In the United States, you need a license to drive. To get that license, you must participate in a lengthy training course, take a written test, and spend time behind the wheel with a "learner's permit." You also need a license to catch a fish, operate a fork lift, and marry somebody you may or may not know. But anybody can have access to the Internet; young and old, rich and poor, educated and unintelligent, rational and reactive.

I've recently been moved to read the "National Strategy to Secure Cyberspace," a draft of a strategy proposal by the President's Critical Infrastructure Protection Board (PCIPB). This panel, as part of the developing Department of Homeland Security, decided to take a good, long look at the Internet as it is today and decide how to deal with the increasing threats of cyberwarfare and electronic terrorism. This proposal is in the draft/request for comment stage, meaning they actually want people to read it and send along any constructive feedback. The problem, however, is that I have this uncanny ability to gain high Google ranking whenever I post new content to my website. So I feel my comments would be better suited here rather than prepared/sent to the PCIPB.

I'll get right to it - the federal government can't secure every computer in the United States; they accept this, and they admit this in the Strategy document. They have offered, however, to guarentee that all due effort is placed in securing government, public, and higher education computers and networks. They will also provide guidance to small and large-scale businesses regarding their systems and policies. That's good, but it is still not a significant majority of all systems in the country - what the Strategy proposal calls "level 1," or home users. Therefore, they have proposed that education is the key - education sponsored by the federal government, and provided by colleges, schools, communities, and Internet Service Providers. Ah, but there's the problem - if I told the average computer user to "update their virus definitions and buy a LinkSys router to act as a firewall for their broadband" they would probably slap me. In other words, jargon is rampant; the average home user has no clue what to do (or what not to do), and could care less about what any of that means.

I agree, though. Education is incredibly important. You can install all the firewalls you want, but unbelieveably, people will open and run email attachments with little or no hesitation, and even less understanding of who sent the email and what is about to be executed¹. So what's the solution? Heck if I know, and sure as heck if PCIPB knows. You can't teach an old dog new tricks, but the tricks won't stop coming. And the tricks are getting dirtier and stealthier. There are a few suggestions, though, on ways to start chipping away at this issue. Including government systems updates and consumer education, the Strategy proposes that software developers start putting more effort into their code. Software development is rushed for market deployment reasons, and something has got to give in that situation - it's usually testing. That trend must be reversed. Consumers can wait for stable software. If you don't believe me, ask Apple, then go ask Microsoft.

As far as education goes, don't wait for somebody to force you into it. The earlier you start, the better off you will be. So, just for the thrill of it, here is Scott A'Hearn's Quick & Dirty Smart Computing Guide.

• http://windowsupdate.microsoft.com/
  • Learn it. Live it. Love it. Go to the site - depending on your operating system, you'll see a link for either "Product Updates" or "Scan for Updates."
  • This website will tell Microsoft about your operating system (and NOTHING else - i.e. no personal information). Based on that, Microsoft will tell you what you need to download to "patch up" your system. When selected, the patches will download and install automatically.
• Antivirus software and updates
  • It's one thing to have antivirus software on your computer. It's another thing to keep that software up-to-date. Most software vendors make "virus definitions" available for free on the web; that way, you can download the latest information on viruses without having to upgrade the entire antivirus program.
  • In most cases, it is not enough to simply "have" antivirus software. Yes, some packages have auto-protection features, but you still MUST run a full system scan routinely, depending on your level of net activity.
• Use good passwords for email, websites, etc.
  • Don't use dictionary words like "dog" or "password".
  • Don't use your name or your birthday.
  • Think random.
• Be smart with email
  • That email with the subject line "URGENT CONFIDENTIAL ASSISTANCE" is a scam. Please don't send that guy any bank account information.
  • Don't open ANY attachments unless you know the sender AND what is being sent. NEVER open or run any file that ends in ".exe", ".bat", or ".vbs" unless you know EXACTLY what you're doing.
• Broadband ("always-on") considerations (e.g. DSL, cable, T1, etc.)
  • Thankfully, many Internet Service Providers (ISPs) are beginning to monitor or restrict the most commonly used exploits for remote intrusion, but hundreds more openings exist². Enter the LinkSys router, a firewall solution tailored for the home user in mind. It works perfectly out-of-the-box without a confusing configuration, but still has advanced capabilities for those of us who like to "tinker." Check out my LinkSys review here.
• Give thought to who is getting your personal information
  • Many free software downloads around the web ask for personal information such as your name and mailing address - there is NO REASON a free software distributor would need this information for anything but demographic and spam purposes. They don't need it, so you shouldn't give it. Obviously, by all means registered/paid software is entitled to personal information for billing purposes.

Think of the Internet like a high-rise hotel. Except out of 400 rooms, only 10 are locked. When you walk into one of the 390 unlocked rooms, there's a good chance somebody's driver's license and bank statement are sitting on the table. There are kids running around everywhere. You walk into another room, and a guy immediately runs up to you yelling about the lowest mortgage rate you've ever seen, and all he needs is your name and social security number. You give it to him, then walk to another room featuring what you understand to be a keg party. Instead, the room is filled with smallpox.

Now you understand why the Department of Homeland Security is trying to secure cyberspace³.

I highly recommend giving the Strategy a read. Take a few minutes, and think about your own computer and your own computing knowledge. Please email me if you have any questions or additional issues you'd like to see addressed. I'll post anything worthwhile here.

^[1] Aside from the bothersome "delete everything on your harddrive" viruses, many nasty email attachments simply contain priviledged-access programs to take control of your machine. You ran the attachment, and to you nothing happened. Next time you access the net, though, information you send around (email passwords, credit card numbers, etc.) is sent back to the author of the malicious attachment. Completely transparent to you. Until you get your next credit card statement, I suppose. See the second footnote for more fun!

^[2] "But Scott, what's it to me? Why should I, a dinky home user, care?" I've heard this question too many times to count, and there are dozens of good answers. First of all, intent - every person on the web has juicy information on their computer: names, numbers, email addresses, etc. And it's all usually unencrypted. This is all information hackers love for identity theft, credit theft, and any number of other cybercrimes. Second, an online computer equals "resource." When (not if) a hacker gains control of your computer, they will use your system as part of a massive network of machines targeted at a network of their choosing. And you would never even know.

^[3] Still not convinced? Below is a chunk of data YOUR computer just sent to ME. It's so easy, I don't even have to think!

• home
• features
• links
• contact us