Posts filed under 'Security'
Windows Vista will be released soon, but I will not be an early adopter of this new operating system. I thought I would share my top five reasons for not upgrading:
5. Stupid licensing terms and anti-piracy protections
The new licensing terms for Vista only allow you to reinstall the OS once. I’m not a pirate — I have no problem paying for software I use, but I’d rather not have to purchase it multiple times if the OS itself breaks down. If a reinstall is needed (which unfortunately has been frequently necessary on my Windows machines), I would need to purchase a new copy of Vista. Plus, what happens if I decide to upgrade my CD drive to a DVD burner? What if my hard drive crashes and I need to replace it? Why can’t I reinstall the copy of Vista I already own? Also, some have pointed out potential problems with WGA, an anti-piracy application that will occasionally report back to Microsoft on the status of my copy of Vista, and can disable most functionality of the OS if it is suspected to be a pirated version. No, thanks.
4. Exorbitantly high cost
Pricing for Vista is out and it is expensive — the Ultimate edition comes in at $399. Ouch. Of course the other flavors and versions are less expensive, but with less functionality. Plus, remember this cost is only for the OS; and most users need other software to be productive. Shelling out so much cash for just the operating system requires considering alternatives to additional expensive software.
3. Nefarious malware
Windows has been and will continue to be the main target for malware. Spyware, adware and lots of other garbage can will turn your computer into a spam-messenger or bot awaiting nefarious commands of some remote hacker kid. I doubt a new OS will be totally hardened against it, despite Microsoft’s claims to the contrary.
2. Perpetual security issues
Even with a greater focus on security, critical patches and serious flaws are being found every month. Admittedly, Microsoft has made great strides to make their operating systems more secure, but it’s just not there yet. But, as stated above, Microsoft OSs are the biggest target out there. Exploits found in the OS is one way to get malware onto the system, the other way is user-error — usually by installing infected programs.
Also, all of Vista’s security features are new — which means they can’t be totally secure. Microsoft is rewriting all of the networking program stack, which is sure to be the focus of future critical patches. Only history can measure security. Look at how XP matured — it’s relatively solid now, but it took it to SP2 to get it even close to where it should have been. I doubt Vista will be much different.
1. Better alternatives
Microsoft should be carefully monitoring two competing operating systems: Mac OS X and Ubuntu Linux. Although neither is perfect, Mac OS X and Ubuntu Linux are shaping up to be tough competition for Vista.
OS X is notoriously easy to use and just works. Apple’s stock continues to rise because once people learn OS X, they won’t go back to Windows. The iLife suite provides functionality for all of the fun stuff computers can do and Apple’s hardware is sleek and sexy. My next computer will be from Apple, largely because of OS X and iLife.
Ubuntu continues to get better; it’s a great alternative operating system. Sure it’s another flavor of a million flavors of linux, but I like where it’s heading. First of all, you can’t beat the price — Ubuntu is totally free. And it comes bundled with tons of great open-source software. Once it’s installed, you have a whole bunch of great applications and the ability to easily download and install thousands more. I have been using Ubuntu for quite some time now on an older computer, and it’s great. I certainly won’t be replacing it with Vista.
October 27th, 2006
Even though I don’t email top-secret information on a daily basis (OK, actually never), I would like the option to make my email secure. It makes me feel better to know only those whom I intend to read it can do so. Pretty Good Privacy (PGP) is an email encryption computer program that didn’t sound promising, but after some research I found that it suffers from a humility complex — PGP is actually very strong, solid encryption. PGP allows you to encrypt your email communications so you can be sure the messages are only read by the person you intended.
I have been a fan of Thunderbird (read my review) for quite some time, and recently came across an extension called Enigmail which promised to give me the PGP security capabilities I was looking for. The Enigmail extension provides the security in a simple and straightforward way and nicely integrates into Thunderbird. The encryption is handled by the GNU Privacy Guard (GnuPG), a free version of PGP.
Here is a simple example of how PGP works. Dave wants to send Jesse an email. Both Dave and Jesse have Thunderbird and Enigmail installed. Both use Enigmail to generate a key pair. Dave gets a private key and a public key, and Jesse also gets his own public and private key. The public keys are public; Dave and Jesse share those with each other. The private keys are private, they should never be shared. The two keys work together to encrypt and decrypt messages. If something was encrypted with the public key, it can only be decrypted by the corresponding private key.
OK, back to Dave and Jesse. When Dave sends Jesse an email, Dave encrypts the message using Jesse’s public key (Dave has access to Jesse’s public key because it is public). When Jesse receives the message, Enigmail will automatically decrypt the message using Jesse’s private key and Jesse will read the message. To anyone else viewing the message it would look something like this:
-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.4.3rc2 (MingW32)
hQIOA6x3yUQjMAdqEAgAvyC+x6frLRnxE8u67BRQAFb2Jrj
NQdBoN2uFKH6x2DGJeggTSL2aGyABsFSr8eva4j4QWSnVfa
DC5P5EOwEQykSvK65TC9Mi5nX6DpEaClQAz/FDIyM+gr3r0
WYWE560YS4KSKz8CHPkIK3E3MruZVNTSn7CVQjHNbzJmgpJ
fgij2jFt59PgXpUgYxX5idkV0TitdR2O7Uv/VBSbRJCpWlK
hQDcX/k21Gcd89sqES6g6iP/pYXYghCo36pitjIhIwf7Bhk
Tv7rCDjQ8QR4+WFnYk9UVjL9KbWlqbn2awBejVQOqSH2j/f
QV4ry7qPVDODGlY0plIy28nUv7WaNt18E+9mS1e+AcGc/5V
WswmxMwM65qV7/1MiqaJ9fc8NdzUsA3peAfiv56dJuJJQRp
W/PD5WKWf9dDUmwRX6Qql36MMQCguwcBfhZZ1rVFQuZYARh
aiMjOS1+Xhrk8FQZnRYu+rmEpT6sXdkpAdvKelE1y/v5lDs
PdLACAEOW7aQoaxAm03WL4w/jGZAI5FB70VUG9kyEN+Xy2E
fUPF2LBTc/72pjvDrxb6O7lMXtpfgy49Lt+2clg2yqvefBt
jg/GmbdxGZMz1rWXDUuZsd9GdfKwxrmvQN8fSTc7FKcIC7h
1uYv7X8dpubuVdParSQKS4WX7d+7J/CNgUQkWytrMtcdWuH
pRgPtdSlxbIC1GQ7
=OCNT
-----END PGP MESSAGE-----
When Jesse wants to reply to Dave’s initial encrypted email. Jesse encrypts the entire message using Dave’s public key and sends it to Dave. When Dave gets the message, it is decrypted using Dave’s private key. Neither person ever touches the other’s private key — it remains private. Dave and Jesse have now exchanged emails securely using PGP.
PGP is strong stuff. Famous cryptographer Bruce Schneier said PGP is “the closest you’re likely to get to military-grade encryption” (Applied Cryptography, p. 587). The reason it is so strong lies deep in PGPs cryptographic and mathematical roots, which we won’t delve into here. Just know that it’s not going to be cracked. Experts doubt any groups, even large government agencies, are capable of decrypting PGP messages. It’s good encryption.
Another great tool I found for PGP encryption and message signing is WinPT (Windows Privacy Tray). It’s a free, open source program that manages your PGP keyring (your public and private keys) and the public keys of others. One of the cool things about WinPT is that it’s a standalone application that you can use to encrypt or sign messages in a regular text document. So, for example, if you’re at work and don’t have access to your Thunderbird application, but you do have webmail access, you can still send encrypted and signed messages from your webmail client. You can also decrypt messages sent to you. All you need to do is copy and paste the plain text into the WPTray clipboard and select the Encrypt, Decrypt, or Sign options. WPTray will do the dirty work, and you simply copy and paste the results into the message body and send the email.
You can check out my public key page to import my public key into your PGP key manager so you can send me an encrypted email. Please don’t send anything which may compromise national security, but if you want to keep Mom’s famous apple pie recipe safe, PGP is great encryption, and using Thunderbird and Enigmail together make it easy and available to the masses.
May 3rd, 2006
I have an older computer that is no longer my primary machine. However, my family still uses it often, mainly for the basic computing tasks: surfing the web, emailing, word processing, listening to music, and playing a few games. Because I’m not on the older computer often, I worry about it getting infected with viruses and other malware, having the kids mess up all of the settings, and having to spend the time to fix all of those issues.
I decided to install an alternative operating system. Even though I own a license for Windows XP Pro, I decided to use Ubuntu linux as the primary operating system for the machine. I used Ubuntu for several reasons:
- It has what I need
Ubuntu is a linux distribution, meaning it contains the operating system (linux) and a collection of other open-source software packages. When I install Windows XP, I don’t get a whole lot included with the operating system. I still have to purchase or download free alternative software for word processing, virus scanning, image editing, etc. With Ubuntu, most of the software I need was included on the installation disc.
- It’s free
I can’t afford to shell out big dollars for software, and I’m not a software pirate. The operating system and included software are totally free. The folks who create Ubuntu will even ship you the CDs for free.
- It’s secure
With Ubuntu, I don’t need to worry about viruses or spyware. Because Ubuntu is a *nix-based OS, the user accounts are not machine administrators and each user has individual settings and storage space. That means the kids can’t change system settings and wreak havoc on the computer. They don’t have access to other users’ files, meaning they can’t destroy Mom’s recipe cards she has been typing up for the last two weeks.
There are several other reasons why I chose Ubuntu. Installing new software and updating software is a breeze, so system maintenance is drastically decreased. I can also use the system as a file server, so it can act as a central repository for all of our mp3s, photos, other files, and backups. The data can be accessed from Windows, Mac, or other Linux computers on our home network. Ubuntu can also act as our print server, so all other computers in our home can print to the printer hooked up to the Ubuntu machine.
However, Ubuntu isn’t perfect. I didn’t like that it didn’t support mp3s and other video formats out of the box. It also didn’t have support for Flash or Java. However, I have discovered a few scripts (Automatix and EasyUbuntu) which can easily add all of the formats, codecs, and other niceties missing from the install discs. One other thing missing is power management. Since this computer can go long periods of time without being used, I would like to have it go to a standby mode to shut off the hard drives and monitors after a period of inactivity; but it would need to support wake-on-LAN. I have read power management is currently being developed for the next version of Ubuntu, so I am looking forward to easily updating my software for this feature.
Overall, Ubuntu has been great for my needs and is getting better. I have had some issues getting the file and print sharing just right (fodder for future articles), but Ubuntu has been a great alternative operating system so far because it has what I need, it’s free, and it’s secure.
March 30th, 2006
If you have broadband, buy a router. A router is a simple standalone piece of hardware that allows more than one computer to share an Internet connection. If you own only one computer and have broadband, you still need a router.
Without a router, your computer is connected directly to the Internet. Or a better way to think of it is that the Internet has a direct connection to your computer.
With a router, your computer is on a separate network from the Internet (but still has access to the Internet). The router doesn’t let anything into the home network that doesn’t belong there. Specifically, a computer on your network must ask for information from the Internet for your router to allow information from the Internet to enter your home network.
The techology routers use to help share an Internet connection also adds a security layer to thwart worms, malware, and other internet-based attacks. This techology called NAT (which stands for Network Address Translation), essentially creates two separate networks.
Here is how it works: let’s say you request to access yahoo.com. Your request first goes to the router, which notes that you are making a request to yahoo.com, and forwards the request to yahoo.com. When a response comes back from yahoo.com, the router forwards the response back to the computer that issued the original request. If traffic comes in from Evil-Internet-Worm.com unsolicited, the router knows that no computer on the network has requested information from that site and blocks it. Evil-Internet-Worm cannot get through and infect your computer.
Routers are not terribly expensive, plain wired routers are around $30 and the increasingly popular wireless routers can be had for less than $100 and even cheaper on sale. Wireless routers need to be set up properly to make them secure, but offer the same separation from the Internet using NAT as wired routers do.
If you have broadband and you don’t yet have a router, you’re just asking for trouble.
September 3rd, 2005
I read a recent study claiming that the costs of malware in the first quarter of 2004 have already exceeded the entire year of 2003. Malware hasn’t made it into Webster’s just yet, but it won’t take long. Malware is basically the category of malicious software: worms, viruses, spyware, adware, etc. — it is software gone bad.
The rise of viruses and worms has been well documented. Few computer users have been immune to the flood of these malicious bits of code, especially considering their rise in popularity and severity. Today’s viruses aren’t semi-funny hoaxes, they are just plain nasty.
Festinate reactions to ActiveX pop-ups can have very dangerous consequences. Malware authors know most users instinctively press the “Install” button by force of habit, and exploit that tendency to get their malware on to your machine. This particular subset of malware is typically called adware or spyware. This stuff is more annoying than destructive, but it can change your homepage, monitor your surfing habits, serve up ads endlessly, and redirect you to sites that you don’t want to go to.
So, how do you battle malware in your home or business? Here are a few tools that will help you get rid of malware on your machine. The first time you use these tools, you will be amazed at how much of this garbage has crept onto your computer.
Ad-aware Plus has a freeware version which will take care of just about everything.
Spybot – Search & Destroy is my personal favorite, but it is almost too thorough — just make sure not to remove any legitimate tools or you will have to reinstall them.
May 8th, 2004
Previous Posts