Welcome to the Fast-Air Tech Talk newsletter. The Tech Talk newsletter is a free service for all Fast-Air customers. Please feel encouraged to suggest newsletter topics.
In the previous Tech Talk articles about computer security we focused on two elements: 1) user habits and 2) controlling access to computers. In this third article we’ll tie some loose ends.
Linux and Mac users are well familiar with needing administrative privileges to install software. For many Windows users this is an unfamiliar experience. Since Windows Vista, all subsequent versions of Windows use something called User Account Control (UAC), which is intended to control who can install software. While Linux and Mac users seldom think twice about this fundamental security feature, Windows users tend to think of UAC as inconvenient. Yet UAC is a simple preventive approach against installing bloatware and malware.
Controlling how software is installed is important in today’s world of interconnectivity. Controlling access to a computer extends to people not having direct physical access.
Previously discussed in Tech Talk is downloading software from untrusted repositories. Generally, Linux and Mac users do not worry about whether software repositories are trusted because the available locations for downloading software is controlled and limited. Windows users can install software from just about anywhere, which introduces many security challenges. Limiting those location choices reduces the chances of installing bloatware or malware. Installing software from unknown and untrusted sources is a simple way other people gain indirect access to a computer.
Firewalls are a security layer used to prevent outside access through a network, which includes the web. While complicated uses require complicated firewall rules, most users need only a simple rule set. That is, allow all outgoing connections and deny all unrelated incoming requests. All computer operating systems — Linux, Macs, and Windows — come with built-in firewalls.
While firewalls provide a layer of security, configuring firewalls is challenging when wanting to use certain computer services. Generally most people block all unrequested incoming access with a firewall. Yet a firewall needs to allow access to certain ports to run specific services. For example, hosting a web server usually means opening port 80. There is no way to host a web server without opening the required port. Opening ports to a computer means the potential for malicious intrusion. Opening ports means keeping all software updated with all of the latest security patches.
What is a port? A loose analogy is thinking about ports like windows and doors on a building. The building is the computer and the windows and doors are ports. The windows and doors provide access to the building and likewise, ports provide access to a computer.
Related to this practice is closing all unnecessary ports. For example, a home computer with no local network connection does not need to enable file or print sharing. Thus there is no need to keep the related ports open. There are several web sites that scan computer for open ports. The most widely known is ShieldsUp!.
Even when using firewalls, because humans are fallible and struggle to write software that is perfectly secure, malicious people are able to compromise computers remotely through the web. Sometimes this access is available through zero-day exploits, but just as often is possible through failing to keep a computer updated with the latest security patches.
Some people consider updating a computer with the latest patches to be inconvenient, but without those patches there is nothing to stop malicious people from compromising a computer using those known security flaws. An overwhelming number of computer security related news stories reveal that the affected computers were compromised because software had not been patched.
Protecting a computer from zero-day exploits is impossible. Patching such exploits is possible only after security experts discover the exploit being used. In addition to updating those related patches in a timely manner, there are ways of limiting the potential of using such unknown exploits. Remove software that is well known to encourage those kinds of exploits.
The most widely exploited software are Java, Flash plugin, and PDF viewers when JavaScript is enabled.
Most people do not need Java installed. There are convenient and trusted options for playing videos without using the Flash plugin, such as SMPlayer and VLC. Most people do not need to enable JavaScript in a PDF viewer. There are many PDF viewers available that are designed without JavaScript support at all.
Learn new habits. Learn to control direct and indirect access to a computer.
Computer security involves layers. Computer security is a process. A dose of paranoia is healthy. Just don’t go crazy believing there are bogeymen under the bed. As computer security is an overwhelming topic, another cornerstone of computer security is important but happily simple — remember to breath.
Technical trivia: Only 20 years ago, many people in Iron County were still using rotary telephone dialing devices and could pay phone bills at several local businesses. For people in rural areas, dialing long distance without a human operator became possible only a few years earlier.
Next issue: The Windows 10 Dilemma.
Ever wonder what online youtube video is the most viewed ever? Of course, by watching you increase the number of times the video has been viewed.
- Free Gift Phishing Scams (Notice 2020-001) - January 15, 2020
- Tech Support Phone Scam (Notice 2019-001) - March 14, 2019
- VPNFilter Router Malware (Notice 2018-007) - May 30, 2018