By Glenn D. Tiffert
Google’s recent revelation that its servers have been attacked by hackers, and that Chinese, US and European human rights activists have been affected, has drawn more attention to internet security. But in fact, any computer plugged into the internet may be probed by automated agents dozens-if not thousands-of times a day. These agents check a long list of documented and undocumented vulnerabilities, looking for any that exist in your system. The agents are indiscriminate.
Even if you are personally not known to or of any particular interest to the people using these agents, access to your computer is still useful for masking their attacks on others or for mounting criminal activities. That is one way botnets of tens of thousands of computers are assembled.
Another way is to entice you to open a malicious email attachment or to visit a malicious web page, either of which may appear benign but actually contain hidden code that exploits software vulnerabilities on your computer. This code can allow a remote user to quietly take and retain control of your computer until it is detected and removed.
Here are ten things you can do to help protect your computer against hackers:
1. For greatest security, I suggest not installing or uninstalling Adobe Acrobat Reader and Flash Player, including their related web browser plug-ins. Reader and Flash Player have each suffered from a succession of critical vulnerabilities over the years. With certain versions of Flash Player, exploits exist that allow a remote user to turn on the built-in microphone and camera on your computer and secretly monitor you. Adobe eventually issues bug fixes, sometimes sooner, other times later.
There are free alternative PDF reading applications that will suffice for a great many computer users. On Mac OS, there are Preview and Skim. One Windows alternative is Foxit Reader.
Disabling Flash Player may not be feasible for some users. For example, some web sites require Flash Player to view multimedia content, and its absence can adversely affect viewing popular sites such as YouTube.
If Reader or Flash Player are necessary for your work, please make sure you have the latest version appropriate to your operating system, and get in the practice of checking periodically for updates. Visit: https://www.adobe.com/
2. Regularly check for and install operating system patches released by your vendors (e.g. Apple or Microsoft), web browser updates, and software updates (MS Office, etc.). Install and update anti-virus and anti-malware software, and most of all use common sense when opening attachments.
3. Never use an account with administrator privileges for ordinary work, particularly email or online activities such as web surfing. Use the admin account only for things like installing or updating software from known vendors, or configuring software and peripherals, then logout of the admin account when you are done. And of course, periodically change your account and email passwords.
4. Configure your computer to go to sleep after a short period of inactivity and require a password to wakeup. Also, disable automatic login; configure the computer to require a password at startup. This will limit somewhat the physical access a third-party has to it when your back is turned. I am aware of a nanny (“ayi”) employed by certain expat executives who had access to and installed monitoring software on their home computers.
5. Activate the firewall built-in to your operating system. Check your documentation or online help for instructions on how to do this.
6. Whenever a new major revision of an operating system comes out (e.g. Vista, Windows 7, Mac OS 10.6), consider “clean” installing it, rather than installing it on top of your existing setup. This involves a fair bit more work (it’s equivalent to setting up the computer again from scratch, including reinstalling all software), but it will help wipe any viruses or malware lurking on your system.
7. Consider purchasing an email digital ID. When you send an email, this will allow the recipient to authenticate your identity and allow you to encrypt the contents of your message. This minimizes the risk of spoofed emails and eavesdropping in transit. One such product is the digital IDs available at www.verisign.com. (Note: these do not work on webmail, only on clients such as Outlook, Thunderbird or Apple Mail.) Digital IDs work best when all the parties to an email message have one.
8. Run the Shields Up! test available at: https://www.grc.com/. This will benignly scan the ports on your computer and alert you to any which may be open and vulnerable to external probing and attack. I recommend scanning “All Service Ports.” (Note: deciding what to do with the test results requires a knowledgeable user, as changing port settings may adversely affect the functionality of certain software.)
9. Refer to the configuration guides on this site for suggestions on how to enhance the security of your operating systems further. https://www.nsa.gov/ia/guidance/security_configuration_guides/operating_systems.shtml
10. New software vulnerabilities are found all the time, and sometimes attacks are devised before software vendors even become aware of the vulnerabilities or patch them. Your best defenses are caution and vigilance.
Glenn D. Tiffert is a Ph.D. Candidate at the University of California, Berkeley.