Monday, December 13, 2004
Here's another, really good, "twelve commandments" list
This one is from my favorite security writer, Bruce Schneier. What makes this good is that it's tailored to today's threats, recommends good practices that will prevent many kinds of attacks, and doesn't pull any punches about insecure products.
I compared what Schneier wrote to the questions I hear from normal computer users, and realized it couldn't hurt to put a glossary in front of his article.
Bruce Schneier's 2004 recommendations for safe personal computing
I've got one disagreement, and one quibble. The quibble is that when he says to use an anti-spyware program, he really ought to say "use two". No one anti-spyware program catches everything.
I disagree with Schneier when he recommends deleting the files "command.com" and "cmd.exe". If you're paranoid, rename them so that unwanted programs can't find them, but keep them around for system administration.
UPDATE:
Another IT professional, Gordon Luky, has an article in his blog disagreeing with more of Schneier's advice. Here's how I'd reconcile Luky's and Schneier's advice:
Only uninstall programs (Start/Settings/Control Panel/Add-Remove Programs) or delete data files if you put them there and you're sure you don't need them any more.
Check whether your shredder is designed to cut up CD-Rs before you try it (if you paid less than $100 it probably isn't).
|
I compared what Schneier wrote to the questions I hear from normal computer users, and realized it couldn't hurt to put a glossary in front of his article.
- SSL encryption: that's what protects your credit card number when you buy something over the Web. When the padlock icon appears at the lower right, and the web address begins with "https:", your connection is using SSL. Too many writers call it a "secure" connection.
- HTML e-mail: that's the opposite of "plain text". If you're receiving email that looks like web pages, with colors, pictures and multiple fonts, you're getting HTML e-mail. Dig through your mail program's menus for an item like "Preferences" or "Options" and see if there's a way to get your email in plain text (some older Microsoft programs don't make this possible).
- Network Address Translator firewall device: that's one of the boxes you see in the store for $30-70 with names like "router" or "firewall". If the package says something about "NAT", "firewall", or "internet connection sharing" then it's the kind of device Schneier is recommending. It's a minimal level of security and some tiresome pedants argue endlessly that these boxes "aren't really firewalls". Get one anyway. It will stop a lot of problems and it's an absolute necessity for a Windows machine. Get one even if there's a firewall program on your PC.
Bruce Schneier's 2004 recommendations for safe personal computing
I've got one disagreement, and one quibble. The quibble is that when he says to use an anti-spyware program, he really ought to say "use two". No one anti-spyware program catches everything.
I disagree with Schneier when he recommends deleting the files "command.com" and "cmd.exe". If you're paranoid, rename them so that unwanted programs can't find them, but keep them around for system administration.
UPDATE:
Another IT professional, Gordon Luky, has an article in his blog disagreeing with more of Schneier's advice. Here's how I'd reconcile Luky's and Schneier's advice:
Only uninstall programs (Start/Settings/Control Panel/Add-Remove Programs) or delete data files if you put them there and you're sure you don't need them any more.
Check whether your shredder is designed to cut up CD-Rs before you try it (if you paid less than $100 it probably isn't).
# posted by Frederick @ 9:31 AM Email to a friend:
Haloscan: they provide trackback