HOME PC Alamode About Us HELP
Reviews Columns Features Archives Other  

 Preventive Maintenance

Computer Security
April 2002

Russell James is Operations Manager at BJ Associates of San Antonio. They are an authorized service center for Toshiba and Sony systems. They are the laptop specialist and also handle system builds and parts for desktops. They can take care of any IBM compatible hardware or software problem that you have.

This month I would like to revisit the topic of computer security and give you ten rules to live by. I recently read an article on the Microsoft Website that these rule came from but I will need to summarize them here because of the availability of space for this article. The reason that I chose to use these rules this month is because they all visit items that I have mentioned in previous articles in this column. The rules are so simple and straightforward that the novice should be able to understand as well as the more seasoned veterans. Letís get started with the security list to live by.
Law #1:  If a bad guy can persuade you to run his program on your computer, itís not your computer anymore.
It is a fact of life that computer programs will do exactly what the programmer has asked it to do. If you as the user choose to run a program, whether it is a program that you bought at the local electronics store or the latest e-mail that you received, you have chosen to turn over control of your computer to the person that has written the program. Programs can be written to perform an infinite amount of tasks that we find useful such as using a modem or creating pictures. They can also be written to record keystrokes of the user or even delete every file in the Windows directory or any other directory that the programmer chooses. That is why it is so important to know the origin of a program before you make the decision to run it on your system. I am not talking about knowing the person that sent the program to you, but knowing and trusting the programmer that wrote the program. It could have come from the computer of a friend who has an infected computer that is sending itsí infection to everyone in his address book without his knowledge.
Law #2: If a bad guy can alter the operating system on your computer, itís not your computer anymore.
The operating system is made up of a number of different programs that produce a desired result for the most part because of the way the programs are written. If you choose to allow an unknown program to run on your system that changes the files that control the operating system, you have turned the control of your system over to this program. Operating system files are meant to control operations on your computer and if other files replace them then they will be doing what the hacker wants them to do instead of what they were intended for. This means that he could be creating an account for himself as the administrator and having his way with your computer system and the systems that it connects to.
Law #3: If a bad guy has unrestricted physical access to your computer, itís not your computer anymore.
Your computer should be secured relative to the value of the system. This would not only include the physical system but also the information that is stored on it. There are so many things that someone could do to your system if they could touch it that it is just scary. You wouldnít leave your wallet open on the lunch table but it is OK to leave your computer open to anyone that sits down at your desk while you are at lunch. It all has to do with the relative value of the information.
Law #4: If you allow a bad guy to upload programs to your Web site, itís not your Web site any more.
With the explosion of the Internet a lot of companies are developing an online presence with a Web site. A lot of these Web sites are created by the users instead of professionals and because of this lack of knowledge, there is the chance that some security measures could be compromised. Unneeded ports could be opened and your Website could be open to anyone because of this lack of knowledge.
 Law #5: Weak passwords trump strong security.
If your password is password then it isnít much of a password now is it? Enough said! It all comes down to the relative value of the information.
Law #6: A machine is only as secure as the administrator is trustworthy.
Every computer system has to have an administrator who has control over the installation of software and the management of the security of the system. If this is a personal machine then you are it. If this is a company machine, then you need to understand the power that this person will have over your world. They as the administrator will have an unlimited amount of power to control and change the security for your systems. If the person you hire to manage your systems is not worthy of your trust, they have your business lying in the palm of their hands.
Law #7: Encrypted data is only as secure as the decryption key.
This law goes back to the same problem as law #5. There is no sense encrypting data if the junior high student down the street could break the code. You can have the biggest and best lock on your house but it wonít do much good if you keep the key under the front door mat.
Law #8: An out of date virus scanner is only marginally better than no virus scanner at all.
If the only viruses that you get hit with are as old as your virus scanner then you can consider yourself safe. Since this is not the case for the most part, then you are not protected from any of the viruses that have come out since the last update to your virus software.
Law #9: Absolute anonymity isn't practical, in real life or on the Web.
Every interaction that we have with another human being in real life allows the other person to learn a little bit about us. The same is true for the Websites that we visit. You need to understand that there are Websites that collect data about visits that you make to their site. The amount of information is directly linked to you and the settings within your system. There is no way that you can be completely anonymous but you do have the ability to regulate the amount of information that is available to Website through your system. Options within most browsers will allow you to change the acceptance of cookies. Routers will mask your true IP address and there are ďanonymizing servicesĒ that will launder that information that you give out. None of these methods will allow you to have complete anonymity and anyway do you really know who has control of the service?
Law #10:  Technology is not a panacea.
Technology has allowed us to accomplish more work in a shorter amount of time. Computers are getting more powerful and cheaper by the day. Even with all of the advances, there will never be a time when we will be able to feel 100% safe. It has been said that the only totally secure computer is one that is encased in concrete and unplugged. We have to balance the amount of security with the value of the data that we are working with. If the attacks are coming through the e-mail then that is where the protection must be concentrated. If it is coming from the browser then that should be the focus of our attention. 
We all could do a better job of securing our systems. The main idea here that there needs to be a system in place that will work. If the system is too much trouble then you the user will not follow through. If the system is too simple then we are back to the point of no security. There needs to be a balance and it comes down to the relative value of the information that you are dealing with. Have a plan and then work your plan and you will get along just fine.

Copyright© 1996-2010
Alamo PC Organization, Inc.
San Antonio, TX USA