Security and Privacy: Using Operating System Utilities at Gizmos, Inc: Toolkit: PC Workshop

Summary | In both senses of the word utility, a useful tool and a common public service, you need to decide how safe, secure, and private to keep your computer. Install the tools you need for file compression, security, and virus detection.

What is it?

Security and privacy are emotionally charged issues in the offline world. Look how the insurance industry has prospered in the last century. From seat belts to designated drivers, we haven't been able to stop the carnage on our highways, where killing tens of thousands a year is the price of progress. When crime is down, all the politicians take credit. When crime is up, they blame their opponents.

As part of a quiet backlash, computers and the Internet are held to a different standard. Those who don't go online cite fear. It's not secure; it's not private. Those who don't use their credit cards online cite fear. Print media and members of Congress, citing fear, demand of the computer industry a degree of security and privacy that is impossible to achieve in the offline world. What they're really afraid of is losing power and control.

We can save these important discussions for another day. Our current concerns are more modest, power and control over our own PC's. We want to practice safe computing. We don't want anyone to:

destroy the work on our computers: security

know what information we have or ever had on our computers: privacy

In this emotional situation, we'll ignore the fact that you are your computer's biggest threat. After you come other people physically tapping on your keyboard to explore and delete. Then come the governments and companies that already know about you. We'll also ignore the companies playing on bogeymen: everything from power surges a lightning strike away to kiddie porn a click away. And never mind the contradiction, that you can't have privacy if you want security. You can't have privacy if you want personalization.

The threats involve colorful jargon and misleading metaphors: spam, virus, hacker, firewall, cookie. If you're on a network at work, security and privacy are matters of corporate and government policy. At home and school, the practical things you can do involve operating system utilities: software programs added to the operating system to extend its usefulness, to increase your security and privacy as you see fit.

The right to be left alone -- the most comprehensive of rights, and the right most valued by a free people.
-- Justice Louis Brandeis, Olmstead v. U.S. (1928)

You have zero privacy anyway. Get over it.
-- Scott McNealy, CEO, Sun Microsystems (1999)
source: Wired

skills

Generally, security keeps something out of your computer and privacy keeps it in.

tools

security

The industry leaders are Symantec with its Norton line of products and Computer Associates with its McAfee line of products. Because virus definitions need to be constantly updated, I recommend that you use one of these commercial products and keep it updated.

If you don't want to spend the money on these commercial products, several free products work just as well and keep up to date.

Note | Install only one anti-virus program at a time. If you try the one below, uninstall your Norton or McAfee product first.

Effective protection against computer viruses for the individual and private use on a single PC-workstation. The private and individual use of the AntiVir Personal Edition is completely free of charge!

privacy

As befits any basically emotional process, people's needs for privacy have spawned a sprawling, competitive industry.

ZeroKnowledge - I like their ads: "I am not a piece of your inventory." - $59 per year

Don't Panic - instantly clean your browser history, URL history, cache, browser temporary files, cookies, recently reviewed documents, and all other personal history lists. Free trial version or $19.95.

Your traffic is safer when you use Tor, because communications are bounced around a distributed network of servers, called onion routers. Instead of taking a direct route from source to destination, data packets on the Tor network take a random pathway through several servers that cover your tracks so no observer at any single point can tell where the data came from or where it's going. This makes it hard for recipients, observers, and even the onion routers themselves to figure out who and where you are. Tor's technology aims to provide Internet users with protection against "traffic analysis," a form of network surveillance that threatens personal anonymity and privacy, confidential business activities and relationships, and state security.

Traffic analysis is used every day by companies, governments, and individuals that want to keep track of where people and organizations go and what they do on the Internet. Instead of looking at the content of your communications, traffic analysis tracks where your data goes and when, as well as how much is sent. For example, online advertising company Doubleclick uses traffic analysis to record what web pages you've visited, and can build a profile of your interests from that. A pharmaceutical company could use traffic analysis to monitor when the research wing of a competitor visits its website, and track what pages or products that interest the competitor. IBM hosts a searchable patent index, and it could keep a list of every query your company makes. A stalker could use traffic analysis to learn whether you're in a certain Internet cafe.

Tor aims to make traffic analysis more difficult by preventing eavesdroppers from finding out where your communications are going online, and by letting you decide whether to identify yourself when you communicate.

Security

How bad can it get?

Almost as bad: Someone gets copies of files on your computer without your permission or knowledge. See privacy below.

Right up there: Your children see or hear something or communicate with someone you don't want them to.

What is this "something"?

Your computer is made out of atoms. It can be destroyed by whacking it a few times with a sledgehammer, immersing it in a tub of water, leaving it outside over the winter, or dropping it out a window, all of which you may have been tempted to do. Frequently, I want to shoot mine. I have heard tales of electrical surges caused by a lightning strike or other natural disaster. A house fire would probably melt a computer, since it's mostly plastic (carbon) and sand (silicon).

The hardware can "break" from old age but in my experience, the demands of new software are what "destroy" a computer, making it obsolete.

Next we have the computer's software, which is made out of bits, not atoms. Your hard drive fails or Windows can do one of its infamous crashes. A whole industry of data recovery experts will be happy to recover your data, for a fee. The Data Recovery Group says:

If your hard drive is repairable, and in our opinion will stay repaired, we will return your data on your repaired drive. If it is determined that your drive cannot be repaired, we can return your recovered data in a variety of ways, including copying it to a new hard drive, writeable CD, Zip/Jazz cartridge, or tape system.

We will keep a copy of your data for one week to ensure the successful re-installation of your data. Once your data is re-installed, your data will be purged from our storage vaults.

What is a virus?

A virus is a computer file that does something you don't want it do without your permission or knowledge. At the nuisance end of the scale, it can be spam or an email hoax warning. At the disaster end of the scale, it can be a program that causes you to lose everything and have to reinstall the operating system. Check with the folks at companies like Data Recovery Group before you get too carried away.

I saw an activated virus last spring that made every icon on my friend's desktop move away as his pointer neared it. As a result, he couldn't click on anything. Some 15-year-old's sense of humor. Fortunately, my friend had his Mousekeys option turned on. (Start | Settings | Control Panel | Accessibility Options | Mouse, check the box. Then Start | Help, search for mousekeys.)

Related to spam, which is unwanted email, many people dislike some Web site content -- words and images. It's hard to tell what's on the other side of a click. If you need to filter content, try Timberline Technologies' Alphabetical List of Content Filter Products. If you want to try some inexpensive ($8 to $49) shareware, WebAttack has a list of Web Content Filters.

Who is this "someone"?

a 15-year-old acting out his frustrations by spreading a virus he wrote over the weekend

a laundry soap manufacturer's marketing department pushing an ad onto your screen in a little window that pops up

a guy trying to make a some part-time income with a "home business opportunity" such as MLM spamming (multi-level marketing)

you for putting something on your web site that was found offensive by one of several hundred million people online in over two hundred countries. Forget your mother; what about the Ayatollah?

Note the the Windows Control Panel doesn't have a section on security. If you go to Start | Help, and search for security, you won't find much unless you're on a network (the DCOM references).

What about hackers?

Hacking has a long, honorable, and fascinating history starting with teenaged Thomas Edison. If something goes really goofy with your computer, you'll appreciate a hacker's skills.

If your computer is connected to a network where it is always on and has a permanent IP number, then you need to worry about hackers. A home network with a DSL connection to the Internet is an increasingly common example but is beyond the scope of this section.

If you use a dial-up connection, your ISP assigns you a temporary IP number for the duration of your session. You don't have to worry about hackers. Your computer is vulnerable only to a malicious hacker who sits down at your keyboard.

Since the sites below are publicized in the mainstream media all the time, the cutting (bleeding?) edge of hacking is elsewhere. Try a 15-year-old neighbor who's "into computers".

These kiddies band together into groups that have something between a street gang and Mafia personality. Friends of friends type stuff. When there's a major war, as there was a month or so ago, alliances get changed. ...

Consider the people and the medium. You've got a lot of adolescents, and young adults with minimal if any social life. The interaction is not going to be on the same level as people with broader social experience. Considering that, and the ability to cripple a medium-sized ISP, there's going to be relationship issues, especially when you throw the sparse quantity of girls into the mix. ...

It's not a hobby, it's a social life. These kids don't have much outside of this. Most of them, if they were to go parties they would get beat up. This is their social life.

THE award winning, free, multicomponent detection and removal utility that consistently leads the industry in safety, user satisfaction, support and reliability.

A home on the world wide web for ... The Hackers' Haven, which has been in operation since 1983. From the beginning Hackers.Com represented the ethical side of the underground, the side that penetrated systems not to destroy, but to create knowledge in the minds of everyone who viewed its contents.

a center for research and development of cypherpunk projects such as remailers, anonymous peer-to-peer services, secure network tunnels, mobile voice encryption, untraceable electronic cash, secure operating environments, etc.

Safe computing - what can you do?

Schedule routine security evaluations for vulnerability and availability. Does your computer allow unknown or unauthorized Internet communication? Is your computer's information accessible to hackers?

Do not open any file attached to an email unless you know what it is. Confirm before opening.

Your ISP could have already checked the attachment for viruses, but don't count on it. Just downloading the attached file will not harm anything because a virus is a program or script. You have to "run" it, usually by clicking on it after you download and perhaps uncompress it.

Download files from the Internet via the Web and FTP only after ensuring that the source is legitimate and reputable. Verify that an anti-virus program checks the files on the download site.

If you're uncertain, download the file to a floppy and test it with your own anti-virus software, preferably on a computer used solely for safe computing.

Delete chain emails and junk email. Do not forward or reply to any of them. Close pop-up adware. Get ad manager software that will keep them off your computer (and speed up your surfing).

Find any lost and deleted data on your hard disk even if the partition table is lost or the hard disk has been quick-formatted -- Lost Data, that is the result of a system crash can also be recovered.

Learn more

For years, hackers have had resources available to them to help them learn how to get into your systems, destroy your work, and read your private or proprietary information. They even have places that they go to trade system accounts, YOUR ACCOUNTS, with other hackers. It's time that YOU have a place where you can go to learn about THEM and learn how to protect yourself and secure your data.

The AntiOnline message board, fundamentally, is like many other online communities out there. Many people come together to to talk about everything from life to the what's happening in the busy world of computer security. As much as it is a security site, many of our talks are non security related. The more you post around on the AntiOnline Forums, the more you become part of it and like many of us, you will soon call it your online home.

Scan your system and build a customized report on items such as: missing security patches, weak passwords, Internet Explorer and Outlook Express security settings, and Office macro protection settings.

Unsolicited commercial E-mail--spam--is a true evil, wasting huge amounts of time and bandwidth, and often delivering a direct assault on our privacy. Spam costs us all millions--perhaps billions--of dollars in lost productivity and wasted resources.

Online security tests

Test and fix your browser's security vulnerabilities. This application supports only Microsoft Internet Explorer on the Windows operating system. To Get Started, click on the button to see what intruders could learn about you through your browser. These tests automatically assess your browser for selected vulnerabilities and offer you the most up-to-date patches from Microsoft, when available. This is a free service to educate users about the security of their Web Browsers. All tests are safe and no information is collected. We recommend that you save your work before proceeding.

Make your interactions on the Internet safe and private. Our main concern is to help protect your computer from Internet viruses and attacks by hackers. You can easily test your system for vulnerabilities to Internet threats with our online tests. Find out if dangerous viruses or Trojan horses infect your computer. The tests take less than five minutes. Afterwards you will see a full report including recommendations on how to improve the security of your system. Not sure if your files are infected by a Trojan horse? Send us the files and we will check them within 24 hours. We have the most extensive database of Trojan horses known and can tell you if any of your files are infected.

Privacy

How bad can it get?

The worst that can happen: Someone can learn something about you, make an inference or even a lucky guess, and cause you harm.

Almost as bad, at least to the purists and paranoids: Someone can know anything about you.

Who is this someone?

It doesn't matter, really. Anyone we don't want. Government, marketers, employers, friends.

However, let's get real. We live in communities, both offline and online, so please distinguish private, anonymous, and invisible. You have a right to privacy, to not give out any information, or at least any true information. Moreso online than offline, you can be anonymous by using special software or online services. However, neither online nor offline can you be invisible. By simple observation in public, the worst can happen.

Where do you leave tracks of your activity?

cache, cookies, history, mail trash, drop down address bar, auto complete data forms, downloaded program files, recycle bin, registry streams, Windows run history, Windows find history, chk scan disk files, recently viewed pictures, recently opened documents, MS Office tracks, Windows temp files folder

What about the Cookie Monster?

The cookies on your computer are available in your C:\WINDOWS\Cookies\ folder or C:\WINDOWS\Temporary Internet Files folder. If you're active on the Web, you'll probably find hundreds if not thousands of them. Each is a very small text file that provides a unique number to a corporate database, where the information about you is stored.

From an online marketing point of view, if shoppers will fill out lots of forms about themselves and their interests, then the marketer can attach that information to a cookie. The marketer can remake the store for every repeat visitor. Amazon.com does that to some extent.

If you use a shopper's card at the supermarket you visit all the time, the marketers know a lot about you. What they can't do is remake the store every time you visit.

The only place I use a cookie on Ricci Street is at the Bistro discussion forum. Learn more at the Bistro Lobby and at Cookie Central.

IE CookiesView - display the details of all cookies that Internet Explorer stores on your computer. Sort them, search by Web site, delete them, and copy them. If you don't fancy that interface, search at Google for "cookie manager"

What about encryption?

Encryption takes natural-language information, that is, plain English and numbers, and changes it so that it can't be read. Hopefully it can be decrypted by the recipient. This is a terrific idea for messages on paper going through enemy territory during a war.

It makes no sense on the Internet where every message is divided into small packets before it leaves your computer. It doesn't need a "connection" like the circuit-switched telephone system and it is presumed to be unreliable. The packets are sent separately in a thick stream of bits (ones and zeros) from router to router until they reach the recipient's computer, where they are reassembled into the message, be it words, numbers, or images. A packet's travel time is measured in milliseconds.

In addition, most commercial web sites use the low-level but adequate encryption called Secure Sockets Layer (SSL) built into the system.

Anything beyond that is not necessary. No one, not even federal law enforcement, is intercepting bit streams, isolating packets out of them, and then recreating messages. They don't need to when the computers on either end are so vulnerable, mostly because the humans operating the computers are so vulnerable. The RSA's public-key system, more for authentication than privacy, can keep messages unreadable on those computers, but that's not an Internet problem.

The difficulty in securing your computer is not a technical problem. It is a social, political and cultural problem. Learn more about social engineering, the hacker's best friend.

Term used among crackers and samurai for cracking techniques that rely on weaknesses in wetware rather than software; the aim is to trick people into revealing passwords or other information that compromises a target system's security. Classic scams include phoning up a mark who has the required information and posing as a field service tech or a fellow employee with an urgent access problem. See also the tiger team story in the patch entry.

Your credit card number isn't stolen in transit. It's stolen after it gets to the company you give it to in email or on the phone, and especially in the store. Ask an underpaid sales clerk how many other underpaid employees handle your credit card number. And let's not forget the waiter who disappeared with your credit card the other evening.

Private computing - what can you do?

Don't put any personal information into an email.

Don't participate in any online communities.

Don't shop online.

Don't use search engines.

Don't click around on web sites.

Don't fill out forms.

Don't use passwords.

In other words, don't go online. To be consistent in your offline life, don't talk to anyone, especially on the telephone. Don't use banks or the health care system. Don't shop. Don't have a job. Don't go to school. Don't fill out forms. Don't have anything to do with the government. You should probably wear and hat, dark glasses, and fake moustache in public, too.

If you don't want to pay ZeroKnowledge or Anonymizer, develop a persona or two that you use only online. You've probably seen the t-shirt or coffee mug: "On the Internet, nobody knows you're a dog." Freedom.net called them Nyms. Your ISP may let you have multiple email names. Even better, get a couple of Hotmail accounts and use them whenever a Web site wants your email address to send you something you want. Then see what else gets sent to that address. Find out who the real spammers are!

Next time you need to fill a form but don't feel like using your real info, just click the A-Fill button and it will fill all fields with the word "anonymous" and e-mail fields with "anonymous@example.com". A quick way to bypass forms that force you to fill them before proceeding. It does not work if the page uses frames!

Or ... you can open your computer to others on purpose with peer-to-peer file sharing networks such as KaZaA and WinMX or resource sharing networks such as grids.

Grid computing is a form of distributed computing that involves coordinating and sharing computing, application, data, storage, or network resources across dynamic and geographically dispersed organizations. Grid technologies promise to change the way organizations tackle complex computational problems. However, the vision of large scale resource sharing is not yet a reality in many areas � Grid computing is an evolving area of computing, where standards and technology are still being developed to enable this new paradigm.

Learn more

Webroot's Window Washer -- cleans the tracks left behind on your computer, free trial, inexpensive

The primary threat to the privacy of Americans at home and work in today's electronic world is unwarranted and increased government monitoring and surveillance.

Accountants and computer geeks are no strangers to macho fantasy. So William Farwell's laboratory is adorned with a dignified pewter plaque that bears the label "War Room."

Interrogation room is more like it. It's here that Farwell and his colleagues spend hours beating the truth out of sliced-up floppy disks and hastily erased hard drives. And they almost always talk.

Want to delete data from your computer? Here's the Farwell approach: "You take the drive out and you hit it with a sledgehammer � and then you shred it." Anything less, and he's going to resurrect some of that data.

If you have a cable modem or DSL connection





Showroom information design	Playroom interactivity design	Research Lab usability design
Workbench web design applications	Kiln digital development process	Toolkit digital technology guide


search \| sitemap \| help
Ricci Green \| Digital Wares \| Gizmos, Inc. CyberSea Inn \| Port 80

modified: February 5, 2003 by Douglas Anderson http://RicciStreet.net/gizmos/toolkit/operatingsystem/safe.htm

Windows Security and Privacy

The PC Workshop

What is it?

skills

tools

security

privacy

Security

How bad can it get?

What is this "something"?

What is a virus?

Who is this "someone"?

What about hackers?

Safe computing - what can you do?

Learn more

Online security tests

Privacy

How bad can it get?

Who is this someone?

Where do you leave tracks of your activity?

What about the Cookie Monster?

What about encryption?

Private computing - what can you do?

Learn more

If you have a cable modem or DSL connection