When it comes to security, you'll notice
that household assets are usually locked in to prevent theft, banks have their
high-security surveillance systems in place and classified documents are
usually stored in ultra-secure lockers. Similarly our computers and networks
need several levels and layers of security in order to prevent data theft. Also
it’s crucial to prevent infiltration by potentially harmful programs and bots
that steal private information. When you enter data in your computer such as
credit card information, bank account details, passwords and digital
signatures, it is all vulnerable unless sufficient precautionary measures are
taken. Prying eyes on the Internet take advantage of these susceptibilities to
extract as much information as possible to either sell it for monetary gain,
use it for malicious purposes , or both. One may think that hacking into
somebody’s computer is easy, well it isn’t if you’re taking all the right steps
towards high level security.
In this story, CHIP walks you through the
entire process of adding levels of security to a PC and also shows you the
tools that can be used for the task. Once you’ve applied all the levels of
security mentioned in this story, no one will have access to your data. If
someone does manage to steal your data, he will not be able to use it in any
form. Yes! There is a way to do this!
Updates: 1 minute
When an operating system is first
released, there are numerous security loopholes and bugs in it. These make a
system susceptible to a plethora of viruses, Trojans and other types of
malware. Furthermore, such vulnerabilities are playgrounds for hackers. So how does
one fix them? Patches and updates are frequently released by the manufacturer,
for instance, Microsoft releases service packs and other minor updates for all
current versions of Windows.
It’s a good idea to regularly install
updates for your system. Be it Windows XP, Vista
or any other platform, all operating systems require updates. In Windows, it is
recommended to keep the ‘Automatic Updates’ option on. This way, they are
periodically and automatically installed even without the user's intervention. In
XP, go to Control Panel | Security
Center | Automatic
Updates and click the ‘On’ button.
In Vista,
go to Start | All Programs | Windows Updates. Here, Windows verifies the
installation for security threats with ‘Search For Updates’ and thereafter installs
suitable updates for the system. Though the update process takes a while to
complete—around 20 to 40 minutes—it runs in the background so your work isn’t
hindered. Above all, updates ensure security as well as compatibility of a
system with the latest hardware and peripherals.
Before we move any further, here’s a rule
of thumb: never install more than one antivirus program on your computer. This
is because two or more programs clash with each other during a scan, due to
which a system may hang, become sluggish or shut down altogether.
The world over, antivirus companies detect
thousands of threats every day. Let’s say your computer has no antivirus
software installed and you’re online for 24 hours at a stretch. You would thus
send/receive emails with attachments, exchange and download files, click on ads
and banners, and basically do everything that’s a big mistake without having an
antivirus program or a security suite installed. By now, if your system hasn’t
died from exposure to malware, it has definitely leaked out information without
your consent. And that’s just the tip of the iceberg! Prowling hackers are
already spying on you.
That was only a hypothetical situation,
but if you don’t secure your system, it can really happen. There are many
security suites and standalone antivirus programs such as the ones provided by
Symantec, Kaspersky, F-Secure and so on. In addition to antivirus programs,
they also provide security from adware, spyware, Trojans and other online
threats. Some programs are paid for and others are free. A fine example of the
latter is AVG Free. It’s a free antivirus program that provides basic yet
effective protection from the latest viruses that crop up each day. But
remember that all antivirus programs need to be updated regularly so that they
have all the latest virus definitions.
When an application is executed, these
programs warn you whether there are any suspected virus elements in it. You can
then choose to heal, delete or quarantine an infected file. The program also
updates its manufacturer about the specific virus threat, if you allow it to.
This reported virus treat is then added to the database of viruses at the
manufacturer’s end.
Anti-spam: 3 minutes
Spam emails are nothing but junk, sent out
randomly either to mass-advertise, collect information, or spread viruses as
attachments. To stop this, there are spam filters such as Spamihilator 0.9
(included on this month's CHIP DVD). These filters effectively eradicate
advertisements and other threats that are potentially harmful to a computer. In
order to achieve their goals, spammers adopt various disguises such as
changing/spoofing the sender's address, using secure digital signatures, and sending
in unknown mail formats. Spamihilator in turn recognizes these strategies and
keeps you safe from harmful attachments.
However, it works only with email clients
such as Microsoft Outlook, Outlook Express 6, Opera, Eudora, Pegasus Mail,
Mozilla’s Thunderbird and so on. While it isn’t a plugin for the client, it
resides in system memory and you can access it through the icon nestled near
the clock in your Windows notification area.
After installation, Spamihilator
automatically detects the default email client in the system and
auto-configures itself. Therefore there are no additional settings to be
configured. During installation it also puts the most important filters such as
DCC (Distributed Checksum Clearinghouse) in place. Filters need to be trained to
recognize spam. The program scans all incoming mail and moves those with
suspicious content into its own recycle bin, thereby preventing junk mails from
piling up in your inbox. If a genuine message is identified as spam, you can
mark it as genuine, which will allow all future messages from that specific ID
to land up in the email client’s inbox without needing verification. In
addition to filters, there’s a blacklist for blocked senders and a whitelist
for friends.
Although Spamihilator is quite effective,
having added layers of security doesn’t hurt, especially if making the required
settings to your PC is a no-brainer. So, let’s prep your email client for
potential spam.
Microsoft Outlook: Go
to Tools | Options | Junk E-mail. Here, the ‘Options’ tab is highlighted by
default, if not, click on it. From here, select the third option, ‘high’.
However, with this option selected, it’s recommended that you regularly check
your spam folder for genuine mail that might get mistaken for spam. You can
also opt to directly delete spam as opposed to letting it clog your spam
folder. The whitelist and blacklist in this case can be set from the ‘Safe
Senders’ and ‘Blocked Senders’ tabs respectively.
Mozilla Thunderbird: Here, all you need to do is classify messages as
spam or as genuine. When spam is detected, the user is prompted for action. You
can then decide what to do with that message. This feature can be activated
from Tools | Settings | Data protection. Now, whenever you receive spam, simply
mark it and click on ‘Junk’. The more you do this, the better the results of
the filter will become.
Logging in with a USB
flash drive: 2 minutes
Let’s say that you’re a frequent flyer or
you travel a lot with your laptop. You have no trouble using it on the go, but
what if you leave it unattended for some reason? Maybe you’d lock it using a
password, but what if someday you forget to do so? It happens!
Rohos Logon Key 2.6 provides a hard
locking system for PCs and laptops. Here’s an analogy: a car cannot start
without its key, and removing the key from a running car stops its engine.
Similarly, this program turns a standard USB flash drive into a key for your
PC. To unlock your PC, simply insert the flash drive into the USB port. The
moment you remove the drive, the PC is locked again.
Here’s the ‘how to’ of it. Install the
tool and connect the USB flash drive to the PC. Then launch the program and
click on ‘Set up USB flash drive’. The next window will ask you for the current
user’s password, so punch it in and click on ‘Set up USB key’. Now click on
‘Configure USB Stick’. Here, various options can be chosen from the drop down
menu labeled ‘This action will occur when you withdraw your USB key from
computer’.
Select the ‘Lock computer’ option if you
want your computer to lock automatically when you remove your flash drive. For
the settings to take effect, restart your PC.
Note: Alternatively,
you can enter the account password to log in, but if you do so and insert the
flash drive later, removing it will not lock the PC. This means that in order
to lock your PC with the flash drive you have to log in with it in the first
place.
Also, Rohos Logon Key 2.6 is not free, and
the trial expires 15 days after installation. A free alternative is USB
PC Lock Pro 1.6. You can find both programs on this month's CHIP DVD
Safe passwords: 1
minute
Cracking passwords is not easy, but that
largely depends on how strong (or weak) a password is. A very strong one should
ideally contain 20 or more characters. Also, creating a good mix of special
characters, numbers, and alphabets in lower and upper cases can be really
difficult and time-consuming to crack. It’s a good idea to have a different
password for each account. However, remembering multiple passwords can drive
anyone crazy! Why not maintain a secure database of passwords which will let
you store passwords for various accounts? All you need to do is remember the
one master password to this database.
KeePass is a program which does just that.
It is free (on the CHIP DVD), secured by encryption (AES) and it’s a
no-brainer. You need to first set up a database before you store passwords. To
create the same, go to 'File | New', you’ll be asked to enter a master
password. Create a strong password and save the database in the desired
location. The master password will allow you to unlock the database. In order
to start populating it, go to 'Edit | Add Entry' and start entering all the
usernames and passwords you need to use on a day-to-day basis. For further
information, visit the program's website, http://keepass.info/hep/base/firststeps.html.
The online tutorial is quite useful for beginners.
Encryption: 2 minutes
Many of the USB flash drives available in
the market today come with a pre-installed application called U3. This allows
you to password-protect your flash drive. But what about those that do not have
any pre-installed security system? How safe are they for storing confidential
data? It isn’t difficult to lose such a tiny, portable gadget, especially one
that goes in and out of your bag or pocket all day. With unprotected data on a
flash drive, much more can be lost than just the gadget. The solution is
encryption. By encrypting the data inside a pen drive, you can ensure your safety
even if someone finds it and gets the data. The encrypted mess will make no
sense to him and he cannot use it in any way. Encryption tools such as
TrueCrypt (also on the CHIP DVD) are a great option to give yourself such a
level of confidence. As you launch the software, a wizard helps you with
various options. The easiest is to create an ‘Encryption File Container’ which
gets mounted on a virtual Volume. This volume needs to be assigned a drive
letter and then can be used as an actual drive. Whatever data you drag and drop
onto it will be encrypted automatically and on the fly. Encryption is not just
for external and portable drives; even hard drives can be encrypted so that no
information or data is leaked.
0 comments:
Post a Comment