\ 

Nederlog

 

15 oktober 2009

 

More about computer security - 1



This an English Nederlog and it is about security, especially for Windows XP, since that is the OS I (mostly) use. I have written about this before during this month, but in Dutch, so this to some extent a repeat, but it also contains some new interesting references, and what is old is reduced to a good basic security-set.

That is... so I hope, for it remains a matter of a combination of knowledge, ignorance and faith, which is something I start with saying something about.

1. Knowledge, ignorance and faith concerning computing
2. A good basic set of security utilities
3. Interesting information, tutorials and sites about security
4. Windows XP planned demise

If you don't like (real or apparent) vagaries of a somewhat epistemological kind, you can jump right to to section 2.

1. Knowledge, ignorance and faith concerning computing

Computers and software are very intricate things, and by now there is much more to know in these fields than any one individual can know, and this remains true also if the fields are much restricted.

My previous computer has been hacked; my provider's helpdesk gave no help of any use, and the security software it delivers as part of the contract is lousy; and although I have used a PC for over 20 years daily, and can program in several languages, have read fairly widely about computers and programming, and am familiar with all the basic ideas of computing and programming, and also with most of the terminology and concepts used there, I found I was mostly ignorant about relevant basics and about good security.

I suppose this holds for almost everyone, and especially for whoever uses Windows for that is a closed source operating system. The best one can do is admit one's ignorance, and use the net to find information to do something about it.

And so I did over the last months, and found a goodly amount of software concerned with security and of websites with useful information about security for Windows XP (in particular, but not only), that have the virtues that they respectively work and make sense for me - but indeed there is a caveat:

I must accept this with some faith, and regard this with at least a little doubt (as you will find out below others also stress, with evidence), reserve and uncertainty (i) because most information is not certainly true, even if the relayers of it are honest experts and (ii) just about all reporting, writing and communication comes with problems of understanding for the reader and omissions or unclarities of language by the writer.

But there are two good checks and helps: One can find evidence; check and doublecheck, especially if several different (mostly) independent sources agree on the same subjects; and search for real quality in software and its documentation - and especially the last is important, for the less reliable information one has gotten, the less one can understand about a program or a problem.

This being said, I have looked about and compared, and here are some results.

2. A good basic set of security utilities

Here is a good basic set of security utilities, with brief reasons why.

Firefox is a better and safer browser than Microsoft's Internet Browser for many reasons, such as that it is open source; that is has a much better user interface; an interesting user community and good documentation; a much better interface (look, ease of use, intuitiveness) and it comes with many fine Add-Ons.

This I strongly recommend that you at least try (installing it is a breeze with ADSL or better), especially in the present context of security, and Add Ons. The latter are - often but not necessarily - small programs, usually free and open source, and can be easily installed, and what I recommend you look at are especially AddBlock Plus, Nuke Anything Enhanced and and especially NoScript, that show you what gets added somehow, usually behind your back, in secret, while you're browsing the internet.

The Add Ons I mentioned show this, and help you to prevent and block it, selectively also. Incidentally, if you didn't know this, you may be frightened, but then the point of the Add Ons that (i) now you know and (ii) now you can do something about it, with a little bit of knowledge of computer terminology.

Here are brief descriptions, from an English BitsAndPieces I wrote last month: Musings on computing and a new internet.

Adblock Plus gives a considerable amount of tools to block the downloading of ads in your browser. It does this fairly well and effectively, and the only setback I have seen is that to use it sensibly you need to have some basic knowledge about html. Enters the next Add On, that I find very enjoyable, because I hate ads, especially if they move, blink or spout sounds at me:

Nuke Anything Enhanced: Like most Add-Ons this is a JavaScript based thingy, basically simple and small, with just one feature that may save most of the internet-as-is for you: It can remove - make invisible - almost anything on any site in two clicks. Delicious!!

Having mentioned Javascript, which I will say more about in the next section, you should realize that most websites, and nearly all commercial ones, now run some sort of script, that enable the makers  of these pages to do all manner of things, such as recording your presence, popping up ads, redirecting your browser, and God knows what else.

NoScript is an Add-On, in JavaScript, that allows you to block scripts comprehensively or selectively. This is also worth adding to Firefox, if only to protect yourself and have an idea of what may be going on, and as with AdBlock Plus the (probably unavoidable) setback is that to use it sensibly you.

So much about better and more secure internet browsing. Now on to real security:

This is by Safer-Networking Ltd. It is free (you can make donations); it is a considerable download (15,2 MB) but an easy install; it has a fine website and forum; and it is very good indeed, especially because it does and shows a lot, with excellent documentation, while it also has a fine reputation on the net ("converging evidence", this is called).

Here are three interesting and clear articles from How to Geek, first about the general problem, with interesting evidence how easily one's computer can gets hijacked and also very fast indeed; the second about the above program (or set thereof); and the third about a nicety of Spybot I'd missed until I read this brief article:

I like it a lot and this also holds for other fine free programs the people of Spybot offer, namely FilAlyzer, RegAlyzer and RunAlyzer, which are more for techies with some computer knowledge, and all especially because (i) they have good reviews on the net, (ii) seem to be what they say and no more or else, and (iii) they provide a lot of information about the computer and a lot of help.

Next, here is a whole chestful of utilities, all useful and well-presented, also with fine documentation available on line, and also free:

This is much like the Norton Utilities I liked a lot, but better, more recent and more extensive. It comes in a free and pro version that has to be paid, and the free version has the niggle that it adds a link to Ask.Com, which is a perfectly respectable company, but which you may not like or not need, just like me, and happily the cure is easy: After installing Glary Utilities, go to Program Files, find the AdAsk folder, and run uninstall.exe in it, and you're done. (But as I said, Ask.com is perfectly respectable, and you may find it useful.)

The opening window to this suite of utilities also has a one-click overall check that is fairly thorough; the program has regular updates, like SpyBot; and Glary Utilities consists of many useful utilities for all manner of things, including easy access to a highly useful Windows utility like Restore Points (check it out if you don't know this: saved my system often!), and a lot more.

Tomorrow (probably) this will be continued, for I have only little energy, and the above is already a good start, but there are three more recommended programs to follow later.

3. Interesting information, tutorials and sites about security

As for today - and there is also more to follow tomorrow - here are two interesting sites concerned with information relating to computer security.

First a repeat (here explicitly) with a selection from it

which is the home site of the Spybot program briefly reviewed above, and its three mates, with easy downloads and links to the forum and more, that is followed by a link to a good tutorial about Spybot, installing it, and what it can do for you.

Second, there is this as to Windows and indeed computing in general:

which is a large site, that says about itself

Bleeping Computer is a community devoted to providing free original content, consisting of computer help and tutorials, in such a way that the beginning computer user can understand.

It has a lively and extensive forum, a lot of tutorials, and the one that I looked at were well done. There is a lot of information here about Windows that seems at least useful, also because it comes in some detail, and is clearly written, and what I saw of it conforms to its own cited description of itself.

Especially the tutorials (over a 100!) seem useful, for those who want to know more about Windows, or about specific problems with or possibilities of it.

4. Windows XP planned demise

Finally, since I didn't know this myself and since I do not want Windows Vista, here is a link to MS itself on Windows XP's planned date of demise:

There is more precise information under the link, but one can be fairly sure that until then things will keep working on a PC running Windows XP, to the extent they do (and to the extent the world doesn't collapse through the stupidity of the least unintelligent species on it), but I have to grant MS that Windows XP is the first Windows I have used that worked more or less as advertised.

And indeed the biggest complaint I have about the flaky security for it, but then I addressed that topic today, and will continue this tomorrow (probably).

Maarten Maartensz

        home - index - top - mail