The basics of computer security, and how to protect yourself when playing online.

Computer Security Primer

If you are not computer savvy, the whole topic of computer security is probably fuzzy, intimidating, and above all, scary. You naturally don’t want hackers snooping in your private data, damaging files, or using your machine as a zombi to launch attacks on other sites with his army of remotely controlled personal computers. And if you buy products or services online with your credit card, or if you play online poker for real money, your money can be at risk if you don’t take a minimum of precautions.

How Does It Work?

Understanding the basics of computer security is hopefully not difficult. We are going to use a naive metaphor, far from perfect, but I believe clear enough to get a pretty good idea of how things are organized.

Imagine a company headquarters. Every critical strategic decision is made there. Depending on your market, there may be some hostile opposition, perhaps even direct threats. There may also be some very sensitive data that should remain secret. Your communications with other companies and subsidiaries must remain confidential, too. Well, security is simply of paramount importance.

The very first thing you need is obviously to verify who enters the building, who gets out, and what everybody is supposed to do inside. Once a person in inside, it is trivial to wreak havoc with just about everything, pretending acting in the name of the security chief officer or the CEO. This may seem very dangerous, and it is, but that’s the way it works by default: the important executives generally do not want employees bothering them every minute for some confirmation or signature.

In this metaphor, as you might have guessed, you are the CEO, the building is your PC (or mac), and the other persons are programs. When a program resides on your machine, or more precisely on your hard drive, it is in the waiting room, so to speak; he can’t directly do harm for now. But once it is run, it is told “do whatever you need/want to do”. That means, about everything. Lay off the whole security department. Shred every document. Send them over to another company. Transfer funds to an account in the Bahamas. Kick you, the CEO, out. Or it can stay quiet and spy on you for years. This is virtually “game over” for you.

Human Resources

Are all programs dangerous criminals? Certainly not. The executives, the clerks, the assistants, the security staff, the cooks, and all the regular employees, do their useful job. If they were not present, you could not do anything. On your machine, these people are the system programs, the operating system, the drivers, and so on.

However, some persons are not so well-intentioned. They will ask for job in order to get into, or they will lure you with some contracts into inviting them inside your office. Some will be recommended by collaborators and friends of yours. These persons are the unknown programs you receive by email, you download on the web, or you install from any unreliable source.

Some of these programs are supposed to be jokes (eg. in emails from friends), others can pretend to be any utility, like an image manipulation tool, or they can even pretend to improve security. You bring them over, and when you run them, you say “ok, do whatever you have to do”. What’s that axe for, already?

I hope you have realized it is critical to never run programs you don’t trust. Never run .exe received by emails from friends. You would hand in the keys to a perfect stranger.

Things are even worse yet. If some guest managed to get into the waiting room, you are not the only one who can give it rights to do what he wants. A regular employee can come over and ask him for help, without you knowing. He can believe he is the courier, for instance, or the plumber. From a computer standpoint, this means that even a file not directly executed can put itself somewhere to be executed later on, without your direct intervention.

Metal Detector

The situation is so hazardous that you definitely need extra measures to improve security. A good improvement is to install a metal detector at every entrance. If the plumber turns out to have a gun, don’t let him in!

The metal detector is what we call an antivirus. It can check that your files are not infected by known threats. It is an indispensable tool. Some antivirus are better than others, some are even free. It is a good investment to buy a commercial one, though.

While putting metal detectors at entrances is good, it is even better to be able to detect guns in various parts of the building. The best detectors can do that: there are some kind of sensors in every room, and if someone is about doing something, the monitoring system checks that the person is not carrying a gun. This is what we call live monitoring or live scanning. When a new program is run, the antivirus automatically checks it. This can be a life saver, so this is a must.

One very important thing about antivirus is that they work by being able to recognize potential threats. But since there are new threats everyday, and that the most dangerous one are the newest, you absoluteley need to keep your antivirus up-to-date. This is normally done by default when you install it, provided you have a web access.