I am not an expert on computer security, but I do know something about it. It's a matter of self-defense.

Many people say, "There's nothing on my machine that a hacker would be interested in. If my machine gets a virus that causes me problems I will eventually find out about it and just restore the system with the Installation Disks. Or maybe, I'll use it as an excuse to buy a new computer."

These people are a Menace to Society.

Hackers use compromised machines (zombies) to look for other machines to infect as well as for things like Denial-of-Service attacks. If enough machines try to access a server simultaneously, the server crashes. A hacker with 10,000 machines at his disposal (one of which might be yours) can coordinate them to bring down any web site.

They can also install programs to capture your keyboard input, get passwords and credit card numbers, report it back to them, and cause you serious problems.

If you own stock in a company and vote your shares from your computer it is conceivable that a hacker could affect the outcome of a company's election.

The potential abuse for Internet Voting in political elections is staggering if the hackers target the networked electronic voting machines. If people are ever allowed to vote from their home PCs the result can be catastrophic.

Spamming and hacking are merging.

Some spammers use zombie machines to send their spam and to look for other machines to infect.

Instead of using a single throwaway account to try to send 1 million pieces of spam (which the service might detect, intercept, and close the account), they can use 1000 zombies to send 1000 emails each, which is less likely to be detected.

Even if a few machines are detected they still get most of their spam delivered.
 

1.     Windows has networking built-in and does not discriminate between the Internet and a machine on your own local area network.
 

2.    Even if you do not have a local area network, some versions of Windows enable File and Printer Sharing by default.
 

3.     If you have enabled file sharing on one of your drives it is open to the Internet.
 

4.     You need to use a firewall. You can get a very nice one for free from Zonelabs (www.zonelabs.com) They sell one with more features. If you want the free one make sure you download the free version, not the full-featured but time-limited version. If you like the free version you will probably like the pay version even more. Here is a link to their download page.

Norton, McAfee, and others also sell firewall programs.

After you install a firewall you will be surprised by how many attempts are made to access your machine, and sometimes you will be surprised where the attacks are coming from. You will also know when a new, deadly virus has been released before it makes the news.
 

5.     You need an antivirus program. And you need to update the virus pattern file at least once a week.

Antivirus programs can be set to scrutinize every file you open, whether you are online or not. This can really slow down your system. At least it does on mine. I have turned off this feature and manually scan my drives on a regular basis. I am also very careful about running executable files that I get from the Internet. I never run anyone else's Screen Saver. A Screen Saver (*.scr) is an Executable Program  just like a *.exe file. Viruses can hide in *.zip files since the files would have to be unzipped before they can be checked. Imagine how much that would slow things down. AntiVirus programs are sold by companies such as Norton, McAfee, TendMicro, and others

And then there's the email itself.
 

6.     If you use Microsoft Outlook Express, the default installation automatically opens the first message when you select a folder. Turn Off This "Feature."
 

7.     If you receive an email from someone you don't recognize and it contains an attachment Don't Open It. If you really want to know what's in it you can read it as ASCII text. Microsoft makes you do a lot of clicking but it can save you from spending the next 2 days reinstalling your system. If you are not sure how to look at an email message in ASCII text without opening it, Don't Do it.
 

8.     EMail headers can be faked, so there is no way to determine who actually sent it.

If you receive an email claiming to be coming from you, yourself, it means that either:

a. Someone who has your email address in their Address Book or somewhere on their machine has been hacked;

b. Your machine has been hacked.

9.     Microsoft Outlook Express, by default, automatically adds the email address of everyone who sends you email to the Address Book. It also does it to everyone who you send email to.  It makes it easier for viruses to spread themselves if your machine gets infected.

I have this feature turned off.

On several occasions, when I have installed a Microsoft Update, it has turned it back on again.
 

10.     Do Not Respond to Spam. It only confirms that your account is a live one.
 

11.  Do Not Buy Anything From A Spammer Or From a Web Site Mentioned in the Spam.

Some spammers are third-party spammers, advertising for someone who has contracted for their "service".
 

12.     Do not respond to the late night infomercials from people who offer to set you up in your own, enormously profitable, Internet Business. What they are selling is Spam-In-A-Box which will make You a Spammer.

There is a special place in Hell waiting for Spammers, and you don't want to go there.
 

13.     Governments are increasingly Requiring the use of the Internet by citizens. For example, in California the Franchise Tax Board (they collect the state's income tax ) requires that most professional income tax preparers file electronically.

California law now requires individual income tax returns prepared by certain income tax preparers to be e-filed unless the return cannot be e-filed due to reasonable cause. Reasonable cause includes a taxpayer's election to opt-out (choose not to e-file).

You must e-file all of your clients' California individual income tax returns if you prepared more than 100 California individual income tax returns for the 2002 tax year and you prepare one or more current year returns using tax preparation software.

Tax preparers are not usually also Computer Security experts. They usually delegate that responsibility to their secretaries, who are generally not hired for their expertise in Computer Security.

Even if you tell your tax preparer not to e-file for you, he (or she) almost certainly e-files for other clients. Therefore, your information is on a computer whose security is not even close to being assured.
 

Even if the Government's computers are completely secure (and they are not) they do not consider the possibility (likelihood) that some of their citizens' machines have been compromised. As a result they are compounding the problem.

At the very least, they should alert their citizens to the rudiments of Computer Security through articles such as this.

Even better, they should have articles prepared by Computer Security Experts who can effectively communicate to people who are not Computer Security Experts.
 
 

Jed Margolin
San Jose, CA
June 13, 2004