Jerome Segura, a Security Analyst at ParetoLogic of Victoria, B.C., Canada, just posted a nice piece on computer security practices with a different perspective in his “Malware Diaries” Blog.
He begins his list of security tips by considering four classes of users:
— pre-baby boomers
— early and late baby boomers
— 70’s – 80’s users
— 90’s to present
then makes further distinctions by level of security knowledge and awareness:
— extra-cautious (paranoiacs)
— those who somewhat understand
— those who are over-confident
— security conscious folks.
His “ABCs of online security” is a list of 11 practices that could create a sound security consciousness for everyone, but especially for all those non-technical home users out there.
“- Today’s computers are connected to the Internet and are therefore much more at risk than their ancestors.
“- The Internet is fun but also dangerous.
“- People don’t know what they do and can easily be duped.
“- The more cool stuff, the more risks.
“- The right choice of software and hardware can protect your computer but will not make it 100 percent safe.
“- Updates should be applied religiously.
“- If you aren’t sure about something, check it. Files and Websites can be analyzed prior to opening.
“- Computers are not demons but they can be zombies.
“- Browsing to a site (ANY site) can infect your computer.
“- Backups are your best friends.
“- Virtual Machines are an acceptable way to have an affair (and get infected) behind your computer’s back.” (I think he means “an acceptable way to experiment with potentially malicious sites and files.”)
There’s always been a tendency among the technoroti to look down their noses at non-technical users. Personally I don’t think there has been enough effort put into public education on computer security. It’s way too common to blame the victims and that just doesn’t work. The money they spend for rogue anti-malware products and the cash siphoned out of their bank accounts help fund the criminal groups that prey on all of us.
When it comes to computer security, we’re all in this together.
The U.S. Computer Emergency Readiness Team (US-CERT) has a great page of security documents for all levels of users: http://www.us-cert.gov/cas/tips/
Sunbelt has two white papers that dig into the details of the two biggest threats on the Internet today. They’re written for non-technical users:
Rogue security products: