Security Is

Now that the blissful have been hit again, maybe they can get serious. Originally written for Wired.

Get It Try It

1. Security is serious business - yes, even when you are using a computer for fun.

2. Security is knowing that how you navigate the 'information highways' affects others and taking responsibility for it.

3. Security is taking the time, focusing on what you have to do, and excluding all else. You work in your own best interests and you know it.

4. Security is knowing your machine, knowing what's going on in it, so you notice if something seems wrong, is compromised.

5. Security is checking your myriad ways of starting applications automatically at boot and making sure only applications you are familiar with are starting.

6. Security is making sure, if you are running Windows, that you see all file extensions.

7. Security is not opening attachments you haven't requested from people you know or do not know, but downloading them to disk and having a text editor or AV tool look them over instead. And even if it's not readable as text, and even if your AV tool doesn't say it's malicious, don't run it. Ask whoever sent it what it is and why they sent it before clearing it with you first. And even if your friend assures you that the file is not malicious, check it out with Blobview, Peeper, and BinText; use InCtrl5 to open it; and use the E3 Security Kit to neutralise it if needed.

8. Security is disabling web scripting if you are running Windows.

9. Security is trying to find a more secure emailer (than Outlook) if you are a home user.

10. Security is making sure you are not broadcasting your presence on the Internet on a permanent IP. If you are running Windows, make sure ports 135 - 139 are closed. If you are running NT/2K/XP, make sure port 445 is closed and make doubly sure port 135 is closed.

11. Security is installing and properly configuring a firewall if you have a permanent IP.

12. Security is changing your IP regularly, even if you have a permanent connection.

13. Security is never connecting to the Internet without your firewall up and running.

14. Security is never using Java - anywhere. Disable it everywhere, especially in your email reader.

15. Security is using an ad killer such as Silencer to kill as many banners as you can.

16. Security is checking with sites such as Spychecker before even considering a download from the Internet.

17. Security is reading email as text only. If people can't send you text email, tell them to get out of your mailbox. The Internet is built on text, and don't forget it. No winmail.dat cards, no VCF attachments - just text.

18. Security is seriously considering disabling JavaScript when surfing and NEVER having it on while you are reading email.

19. Security is disabling VBScript everywhere - unconditionally.

20. Security is making sure ActiveX OCX's can't be downloaded and run on your box. Check your browser settings for this.

21. Security is checking your firewall logs all the time. If you can't understand what they say - learn.

22. Security is running AV often enough, even if you don't run AV all the time, and updating your lists as often as you can.

23. Security is always checking with an up-to-date AV before sending or receiving anything via email.

24. Security is visiting security sites where major advisories are posted. Keep up on 'traffic hazards'.

25. Security is finding someone who can help you if you don't know all the technical stuff, someone who can help you when you need it.

26. Security is checking your process list regularly so you know what should be there and so you immediately see when something that shouldn't be there is around.

27. Security is playing around with GD and the netstat (and nbtstat) commands and learning how they work so you can be sure you don't have open ports you shouldn't have.

28. Security is learning your own file system. When you see files there that look suspect - turn up their properties and see whose program it is. If it's from your operating system vendor (eg Microsoft) it may be ok, but if it has no version info or is from a company you never heard of, raise an eyebrow.

29. Security is running an up-to-date copy of Ad-aware regularly, especially if you download and test new software all the time, and being suspicious of anything you download. Use InCtrl5 from DOWNLOAD.COM to log the effects of any program you download and run, and E3 Security Kit to neutralise these effects if necessary.

30. Security is backing up your system regularly, and only when you are at least 100% positive it is not corrupted by virus, worm, trojan or other malicious software. Learn how to restore a system from a backup so you can do this and will do this immediately you recognise a need to.