How To Secure Your Personal PC

February 18th, 2010



Photo by Don Hankins

(Note: while this article contains much general information, the scope of solutions and resources is limited to Windows-based computers.)

There are only two words you need to know about securing your personal computer: imaging and backup. An image is a snapshot of your primary hard drive at a specific point in time. If you create and maintain pristine images of your hard drive, you can “rollback” (restore) your system to any one of these last known good points in time. Unfortunately, a rollback also erases whatever good data may have existed on the hard drive, such as your current projects, downloads and photos. For this reason, the second part of securing your personal computer involves setting up a robust backup routine.

When you are ready to secure your personal computer, refer to a professional computer technician for practical tips. You should ask for ideas on the creation of the initial image, the best time to make a new image and how to implement a workable backup strategy.

What Is Personal Computer Security?

A practical definition of computer security can be found at albion.com :


“In the spirit of practicality, I like the straightforward definition promulgated by Simson Garfinkel and Gene Spafford in Practical UNIX & Internet Security: “A computer is secure if you can depend on it and its software to behave as you expect.”4 In essence, a computer is secure if you can trust it. Data entered today will still be there tomorrow in unaltered form. If you made services x, y, and z available yesterday, they’re still available today.”

 

What Are Some Threats to Personal Computer Security?


Click on the security mind map below to see the full-size image in a new browser window. Be sure to enlarge it by clicking on the image in the window.

This is by no means a complete and exhaustive representation of all the things that can harm your computer.

Yet, by studying this map, you’ll have a better understanding of just how enormous is the scope of personal computer security.

 

Who Is Responsible for Personal Computer Security?

Ultimately, you are. Of the nine specific threats outlined in the security mind map, only the Computer Vendor and the Operating System are beyond your control. Technically, your choice of vendor and OS can help or hurt your vulnerability! If we accept that vendors and software writers are fallible, then we must also accept the responsibility that comes with deciding to use their products and services.

When it comes to establishing and maintaining computer security, there is a huge difference between corporate/institutional computer systems and your personal computer. Corporate systems require trained staff to manage computer security. Even if you create images and backups, they’ll do you little good if, through lack of understanding, you practice unsafe computing habits that compromise your computer during daily use. Yet, it is unreasonable to expect you to know everything about managing your personal computer security. Therefore, it may be a good idea to create a short list of experts to which you can turn for advice on personal computer security.

Looking again at the security mind map, create a list of people and resources capable of helping you deal with each major threat area. There is some overlap between threats and in several cases, you may wish to focus on a more specific threat. Here’s how one list might look for a Windows PC user:

By learning from these eight expert resources, you minimize the impact of the ninth threat: Your lack of understanding. You also free up your time to educate yourself on general security issues. Here are a few good places to start:

Why Is Personal Computer Security So Difficult?

You have too many sources of expert advice. Some of these experts go overboard with their recommendations, making your computer experience less than enjoyable. For example, the excellent website, www.cert.org, suggests:


9. Disable Java, JavaScript, and ActiveX if possible

Be aware of the risks involved in the use of ‘mobile code’ such as ActiveX, Java, and JavaScript. A malicious web developer may attach a script to something sent to a web site, such as a URL, an element in a form, or a database inquiry. Later, when the web site responds to you, the malicious script is transferred to your browser.”

A better suggestion is to use Firefox and install the NoScript extension from IT company Inform Action.

The complexity of the personal computer operating systems and software obscures potential security breaches. Tweaking your operating system or applications may enhance your overall computing experience. However, listening to bad advice or, worse, experimenting blindly, can lead to disaster. Mozillazine.org is a user-contributed wiki that contains an extensive collection of Firefox browser configuration changes. The configuration page is peppered with cautions and bug alerts.

Obscure Threats

Obscure to the average computer user, the following threats may never cross your path. Some of them are beyond your control. They are presented here just to ruin your day. :)

Peripherals attached directly to your computer or via a network connection may pose a threat to the confidentiality of your personal data.

In Windows Secrets Newsletter, Issue 224, 12/10/2009, columnist Dennis O’Reilly mentions two examples:

  1. Old fax machines that have been discarded retain recently received images on their carbon ribbons
  2. The Brother PT-2700 label maker has a dry ink tape that also retains a reversed image of everything that has been made with it.

In the fax machine article, the reporter concludes that printers with memory may also have a record of documents.

DNS cache poisoning has been the focus of much attention since being explained to affected computer companies in July, 2008 and to the public in August, 2008. It is a method by which hackers can spoof, or imitate, legitimate websites for nefarious purposes. Although many vendors have updated their software and instituted other defensive measures, US-CERT states that “routers, firewalls, and other gateway devices that perform NAT/PAT may modify source ports in ways that reduce the effectiveness of” the protective techniques.

Further Reading

Post to Twitter Post to Facebook Post to StumbleUpon

Posted in High Tech, Information Overload | 2 Comments »

Easily Identify Your Single Most Important Piece of Software

February 16th, 2010



Photo by Truth Went Trendy

As you muddle through yet another boring task on the word processor, the computer’s sluggishness becomes annoying. In a huff, you bang open the Task Manager to see what is hogging all of the CPU’s cycles. Hmmph! It’s that updated version of Whiz-bang 2000. This is unacceptable!

Something like this happened to me early this morning. I was working on a blog post, converting it from a previous incarnation on the web. That meant slogging through HTML tags, updating hyperlinks and cleaning up the layout. I was tired. I was bored. This deadly combination resulted in a minor catastrophe. As I was cutting and pasting text, I noticed an increasing delay between pressing Ctrl-X (cut) and the completion of the operation by Microsoft Word. This had never happened before.

I opened the Task Manager and discovered that PhraseExpress was churning through CPU cycles like crazy. As proverbial straws go, this was the ultimate hump smasher. It was bad enough that PhraseExpress 7.0 weighed in at twice the size of its predecessor; I also had to deal with a more aggressive pop-up dialog, accusing me of using the program for commercial purposes and nagging me to purchase a license. (It’s free for non-commercial use.) Now, this mysterious cycle-stealing behavior was just too much. I decided to go back to version 6.

The only problem was, I couldn’t shut down the program! Whatever 7.0 was doing, it didn’t include responding to right-clicking on the system tray. So, I did what any savvy Task Manager user would do: I killed the process.

Oops.

That’s “oops” as in hindsight is twenty-twenty vision. At the time that I terminated the program, I was unaware that I had wiped out the primary phrase database. I merely proceeded to rename the folder and bring in a backup of the folder containing version 6. I was also not thinking about the fact that the version 7 database would be unreadable by version 6. Heh-heh. I found out quickly enough when I restarted the program and tried to use an autotext shortcut.

Nothing Happened.



Photo by One Laptop per Child

I can think of few times when stark, paralyzing numbness beset me at a computer keyboard. Visions of a dozen shortcuts lost made my right eyelid twitch. The thought of rebuilding the database sent a chill of despair down my spine. I began the torturous hunt for a backup database file.

There was no shortage of backups. However, to add to the drama, I grabbed the one from version 7. Needless to say, it presented a blank slate when I restarted the program. Finally, I reached back twelve days and grabbed the last backup that I had made before upgrading. Thankfully, it was the one I needed.

The whole sordid episode consumed about ninety minutes of time. That hour and a half pales in comparison to the mental anguish I endured. If you think I’m writing in jest, take a look at this:

Over 4,900 phrases! While I certainly added less than 10% of that myself, that’s still nearly 500 phrases that I would have lost. Many of these shortcuts are second nature to me. I constantly use PhraseExpress to bang out code snippets, sign blog comments and provide really long hyperlinks. This ninety-minute nightmare made me realize that it is my Single Most Important Piece of Software.

Further Reading

Post to Twitter Post to Facebook Post to StumbleUpon

Posted in Biographical, High Tech | 2 Comments »

WordPress Site Maps – Three Ideas

January 30th, 2010

I love organizing and presenting data in pleasing formats. WordPress blogs have a wealth of database goodies that describe posts and static pages. Seeing your entire blog contents listed on one page can be a visual feast. Here, in chronological order, are three ideas to consider:

Hand-Made Site Map

When I started my first blog, I was writing on a community blog called WritingUp.com. This now defunct web site used the Drupal content management system. Although Drupal had an index for each blogger, it was ugly. I noticed that my fellow bloggers began creating special posts that had links to their earlier writing. Eventually, I gave it a shot.

I called my special post Ambient Orb Blog Index. I lovingly recreated the original, including links to any posts that still exist somewhere on the web.

As first efforts go, I thought it was okay. However, maintaining it was painful. There was no way I was going to repeat that effort on the Morpho Designs blog! That’s where WordPress extensibility comes in.

Category-based Archive

For nearly two years, I have used a custom page template written by Guilherme Zühlke O’Connor. It’s called Category-based Archive and uses PHP script to display the blog’s contents. I keep the page here:Article Time Machine.

This template is nice and minimalist. If you don’t like tinkering with WordPress files, though, you’ll have to look elsewhere.

Customizable WordPress Plugin Site Map

While logged in to my WordPress dashboard a few days ago, I noticed a link to
Table of Contents Creator. This plugin was written by Mark Beljaars. The presentation is very pleasing and there are many options. My favorite option allows me to exclude pages from the table. Check out my new Table of Contents.

TOCC is SEO-friendly, if that is important to you. Your visitors can sort the table, hide sections and read summaries. If you wish, TOCC will even make the page for you!

What do you use for your table of contents?

Further Reading

Post to Twitter Post to Facebook Post to StumbleUpon

Posted in Musings | No Comments »

Conventional Wisdom of Crowds

January 15th, 2010



Photo by A. www.viajar24h.com

Conventional Wisdom

Conventional wisdom is an unexamined proclamation that is generally accepted as truth. We use anecdotal evidence as a short-cut for critical thinking. The problem with conventional wisdom, where it relates to incorrect beliefs, is that it obscures our ability to become aware of the assumptions upon which we base those beliefs.

Knowledge is Powerless

How do we learn? As children, we may have been taught by rote, parroting words. As we grew older, we were taught to read, enabling us to regurgitate written words. Hopefully, during our education, we were trained to think critically. Without this step, we are limited to repeating as true whatever we have heard or read.


Unfortunately, critical thinking is exactly where many of us fall short in our daily lives. Whether or not we have the necessary skills to question whether certain proclamations should be accepted or rejected, the truth is that expediency usually dictates how we evaluate such utterances.



Photo by Dashu Pagla

We are bombarded with messages continuously. Advertisements make claims. Newspaper headlines declare doom. Commentators spew sound bites. Strangers offer unsolicited advice. Officials, supervisors and other authority figures issue orders. Then there are traffic signals, bodily signals, sensory stimuli and the on-going mental conversation that we carry on with ourselves. If we are going to get through the next hour, we need efficient methods for plowing through all of these messages.

Our most powerful weapon for processing incoming messages is our knowledge base. It is our stored collection of accepted and rejected notions, through which new information is filtered. The trouble is that the knowledge base may have been built upon a shaky foundation.

The Fallacy of the Informed Decision


Be careful about reading health books. You may die of a misprint.

-Mark Twain

We defer to specialists. We have to. We don’t have time to learn enough about every subject in order to qualify as experts.

As a result, we are susceptible to parroting whatever we read or hear from sources that are supposedly solid.

When bad information propagates through the knowledge bases of many people, it is not easily dislodged. As an example, the British Journal of Medicine published an article in 2007, debunking seven medical myths as either unproved or untrue. The list includes the compelling beliefs that eating turkey causes drowsiness and that we should consume eight glasses of water daily.

These myths persist, even though they have been debunked. The reason that they do is simple: not many of us read the British Journal of Medicine! This reason is not simplistic. Another science magazine explains:

The reason for this cognitive disconnect is that we have evolved brains that pay attention to anecdotes because false positives (believing there is a connection between A and B when there is not) are usually harmless, whereas false negatives (believing there is no connection between A and B when there is) may take you out of the gene pool. Our brains are belief engines that employ association learning to seek and find patterns. Superstition and belief in magic are millions of years old, whereas science, with its methods of controlling for intervening variables to circumvent false positives, is only a few hundred years old.

- Michael Shermer, Scientific American Magazine, August 2008

This is just one example of our reliance on experts for information. If you think about how many people you regularly consult, you should not be surprised that you may be quite susceptible to misinformed messages and their attendant consequences – poor decisions.

Motivated Reasoning



Photo by Firesam

How do we justify our incorrect beliefs? Incorrect beliefs – apart from lack of knowledge – may be based on creative thinking.

An article in the March 2009 Sociological Inquiry, “There Must Be a Reason”: Osama, Saddam, and Inferred justification, put forth the concept of motivated reasoning.

Essentially, sociologists from four major research institutions culled a group of test subjects from over one thousand study participants. From this group, the researchers concluded that these interviewees used a variety of creative strategies to justify their incorrect beliefs:

  • Counterarguing

  • Attitude bolstering

  • Selective exposure

  • Disputing rationality

  • Inferred Justification

The point here is not to become armchair sociologists, but to recognize that we actively strive to support our belief systems.

Wisdom of Crowds

Have you ever reviewed a product or service? Do you rely on them, even a little?

Companies like Amazon.com would like you to believe that these reviews are relevant. Perhaps they are.

Sarah Perez, in her article, The Dirty Little Secret About the Wisdom of the Crowds, discusses a study that refutes the trustworthiness of such rating sites.

This study was conducted by professor Vassilis Kostakos of Carnegie Mellon University. Professor Kostakos found that user-generated content on sites like Amazon.com, Digg.com and IMdb.com are created by a small subset of the user base. This certainly is not representative of the website community at large!

Jason Cohen, of asmartbear.com, suggests that we ignore the wisdom of crowds. He states that, even though groups collectively do better at guessing the number of jellybeans in a jar, there is no good reason to use groups for innovation. Cohen uses a holiday meal planning exercise to illustrate his point:

Consider what happens when you’re planning a holiday meal. There’s a range of fantastic things you could cook, but wait: Some people can’t take spicy food, Uncle Bill is allergic to garlic, Aunt Sarah doesn’t eat red meat, Timmy doesn’t eat anything green, ….

Eventually you realize there’s only way to please everyone: Cook something bland, mild, and safe, like chicken and rice. But does chicken and rice actually please anyone? Not really, it was just what everyone hated the least.

- Jason Cohen, blog Ignoring the Wisdom of Crowds

Sarah Perez goes even further:

“Perhaps it’s time we give up the idea that the “wisdom of the crowds” was ever a driving force behind any socialized, user-generated anything and realize that, just like in life, there will always be active participants as well as the passive passerbys.”

- Sarah Perez, The Dirty Little Secret About the Wisdom of the Crowds

You can always flip a coin.

Introduce a little anarchy. Upset the established order, and everything becomes chaos. I’m an agent of chaos. Oh, and you know the thing about chaos? It’s fair!

- The Joker, Dark Knight

Further Reading

Post to Twitter Post to Facebook Post to StumbleUpon

Posted in Information Overload | 2 Comments »

« Previous Entries