Security program to install?
I get a lot of questions from people who want to know what the best security program to install, and which one is the best. And then they get frustrated when they learn that I can't answer their question. There is only one answer, you can't. Yeah, my credibility as "the security guy" just was lowered to a place near zero, if not six feet under.
Once again I must revert to the long answer which is, there is no program designed to do that alone. It is you, as a human being, that protects your data best. Your computer is just a thingie that contains your data. You probably don't give a rats ass if your computer is hacked, or compromised in other ways. What you really are concerned about is your data. People just don't realize this. So that's the pre-requisite. To move along from there you need to protect your data through this computer's perimeters.
Let's just face it first, you will never get it 100% secure. In order to do that you need to put a weight on it and sink it into a very deep sea. But I will assume you want to do something useful with it, which is why you bought it in the first place. Don't aim for the 100% do the next best thing, make it reasonably safe. If you follow the next few steps you will get it approximately 95% safe, give or take a few points.
1. Install a firewall. It's probably there in your ADSL-bridge/modem already. Enable it. The minimum protection should be: let all the traffic out, let none in (unless initialized from the inside). If you are really clever you might want to open it for http/s or/and ssh. But now you've opened it, see to it that these applications listening to the ports open are patched, and all the mechanisms behind them: ASP/PHP/CGI-whatever and sshd.
2. Patch it, let's say once a month. This means not only the operating system, but all the software you decided to install. Office packs, browsers, little gadgets, office extensions, add-ons, designer programs. and all mechanisms/translators and what-not.
3. Subscribe to vulnerability mailing lists. If nothing else you will be on level with what is happening and thus you may be a little more conscious about your own data and protections of it. Start with Bugtraq and lists that deals with your installed fleet of software.
Three steps, and you can sleep better at night. You can of course turn on paranoia mode but then you're dealing with slightly more technical issues and that's a completely different story, told elsewhere on the web.
Once again I must revert to the long answer which is, there is no program designed to do that alone. It is you, as a human being, that protects your data best. Your computer is just a thingie that contains your data. You probably don't give a rats ass if your computer is hacked, or compromised in other ways. What you really are concerned about is your data. People just don't realize this. So that's the pre-requisite. To move along from there you need to protect your data through this computer's perimeters.
Let's just face it first, you will never get it 100% secure. In order to do that you need to put a weight on it and sink it into a very deep sea. But I will assume you want to do something useful with it, which is why you bought it in the first place. Don't aim for the 100% do the next best thing, make it reasonably safe. If you follow the next few steps you will get it approximately 95% safe, give or take a few points.
1. Install a firewall. It's probably there in your ADSL-bridge/modem already. Enable it. The minimum protection should be: let all the traffic out, let none in (unless initialized from the inside). If you are really clever you might want to open it for http/s or/and ssh. But now you've opened it, see to it that these applications listening to the ports open are patched, and all the mechanisms behind them: ASP/PHP/CGI-whatever and sshd.
2. Patch it, let's say once a month. This means not only the operating system, but all the software you decided to install. Office packs, browsers, little gadgets, office extensions, add-ons, designer programs. and all mechanisms/translators and what-not.
3. Subscribe to vulnerability mailing lists. If nothing else you will be on level with what is happening and thus you may be a little more conscious about your own data and protections of it. Start with Bugtraq and lists that deals with your installed fleet of software.
Three steps, and you can sleep better at night. You can of course turn on paranoia mode but then you're dealing with slightly more technical issues and that's a completely different story, told elsewhere on the web.
Comments
Post a Comment