Select a language:

6.6 Secure the Desktop

Secure the Desktop

Introduction

You just got your computer set up. It's brand new. It runs beautifully. You've just hooked it up to a new network and are getting online. What's your worst fear? Someone else messing up your machine. Bugs. Viruses. Data theft. It's scary. So you need to secure your computer. Preferably before you get online. So you'll need a good combination of programs and passwords in order to keep your computer safe from malicious attacks and your aunt who used a computer once before back in 1989 and really can figure it out on her own, according to her.


Important! This section is not going over removing malicious programs already on your computer. This is to set up a "shield" that will stop those programs from getting onto the computer in the first place
[edit]

What Are You Protecting Against?

Exactly what is it that you're protecting yourself against? You're trying to keep spyware, adware, viruses,malicious hackers, user error, and most importantly data theft. Three of these issues require more than just some programs to keep them at bay. For malicious hackers, user error, and data theft you want to make sure that you've got good secure passwords, and the right settings. With malicious hackers you run the risk of having the code of programs (like your web browser) edited and manipulated. With user error there is the problem of you or another user (remember that aunt?) could accidentally delete an important file, open and download a or could wander onto a malicious web page and cause major problems for your computer. Data theft could easily be seen as the worst fo the lot. If someone gets a hold of your files they could easily steal your identity: social security number, credit cards, address, phone numbers, birthday, school, anything and everything you have on your machine.

The good news: you can make sure it doesn't happen to you. Passwords. Settings. Programs.

[edit]

How Do You Protect Your Computer?

Now you know what you're trying to keep off your machine. But how do you accomplish this? You need the right mix of tools. You want to have the right password and settings, and the right combination of programs that will keep your computer safe.

  • You're going to want to consider a firewall - newer Apple and Microsoft products usually have them built in.
  • You'll want to make sure you have two accounts. Protect both of them with a secure password.
    • A regular account with minimal administrative abilities so that if you let someone use your computer they can't accidentally do something harmful.
    • An administrative account. DON'T name it 'Admin' or 'Administrator' or something like that. If someone is going to try and get to your machine, the first thing they'll look for is an admin account.
  • Make sure you have your settings adjusted to update automatically once a week.
  • Have one anti-virus program installed
  • Have at least one program to detect and remove spyware.
[edit]

Updates/Patches

Security! It doesn't matter if you have the best program or OS out there. If you don't update it regularly it'll become obsolete and useless before you can say "pink plastic flamingo".

Updates are always important. I can't really stress this enough. Updates install security patches that help prevent unwanted programs and bugs on your machine. The system updates for your computer will also update all of the programs bundled into the OS as well as the OS itself. This means Windows Media Player and IE for Windows and iTunes and Safari for Apple computers as well as other programs. You can either manually update your machine once a week or so - this means that you actually have to remember to go look at the updates. Or you can set your computer to automatically update itself.

You can change your update settings by going into your system preferences and going to updates. From there you should find an option to turn on automatic updates. It's a good idea to run them about once a week.

[edit]

User Accounts

One way to prevent problems are by restricting who can get on your computer. This can easily eliminate the problem of your little sister wandering over and tinkering with your machine.

When you create a new account you have several options. First and foremost - admin privileges. You'll read about how to use and distribute admin privileges more in a little bit. Then on some many OSs you can fully customize the user privileges: can they get online? Can they download anything? Can they IM people? If so, who? What applications can they use? Can they burn CDs? This allows the administrator to tailor the privileges of a user in order to prevent security leaks.

The lab will show you how to make accounts and change the settings of users.


User screen on Windows 2000

Accounts menu on Mac OS X

Adding an account on Mac OS X

Adjusting user prefs on Mac OS X

[edit]

Passwords and Admin Privileges

Set passwords to access any important or vital information.

  • What information you want to password protect.
  • Be careful when giving out admin privileges - try and only have one admin. The only exception to this being larger networks where one person can't take care of the entire thing.


Security! Always remember to make your password a mix of upper and lower case letters, punctuation, and/or numbers.
[edit]

Programs

There are many programs out there, but these we are going to go over:

  • BitDefender 8 Free Edition (Antivirus)
  • BitDefender 9 Standard (Antivirus and spyware)
  • ClamWin (Antivirus)
  • Spybot: Search and Destroy (Anti-Spyware)
  • SpywareBlaster (Anti-Spyware)
  • TrueCrypt 4.2 (Anti-data theft)


Fun Facts! notice that I just put the word "anti" before the malicious program/action. Duh...
Of Note It is important to update these programs regularly. New threats may appear if you do not have the latest "definition list" on your antivirus and anti-spyware program
[edit]

Virus Protection

  • Pros
    • It provides nice protection against an accidental click on a malicious link
    • The programs are a nice security blanket if more than one person will be using the machine
  • Cons
    • Sometimes the programs can slow up the machine
    • It can be hard to remember to run all of those checks!

So it's probably a good idea to install virus protection if:

  • Multiple people are going to be using your machine
  • You think that the rest of your security may not be enough

You might consider running without virus protection if:

  • you're an experienced user who does not tend to wander into compromising security situations
  • AND, you have your machine backed-up with Ghost, data backups, etc.
[edit]

Antivirus

Important! A golden rule is to only install one anti-virus per computer. This is because anti-virus programs clash with each other. With spyware detection programs, it is less of a rule.

Here is a list of Antivirus software we picked:

[edit]
ClamWin

ClamWin is an open source antivirus for Windows. ClamWin does not include a real-time scan. Yes, I know I said that this section was for for prevention, but ClamWin is a decent antivirus, and I felt that I should mention it. It'll go more in-depth in the getting rid of malware section.

[edit]
BitDefender

BitDefender 8 Free Edition is an older version of BitDefender (the newest is 9), but it works just fine. As with ClamWin, it does not come with an on-access, real-time scanner. It releases updates every 1-3 hours so that the computers will always be protected from new threats. The Free Edition is always one edition behind the newest one. [1]

BitDefender 9 standard main screen.

BitDefender 9 Standard is not a free antivirus program (no, I am not lying (although occasionally, I do enjoy a fine white lie).) This version does come with an on-access, real-time scanner, meaning while it is up, it will stop a virus from executing. It might be what your looking for, if you want to pay for a strong protection. [2]

[edit]

Anti-Spyware

Here are the Anti-Spyware program that we suggest: SpywareBlaster and Spybot: Search & Destroy

SpywareBlaster's main function is to stop spyware from installing onto your computer. It doesn't scan for spyware already on your computer.

Spybot is freeware and is updated regularly. It scans for a whole range of spyware and it includes a program called TeaTimer, which monitors the processes running on the machine. It alerts you that a change is being made (if there is a change being made) and if a malicious process is running. It will kill the process if you so choose to, or you can run it if you want. However, it may be annoying if you want to change the settings, and every time you do, a window pops up asking you to confirm it. TeaTimer is optional, and you do not have to install it with Spybot. If you want top notch security, I recommend that you do use TeaTimer.

[edit]

Anti-Data Theft

Programs that you can use to prevent data theft are firewalls and encryption programs. One fail-safe prevention of data theft is kick someone you don't know off your computer. Don't let them get any information. Don't leave important information on your machine also.

[edit]

Firewalls

What do firewalls do? It prevents unwanted and forbidden communication. It is basically a barrier for your computer.

[edit]
Apple

Apple has a built in firewall in it's OS X - Tiger. You can turn on the firewall by going to System Preferences, Sharing (under Internet and Network), and then go to the firewall tab. It will probably say that the firewall is off. You can turn it on by clicking the 'Start' button. If you want to allow anything specific you can check the box on the drop down list.

The 'Sharing' folder

The Firewall screen

[edit]
Windows XP

On Windows XP, there is a firewall included in Service Pack 2 (which you should have, by the way). It is turned on by default. It comes with the Windows Security center, which includes automatic updates, and virus protection. It checks to see if a an unknown connection is being made, and alerts the user of when there is a connection.

Screenshot of Windows XP Security Center

Screenshot of Windows Firewall settings 1

Screenshot of Windows Firewall settings 2

[edit]

TrueCrypt 4.2

TrueCrypt is an open source program, which allows you to create a virtual encrypted disc, and allows you to mount it as a real disc.

TrueCrypt provides two levels of plausible deniability, in case an adversary forces you to reveal the password: a hidden volume (steganography- more information may be found here); no TrueCrypt volume can be identified (volumes cannot be distinguished from random data). -Download.com: TrueCrypt
[edit]

Others

Probably the most important program that doesn't fall under any of the previous categories is something called Deep Freeze. Deep Freeze is a really heavy duty program. What it does is it basically locks everything on your computer, and the minute you restart, anything and everything that was put on the machine previously is erased. Essentially it's impossible to install anything or download anything.


Important! Deep Freeze is not meant to be used on machines that are only used by one or two people. It is designed for machines in school labs or public locations where it is impossible to keep track of who is using the machines and there are dozens of people using them at any given moment.

While it is easily the most secure thing you can do to your machine (besides not ever taking it out of the box. But that kind of ruins the point, doesn't it?) it is not a program to the thrown around lightly. Only use it if

  • The machine(s) are going to be accessed by more people than you can keep tabs on
  • The machine(s) are in a easily accessible location