Annalivia Ford

I suppose it is no surprise that there have been a series of posts in the last couple days about end user security issues - a bunch of geeks have gone home to their families (Terry Zink) for the holidays and are dealing with the usual situation that arises during such visits. You know the one - family member complaining about Windows computer problems, and as the resident geek it falls to you to fix it. This comes up in my own life regularly, even though I am not a security specialist and I haven't been in tech support in years - when I go to visit my grandmother, I mentally reserve an afternoon to clean up her predictably screwed up computer. She's 93, so I don't really expect her to grok security, and I don't begrudge her my time.

This all gets me to thinking about the relationship between spam, users, and the seemingly insoluble problem created by that relationship. There's nothing that makes the issue stand out more than going to visit family: my mother is pretty computer savvy, despite being a "senior citizen" - she figured out her Linux EEE without any help, and she understands the basic concepts of how the Internet works (and doesn't work). She knows not to open emails from people she doesn't know, and forwards me emails that she thinks are dubious (and they always are). Despite her unusual level of knowledge, she still gets malware. So what does that mean for the rest of the general population who doesn't Get It nearly as well as she does, who are less cynical and more trusting than she is, and who don't have someone like me around?

The mind boggles.

Between broken OS software, bad password management, crippled operational budgets at ISPs, end user ignorance and laziness (security only works if you use it!), and the bad guys getting more organized and clever by the moment, it seems like an problem without a solution. The Internet and most of the protocols used on it were never designed to handle this sort of thing on this kind of scale. Maybe the only actual solution is frag it to slag and start over from the ground up, but given the state of the world that seems an unlikely outcome. So is all we can do is continue to continue to fight a rearguard action? I don't have the answers.

I do have a couple of suggestions for mitigation, aside from "don't use Windows".

My solution to the password management problem was to download a password vault that looked user-friendly, installed it on both the laptop and a USB drive and started loading websites, changing passwords and storing them in the vault. It took all day, but now I have strong passwords on pretty much everything that matters, an encrypted vault with a backup on a removable drive, and a printed-then-deleted Notepad file locked in my filing cabinet. I update it regularly. It's a solution I can live with.

There's a useful site that will scan any file you upload with 38 different anti-virus and anti-malware programs including most of the major players Panda, Kaspersky, Trend Micro, Sophos, McAfee, Prevx, Symantec, Microsoft, etc.

Disabling AutoRun is very important. The Windows autorun feature enables CDs to play automatically when inserted in the drive. Removable and thumb drives use the same autorun feature to load files when the drives are plugged into the USB port. Malware relies on this autorun feature to spread from thumb drive to PC. There have been documented instances of removable drives being infected with malware before being shipped from the manufacturer. Don't trust a drive just because it is new. Scan it.

Please note: if you do disable AutoRun by messing with the registry make a backup of your registry first. Creating a restore point prior to any making any changes would probably also be smart, even though Windows routinely creates them, having an up-to-the-minute one would be better. Precision matters.

I think this post has gotten long enough, though I'm not finished. Stay tuned...