Computer Security issues are always in the media, but what's a real
issue and what is not. (remember hearing that cookies were bad for you?)
Windows Desktop Security
Desktop users of
the Windows Operating System face security concerns when the connect to other
users, allow others to connect to them, or enable server-like operations on
their servers. As soon as you allow others access to your machine, either as a
server, or because you run an e-mail attachment or web page application, you are
at risk. There are things you can do to reduce your risks.
Keep
your anti-virus software updated:
Norton Anti-virus or McAfee
VirusScan can be set up to automatically update itself on a regular basis
and to automatically scan for viruses.
Don't share files:
Even the best antivirus software cannot catch all viruses. Accepting files from
others, as attachments, downloading them from web pages, trading floppies or
accessing a file over the Internet (Morpheous, Kazaa, and others). If you do not
know and trust the source of the file, you should not be running the program.
Keep
your system updated:
Microsoft provides a central web site for updates http://windowsupdate.microsoft.com,
Click on the Product Updates link, your system may already have a link to this
site in the Start menu called Windows Update. You should regularly check with
that site. All 'Critical Updates' are security related. For the best level of
system security they should all be installed. On the Windows update site in the
recommended updates is a 'Critical Update Notification' patch. Installing and
running that allows your system to automatically check for, and notify of the
need to install patches as they become available. This is particularly useful
for users on dialup access because the download happens when the system is
otherwise idle.
Keep your applications updated:
Web browsers and word processing applications both present some risks of
exposure of private information. The software manufacturers regularly provide
updates to their software. You need to carefully read the information provided
by the vendor about the upgrade and decide if it is appropriate for your
hardware configuration.
Limit access to your system by others:
Keep physical control of your machine. If someone can get physical access they
can alter your files.
Don't enable
file sharing. (To check if you have enabled it go to the Network Control Panel
and click on the File and Print sharing button. Make sure no boxes are checked
to provide access to others.)
If you MUST
enable file sharing, think about using a professionally configured server. If
that is not possible and you need to share files on your own machine with others
in your workgroup, do so securely. Don't share the entire C: drive. Create a
single folder where you place files you want shared and share only that folder.
Establish a good password for access, and don't share that password with anyone
who doesn't need it.
Backup your files:
This is another case where a server may make the most sense. Either back up the
entire system on a regular basis (usually requires special software and
high-capacity tape drives) or keep backup copies of the software you install,
the contents of 'My Documents' and files that are kept locally for email or
other applications. Eudora keeps your mail and settings in the same folder as
the Eudora application, Netscape keeps mail and other settings in the Users
directory in the Netscape Program Files directory. Backing up just the files you
change, and keeping the distribution media for other files is less expensive,
but less complete than a full backup, but does meet the needs of many users.
Don't share access:
Various programs, (i.e.: Mail programs, telnet programs, web browsers) can be
configured to save user name and password information. While doing that does not
present a risk to your desktop or notebook computer, it does mean anyone with
access to that machine now has access to your other accounts. If a machine is
lost or stolen, be sure to change passwords on any accounts which had passwords
stored on the lost system.
