SANS publishes list of dumb computer mistakesby Steve Ragan - Dec 16 2008, 17:15
SANS offers up a list of dumb mistakes.(IMG:devlin.co.za)
In the recent OUCH newsletter, which arrived at The Tech Herald last week, SANS has come up with a list of ten dumb things people do that ultimately lead to them ruining a perfectly good computer.
The list from SANS, written by Bill Wyman, Alan Reichert, John York, Barbara Rietveld, and Alan Paller, is sadly made up of things any IT professional will tell you happen all-too often.
In the main, simple mistakes populate the list -- the kind that make a help desk operator scream "You should have known better!" -- and each item is aimed at the normal computer user. However, that said, somewhere online will be a computer wizard, the ultimate geek, who is likely performing at least one of the listed mistakes.
"You hear tales about the ill effects of [surfing without proper Firewall protection] much more often than [poor Surge Protection]. I think that is because hardware failure due to surges are regarded by ordinary computer user as due things beyond their control: an unfortunate accident, somebody else's fault (the power company), or an act of God," explained Bill Wyman in a recent e-mail to The Tech Herald.
Yet, this is a top ten list. So I asked, what if he could add one more item, what would it be?
"If eleven were as nice a round number as ten, I would have included words of caution for SOHO users about peer-to-peer printer and filesharing. I often get questions about this from my clients who have home offices because they can't get it to work. That is usually because (1) the printer-less system (#2) and its user do not have sufficient privileges to access the printer on the main system (#1), or (2) software firewalling is preventing system #2 from having access to music library stored on system #1," Wyman wrote.
"This is frustrating for an ordinary computer user who has heard about a friend or colleague who has made it work. They get tempted to do things that are potentially disastrous, like eliminating passwords, creating holes in the firewalls, or shutting off security software entirely, which can open both computers to attack."
So, without further ado, here are some highlights from: "The ten dumbest things people do to mess up their computers".
Believe that Macs Don't Get Viruses
"Let's start by distinguishing between Mac users and Mac computers. Mac users can fall prey to email scams and phishing attacks, just as Windows users can, and they are equally likely to visit a rigged website, download an infected file, or receive emails or email attachments rigged with malware. Every Mac computer on the market today is built with the same kinds of hardware as PCs. They are connected to the Internet just like PCs, and can become infected just like PCs. The Mac operating system, OS X, is not safer than Windows. There are just a lot fewer people using it, so it's a smaller target," SANS explains.
Ultimately, market share likely has very little to do with it. Criminals exploit flaws in software to pull off crimes. The software resides on both Macintosh and PC-based systems. However, to trigger an exploit, more often than not a user has to take an action. Loading a Web page, clicking a link, installing an application, each of these are actions that criminals count on. The user has to do something to install a malicious payload.
Once the payload is installed, all bets are off. Now the Mac and PC are equals, and only the user is to blame.
There was a bit of a debate over security on the Macintosh lately after Apple pulled a Tech Note suggesting the use of third-party anti-Virus protection. But even after pulling the note it contradicted itself in a statement as to why.
Earlier this year, Sophos also spoke to The Tech Herald about security on a Macintosh system. Despite the logic of most users and the marketing team at Apple, there is still a need for security on Macs.
Plug directly into the wall outlet without Surge Protection
SANS reminds you that this is all that is needed to destroy an unprotected computer. "Even if your lights go out for just a minute and then come right back on, that could create a surge big enough to bring your system to its knees."
Ever have a thunder storm hit during the summer and kill parts of the computer? I have, and it was a cheap Surge Protector that led to me losing entirely too much data.
If you want to learn more, I wrote all about the experience for the benefit of The Tech Herald readership.
"Cheap surge protectors may not respond quickly enough to save your computer, and are only good for one surge. Then you'll have to buy another one anyway. An uninterruptible power supply ("UPS" or "battery backup") is even better," advises the OUCH article.
This is true, but can be costly. Check your prices and shop around for the best deal. The links below lead to TigerDirect and Newegg and list examples of power protection.
Surf the Web without both Hardware and Software-based Firewall protection
This happens a lot. While most routers (Linksys, Belkin, etc.) double as Hardware-based Firewalls, many users go without a decent Software-based option. The odds that your ISP offers a Hardware-based Firewall within the modem are slim, and most 2Wire devices that ISPs offer make a poor replacement for a solid Firewall. (Comcast for example in Boulder, CO. plugs directly into the Internet. There is no Firewall in that device leaving customers exposed.)
To start with Hardware-based Firewall protection, you will more than likely need to buy one. Just remember to shop around.
As for Software-based Firewalls, SANS points out that just using the Windows Firewall is not enough.
"Windows XP only has a one-way software firewall (incoming): that's not good enough anymore. Replace it with a better one. Windows Vista has a two-way firewall built in, but by default it only works one-way (incoming). You have to enable the two-way mode. Make sure you do that. That holds true for OS X, too."
Most security vendors include a two-way Software-based Firewall in the application, so there should be little difficulty finding one. The vendors reviewed here on The Tech Herald, which include Kaspersky, Norton, McAfee, and BitDefender, all have Software-based Firewalls.
Again, when shopping, compare prices. Get the best deal for your budget. Read all the reviews you can find, and try any trial software.
Disable anti-Virus protection because it slows your computer down
Bad idea. Seriously bad idea. You should never disable security software because of performance issues. With the newer security software on the market there should be no performance problems.
However, not all software is created equal. This is why before you buy new security software you should test it and take advantage of trial periods. If it's junk and slows your system, no matter its age, then use something else.
Symantec, the creator of Norton, was once famous, not because of security, but because Norton products would often slow host systems to a crawl. Fancy playing a game while updating Norton? Ever wanted to watch an online video during a system scan? Most people would have laughed at such ideas a few years ago when using Norton.
Now, Symantec has revamped its entire Norton line. Smaller and faster is the motto. Kaspersky, McAfee, BitDefender, all of them have the same goals and each of them has been tested by hundred of sites -- even this one. However, such tests will not always reflect how well security packages perform on individual systems.
If there are performance issues, then you need a new product. You do not need to disable anything. Doing so is simply too risky.
Click on everything and click again just to ensure you clicked it
"Some computer users simply cannot resist clicking on hyperlinks. Spammers, scammers, and hackers prey on them by embedding links in email messages that lead to rigged websites. Once there, more links, as well as drop-downs and pop-ups, lure them into running scripts or downloading malicious software," outlines SANS.
"One fatal mis-click can wipe out the contents of your hard drive or infect your computer with a program that a Bad Guy can use to take control of it. It can also take you to websites that feature pornography, pirated music, videos and software, or other inappropriate content that can get you in trouble."
If you need proof that people click on pretty much anything, just look at the sheer number of bots online. Spammers use these bots to send junk and malicious e-mail. Criminals use them to attack various targets.
These bots are simple computers, owned by normal everyday people who clicked on something somewhere and allowed the bot software to install. To add to the damage, some of those people clicked on something after they disabled their anti-Virus protection.
Use Easy, Quick passwords
Here are a few password tips to bear in mind from a recent article:
Don't create passwords using personal information or information someone could guess.
Don't create a password using words in a dictionary, no matter the language.
Don't use the default password or a common password.
Do make sure your password is long, extra long.
"Strong passwords contain at least 8 characters -- the longer, the better -- and include a combination of letters, numbers, and symbols. Passphrases are even better," the newsletter explains.
"Use words and phrases that are easy for you to remember, but difficult for others to guess. Misspelling at least one of the words in your passphrase makes it still more difficult to crack. Here's an example: My 2 old *katz* were both grey. Too much to type every morning? Let's turn that passphrase into an acronym: M2o*k*wbg."
Don't Bother with Backups
This rule also goes with the Power Surge note. It was the lack of a solid backup plan that cost me my data when the surge killed my drives.
With storage and media so inexpensive these days, and hard drives coming in at a few hundred gigabytes per dollar, there is no reason not to have a solid backup plan in place.
External storage that comes from an external drive, an internal drive placed in an external enclosure, NAS solutions, or simply burning things to DVD will help keep data safe in the event of a system meltdown.
The SANS OUCH newsletter has a few more items centered on dumb things people do to kill their computers. You can view the entire newsletter by (safely) clicking here.