At least once or twice a month, someone who I know endures a computational disaster. This could be anything from a glass of wine spilled on a laptop to some kind of complex SQL database problem. In the spirit of Bruce Schneier, I thought I would offer some simple suggestions that anyone should be able to employ.
The most important thing is simply this: if it is important, back it up. Burn it to a CD, put it on a flash memory stick, email it to yourself or to a friend. The last thing you want is to have your laptop hard drive fail when it contains the only copy of the project you’ve spent the last month working on.
Now, for a quick list of tips. These are geared towards university students, not those with access to sensitive information or large amounts of money:
- Do not trust anything you see online. If you get an email from ‘PayPal’ or your bank, assume it is from someone trying to defraud you. It probably is. Likewise, just because a website looks reputable, do not give it any sensitive information. This includes passwords you use for things like your bank.
- Never address email messages to dozens of friends. Lots of viruses search through your computer for email addresses to sell to spammers or use for attacks. If anyone in that fifty person party invitation gets a virus, it could cause problems for all the rest. If you want to send emails to many people, use the Blind Carbon Copy (BCC) feature that exists in almost all email programs and web based email systems.
- If you run Windows, you must run a virus scanner. All the time. Without exception. If you run a Mac, run one in order to be sure you don’t pass along viruses to your friends. Both Oxford and UBC offer free copies of Sophos Antivirus. Install it and keep it updated.
- Run a spyware and adware scanner like AdAware often. If you are not doing advanced things with your computer, be proactive and use something like Spyware Blaster. (Note, some of the patches it installs can cause problems in rare circumstances.)
- No matter what operating system you run, make sure to apply security updates as soon as they come out. An unpatched Windows XP home machine is basically a sitting duck as soon as it is connected to the internet. See this BBC article.
- Only install software you really need. Lots of free software is riddled with spyware and adware that may not be removed when you uninstall it. Especially bad for this are some file-sharing programs. If you do any kind of file sharing, the importance of having a virus scanner becomes imperative.
- Never use secret questions. If you are forced to, fill the box with a long string of random letters and numbers. If you cannot remember your passwords, write them down and guard them like hundred dollar bills.
- For your web browser, use Firefox. Safari is fine, but you should never use Internet Explorer. If a website forces you to (especially something like a bank), complain.
- If there is something you really want to keep secret, either keep it on a device not connected to any network or encrypt it strongly. A user-friendly option for the latter is PGP. Whether it is some kind of classified research source or a photo of yourself you never want to see on the cover of the Daily Mail (once you are Prime Minister), it is best to encrypt it.
- Avoid buying compact discs that include Digital Rights Management (DRM). Many of the systems that are used to prevent copying can be easily hijacked by those with malicious ends. See one of my earlier posts on this.
- If you have a laptop, especially in Oxford or another high theft area, insure it. They can be stolen in a minute, either by breaking a window, picking a lock, or distracting you in a coffee shop. Aren’t you glad you made a backup of everything crucial before that happened?
- If your internet connection is on all the time (broadband), turn your computer off when you aren’t using it.
Basically, there are three big kinds of risks out there. The first is data loss. This should be prevented through frequent backups and being vigilant against viruses. The second is data theft. Anyone determined can break into your computer and steal anything on there: whether it is a Mac or a PC. That is true for everything from your local police force to a clever fourteen year old. Some of the suggestions above help limit that risk, especially the ones about security updates and turning off your computer when it is not in use. The third risk is physical loss or destruction of hardware. That is where caution and insurance play their part.
If everyone followed more or less this set of protocols, I would get fewer panicked emails about hard drives clicking and computers booting to the infamous Blue Screen of Death.
[Update: 6 January 2007] The recent GMail bug has had me thinking about GMail security. Here are a few questions people using GMail might want to ask themselves:
- If I search for “credit card” while logged in, do any emails come up that contain a valid credit card belonging to me or to someone else? I only ask because that is just about the first thing that someone malicious who gets into your account will look for. “Account number” and similar queries are also worth thinking about.
- Can someone who gets the password to my Facebook account, or some other account on a trivial site, use it to get into my GMail account?
- Have I changed the password to my GMail account in the last few weeks or months?
If the answer to any of those is ‘yes,’ I would recommend taking some precautionary action.