Top Tips

 BootLog.co.uk

HOME   SOFTWARE   TOP TIPS   ARCHIVE   GLOSSARY   OTHER STUFF

SECURITY

FLASH PROTECTION

We’re all using USB flash drives these days, and very handy they are too, for transferring data from one PC to another. But the next time you plug your drive into someone else’s PC just ask yourself, how clean is it? The ease with which you can move data around also makes it easy for viruses and malware to hitch a ride on your flash drive and back into your PC. The first thing you should find out when copying data onto your drive is whether or not the PC you are connecting to has anti-virus protection, you will be surprised how many don’t. One solution is to carry some protection with you, the freeware anti-virus scanner AntiVir can be run from a flash drive and it only takes up around 30Mb of space, which is nothing in these days of 1 and 2Gb drives. Select the Customise option during installation to load the program onto your flash drive, and you can run it from the Avcentre.exe file; to set up an immediate scan simply set one up from the Schedule tab and if there’s an Internet Connection available make sure you download the latest updates.

 

TRAVELS WITH MY DIGICAM

A couple of years ago, whilst on an overseas trip a digital camera containing scores of irreplaceable images was stolen from my hotel room. Now I’m slightly paranoid about losing another one and I make sure it’s safely locked up when I’m not carrying it, with the memory card stored separately from the camera, but my biggest fear is the safety of the images. They only exist on the camera’s memory card, so now at the end of every day I download new pictures to my laptop’s hard drive, and make a second copy on a USB flash drive, which I keep with me on a key ring. On my most recent trip I also uploaded several images to my personal web space and sent some prints to friends using TruPrint’s on-line digital printing service. They were delivered within 48 hours -- well before my return -- and at 10 pence each (plus 99 pence postage) were a good deal faster and only marginally dearer than sending postcards.

 

GET READY FOR THE 2038 BUG

Here's a quick heads-up for a potentially nasty little computer bug that could ruin your day on January 19th 2038… This one will only affect computers based on the Unix operating system, which includes some versions of Linux, and Windows 2000 machines running exotic applications may also be affected. The bug is similar to the notorious Y2K bug in that vulnerable computers will register the time and date incorrectly when the bug strikes. It’s all to do with the way Unix computers work out time. Instead of relying on an in built calendar they count seconds from the notional date the system was conceived, at GMT 00:00:00, on Thursday, January 1st, 1970, and like a car’s odometer going round the clock, on bug day it will run out of digits and the counter will roll over and probably reset to January 1st 1901 or another equally invalid date.

 

HOW SAFE IS YOUR WI-FI NETWORK?

One way to find out is to switch off your router and launch your Wi-Fi configuration utility. This should have signal strength or ‘Site Manager’ options that will display all of the wireless networks and devices in your immediate vicinity. If any show up bear in mind that if you can pick up their signals, they can pick up yours…

 

In the early days Wi-Fi security wasn’t such a big issue and the chances of your network being hacked into, even if you hadn’t enabled WEP encryption, was fairly small, but now the world and his wife has got Wi-Fi and there is a good chance that one or more of your neighbours has installed a system, which could be a problem, for you and for them.

 

Your Wi-Fi monitor should tell you if your neighbour’s systems are encrypted or not; if you find one that it is open then you should alert them immediately. You can usually tell how close they are to you from the signal strength reading.

 

Even though you have enabled the strongest WEP encryption your system supports (and you have switched it on, haven’t you…). Be aware that WEP is not infallible and it is worth changing the key every few months. I am sure that your neighbours are decent, honest people, nevertheless do not enable file sharing on any more folders than are strictly necessary, never share a whole drive and pop along to My Network Places in Windows Explorer every so often, to make sure that all of the PCs listed as being present on your network are known to you.  

 

PROTECT YOUR PC

It’s all very well setting up accounts and passwords on your computer but as you may know there are ways and means to hack into files and folders once Windows is up and running. If you are concerned about the security of your PC, particularly if you are using a laptop, then you should enable the PIN or password facility in your PC’s BIOS program. Once set this will prevent the machine from booting up by any means, including boot discs and USB devices. To switch on BIOS security you will need to enter the setup program that starts immediately after switch on. On most machines you’ll see a fleeting message that says something like ‘To enter Setup press Delete’ or a combination of keys, otherwise consult the manual. Once the BIOS opens the security options menu is usually clearly displayed. If you use it take good care of your PIN as BIOS security can be extremely tough to crack!

 

PASSWORD OR PASSPHRASE

How safe are your passwords? Most of us do precisely the wrong thing and use familiar and easily remembered words and names that a hacker, or someone who knows you could probably guess. It’s also a mistake to use any word that appears in an English or foreign dictionary because there are lots of 'brute force' password cracking programs that simply plough through hundreds of thousands of common names and words in the hope they'll get lucky.

 

The ideal password should consist of a random mixture of numbers and characters, upper and lower case -- the more the better -- and changed regularly, but how on earth are you supposed to remember something like ‘K9xp5G49au9’? The answer is you can't, but there’s an easily memorised alternative and that’s a 'Passphrase', a simple three or four word combination -- preferably meaningless -- that can’t be easily guessed, or cracked. Something like ‘cat ties knot’ would be very difficult for a hacker or software to crack, and the spaces between the words make it even more impenetrable, but you should avoid well known phrases or sayings, like 'To be or not to be’.

 

SPYWARE BEWARE

There are now a staggeringly large number of free and paid-for adware and spyware clean-up tools and websites. Some of them are promoted through pop-up windows on web pages that suggest your PC may be at risk by displaying ‘hidden’ information about your computer that the web site has apparently managed to extract. In most cases these are scams, intended to scare you and the details shown are quite routinely made available by your browser (type of browser, PC operating system etc.) and do not represent any threat to your PC’s security. Some commercial programs do work well, and we’ve included a couple of them this week, but most should be avoided. At best they don’t work as well as Spybot or AdAware (see last week’s Boot Camp) but a significant number of them generate false reports and some of them deliberately infect your PC with spyware and adware, or worse, so beware! If you are concerned that you might have visited a dodgy site or downloaded a suspicious program then check them against a list of rogue products and suspect antispyware sites at: www.spywarewarrior.com/rogue_anti-spyware.htm

 

 

SCAM REPORTS

In an ideal world there would be a mechanism for putting an end to scam emails but since most of those responsible operate overseas and use anonymous email addresses they are beyond the reach of the UK authorities. Email blocking and spam filtering software can help to reduce the flow but in the end only way it will stop is when people stop responding to them.

 

Various UK organisations keep a close watch on Internet fraud and if you are a victim or the target of a scammer then you can make a report to the SD6 Economic and Specialist Crime OCU (Organised Crime Unit). Its telephone number and email address can be found on the Metropolitan Police Fraud Alert website at: www.met.police.uk/fraudalert/index.htm. Other useful sources of information include the National Hitech Crime Unit:

www.nhtcu.org/nqcontent.cfm?a_id=12347, Home Office Internet Crime department: www.homeoffice.gov.uk/crime/internetcrime/ and the Internet Watch Foundation: www.iwf.org.uk/

 

 

ROGUE DIALLERS

Premium Rate diallers work by forcing the PC to dial up expensive premium rate lines. The good news is that they do not work on broadband connections, however, if you have recently switched from dial-up to broadband you should disconnect the phone cable from your PC’s modem. If you have a dial-up connection you should constantly monitor your PC to make sure that it doesn’t log onto the Internet without your say so, and you should ask BT or your phone provider to put a block on premium rate numbers.

 

 

INSTALL A FIREWALL

If you are new to broadband then you must upgrade the security of your computer as the ‘always-on’ connection greatly increases the risks of virus infection and hacking. A good quality virus scanner is absolutely essential and you should install a firewall program that monitors all incoming and outgoing connections. The firewall included in Windows XP is not adequate as it only checks incoming connections and wouldn’t prevent a Trojan or spyware program hijacking your files and sending data from your PC. (An upgrade of the XP firewall is planned for later this year).

 

SPOOF TESTER

There’s a quick and easy to use spoof ‘tester’ at: www.secunia.com/internet_explorer_address

_bar_spoofing_test/

You will probably find that Internet Explorer fails the test miserably and at the time of writing Microsoft had yet to release a patch. There several third-party fixes floating around the Internet but at least one of them contains adware components. My preferred solution is to change to a spoof-proof browser, like Avant Browser. It is freeware and has many useful extras, including a built-in pop-up stopper and tabbed windows; it can be downloaded from: www.avantbrowser.com/

 

POWER CUT PROTECTION

Considering the cost of a PC and the value of the data most of them contain it is a false economy not to install an Uninterruptible Power Supply or UPS between your mains socket and the computer. They are not expensive, prices start at around Ł30 but the wrong type can be almost as bad as having no protection at all. UPS devices are normally rated by capacity, stated in volt-amperes or ‘VA’. Heavy duty models, for network servers and systems may be rated at upwards of 2000VA but for a single desktop PC and monitor a UPS rated between 300 to 500VA will normally be able to provide between 10 and 15 minutes worth of power. Many recent UPS have software that in the event of power cut will automatically save all of your data to disc before shutting the PC down.

 

HIDE FILES

Sometimes you might want to make certain files on your computer inaccessible, especially if you share your PC with others. There are plenty of password protection and encryption programs available for download, but sometimes the simplest solutions are the best. One easy way to protect a sensitive file is to rename it, and bury it deep inside Windows, or another unrelated application. Simply open Windows Explorer, right-click on the file and give it a new name with a fictitious three-letter extension – your initials perhaps -- then drag and drop it into a folder. Make sure you remember where you put it and check that you’re not using a genuine file type with the extension search engine at:  http://extsearch.com/

 

 


Copyright (c) 2006 Rick Maybury Ltd.

admin@rickmaybury.com