Welcome to the Fast-Air Tech Talk newsletter. The Tech Talk newsletter is a free service for all Fast-Air customers. Please feel encouraged to suggest newsletter topics.

Computers arguably are one of the most complex tools ever invented. That complexity means computers are always insecure to some degree. Humans are fallible and they cannot foresee all of the ways their designs and coding introduce security issues.

Here is a sobering revelation. Originally, personal computers, the internet, and the world wide web never were designed to be secure. Inherent in those original designs was a principle of trust. How times have changed.

Like much of life, computer security is not black-and-white. Computer security always involves a balancing act. Consider the following sliding scales.

|<------------------------------------>|
Security                     Convenience

|<------------------------------------>|
Risk                             Benefit

The two sliding scales emphasize a simple contrast. Focus solely on convenience and computer security is ignored. Focus solely on benefit and risks become unmanageable. And vice-versa.

There is the principle of diminishing returns. For many people, at some point the effort to secure computers provides little to no return on that investment. Each person must slide the scales in the balancing act and decide when that point of diminishing returns is reached.

In the previous Tech Talk we discussed a cornerstone of computer security — the user. Unlearning unsafe habits and learning safe habits.

Looking in the mirror is a good step toward computer security. Controlling access is a second step.

There is an old joke in computer security circles that the only secure computer is one that is unplugged from the network, powered off, and in a locked room. The punch line is the computer is not really secure because the owner still has to worry about who has access to the keys to unlock the door to the room.

The joke teaches some principles about computer security. One, security never will be perfect. Two, the most secure computer in the world is unusable.

What can be done to control access to a computer?

An obvious answer is controlling access to the room containing a computer. For some people that means locking doors to an office or building. Many people do this for various reasons even without using a computer. Yet just as often people walk away from computers and do not lock doors because of the inconvenience. This allows intrusions by inquisitive people and pets. Yes, pets are well known for bumping keyboards and mice.

Controlling access is not just a matter of preventing snooping or accidents but includes theft prevention. IT professionals use computers that are bolted to framed racks to prevent theft. Home and small business users can use basic theft prevention methods too. Many modern computers come with Kensington locks or similar features.

Short of theft and other time consuming intrusion methods, preventing access to a computer might be as simple as not using automatic login. That is, most people gain access to the computer only by logging in. Many people find this inconvenient, but this simple step prevents unwanted access to data and files.

Login accounts require passwords. Passwords are important to computer security. Using simplistic passwords such as 123, abc, or qwerty are easily cracked. Generally, the longer the password the better the security. Using numbers, upper case, lower case, and symbols often are encouraged. Many people use pass phrases, which lengthens the number of characters used. A good trick to creating good passwords is to convert a phrase into a password. A good principle to follow is never use the same password or pass phrase in different places. Many people use password managers to create long passwords and when they have too many passwords to remember.

Similar to logging in, a simple trick to avoid intrusions when temporarily walking away from a computer is using the operating system’s desktop locking feature. This feature starts a screen saver but locks the desktop while the screen saver is active. The desktop remains locked until the current user’s password is correctly entered in a dialog box. Just like logging in, desktop locking is a handy feature to prevent people and pets from inadvertently launching apps by touching the keyboard or mouse buttons. Desktop locking is a useful feature to protect sensitive and private data.

In many places single computers are used by many people. Another way to limit access to a computer is through multiple login accounts. That is, to use a computer each user must login with a unique account. This strategy might be inconvenient when the computer is used in a limited role, but is useful for many people.

A successful element to using multiple login accounts is ensuring there is only one administrative account and all other accounts are limited. Linux and Mac users enjoy this system design by default. Windows users have to invoke extra steps to achieve this simple security layer. In Windows these limited accounts are called standard user accounts.

While Linux and Mac users already have at least one administrative and one limited user account, many Windows users have only one account. The challenge with such a system is creating new non-administrative standard user accounts without disrupting the existing user account and data files. The basic process looks like this:

• Log in.
• Create a new second administrative account.
• Log out.
• Log in with the new administrative account.
• Change the access permissions of the original account to standard user.

Logging in with a limited user account promotes security because that account can’t make changes to the underlying operating system. People logging in with a limited account cannot view the data files of other users and can modify only those files accessible under their user account. That means being unable to install software. Only the administrative account has the appropriate operating system privileges to install software.

Using limited accounts means malware is limited to the amount of damage possible. Malware can only affect the files of each user working under each account. Like desktop locking, using login accounts protects sensitive and private data because only the administrative account has access to all data files on the computer.

Using multiple login accounts offers a benefit for parents and guardians. Using multiple login accounts allows using parental controls to protect young children.

Did you know that email is transmitted in clear text? Including passwords? Use https when using webmail and use SSL/TLS when using mail clients.

Technical trivia: FORTRAN was the first widely used high-level general purpose programming language, developed in the mid 1950s. FORTRAN remains a popular choice today.

Next issue: Computer security – Part 3.

Dogs like dining out too.

Video

• Author
• Recent Posts

Backwoods Geek

Backwoods Geek wrote his first computer program in 1977. He started using desktop computers in 1982 to write training and job aids. These days his home includes routers, switches, computers, a home theater PC, a laptop, and bluetooth phones. His professional career includes instrumentation and controls, computers, industrial training, technical writing, and teaching computer classes. Pastimes include sitting on the front porch, observing wildlife, cutting firewood, reading, watching movies, and tinkering with computers. He is uncomfortable around morning people until afternoon, likes dry and off-the-wall humor, and usually tells jokes with a straight face. He is a believer in the old adage that, "No matter where you go, there you are."

Latest posts by Backwoods Geek (see all)

• Free Gift Phishing Scams (Notice 2020-001) - January 15, 2020
• Tech Support Phone Scam (Notice 2019-001) - March 14, 2019
• VPNFilter Router Malware (Notice 2018-007) - May 30, 2018