New Computer? Steps to Protect Your Computer Before Connecting to the Internet
Getting a new computer should be an exciting and gratifying experience. After all, you’ll be able to do things faster, safer and without having to worry that your old hard drive is so full that one more file will “break the camel’s back.”
However, there are dangers out there that probably didn’t exist when you bought your last computer. And there’s the question of what will happen to your old hard drive, with all your personal data on it.
Let’s deal with your new computer first. This information applies specifically to Windows XP, although it has broader application as well.
Remember:
- Many computers' default configurations are insecure.
- New security vulnerabilities may have been discovered between the time the computer was built and configured by the manufacturer and you setting up the computer for the first time.
- When upgrading software from commercially packaged media (e.g., CD-ROM, DVD-ROM), new vulnerabilities may have been discovered since the disc was manufactured.
- Attackers know the common broadband and dial-up IP address ranges, and scan them regularly.
- Numerous worms are already circulating on the Internet continuously scanning for new computers to exploit.
- It is estimated that 80% of spam comes from personal computers (known as “Zombies”), like yours, that have been compromised with a trojan or other malware that the owner is completely unaware of. By protecting your computer you are protecting the Internet!
As a result of these hackers’ efforts, the average time-to-exploitation for an unprotected computer is measured in minutes.
Standard (wrong) advice to home users has been to download and install software patches as soon as possible after connecting a new computer to the Internet. However, since the background intruder scanning activity is pervasive, it may not be possible for you to complete the download and installation of software patches before the vulnerabilities they are trying to fix are exploited.
This Special Report offers advice on how to protect your computer before connecting it to the Internet so that you can complete the patching process without incident.
We strongly recommend following all the steps when upgrading to a new operating system from disc(s) as well as when connecting a new computer to the Internet for the first time.- Perform these steps before connecting to the Internet for the first time.
- The links in this document are LIVE LINKS, but we recommend that you NOT connect to them through your new computer. Use the live links on a computer that is fully updated, virus protected and firewalled, and download the instructions/programs to a CD or a USB drive, then transfer them to your new computer. A 128 megabyte USB drive costs less than $20, is “plug and play,” and can be used over and over.
- If possible, connect the new computer behind a network (hardware-based) firewall or firewall router. A network firewall or firewall router is a hardware device that is installed between the computers on their Local Area Network (LAN) and their broadband device (cable/DSL modem). By blocking inbound access to the computers on the LAN from the Internet a hardware-based firewall can often provide sufficient protection for you to complete the downloading and installation of necessary software patches. A hardware-based firewall provides a high degree of protection for new computers being brought online. If you connect to the Internet before you install a firewall, it may be possible for the computer to be exploited before the download and installation of such software is complete. XP has a built in firewall that may or may not be enabled. If Microsoft XP has not had Service Pack 2 installed, follow these instructions to turn on the Internet Connection Firewall. If XP is installed WITH Service Pack 2, then your firewall is enabled by default. Microsoft has provided both detailed and summarized instructions for enabling the built-in Internet Connection Firewall on Windows XP. We strongly recommend that you install a third-party firewall application and THEN turn off the Windows firewall. We recommend ZoneAlarm (www.ZoneLabs.com), which is FREE. Zone Alarm is the top rated firewall, and protects both incoming and outgoing data. XP’s firewall ONLY protects against incoming data. Zone Alarm’s setup file is approximately 7 megabytes, which will easily fit on a CD or USB drive.
- Disable File and Printsharing if enabled.
- Go to Start -> Control Panel.
- Open "Network and Internet Connections".
- Open "Network Connections".
- Right-click on the network connection you wish to change (e.g., "Local Area Connection").
- Select "Properties".
- Make sure "File and Printer Sharing for Microsoft Networking" is unchecked.
- Connect to the Internet.
- Go to windowsupdate.microsoft.com.
Follow the instructions there to install all Critical Updates. However, if you are going to install Service Pack 2, READ THIS FIRST! Pay particular attention to “Get the latest PC manufacturer updates for SP2, because you may need to update drivers for your PC to work properly.
Only download software patches from known, trusted sites (i.e., the software vendors' own sites), in order to minimize the possibility of an intruder gaining access through the use of Trojan horse software.
Staying Secure
Follow the principle of least privilege — don't enable it if you don't need it.
Consider using an account with only 'user' privileges instead of an 'administrator' or 'root' level account for everyday tasks. You only need to use administrator level access when installing new software, changing system configurations, and the like. Many vulnerability exploits (e.g., viruses, Trojan horses) are executed with the privileges of the user that runs them — making it far more risky to be logged in as an administrator all the time.
Moving Your Applications and Data
Unless you’ve never had a computer before, you’ll want to move your old data onto your new machine. There are several ways to do this quickly and easily (although there are often a few glitches). The best article on the subject is [http://www.pcworld.com/howto/article/0],aid,115632,00.asp.
Protecting Your OLD Data
So, what do you do with your OLD computer? Perhaps someone else can use it, maybe a school or a retirement center?
One of the biggest mistakes people make is thinking that deleting files using Windows Explorer actually deletes the files! It DOESN’T!
When you delete files in Windows, all it does is delete the pointers that show where the files are. Any competent computer whiz can easily find a program on the Internet that will rebuild the file pointers, and then they have access to all your files- your emails, your business information and your financial information.
You can go to any flea market in the country, and chances are you can purchase a used hard drive with the old owner’s data still on it! Many professional identity thieves are doing just that!!!!
What CAN you do?
Personally, I remove the hard drive from the computer, and I keep it (not in a place that it would be found if a burglar came into my house).
Another alternative is to use a free disk wiping utility or purchase one.
To effectively remove data from a hard drive, it must be overwritten completely several times. All of the temporary files, all of the caches, all of the “swap files” that are created as you work may be lurking in some unknown corner of the hard drive.
Contrary to popular belief, even reformatting the drive does not necessarily make file recovery impossible!
Consider this – A recent search of hard drives that had been discarded revealed:
- A disk that had been owned by an Attorney, with all his case files and confidential information on it.
- A disk that had been owned by a CPA, with all her clients’ tax information on it.
- A disk that had been owned by a Medical Clinic on it, with hundreds of patients’ medical records still on it.
There are free programs that will do an adequate job of wiping a hard drive clean – although the data may still be recoverable by professionals with very expensive programs, and there are inexpensive programs that will make the data completely unrecoverable.
We recommend DBAN (dban.sourceforge.net/)which does 5220.22-M-compliant wiping. 5220.22-M-compliant wiping is the Department of Defense secure delete wiping standard.
Be aware, however, properly wiping a hard drive, particularly some of the large ones can take hours, but it is worth it to protect your privacy.
© Steve Freedman, Archer Strategic Alliances, 2005 All Rights Reserved
0 komentar:
Posting Komentar