Computing: Scobleizer on Security

Scobleizer: Microsoft Geek Blogger: "Security is an interesting issue. How much security is good enough?"

Robert lists the fourteen steps of security he uses himself – all good stuff, and some very useful advice. If you don’t already know of him, Robert Scoble works at Microsoft, and blogs about them and their products. Although this article is mainly aimed at securing Windows XP systems, almost all of his advice applies just as well to any OS.

Me? I use the standard firewall built in to Windows XP. It’s not good, but it’s good enough for me. We’re still using a 56k modem here, so if anything starts trying to do too much with the connection, we’ll soon notice, and our IP address is changing every couple of hours anyway. I’ve not applied SP2 yet, but I will soon. Just ran short of time last weekend, and it does take a while – including time to make decent backups in case it screws everything up and I have to start reinstalling – it’s happened to a couple of machines at work already, so it’s best to be prepared just in case. Not too prepared, though, it works just fine most of the time.

I use Mozilla or Firefox for browsing (Mozilla right now, but intending to go back to Firefox later today), so I have very little problem with adware and spyware. I tried out one of the scanners a couple of weeks ago, because someone was asking me if it was any good, and it didn’t find anything worrying. One player installed for a game that was long since gone, that it classed as spyware, but since it wasn’t actually running, and hadn’t been run for months, it wasn’t too much of a concern. I uninstalled it anyway. There were a whole load of cookies it didn’t like, but they were mainly in IE, which I don’t use for browsing anyway. If you’re less sure of yourself for keeping such things out, though, these scanners are a good idea, and I’ll probably keep running one every now and then, just to make sure. Being too sure of yourself is a pretty nasty security hole itself 😉

The thing that always seems to surprise people is that until relatively recently, I didn’t bother with any antivirus. People always seemed to think I should know better. I did. I knew better than to run any viruses people mail to me, and I always kept Outlook’s security set high enough to avoid anything running automatically. Along with fairly safe browsing habits, I never felt there was any risk, and I’ve never actually had a virus (well, since my first PC, maybe fifteen years ago – I got hit by ‘Form’, on a floppy from a friend). When Blaster arrived, though, things changed – here was a virus that could get onto your machine without you running it at all. It just used a security hole in Windows to get in, and ran itself from there. Now, just being a week behind in your security updates is enough to get a virus. Soon, there will be a virus that takes advantage of a security hole before it’s been patched. Perhaps even before it’s been publicly announced. So now, I use antivirus – CA’s free 12-month trial of the home version of eTrust at the moment, since Robert kindly pointed it out recently.

"Don’t run in administrator mode" is good advice, but it’s near enough impossible to follow in Windows. Too many things still assume you’ll be administrator of the local machine. I may give it a go at some point, though. Most of the software I use now is reasonably simple or fairly up to date, so it may be easier than I expect.

For backups, we have all of our main data in a shared folder on one PC. I regularly run a batch file that copies all of my important data from my C: drive to there. I then run another batch file regularly (maybe twice a week or so) to duplicate the contents of that shared folder over to Sam’s PC. It’s all done using XXCopy, and only takes a few minutes. It means there’s no redundancy off site, but if the house burns down, the most important stuff will be in my Palm, and sync’d with my work PC, and our collection of MP3s will not be the first concern on our mind.

You? You probably don’t quite want to follow me, or Robert, for that matter. It’s worth putting a bit of thought into what you do about security, though, before you have to deal with the consequences of not doing so.

Update: Well, it’s a bit later the same day. SP2 for Windows XP installed without any problems, I’m back to using Firefox, which installed quickly and easily (as expected), and I’m even running as an ordinary user rather than an administrator. Surprisingly, that’s working with no problems too. XP insists that you create a second administrator account before it allows you to remove admin rights from your user, but everything seems to work ok so far. The SP2 firewall can be set on or off for the different network interfaces, and can even be configured differently for each, but the setting to allow or not allow file and printer sharing seems to be system-wide. This means I can’t have file and printer sharing allowed on the LAN connection, but not allowed for the Internet connection. Still, doesn’t really matter, as I have unbound it from the dial-up connection (in the properties, untick the box for file and printer sharing, and untick ‘Client for Microsoft Networks’ whilst you’re at it).