Google

Sunday, January 17, 2010

Prevention is better than cure

Google recently discovered the Government of China was involved in a massive hack attack on Google and at least 20 other large companies. It seems the hackers used a security loophole in all versions of Internet Explorer and also some security vulnerability in Adobe products (this is what you use to open pdf files). The hackers would, using these loopholes, download malicious software to computers used by prominent Chinese human-rights activists and keep a track of all their activities. Such malicious software can have complete control over your computers and do things like track every web-page you visit, keep a track of everything you type, turn your web-cam on or off at will, and much more.

Today it was human-rights activists, tomorrow it could be you. Today it was the Chinese government, tomorrow it could be some other agency, your worst enemy, your company, your rivals, anyone. In light of these events, I urge everyone to keep their computers secure. I am no computer security expert, but here are a few tips that take little time to implement and make your computers quite secure.

  • Stop using Internet Explorer as your web-browser. It is by far the worst browser when it comes to security and web-standards. The browser is also the slowest in the market. And if you are using Internet Explorer 6, then stop using it right now. It is the equivalent of driving an Ambassador when Ferraris are being given away free. At the very least, upgrade to Internet Explorer 8. But I would recommend switching over to Mozilla Firefox or Google Chrome. I've been exclusively using Chrome for the last year and it is blazing fast.
  • Don't ignore Windows updates. Microsoft constantly discovers loopholes in their programs and pushes the updates to plug those holes through Windows updates. Ignoring the updates is very risky. At the very least make it a habit to install all security and highly critical updates.
  • Upgrade to Windows 7. This is the latest and best installment of Windows till now. It is also considered to be quite secure. As you can see from this link 7 is the most secure of all Windows operating systems.
  • Install a good anti-virus and keep it updated. If you are using Windows it is absolutely critical to install a good anti-virus program. McAfee, Norton, AVG are the few good ones out there. Install one right now if you haven't already. An anti-virus slows down your computer, but it is a price worth paying. Malware like viruses, trojans, spyware, etc. can be pretty deadly and render your computer unusable. Run a complete virus scan once every month or so, and immediately if you feel something is not right with your computer.
  • DO NOT CLICK ON RANDOM LINKS - this point cannot be stated enough. This is how malware will be installed on your computer in most cases and this is how they think the Chinese government spread it's malicious code too. These links may be on Facebook, or Twitter, or your mail or in chats. Before clicking suspicious links, ask the person who sent it if he actually sent the link and what it contains.
  • Use internet in public places at your own risk - Wi-fi in public places is not secure. Anyone with access to the network can potentially snoop on whatever you send over the internet. So if you are just browsing the net, that's ok. But if you are using Gmail/Facebook/Banking or any other site asking for passwords, then know the risks involved. To reduce the risk of someone stealing your password by watching what you send over the network, there is a technology called encryption. This is not enabled by default in most cases. You can see if everything that you get is encrypted or not by looking at the website address in your browser. If it says https then it is secure, if it says http (without the s), then it is not. Not all webpages need to be secure. Most of the times only the one asking for your password will use https. Google has turned this feature on by default after the China fiasco.
  • Beware of phishing attacks. Phishing is used to steal your vital information like password, bank details, etc. To protect your self from phishing, a good policy is to always type the web-address of bank-sites, gmail, yahoo, etc. For example, type www.yahoo.com/mail when you want to access Yahoo mail. That way, no one can direct you to a wrong site.
  • Have a strong password. Passwords should not be dictionary words! A good password should be something with a combination of small are CAPITAL letters with some special characters in them and you should be able to remember it too. For example Psnbdw! is a good password (first letter of every words in 'Passwords should not be dictionary words!'). Keep separate passwords for really important sites like mail and banking and different passwords for other websites. This ensures that no one can know your bank password from your daily sudoku website password, for example.
  • Consider moving to a non-Windows world. There are too many things out there to worry about in the Windows world. Linux is so much more secure and safe. It is not that difficult to get used to things in Linux. Probably 2-3 months for a novice computer user.
That's enough for now. If you follow all these, then you will definitely be as secure as humanly possible. But know that it is not that difficult to steal your information. Just like no home-security system is secure against determined thieves, similarly no computer system is completely safe for determined hackers. But the least you can do is make life more difficult for them. There are millions of dumb computer users out there for them to waste more time on you. Have a safe and secure Sunday, and enjoy your online experience.