DACS General Meeting
April 2008
Program Review:
Secure Computing in the Internet Age Presentation

by Flo Ferrara, Acting VP of Programs

Jeff Setaro’s presentation on secure computing at the April General Meeting was as comprehensive as it gets. The presentation touched on three main areas: threats, solutions and tools. It is obvious that Jeff has a wealth of knowledge in this area and based on the large number of questions he fielded at the end of his talk, it is equally obvious that security is a topic that is high on everyone’s list.

Jeff began his discussion by stating that the current ‘plug it and go’ mindset needs to end. Computers have become so commonplace that users no longer care how they work; users just want to hop on and go. This is the wrong attitude to have, regular maintenance is a must.

Jeff outlined various trends from 2007. A review of the year showed that while slightly more than half of all malware hosting sites are in China, less than a quarter of that malware is written there. And, it was pointed out that approximately a quarter of all spam originates in the United States. Most astonishing perhaps is the fact that while it took about 21 years for incidences of malware to reach 250,000 known programs, it only took one year 2006-2007 for that number to reach to 500,000.

The largest reason for this spike in malware activity is that there is much money to be made in the malware world and so it proliferates. Jeff cited greed as the driving force. A user will eagerly download anything if they are promised free stuff. He cautioned the audience to buy their porn, not go for the freebies because they will get you every time. Of course, it is not just porn sites that are used in this fashion. Email, online shopping, online banking, and everyday web-browsing can end up in disaster if your computer is not sufficiently armed to walk these virtual streets.

Jeff did a great job identifying and defining the various types of malware: viruses, Trojan horses, worms, spyware, rootkits, phishing and hoaxes. This information is too voluminous to mention here; if you are interested in Jeff’s definitions, download the presentation (http://www.jasetaro.com/blog/).

When talking about malware myths, Jeff was quick to point out that MacOS and Linux systems are not immune to attack. Simply put, these operating systems are at less of a risk because they occupy a smaller percentage of the market share.

So how do the bad guys make their money anyway? In simplest terms, Jeff explained that malware programs change the DNS settings on your computer to connect to their own servers. These servers run advertising pages that generate revenue for the bad guys. The more computers or ‘zombies’ using their servers, the more money they make.

Computers are not the only items that are besieged by malware, however. Jeff tells us that the iPhone could be the next big targeted item. It is widely known that digital picture frames that were manufactured in China most likely came with malware built in. These picture frames could very well compromise any computer they are plugged into. So buyer, beware!

Jeff stressed and re-stressed the importance of using a router with any broadband connection. A router should provide NAT (Network Address Translation) as well as SPI (Stateful Packet Inspection).

So, what is the average Joe or Joanne to do? What is necessary to ensure a secure computing environment? Jeff’s answer is to practice ‘Safe Hex’. Some of the Hex basics include: keep your system patched, especially if you use Internet Explorer as your browser, install anti-virus software, personal firewall, and anti-spyware software. Use strong passwords, not just ordinary words like your kid’s or dog’s name. Make passwords at least 8 characters long and include letters and numbers and at least one special character. Be cautious when downloading. Use care when reading email with attachments, even if they are from someone you know. Don’t allow your browser to automatically save your password. Don’t use a computer or device that cannot fully be trusted. For example it is a bad idea to access your online banking on a computer at an Internet café. Use file encryption programs especially on notebook computers and mobile devices. Broadband users: install and use a hardware firewall/router.

Again, I have not listed all of Jeff’s excellent suggestions here. To see the complete listing and to access a list of resources go to Jeff’s site. (www.jasetaro.com/blog/) It is, like his presentation last night, an all-inclusive compilation of information.

Our thanks go out to Jeff for taking the time to enlighten us on the hazards and pitfalls of computing in the Internet age; and for educating us on how to navigate these dangerous waters.



Click Here


DacsGear!
Mugs and more, visit CafePress to order

 

 
 
© Danbury Area Computer Society, Inc. All Rights Reserved.
Web Site Terms & Conditions of Use