Holiday Times Coming - Time to Think About Security (still)
Saturday, December 01 2007 @ 12:01 AM UTC
I'm reminded by SANS that as a security and computer professional it is not only a gift I can give, but in my best interests to give the gift of advice before things get out of hand :) Otherwise I'll end up on the receiving end of lots of phone calls over the holiday period about how/why to do things and why the computer's mouse icon is running around on the screen when the mouse is not even connected (someone in Russia has taken over your computer and is sending spam with it while they drain your bank account)
One of the major purchases that many people will think about (and probably do) is the purchase of a new computer either for themselves (Look what Santa gave ME!!!) or for a loved one - or maybe even for a deserving employee.
As many/most of you know, I'm generally not a fan of Microsoft and specifically not a fan of MS Vista as "the operating system of choice" for any computer. One of my customers summed it up (he does web development and uses quite a few tools that only run on MS so far) - "I bought a new Quad-Core (looks like 4 separate CPUs to the operating system) with 3 Gigs of RAM (most of you probably have as little as 512K) and it came with Vista - what a DOG! It's slower than my old machine that only had a single CPU that was 2/3 as fast and had 1/3 the RAM!"
Add to this the fact that you'll have to get mostly all new software and lots of what you have won't work and you come up with the question of "why bother? If I'm going to change, why don't I change to something that, even not knowing much about computers, looks better? - Linux!"
So you maybe should check out one of the "Desktop" versions of Linux.
I have downloaded and played with Madriva (See DistroWatch at http://distrowatch.com/?newsid=04519 ) and know people who are using Ubuntu (DistroWatch at http://distrowatch.com/?newsid=04538 )
Both of these, as well as a number of other versions, can be downloaded and burned to DVD or CD on your current Windows box - then booted and run FROM THE DVD/CD - without touching your current Windows install, or only using your Windows disk to store and retrieve data like Word documents, Excel spreadsheets, and video, music, photos etc. This allows you to "play" with the Linux to see if you like it and to see what kinds of applications it has (all have LOTS!) and how you can work with your current documents and data.
The major difference between various versions comes down to whether or not it supports "proprietary" video and audio formats such as Windows Media and Real Audio and whether it will play the typical commercial DVD that has encryption on it. Virtually none come with these "codecs" but some will point you at where you can download and install them if you try to view something that needs them.
For example, I'm using Fedora Core 8 (Red Hat's development version, supported by the open community - see http://distrowatch.com/?newsid=04581 ) and when I went to read some video that I already had on my laptop from previous versions, it pointed me at the location of these proprietary codecs so I could go and get them.
-------------------------------------
No matter whether you are going to get a new machine or not, it is a good idea to check your current Windows box to ensure it has the latest versions of software that have been the target of the "bad-uglies" out there - the hackers and crooks. To that end you should take SANS' advice and visit www.secunia.com - and run their software check. I did, and found out that I was a version behind on both my Adobe reader and my Flash plugin (on the one and only Windows box in the house - there just to do the one or two things I can't do on Linux and to test out stuff for my customers) - it gave me the links to get the updates, and 5 minutes later all was well.
You should also likely ensure that Microsoft Updater is set to update your machine automatically. There are situations where this is not a good idea, but unless you're like me and look after a stable of machines that do video encoding at remote locations where an unplanned re-boot is not appreciated, you should probably have it do the update and any reboots.
Along the way, you should make sure you have downloaded and installed Firefox and Thunderbird and set them respectively to be your browser and e-mail client of choice instead of IE and Outlook. If you "MUST" use outlook because you're connected to your office's Microsoft Exchange or GroupWise system, then you should look at Evolution ( http://www.gnome.org/projects/evolution/ ) which is what I use myself.
And of course you should avail yourself of the free tools available to check your system and keep it in top shape:
Anti Virus software
* Grisoft's AVG (http://www.grisoft.com)
ClamWin (http://www.clamwin.com/)
Avast! (http://www.avast.com/eng/avast_4_home.html)
Avira Antivir (http://www.free-av.com/)
Microworld Free AV toolkit (http://www.mwti.net/products/mwav/mwav.asp)
Anti spyware
* Spybot Search and Destroy (http://www.safer-networking.org/en/spybotsd/index.html) the one I most commonly suggest
Adaware (http://www.download.com/Ad-Aware-2007-Free/3000-8022_4-10045910.html?part=dl-ad-aware&subj=dl&tag=top5)
Sunbelt's CounterSpy Trial Edition (http://www.sunbelt-software.com/Home-Home-Office/CounterSpy/)
cwshredder (http://www.intermute.com/spysubtract/cwshredder_download.html) a great spyware cleaner
Spywareblaster (http://www.javacoolsoftware.com/spywareblaster.html)
Winpatrol (http://www.winpatrol.com/)
BOClean (http://www.comodo.com/boclean/boclean.html) an interesting little tool
PC Tools Spyware Doctor (http://www.pctools.com/spyware-doctor/)
Runscanner (http://www.runscanner.net)
Anti Rootkit (you know - like the one that Sony put on some of their videos!)
* Sysinternals RootkitRevealer (http://www.microsoft.com/technet/sysinternals/Utilities/RootkitRevealer.mspx)
F-Secure Blacklight (http://www.f-secure.com/blacklight/)
GMER (http://www.gmer.net)
AVG Anti-rootkit (http://www.grisoft.com/doc/download-free-anti-rootkit)
IceSword (http://www.antirootkit.com/software/IceSword.htm)
Rootkit Unhooker (http://antirootkit.com/software/RootKit-Unhooker.htm)
Sophos Anti-rootkit (http://www.sophos.com/products/free-tools/sophos-anti-rootkit.html)
If I'm over at your place for the holidays you can expect that I'll have some of these on my flash-drive in my pocket - but I warn you, I'll expect to be plied with goodies if you want me to use them :) Then I'll want you to download and at least try a version of Linux.
----------------------------------
I don't know about you, but I've continued to get the automated "Vishing" (voice phishing) calls about "your credit is not currently at risk but we'd like to talk to you about it anyway..." that have been making the rounds. This introduces the topic of credit cards and fraud.
The payment card industry expects the amount of card fraud around the holiday season to be up by as much as 15%, even though the number of incidents is trending down. What this means is that the frauds are more and more targeted - instead of getting a little from a lot of people, they're getting a lot from fewer. Merchants will end up absorbing much of this fraud - but if you are hit you are the one on the front line in getting your money back. Read your statements!!!!
I can't emphasize this enough. A recent study showed over 40% of people who shopped online didn't think it would happen to them and only 20% of those polled actually look at their statements hard enough to find the little items that easily slip by. One of my friends finally (after over a year) realized that he was getting a $9.95 monthly charge from a place in Florida that purported to be offering him a service he had no idea about and had never signed up for. It took him most of 6 months to get the credit card charges reversed.
And the in-store credit card processing can be every bit as dangerous. The TJX incident last year is at 96 MILLION cards compromised and still climbing - and it all started with one of their stores having a wireless computer system that was not well secured. Another recent study showed 85% of over 3000 major stores and malls tested had insecure laptops and barcode scanners that could be compromised to steal access to central systems - where your credit card info is stored!
What can you do about this? Well, I've heard of one food court in downtown Vancouver that only accepts cash now. I wonder if this will be a trend? Otherwise, use your online bank access to check your account frequently and watch for unauthorized transactions.
Now that I've made you (more) paranoid,
Have a happy Holiday Season
