Re: The importance of Securing Your Home Computer

<DigitalFray@xxxxxxxxx> wrote in message
news:1149103133.634908.86370@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Jason Edwards wrote:
<DigitalFray@xxxxxxxxx> wrote in message
news:1149085513.250570.244820@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
White Paper I did on Computer Security and what you should do to
protect yourself:

Is this an advertisement for zonelarm?
You seem to have copied chunks of nonsense from their web site.

Jason


I appreciate everyone's feedback but clearly I haven't been asked any
qualifying questions about the kinds of people I'm dealing with, other
business services I offer, nor are you recognizing the fact that there
are a lot of people who just aren't computer security experts.

Of course there are loads and loads of ways to be uber secure and
prevent all but a nuclear bomb from going off in your box but some of
the feedback sounds a bit like a flame to me. It makes me wonder what
happens to someone that comes in here that isn't a security expert and
asks questions for help, not for gain in personal ego.

Read the "Coalition against Personal Firewalls" thread.


I copied the Feature section from ZA's site as to save time in trying
to write up what they've already done.

There are a lot of people out there who are completely open to the most
basic security breaches. This is a first place to start.

The simple fact that pop-up queues exist is because the application
cannot distinguish between legit traffic and illigitiment traffic. The
application (Zone Alarm in this case) asks users on the fly whether to
allow inbound and outbound traffic. I agree the descriptions and aid to
a user could be improved here since half the time they don't know which
button to click "allow / deny." ZoneAlarm Internet Security Suite does
a good job because it handles spyware, viruses, and software firewall
as a single solution. To get someone up and running and a first line of
defense, this is what I recommend. Again, it works well for many of my
customer's needs.

My experience with it is that it quickly gets the customer into a complete mess
because the customer is unable to understand what it's doing or how to configure
it.


The problem is there is not a straight forward setup for most users to
get as secure as many of you people trolling the security forums are
privy to.

I'd start with an external firewall box.
A cheap NAT box is much better than nothing for a home user.
It may not be a real firewall but no inexperienced home user should be without
one.


This simple explanation is to get people started. What I have outlined
does the job for someone on a budget and not knowing all the ins and
outs of hardware firewalls and other security means.

You can do the same thing with an external firewall box and teaching the user
why they shouldn't use and administrator account except when they need to
install new software.


If you've got constructive feedback on additional security measures one
can employ, then by all means list them.

1. Get an external firewall box.
2. If for some reason an external firewall cannot be used then make sure the PC
is not offering services to the Internet.
3. I don't use virus scanners myself but I do sometimes advise home users to
use:
http://free.grisoft.com/doc/2/lng/us/tpl/v5
4. Get the user to use a user account on their PC not an administrator account.
5. Make sure ALL software on the PC has all the latest security updates. A visit
to http://update.microsoft.com will be required, as will a visit to other
software vendors as required.
6. Backup the new PC before installing anything, and at regular intervals
afterwards.
http://www.google.com/search?&q=norton+ghost
I don't recommend Norton home-user products except that one.

I don't use anti-spyware products because whenever I run
http://www.safer-networking.org/ it never finds anything except irrelevant
cookies.

I don't use personal firewalls because it's not possible to make an unwanted
inbound connection to me. And I don't use software that makes unwanted outbound
connections.

If I did get malware on my PC then I'd follow Microsoft's advice:
http://www.microsoft.com/technet/community/columns/secmgmt/sm0504.mspx

I don't use virus scanners because they cannot see into the future.


Please keep in mind the following when coming up with ideas:

Many of my clients are just getting familiar with the internet for the
first time, and might even be using a new computer online for the first
time.

See above list


Many of my clients do not want to spend a lot of money.

See above list.
If they are not prepared to use a minimum of a NAT box with a broadband
connection and are not prepared to learn how to make regular backups then tell
them to find another consultant.


Maintenance of systems usually gets outsourced to a computer consultant
- not a cheap endeavour - more hardware can equate to more maintenance.

Time. How long does it take to setup a relatively secure home network?
How long does it take an amateur? You'd be foolish to assume everyone
has, or even wants, to spend any time at all on setting up a strong
network at home, save the fact that if they don't, they'll probably get
hosed, which is why I'm often consulting in the first place.

Think of people who don't spend a lot of time thinking about computers
at all, much less security.


Again, I would appreciate any feedback that is constructive about ways
to improve the process, additional steps, or effort for helping people
be more secure all around.

Don't install software products for them which they'll never be able to
understand and which unnecessarily increase the complexity of the system.

Jason


.