Jerome Segura, a Security Analyst at ParetoLogic of Victoria, B.C., Canada, just posted a nice piece on computer security practices with a different perspective in his �Malware Diaries� Blog.
He begins his list of security tips by considering four classes of users:
-- pre-baby boomers
-- early and late baby boomers
-- 70�s � 80�s users
-- 90�s to present
then makes further distinctions by level of security knowledge and awareness:
-- extra-cautious (paranoiacs)
-- those who somewhat understand
-- those who are over-confident
-- security conscious folks.
His �ABCs of online security� is a list of 11 practices that could create a sound security consciousness for everyone, but especially for all those non-technical home users out there.
�- Today�s computers are connected to the Internet and are therefore much more at risk than their ancestors.
�- The Internet is fun but also dangerous.
�- People don�t know what they do and can easily be duped.
�- The more cool stuff, the more risks.
�- The right choice of software and hardware can protect your computer but will not make it 100 percent safe.
�- Updates should be applied religiously.
�- If you aren�t sure about something, check it. Files and Websites can be analyzed prior to opening.
�- Computers are not demons but they can be zombies.
�- Browsing to a site (ANY site) can infect your computer.
�- Backups are your best friends.
�- Virtual Machines are an acceptable way to have an affair (and get infected) behind your computer�s back.� (I think he means �an acceptable way to experiment with potentially malicious sites and files.�)
There�s always been a tendency among the technoroti to look down their noses at non-technical users. Personally I don�t think there has been enough effort put into public education on computer security. It�s way too common to blame the victims and that just doesn�t work. The money they spend for rogue anti-malware products and the cash siphoned out of their bank accounts help fund the criminal groups that prey on all of us.
When it comes to computer security, we�re all in this together.
The U.S. Computer Emergency Readiness Team (US-CERT) has a great page of security documents for all levels of users: http://www.us-cert.gov/cas/tips/
Sunbelt has two white papers that dig into the details of the two biggest threats on the Internet today. They�re written for non-technical users:
Malicious spam:
http://www.sunbeltsecurity.com/dl/What_s%20%20in%20your%20spam%20bucket.pdf
Rogue security products:
http://www.sunbeltsecurity.com/dl/Is%20it%20a%20real%20anti%20malware%20product.pdf
Tom Kelchner
No comments:
Post a Comment