the
coming year will bring.
Web Browsers and
Email Security:
The web browser and email client are two of the most popular and commonly used of
all the applications on a personal computer today.
They are your window to the Internet and keeping in touch.
Unfortunately, they are often an open window and the tools of
choice that allow the bad guys to crawl through to get into
your system and your personal information. And it
isn't even so much that they allow thieves to secretly come
in and steal while you aren't looking. It is much more
simple than that, and they are getting YOU to do all the
work. The bad guys have figured out that if they are
crafty and convincing enough, they can lure you to their web
site and get you to give away your personal information just
by filling out a form or by running some code (buried in
their web site) on your computer. By tapping into your
natural curiosity, they know that they can send you an email
to lure you to a site where you will fall into their trap
and give away your information, or at the very least give
away your email address and become the target of a massive
spam campaign.
For this reason, web browser
manufacturers, including Microsoft and the Firefox folks,
have created and released new versions of their browser
software that include new features that offer greater
functionality as well as added security. Both browsers
now have tabbed browsing - although Firefox has been doing
this for quite awhile now. But both have enhanced
security features to help keep you safe even when you are
curious and not paying attention to the dangers.
Likewise, email applications have become better at using
anti-spam filters to help keep the junk out. The
web-based email providers, such as HotMail, Yahoo, MSN, and
other ISPs
that offer web based email clients have even been more
proactive at blocking spam and phishing emails at the mail
server and not even letting them through.
Web Browser Security
Features
Some of the most notable security features of the new web
browsers include anti-phishing filtering and other add-ons
that help identify web sites that are known for malicious
behavior. Browser manufacturers are attempting to make
their products sleeker and more efficient, while at the same
time building in features to protect you against dangerous
sites. Internet Explorer 7 and FireFox 2 were recently
released and promise to provide more stability and safety.
And don't forget that you can still use the built-in
features such as Trusted Sites and other privacy settings to
further lock down your browser.
Filtering against sites that are
known phishing sites is a notable feature integrated into
the new browsers, but there are also add-ons, such as
McAfee's Site Advisor that you can install for your
present browser, and work pretty well at helping you to
identify sites that are harmful. But regardless of the
filters or add-ons in place, the thing to realize is that
people are the final safeguard against malicious behavior.
If your filter tells you "don't go there" but you turn it
off and go there anyway, then all of the safety features in
the world are a vain attempt at protection. You have
to make that decision and be willing to accept the risks.
This is a good time to mention
yet another web browser security feature I recently
discovered.
OpenDNS
allows you to specify alternate DNS settings to those that
are automatically provided for you by your ISP. DNS,
or Domain Naming Services, is what allows you to type in a
friendly name, such as www.wflinn.com
instead of typing in the IP address that is actually needed
for accessing that site. When you type in the
friendly name, if your computer doesn't know where it is, it
goes out and asks a DNS server for the correct address.
The DNS server "resolves" the name to an IP address and
sends that information back to your computer. Your
computer then sends the request to access that web site to
the correct web server. Most people don't remember
lists of IP addresses, but do remember friendly names.
That is the service that DNS provides. OpenDNS
advertises that it does this process faster, but also
provides blocking for known phishing and other unsafe sites.
It also provides misspelling features, so that if you were
to type in www.craigslist.og
(notice the .og instead of .org), for example, it would
automatically route you to
craigslist.org.
Email Safety and
Protection
Even though email programs now integrate many safety
features, once again the attack against the human being's
state of security unawareness remains the greatest threat to
computer safety. And the email application is perhaps
the most popular vehicle for exploiting that fact.
Pictures and malicious links contained in emails are an ever
increasing method of attack. Many of the most recent
attacks rely on "social engineering" methods in order to
work. Social engineering is simply a way for an attacker to
fool you into doing something so that the attack can take
place. Since many of these attacks are not "WORMable" -
that is that they cannot be made into a form that can easily
proliferate through the Internet on their own - they must
use deceptive measures to make YOU the user do what is
needed to ensure that the attack is spread. So how can you
help protect yourself? Email filters and rules, not
clicking on links in emails from unknown senders, setting
your email client to not automatically download pictures
sent by unknown recipients. Use the technology built
into your applications to protect yourself, but ultimately
YOU have to make the decision of whether or not you are
willing to take the risk that the links and images sent to
you in emails are safe or not.
Operating Systems:
A lot is in the news in the
world of operating systems - the core piece of software on
your computer that makes it start up, run programs, and give
you a friendly interface. Much has been said about the
safety and security (or lack thereof) of the Microsoft
Windows OS, and many alternative OS's such as Linux are
making their way into the mainstream. Windows
Vista is about to be released, which will make for a very
radical upgrade and change in the way the Windows operating
system behaves in terms of productivity and security.
Xandros Linux:
These are a few of the areas
where the more "user friendly" Linux distros, such as
XandrOS
and
Linspire have made drastic improvements.
For one thing, ease of installation has improved a great
deal. I installed XandrOS in about 30 minutes - and that
includes the time it took to make it work on my network,
install a printer, make my sound system work, and apply all
of the updates. I even installed a few of the free
applications that are available as well, surfed the Internet
for awhile, and set up an email client. In fact, one of the
selling points of XandrOS is its "4-click" installation - in
reference to the fact that in most cases, you can click on
four screens to answer all of the questions and set it up.
My installation was only slightly more involved because I
use static addresses on my network, but for the typical home
user who does not need to do this, the set up is very easy
and the process asks you very few questions before moving on
to the actual installation.
Windows Vista:
In the very near future,
Microsoft will release their newest version of the Windows
Operating System. This newest release of Windows represents
the most radical change in the look and feel of Windows
since the jump from Windows 3.x to Windows 95 over eleven
years ago. From a security and stability aspect, this new
version promises to be more robust. And for those of you
who only care about the "eye candy" features
and have grown bored with the way Windows XP looks, you too
will have some new vivid graphics and gadgets (literally) to
keep you happy. For more information, see
my recent article about the new features of Windows
Vista.
Computer
Maintenance and Physical Protection:
Your data is
a very dynamic and constantly changing thing. While
you can do the outward physical maintenance every
once-in-awhile, keeping your data healthy is a constant
series of activities. Such things as making sure
your virus definitions are up to date, doing a virus scan
regularly, making sure your patches are applied, and
checking for spyware. Given the threats these days, the
aforementioned items should be done daily. Some less
frequent, but still needed computer “health” activities
involve running a Disk Cleanup and a defrag now and then.
Preventive
Maintenance - Cleaning and Updates:
Just as there
are all sorts of heat related problems for humans including
fires, heat exhaustion, and fatigue. Heat has a way of
affecting your computers in bad ways as well. Just as you
feel kind of worn down and sluggish from the heat, your
computers have similar problems. When they get too hot, they
will do strange things like rebooting themselves without
warning, to ‘blue screening,” to shutting down (for their
own protection), or even just outright failing. The central
processor (CPU) and memory components are most susceptible
to heat related problems. There are some things that you can
do periodically to prevent these things from happening, and
even prevent costly damage to your machine. Your computer
has some built in self-protection measures, but you need to
periodically make sure that these built-in measures are able
to do their job properly.
Power
Protection and Backups:
Environmental
(and other) things external to your system can threaten the
availability of your data. More importantly, if something
damages your computer and takes away immediate availability,
are you sure the data itself wasn't damaged or destroyed?
What's the plan for getting it back? After all, if your
computer becomes damaged then you won't have access to your
information when you need it. Even worse - unless you know
the dangers and the ways to protect your data, you may lose
it entirely. Even if you just have a small business at
home, this can be devastating. How much damage would be
done if you lost all of your business accounting records,
client contact lists, and even saved email messages? Home
users - would you care if several years of your income tax
returns, digital photos, and even secret family recipes were
suddenly lost forever?
Computer security is not only a
matter of keeping your data safe from prying eyes, but
making sure it is available when you need it as well. There
are a number of things that can harm your data - even
something as big as a power outage, or as seemingly small as
you shocking your computer with static electricity. Power
outages don't just make the lights go out, but can also
result in surges and other events that harm your computer or
cause it to shut down improperly.
Wrapping It All Up:
This has been an interesting
year to be sure. With the soon to be released Windows
Vista operating system, and the recently released Internet
Explorer 7 and FireFox 2.0 web browsers, there is likely to
be a great deal of activity in the coming year. After
all, those pesky little virus writers now have to get to
work to find ways to exploit Vista. The common theme
in all of these articles from the past year, however, has
been that I want everyone to think about what they are doing
with their computers because "people" are indeed the last
line of defense when it comes to keeping their computers and
themselves safe.
Article Archives
From 2006:
Special Release Articles:
Regular
Monthly Articles:
Back to the Computer
Page
