[../topElectronics.htm]

Buying guides

MORE TO EXPLORE

	Books
	Music
	DVD
	Video
	Kitchen & Housewares
	Toys & Games
	Baby
	Tools & Hardware
	Automotive
	Software
	Computer & Video Games
	Home & Garden
	Magazines
	Apparel
	Jewelry & Watches
	Sports & Outdoors
	Cell Phones
	Computers
	Camera & Photo
	Office Products
	Health & Personal Care
	Outdoor Living
	Gourmet Food
	Beauty
	Musical Instruments

PC Security Buying Guide

------------------------------------------------------------------------------------

Unless you are a serious electronics buff, there is a good chance your home PC is the most expensive piece of equipment in your home. Or if you've got a notebook, it is likely to be the most expensive thing you carry around in a bag.

Although your insurance policy may cover the costs of replacing hardware if it is stolen, there isn't anything that money can do to retrieve your precious or personal data. Nor is there anything you can do to stop the thief from finding those confidential details you keep on the system. Maybe the thief isn't interested in physically stealing your PC from your home; instead, they just want that 16-digit number from your credit card. Or perhaps they want to steal your processor time and network bandwidth to attack someone else.

These are but a few of the reasons why all computer users should take the time to consider how to mitigate their PC security risks.

The threats to your home PC or notebook can be correlated to the multitude of security products available. Physical security products are used to deter theft of the computer hardware. Network security products include personal firewall software, hardware devices and, to some extent, antivirus applications. These are important to anyone who uses the Internet, and are vital for users with broadband connections at home. Access security products involve software or combined hardware and software solutions which control who has access to your computer. Data security covers password protected files, encryption and secure deletion.

Faced with the sheer volume of products now being offered, and with many computers and operating systems now including some of these security capabilities, it is important for users to understand their needs first before they decide in which products to invest.

First things first: Nail it down

First things first: Nail it down

The idea of physical PC security is as simple as it is essential. Keeping people you don't trust away from your PC by locking the door is a great start - just being able to get to a PC's floppy drive and power button makes it quite easy to break into many systems. But if you've left your PC somewhere public or a would-be thief is already in your home or office, then there is still the idea of locking your computer to something immobile.

Most notebooks have a small opening on the side or back which is intended for third-party locks. There are many options on the market - some as simple as a lock with an attached steel cable for looping around a table-leg, others with locking plates and super glue to create anchor points. For the gadget fans, there are also many cables and locks with in-built motion-sensors and high-decibel alarms. Cables and locks are available in the $60-90 range, with motion sensors around $90-100.

For desktop systems, there are versions of the same - anchor points with special glues, cables and alarms. And to prevent access to drives, there are locks that attach to the case and physically prevent anyone from opening the CD/DVD drive or putting in a floppy disk. There are also chunkier enclosures available that physically surround the PC or PC and monitor, requiring a lot more effort than a pair of bolt-cutters to remove.

Should the thief manage to steal your computer anyway, several companies offer a tracking and recovery service. The recovery services work using software agents installed on your computer. Each time the computer is connected to the Internet it contacts the recovery service and sends either its current IP address or the phone number from which it is calling, allowing the computer's new location to be identified and police informed.

Keeping them out

Ensuring that only the people whom you want to have access to the computer system can access it is the task of access security mechanisms such as authentication. The first step is to use system accounts with usernames and passwords to control access to the computer. Having a strong password is the easiest method of greatly increasing the security of your computer and the privacy of the data residing on it. Using a weak password that's easy to guess (such as the username) isn't much of a hindrance to authorised users trying to get in.

Most operating systems with accounts have policy enforcement mechanisms that allow control over such characteristics as the complexity of a password, how long it can be used, what times or days it can be used to log in to the system and, most importantly, the ability to lock out an account after too many mistakes. This is used to stop people from using programs that keep guessing passwords until they can break in.

If your operating system doesn't support user accounts, consider if protecting your files using an encryption utility (see "Keep it secret" below) is sufficient for your security needs. You can also try using the BIOS; on many computers, passwords must be entered before they will boot an operating system. If encryption or BIOS passwords aren't the answer, upgrade to an operating system with system security built in, such as Windows 2000/XP, Mac OS X or any UNIX-style system.

Taking it a step farther, there are many new products available which replace the password with additional forms of identification, making password guessing next to impossible. It is now easy to pick up fingerprint scanners that work with your operating system to control access, PC card devices for notebooks, and USB devices for either notebooks or desktops. There are also smart card systems that require the user to insert a card into a reader at the same time as entering a password. Both PC card readers and fingerprint scanners are usually available for around $400-$500.

Just having a strong password isn't necessarily enough, however, if you are in the habit of leaving your computer logged in and wandering off for a cup of tea. To combat this opportunism, you need to configure your operating system to either lock the user account after a pre-determined interval of inactivity or to use a password-protected screensaver.

Don't forget to lock the back door as well

Often the easiest way to get into a computer is via the network. Not only do many Internet-connected PCs have network file shares with no passwords required, but attackers can also use bugs in parts of the operating system which listen to the network to break in remotely. Additionally, if your PC is connected to a broadband connection permanently, then it becomes an even more likely target for misuse.

Stop

To protect your PC from network threats, you can either read up on the subject and become a security expert, then patch and configure your operating system in a secure manner, or you can take the easy approach and get a personal firewall. Companies such as Linksys and Netgear sell hardware firewall solutions - small devices that plug into your modem, cable modem or ADSL modem on one side and your PC on the other. Typically, these devices use network address translation (NAT) to hide your PC from the network. NAT does this by assigning your computer an IP address that it isn't possible to use on the Internet, which makes it effectively invisible. Therefore the only place a would-be intruder can attack is the secure interface the firewall uses to talk to the modem, which is designed especially for this purpose. Hardware firewalls suitable for broadband home users cost $200-600 depending on additional features such as in-built 802.11b routers.

Higher range devices include firewall software that provides better flexibility for controlling network traffic, but the downside to these hardware devices is that they often stop programs like ICQ or Windows Messenger from working without special configuration. However, they usually have a few network ports on the inside so can protect a home network instead of just a single PC.

Software security

An easier way to protect your PC if you only have one to worry about is to use a software solution firewall. As they are installed straight onto your PC, they can be much smarter about understanding what programs you want to use and will self-configure to support all your Internet applications.

Windows XP has personal firewall software built-in. Called the Internet Connection Firewall (ICF), it is configured by default and works by preventing any remote system from accessing your computer, although it allows any traffic out. It works with Internet Connection Sharing to protect small home networks. Unfortunately it doesn't control outbound connections, so if you somehow end up with a worm like a Klez or Bugbear variant on your PC it won't block the connections made by the worm as it goes off to infect others, nor alert you in any way.

If you want protection from internal misuse, or use another flavour of operating system besides XP, then take a look at the commercial offerings available. Current market leaders for Windows are Norton Personal Firewall, McAfee Firewall, ZoneAlarm Pro and Sygate Pro. These products filter and block inbound and outbound traffic, and include easy configuration interfaces and good logging capabilities to let you know what has been going on. Some software firewalls include detailed explanations of logged events to help you understand if the traffic that is being blocked is just a curious probe or is really an attack. Others also include automatic blocking capabilities which can immediately stop listening to any bad traffic as soon as it starts, preventing would-be attackers from getting very far in their efforts to break in. You should be able to get a best-of-breed commercial product from anywhere between $80 and 140, depending on whether you want it bundled with an anti-virus program.

A good place to start is www.firewallguide.com, which features third-party reviews of Internet security products for the home. Another good way to get an understanding of the products available is to read user complaints. The www.computergripes.com site for example, features a range of "gripes" on PC products from one US user's perspective.

Although this type of software is maturing quickly, there are still some strange quirks to get over, and learning about possible problems before you buy can be a great help. In particular, the automatic blocking features can be quite problematic, so pay closest attention to how easily the software can be configured to support additional applications. Once you've got it running and protecting all outbound traffic, it might stop you from using any newly installed software correctly.

The best firewall programs automatically detect when you are using a new application and ask you if it should be allowed to connect to the Internet.

Antivirus applications

Even if your computer isn't connected to the Internet all the time, it can still be attacked and misused by anything as simple as a virus-infected floppy disk or an e-mail worm.

Many antivirus applications offer protection from these threats (antivirus applications are covered in more detail in the Antivirus Buyers Guide). A strong antivirus program that integrates well with your operating system and e-mail client can reduce the risks of having your PC come under someone else's remote control, or becoming a source of infection for one of the latest round of Internet worms. Some worms install key-logging applications that then send your usernames and passwords to places on the Internet, so even if your PC is behind a firewall someone might be able to start using your accounts at places like auction sites or your Web mail provider.

Wireless security risks

Wireless networks like 802.11b or Bluetooth are another risk. These systems have security measures built-in, but aren't always configured well. A surprising number of Bluetooth devices have a default access code of 0000 still set, which means someone could easily use them for their own gain to dial your Internet account using your Bluetooth phone or to gain access to the data on your Bluetooth-enabled PDA.

If you are using any of these technologies, read the manuals to enable access controls and encryption wherever possible. Despite the well publicised problems with the Wireless Encryption Protocol, just making it that little bit harder could be enough to deter an attacker.

Keep it secret

Even if your PC has some kind of unbreakable password system in place, and is locked to the desk, a person with physical access can remove the hard disk and use another computer to read the contents. With notebooks, this concern is even greater. To keep data really secret requires the use of encryption software.

Encryption software can protect individual files or whole directory structures by encoding the data on the disk and requiring a password to use the encryption key that can decode the data. It is used in the same way to encrypt e-mail to keep it secret as it travels across the Internet. Windows 2000 and XP have the Encrypted File System, which uses encryption keys for each user account to encode data. Without the correct login to the user account, the data is inaccessible - this keeps it secret even if the disk or computer has been physically stolen.

For users of other operating systems, or those wanting to share encrypted files with other people over the Internet, there are many encryption products available. Some focus on encrypting individual files and e-mails and have integration into e-mail clients for convenience, but are cumbersome when working with large numbers of files. Others tie into the operating system to protect entire directories, but aren't easy to use with e-mail.

People with real secrecy requirements might already know that files aren't really deleted from your disk every time you 'delete' a file. That would take too much time; instead, the operating system chooses to just forget the files were there to begin with and writes over that portion of disk when it needs some more space. The result is that undelete utilities can be used to retrieve files from portions of the disk that haven't been written over. Skilled technicians can retrieve files from the disk even after they have been written over many times, by detecting the magnetic signatures left on the disk.

To make sure that sensitive data is unrecoverable, a secure delete utility is required. These write random data over and over the same portion of disk, turning that background magnetic field that could give away secrets into nothing but noise. Secure deletion programs are often found bundled with other utility programs (Norton Utilities includes one) or can be downloaded for free from the Internet.

Choose carefully

Very few people would require the levels of security that could be attained by using all of these products. Nonetheless, it is important that desktop and notebook users have some security measures in place.

The absolute essential thing every computer should have is an antivirus package. Conveniently, many of these come bundled cost-effectively with a personal firewall. Those two products alone will suffice to make a home PC immune from most potential security problems. Beyond these, use common sense to determine risks versus costs. Notebook users should seriously consider cable locks, even if the computer is covered by insurance. Unless your backups are kept up-to-the-minute and stored separately, the inconvenience of losing your notebook will cost far more than the $40 or so required to deter an opportunist.

To prevent other users accessing your information on a shared PC, or protecting your data even after theft of hardware, consider whether upgrading your operating system will be enough, or if you need a separate encryption package. Personal firewalls, antivirus and encryption programs are also available in free and shareware versions, so make sure you really do need the features of the commercial products before parting with the cash.

And most of all, make sure to understand the experiences other users have had with software products before you buy - a piece of security software that you've had to disable to get anything to work isn't much help at all.

[../browse/bottomNav.html]