Security: Root of the problems!
When you sit in the driving seat of a modern car, your first impression is that you are about to ride a spaceship. The information thrown at the owner/driver is enormous. They have taken lots of trouble to present this information to you hoping that it will be of use.
Given that several millions of these vehicles are sold every year, one has to question, what fraction of these buyers will actually bother to pay attention to what is thrown at them. My assumption is, not a lot.
Then there was the time when one would occasionally open the bonnet and poke at the various gadgets that fill the engine compartment, and nod in satisfaction, as if one understood what goes on inside. I will go even further and say, I used to service my own car until recently. Sorry for the unintentional shock!
But, fortunately, the buttons, levers, pedals one HAS to use still remain the same, more or less in the same relative positions around the driver's seat, whatever the make and destination of the vehicle.
Can this be said about computers?
I would say that there are far more computer owners in the world than vehicle owners, including, if I may say so, bullock carts.
Now, out of this ownership, how many can claim to really understand the workings of these beasts?
In a car, the driver knows what happens when he pulls the handbrake handle. He can learn the effect of doing so while in motion, if he is really keen. On the same vein, can all computer owners claim they can predict the effect of clicking a button on the screen? Yes, of course, one can, on well-known buttons.
There are hardly any opening or space in the engine compartment or anywhere in a car, which allows you to plug in or fix any gadget you fancy? Would you dare, for that matter?
Are you that reticent in installing a bit of software on your computer though?
Can you be trusted to understand the impact on a new bit of software on existing stuff on your machine?
I know, this challenge is not for you, the expert. I am thinking about that majority…
What happens when one acquires a computer? First actions are directed towards gathering all free/shared/illegal software available under the sun. Don't blush - even I am guilty of it.
What comes next? Those days, having an Internet connection was a luxury. Now, it is standard - taken for granted. Now the question is not whether or when, but how fast is the connection. Of course we all believe that "faster" the connection, one's downloads will arrive like the proverbial Flood.
Then you hear about viruses. Sometimes, the reports occupy prime-time news slots. One gets scared and starts looking for ant-virus software. One canvasses the friends. Start with "free" packages. Ah, now one can sleep in peace, while downloads chug along through the night.
When one installs anti-virus stuff, one has to learn a new set of jargon, in order to feel comfortable among one's peers.
Suddenly…
The truth I am elaborating on, is that an extremely complicated bit of electronics, under the control of the most bug-prone software, is let loose on the open market. Computers now rank the same level as other household equipment, in its commercialization and promotion.
People are overwhelmed by specifications, claims, and style. There is no place for sense, in the computer market, among sellers as well as buyers.
So, is there a danger? Depends on what are we talking about.
If we are talking about a broken down home PC, the impact is limited to that owner or family. But, if it is a broken down at corporate level, who had placed their reliance on "off-the-shelf" computers, the story takes a different turn indeed.
A software problem? Issues are similar.
A computer under the influence of malaware? Who can predict what impact it will have?
An isolated PC might just crash, at best, and lose everything on the hard disks. At worst, an infected machine can become the focal point of widespread attack, if the infection is malicious. If the infection is criminally-oriented, then the target would be your personal details, credit card details, stored passwords - the whole works. Not only of yours, it would quietly enter the friends PC's though your address books for the same purpose.
Imagine a corporate computer getting infected that way. This is not a hypothetical scenario, I assure you. You read the papers, don't you?
Why is this sort of thing happen?
The cause number one is the human. 1. Humans are behind the development of the computers, that is the poor quality software running in them. 2. Not all humans are geared well enough to handle these complex machines, to be aware of all the repercussions of their actions. 3. Unduly reliance on anti-virus software. What can one do?
There was a time when malaware entered computers through software distribution media: floppy discs, CDs carrying already infected software, and so on. Now, the medium of attack is, almost exclusively, the Internet. Also, to a much lesser extent via memory sticks.
Solutions, as you will see, are mostly on a human scale!
1. Do not accept any software via floppies, memory sticks
2. Remember, an open Internet connection is like leaving your front door open.
Your internal anti-burglar technology will not stop burglars entering your house. Perhaps, some might be deterred by the "flags" you hang out warning the would be burglars. In a computer, the door is open for anybody to get in. What matters is, what do you do with who gets in. Accesses from the outside has to negotiate several barriers before they can pose a threat to a computer. There is time, for incumbent security software to recognize the intrusion and take appropriate action on them. An important fact to be aware of, is that the malaware developers are always one step ahead of anti-malaware software developers. Also, not all malaware detection packages are equally efficient in detecting and handling external threats.3. Malaware arrives via your e-mails.
They arrive as attachments. Once you open such a malaware packet, it is too late to take any action. This is because, the fact that you can see the infected messages is that it has wriggled past your anti-malaware software.So, be vigilant. When messages arrive bearing attachments, ask yourself:
a) Do I know the sender?4. Open the Internet connection when it is necessary and keep it open as long as it is necessary.
b) Do I expect the sender to send me attachments?It is difficult to answer this question, I know. This is because of the enormous amount of junk (jokes, video clips, medical advice, "luck-bringers", and so on), which travel from one user list to others clogging the Internet.c) When in doubt, throw them in the bin, or it is worthwhile checking with the sender.There was this hilarious knee-jerk attempt by one operating system supplier to address this problem by blocking ALL attachments arriving via messages from reaching the users!
Yes, it is costly in time and money, but prevention is far less aggravating than trying to resurrect a dead PC.5. If you have an anti-malaware package installed, make sure you understand what features are available, and their effects on the system.
Also, make sure the package is constantly kept updated. If you use the machine now and then, force the package to update itself first, and then begin the surfing.These package developers are constantly battling the hooligans on the Internet, who create these malaware and infect the Internet. Every time a new threat is detected, the anti-malaware developers have to develop software to counter these threats. These updates are freely available to the clients of these companies.
Time is the essence in this battle.
6. Set up two separate accounts: Administrator and a "low power user"
If your operating system allows multiple users having separate user-ids and passwords, set up a user which will only have the minimum permissions and rights. For example, provide no rights for software installation. Use this user-id during all your normal activities.7. NEVER save any user ids passwords on the machine.When you have to install software, log in as a user who has administrative privileges, which allow software installation.
8. Never visit dubious Web sites.
Some Web sites are already infected without the knowledge of their owners. Some anti-malaware packages have lists of such known sites, which are again kept constantly updated.9. Do audits from time to time.So, another reason why you should not forget your updates!
The moment you have a "clean" computer (buying a new one or re-installing everything), take stock of the processes running in the machine.This is the last thing anyone wants to do!You can do it on Windows machines by clicking: Ctrl+Alt+Del keys simultaneously and selecting the "Task Manager" option and then selecting the "Processes" tab.
Keep a record of the processes. Repeat this every time you add a known piece of new software.
Then, on regular basis, check the current list of processes against the list you have. You may be able to pick up any malaware which might have sneaked in to your machine, in spite of all the precautions you have taken.
What do you do, then?
Select the process and try to remove it by clicking on the "End process" button. To do this, you may have to have logged-in as an "Administrator" . Even then, the intruder could be so well established inside that such simple strategies may not have any effect.
The next thing to do is to trawl the Internet (Google), for the name of the intruder. You are most likely to receive a very long list as a response. Most of the time, you will find advice on how to remove the offending malaware item.
If everything fails, reinstall everything.
So, is this a problem confined to PCs? The answer is a qualified "Yes". There are many more Windows-based personal computers in the world than computers based on other operating systems, like Apple/Unix, and Linux. Most malaware are targeted at Windows machines. Other operating systems have more robust designs, which allow better control over security breaches.
There are the big boys employed by big corporations, running specifically designed operating systems, which are well protected by design. In such organizations, there are special divisions in the hierarchy who specialize in managing computer security. Normal users of computers within these companies cannot do what they like, they are permitted to run software, which are tailored to suit their official functions. That way they stay safe.
I will at a later date, produce a vocabulary of the security jargon.
Lastly, why do they do it - I mean create computer malaware?
A friend of mine asked me that question one day. My response was, why do hooligans spray graffiti, demolish public property, and vandalise cemeteries? These people are also driven by such inexplicable mindsets. That is the reason. Both sets of these "people" gain nothing by their actions.
Good luck!!