DACS General
Meeting
April 2008
Program Review:
Secure Computing in the Internet Age Presentation
by Flo Ferrara, Acting VP
of Programs
Jeff Setaro’s presentation on secure computing at the
April General Meeting was as comprehensive as it gets. The presentation
touched on three main areas: threats, solutions and tools. It
is obvious that Jeff has a wealth of knowledge in this area and
based on the large number of questions he fielded at the end
of his talk, it is equally obvious that security is a topic that
is high on everyone’s list.
Jeff began his discussion by stating that the current ‘plug
it and go’ mindset needs to end. Computers have become
so commonplace that users no longer care how they work; users
just want to hop on and go. This is the wrong attitude to have,
regular maintenance is a must.
Jeff outlined various trends from 2007. A review of the year
showed that while slightly more than half of all malware hosting
sites are in China, less than a quarter of that malware is written
there. And, it was pointed out that approximately a quarter of
all spam originates in the United States. Most astonishing perhaps
is the fact that while it took about 21 years for incidences
of malware to reach 250,000 known programs, it only took one
year 2006-2007 for that number to reach to 500,000.
The largest reason for this spike in malware activity is that
there is much money to be made in the malware world and so it
proliferates. Jeff cited greed as the driving force. A user will
eagerly download anything if they are promised free stuff. He
cautioned the audience to buy their porn, not go for the freebies
because they will get you every time. Of course, it is not just
porn sites that are used in this fashion. Email, online shopping,
online banking, and everyday web-browsing can end up in disaster
if your computer is not sufficiently armed to walk these virtual
streets.
Jeff did a great job identifying and defining the various types
of malware: viruses, Trojan horses, worms, spyware, rootkits,
phishing and hoaxes. This information is too voluminous to mention
here; if you are interested in Jeff’s definitions, download
the presentation (http://www.jasetaro.com/blog/).
When talking about malware myths, Jeff was quick to point out
that MacOS and Linux systems are not immune to attack. Simply
put, these operating systems are at less of a risk because they
occupy a smaller percentage of the market share.
So how do the bad guys make their money anyway? In simplest
terms, Jeff explained that malware programs change the DNS settings
on your computer to connect to their own servers. These servers
run advertising pages that generate revenue for the bad guys.
The more computers or ‘zombies’ using their servers,
the more money they make.
Computers are not the only items that are besieged by malware,
however. Jeff tells us that the iPhone could be the next big
targeted item. It is widely known that digital picture frames
that were manufactured in China most likely came with malware
built in. These picture frames could very well compromise any
computer they are plugged into. So buyer, beware!
Jeff stressed and re-stressed the importance of using a router
with any broadband connection. A router should provide NAT (Network
Address Translation) as well as SPI (Stateful Packet Inspection).
So, what is the average Joe or Joanne to do? What is necessary
to ensure a secure computing environment? Jeff’s answer
is to practice ‘Safe Hex’. Some of the Hex basics
include: keep your system patched, especially if you use Internet
Explorer as your browser, install anti-virus software, personal
firewall, and anti-spyware software. Use strong passwords, not
just ordinary words like your kid’s or dog’s name.
Make passwords at least 8 characters long and include letters
and numbers and at least one special character. Be cautious when
downloading. Use care when reading email with attachments, even
if they are from someone you know. Don’t allow your browser
to automatically save your password. Don’t use a computer
or device that cannot fully be trusted. For example it is a bad
idea to access your online banking on a computer at an Internet
café. Use file encryption programs especially on notebook
computers and mobile devices. Broadband users: install and use
a hardware firewall/router.
Again, I have not listed all of Jeff’s excellent suggestions
here. To see the complete listing and to access a list of resources
go to Jeff’s site. (www.jasetaro.com/blog/)
It is, like his presentation last night, an all-inclusive compilation
of information.
Our thanks go out to Jeff for taking the time to enlighten us
on the hazards and pitfalls of computing in the Internet age;
and for educating us on how to navigate these dangerous waters.
|