Layered Security

One crucial concept for exploring the Internet safely is "Layered Security". The idea is that you have many layers of security. It is only the simultaneous failure of many systems that results in a severe problem. When driving safely, you will exercise care in your driving; you will not only be careful, but you will not drive while intoxicated, or when too tired to pay attention. You will have an attitude of vigilance while driving. You will also choose a car with some safety features. You will keep the car well maintained and not drive when the brakes aren't working properly. You will have insurance if you do get into an accident. Thus, many different layers need to break down before you suffer from a catastrophe.

I'll enumerate four layers of security which everyone should use. The first three will prevent you from ever being attacked. Even if you go into a war zone, you will usually be invisible and invulnerable to nearly all attackers. The fourth layer deals with the wild "what if" scenario where all three other layers fail.

Layer 1: An Attitude of alert vigilance

The first layer is: Proper User Attitude. Almost all my clients' security and virus problems come from 2% of my clients. Yes, 98% of the problems come from 2% of my clients. If these 2% acted like the other 98% then they wouldn't get into trouble. You need to act as if you were a responsible adult!

Why is it that so many people fail to act as reasonable and prudent adults when online? I think the problem is the fundamental model that people use when thinking about their computers. They think of the computer like a TV set. Both devices contain a screen powered by electricity that connects them to lots of stuff. Both are operated while stationary in a seated position. However the TV is safe (other than potential addiction and brain rot). The computer, on the other hand, can be used as a weapon against you, your identity and others. The proper model is the automobile. It is dangerous. It must be operated vigilantly. You need to be aware that at any moment a child may dart out in front of you, or someone will make a mistake. Over 40,000 Americans die in car accidents every year. This doesn't mean you can't have fun driving, just that you need alert vigilance. Microsoft claims that it removed 72 million malware infections in the second half of 2007 alone. Since it found and didn't remove 58 million, and other antivirus and spyware products removed many, and Microsoft missed many, we can assume at least a few hundred million malware infections per year. This doesn't mean you can't enjoy the Internet, just that you need alert vigilance.

You cannot simply turn left from any lane any time, or drive at any speed, or speed through an intersection regardless of the light color and without looking. You must know the rules of the road and how to handle your car. You should keep your car in proper repair. You use seat belts. You take the car somewhere where they check brake fluid and tire pressure. You change the oil. You passed a driver's test. You must think of your computer like a car. It is capable of giving you pleasure, of being useful, but also of getting you into trouble.

Use care browsing: The most important thing is YOUR ATTITUDE. You will need to put some energy into maintaining your computer and learning about the dangers. You need to think before you leap. You need some skepticism. If a popup ad appears trying to sell you a program to stop popup ads, then assume they are crooks.
Avoid dangerous sites - No screen savers, Free porn or sweet deals to good too be true.
Visit no site engaged in illegal activity like music, video or software piracy
No special Toolbars or games you aren't sure are safe.
Don't follow suspect links
Use McAfee's SiteAdvisor so you can check search results BEFORE you visit the site. If you find yourself at a site and don't know whether to trust it, then at least check the site details available from McAfee's SiteAdvisor.
No Peer to peer file sharing, music sharing, or video sharing

Most problems occur because people do things they shouldn't. Yes, I am blaming the victim! If you go to sites where they will let you download the latest movies for free or view pornography for free, or gamble for free, there is a better than even chance you are going to a site that will infect your computer. The company you are going to probably has a business model. If they are charging a user fee, then they have a fee based business model. If they don't seem to have lots of advertising or any visible sign of support, then figure that the support is invisible. Assume they get their money by infecting your computer.

According to the FBI, they know of over 1 million computers that are infected and part of Botnets. Notice they are not estimating that there are 1 million computers infected, they are saying they know of 1 million infected computers. If they have found half of them, then there are two million. These infected machines become part of Botnets used to attack competing companies, send out spam, defraud people and steal identities.

Do not ever click on links sent to you from unknown companies as spam. Never respond to spam. If an advertisement pops up in your computer or browser DO NOT CLICK IT.

This site, provided to us by a bunch of government agencies, does a reasonable job of giving mostly decent advice that could increase the awareness of the naive: http://www.onguardonline.gov/ . If you drive without being vigilant and paying attention, then you are likely to get into an accident. The same is true of surfing the Internet.

One of the stupidest security concepts imaginable is from Microsoft; though Microsoft has so many stupid ideas it gives itself tough competition. It is the concept of a "trusted site". If you go into Internet Options in Internet Exposer you'll see you can make sites "trusted". Now, by trusted sites, they mean sites where you can let down your guard. This is like closing your eyes when driving in a nice neighborhood. When you "trust" a site, you are saying that they are not only honest, but they are so technically competent that they could not possibly get infected or compromised. You are attesting to their Internet security competence. Sites that have recently been hacked or corrupted so that visitors viewing the site were infected by merely going there without even downloading or running a program are:

These sites were compromised in April of 2008! Never believe a site could not deliver an infected advertisement or be otherwise compromised.

Layer 2: Close Vulnerabilities

Update Windows
Update Any other MS products
Use Secunia to check other vulnerable software

When you close a vulnerability, you become impervious to th thousands of viruses and malwares written to exploit that security hole. Closing a vulnerability is much more effective than trying to stop the thousands of attacks written to exploit it. However, when Microsoft publishes its security updates, it has to tell people why they are doing it. Black hat hackers then look at the libraries that were fixed, and look at the fix and compare them. Within a few hours, they understand the vulnerability that was repaired. Within a few days, they have written viruses and malware to take advantage of those vulnerabilities. Within a week there are hundreds of new attacks aimed at those who haven't updated. Microsoft patches need to be applied within a few days of their being offered or you will be vulnerable.

Not only is their operating system getting constantly patched, but their office products are also very frequently attacked and require constant security patches. Last year they issued 26 high-severity patches for office products. They are outstripping that total this year by far.

Any program that is exposed to the web is a potential vector of attack. Secunia's online scan will check for known and patched security vulnerabilities in those softwares and alert you of the need to update as well as help you update. They also offer a beta version of their Personal Security Inspector which is even better.

Layer 3: Reduce Your Exposure

Use a Router at least for Internet connections.
Use SpywareBlaster to reduce other exposures
Use a Software Firewall. Windows has one, ZoneAlarm is better. I sometimes only use the built-in Windows Firewall since software firewalls create trouble as well as provide benefits.
Browse with Firefox, not Internet Exposer. Internet Exposer is simply more dangerous than Firefox, mostly because of their Active X technology which competes with their Trusted Site idea in the "Stupidest Idea of the Century" contest.
Block Scripting: Both NoScript and AddBlock Plus Firefox Addons will significantly reduce your exposure. Scripting allows sites you visit to run programs on your computer. Those sites you visit often have advertising that comes from advertising merchants and link to other sites, so it is common for 4 or 5 different companies to be running programs on your computer when you visit a site. When I visit KATU News, KATU and 3 other sites try to run scripts on my computer. The Oregonian has 3 different places trying and ESPN has from 4 to 6 depending. With NoScript, none of those scripts run. I may see the site, or sometimes see nothing at all. Then I look at the list of scripts and decide which I will allow to run. The point is, by default, no scripts run. Without scripting on, none of the virus attacks I mentioned affecting USA Today, Department of Homeland Security, or The United Nations would have hurt me. But you also loose lots of cool functionality. Sometimes when you want to view a video, you'll have to turn on scripting for various sites trying to figure out which ones need to be accepted in order to view the video, or complete a purchase. But, better that, than just letting everyone do whatever they want to you.
Reduce Email Exposure:
Use Thunderbird email. Outlook and Outlook Express both use the Microsoft engine that uses Active X and has all sorts of problems. It is getting better, but is still more dangerous than Thunderbird.
Use the Buttons! add-on for Thunderbird. Buttons! allows you to view all email safely as plain text and then turn on html when you want to at the press of a button.
Use Mailwasher or Gmail or some other Pre-Filter software so you never have to download most of your Spam. I wrote an article about using Thunderbird with Gmail here. Be careful about letting your ISP pre-filter your spam. Some to a fine job, some do a terrible job. Be sure and check the suspected spam carefully because sometimes they think important emails are spam.
No instant messaging

Layer 4: Protect Yourself if Attacked

This is what most people think about when they think about Internet safety. It is the last line of defense. It should seldom if ever come into play if you've done everything else right.

Use a Good Antivirus. This is essential protection. I recommend NOD32. Once a week you should do a complete system scan.
Use some anti-spyware product: Spybot Search and Destroy is good and free. I recommend a monthly scan. Many other experts recommend using two different products. Instead of simply running a monthly scan, many products are meant to run constantly to always be on the lookout for an attack, like an antivirus program. I do not feel it is necessary to run these for constant protection. If you follow the other three layers it will be unnecessary. However, the more you miss regarding the first three layers of protection, and the more dangerous things you do, the more it is prudent to run some anti-spyware program in real time, rather than merely for monthly scans. I recommend Sunbelt Software's Counterspy for that purpose. If you can't control what the computer is doing (if it is in an open area or you have teenagers accessing it), then real-time protection is advisable. Nov 13 2012 - This product was discontinued.
Another layer of "after the problem" protection is Intrusion Detection. WinPatrol is my product of choice here. It protects you by monitoring startup programs and file associations and is an excellent line of defense protection and control.
Good backups. If you haven't got good backups, you are playing Russian Roulette with your computer's information. Even without infection, computers and hard drives die or are stolen. You want multiple copies, some off site, and probably one system for rapidly changing information and another for archival storage.

If you implement most of the prescribed suggestions in the four layers of security you are unlikely to suffer the ill effects of a malware or virus attack.

Date: May 2008

This article is licensed under a Creative Commons Attribution-NoDerivs 3.0 Unported License.

Keeping clients' computers safe and profitable for over 30 years

Home Forms About Current Newsletter subscribe Search All Articles Browse by Category Security Internet Mobile Business Hardware Fun		Layered Security One crucial concept for exploring the Internet safely is "Layered Security". The idea is that you have many layers of security. It is only the simultaneous failure of many systems that results in a severe problem. When driving safely, you will exercise care in your driving; you will not only be careful, but you will not drive while intoxicated, or when too tired to pay attention. You will have an attitude of vigilance while driving. You will also choose a car with some safety features. You will keep the car well maintained and not drive when the brakes aren't working properly. You will have insurance if you do get into an accident. Thus, many different layers need to break down before you suffer from a catastrophe. I'll enumerate four layers of security which everyone should use. The first three will prevent you from ever being attacked. Even if you go into a war zone, you will usually be invisible and invulnerable to nearly all attackers. The fourth layer deals with the wild "what if" scenario where all three other layers fail. Layer 1: An Attitude of alert vigilance The first layer is: Proper User Attitude. Almost all my clients' security and virus problems come from 2% of my clients. Yes, 98% of the problems come from 2% of my clients. If these 2% acted like the other 98% then they wouldn't get into trouble. You need to act as if you were a responsible adult! Why is it that so many people fail to act as reasonable and prudent adults when online? I think the problem is the fundamental model that people use when thinking about their computers. They think of the computer like a TV set. Both devices contain a screen powered by electricity that connects them to lots of stuff. Both are operated while stationary in a seated position. However the TV is safe (other than potential addiction and brain rot). The computer, on the other hand, can be used as a weapon against you, your identity and others. The proper model is the automobile. It is dangerous. It must be operated vigilantly. You need to be aware that at any moment a child may dart out in front of you, or someone will make a mistake. Over 40,000 Americans die in car accidents every year. This doesn't mean you can't have fun driving, just that you need alert vigilance. Microsoft claims that it removed 72 million malware infections in the second half of 2007 alone. Since it found and didn't remove 58 million, and other antivirus and spyware products removed many, and Microsoft missed many, we can assume at least a few hundred million malware infections per year. This doesn't mean you can't enjoy the Internet, just that you need alert vigilance. You cannot simply turn left from any lane any time, or drive at any speed, or speed through an intersection regardless of the light color and without looking. You must know the rules of the road and how to handle your car. You should keep your car in proper repair. You use seat belts. You take the car somewhere where they check brake fluid and tire pressure. You change the oil. You passed a driver's test. You must think of your computer like a car. It is capable of giving you pleasure, of being useful, but also of getting you into trouble. Use care browsing: The most important thing is YOUR ATTITUDE. You will need to put some energy into maintaining your computer and learning about the dangers. You need to think before you leap. You need some skepticism. If a popup ad appears trying to sell you a program to stop popup ads, then assume they are crooks. Avoid dangerous sites - No screen savers, Free porn or sweet deals to good too be true. Visit no site engaged in illegal activity like music, video or software piracy No special Toolbars or games you aren't sure are safe. Don't follow suspect links Use McAfee's SiteAdvisor so you can check search results BEFORE you visit the site. If you find yourself at a site and don't know whether to trust it, then at least check the site details available from McAfee's SiteAdvisor. No Peer to peer file sharing, music sharing, or video sharing Most problems occur because people do things they shouldn't. Yes, I am blaming the victim! If you go to sites where they will let you download the latest movies for free or view pornography for free, or gamble for free, there is a better than even chance you are going to a site that will infect your computer. The company you are going to probably has a business model. If they are charging a user fee, then they have a fee based business model. If they don't seem to have lots of advertising or any visible sign of support, then figure that the support is invisible. Assume they get their money by infecting your computer. According to the FBI, they know of over 1 million computers that are infected and part of Botnets. Notice they are not estimating that there are 1 million computers infected, they are saying they know of 1 million infected computers. If they have found half of them, then there are two million. These infected machines become part of Botnets used to attack competing companies, send out spam, defraud people and steal identities. Do not ever click on links sent to you from unknown companies as spam. Never respond to spam. If an advertisement pops up in your computer or browser DO NOT CLICK IT. This site, provided to us by a bunch of government agencies, does a reasonable job of giving mostly decent advice that could increase the awareness of the naive: http://www.onguardonline.gov/ . If you drive without being vigilant and paying attention, then you are likely to get into an accident. The same is true of surfing the Internet. One of the stupidest security concepts imaginable is from Microsoft; though Microsoft has so many stupid ideas it gives itself tough competition. It is the concept of a "trusted site". If you go into Internet Options in Internet Exposer you'll see you can make sites "trusted". Now, by trusted sites, they mean sites where you can let down your guard. This is like closing your eyes when driving in a nice neighborhood. When you "trust" a site, you are saying that they are not only honest, but they are so technically competent that they could not possibly get infected or compromised. You are attesting to their Internet security competence. Sites that have recently been hacked or corrupted so that visitors viewing the site were infected by merely going there without even downloading or running a program are: The United Nations Events Page USA Today Newspaper The Department of Homeland Security These sites were compromised in April of 2008! Never believe a site could not deliver an infected advertisement or be otherwise compromised. Layer 2: Close Vulnerabilities Update Windows Update Any other MS products Use Secunia to check other vulnerable software When you close a vulnerability, you become impervious to th thousands of viruses and malwares written to exploit that security hole. Closing a vulnerability is much more effective than trying to stop the thousands of attacks written to exploit it. However, when Microsoft publishes its security updates, it has to tell people why they are doing it. Black hat hackers then look at the libraries that were fixed, and look at the fix and compare them. Within a few hours, they understand the vulnerability that was repaired. Within a few days, they have written viruses and malware to take advantage of those vulnerabilities. Within a week there are hundreds of new attacks aimed at those who haven't updated. Microsoft patches need to be applied within a few days of their being offered or you will be vulnerable. Not only is their operating system getting constantly patched, but their office products are also very frequently attacked and require constant security patches. Last year they issued 26 high-severity patches for office products. They are outstripping that total this year by far. Any program that is exposed to the web is a potential vector of attack. Secunia's online scan will check for known and patched security vulnerabilities in those softwares and alert you of the need to update as well as help you update. They also offer a beta version of their Personal Security Inspector which is even better. Layer 3: Reduce Your Exposure Use a Router at least for Internet connections. Use SpywareBlaster to reduce other exposures Use a Software Firewall. Windows has one, ZoneAlarm is better. I sometimes only use the built-in Windows Firewall since software firewalls create trouble as well as provide benefits. Browse with Firefox, not Internet Exposer. Internet Exposer is simply more dangerous than Firefox, mostly because of their Active X technology which competes with their Trusted Site idea in the "Stupidest Idea of the Century" contest. Block Scripting: Both NoScript and AddBlock Plus Firefox Addons will significantly reduce your exposure. Scripting allows sites you visit to run programs on your computer. Those sites you visit often have advertising that comes from advertising merchants and link to other sites, so it is common for 4 or 5 different companies to be running programs on your computer when you visit a site. When I visit KATU News, KATU and 3 other sites try to run scripts on my computer. The Oregonian has 3 different places trying and ESPN has from 4 to 6 depending. With NoScript, none of those scripts run. I may see the site, or sometimes see nothing at all. Then I look at the list of scripts and decide which I will allow to run. The point is, by default, no scripts run. Without scripting on, none of the virus attacks I mentioned affecting USA Today, Department of Homeland Security, or The United Nations would have hurt me. But you also loose lots of cool functionality. Sometimes when you want to view a video, you'll have to turn on scripting for various sites trying to figure out which ones need to be accepted in order to view the video, or complete a purchase. But, better that, than just letting everyone do whatever they want to you. Reduce Email Exposure: Use Thunderbird email. Outlook and Outlook Express both use the Microsoft engine that uses Active X and has all sorts of problems. It is getting better, but is still more dangerous than Thunderbird. Use the Buttons! add-on for Thunderbird. Buttons! allows you to view all email safely as plain text and then turn on html when you want to at the press of a button. Use Mailwasher or Gmail or some other Pre-Filter software so you never have to download most of your Spam. I wrote an article about using Thunderbird with Gmail here. Be careful about letting your ISP pre-filter your spam. Some to a fine job, some do a terrible job. Be sure and check the suspected spam carefully because sometimes they think important emails are spam. No instant messaging Layer 4: Protect Yourself if Attacked This is what most people think about when they think about Internet safety. It is the last line of defense. It should seldom if ever come into play if you've done everything else right. Use a Good Antivirus. This is essential protection. I recommend NOD32. Once a week you should do a complete system scan. Use some anti-spyware product: Spybot Search and Destroy is good and free. I recommend a monthly scan. Many other experts recommend using two different products. Instead of simply running a monthly scan, many products are meant to run constantly to always be on the lookout for an attack, like an antivirus program. I do not feel it is necessary to run these for constant protection. If you follow the other three layers it will be unnecessary. However, the more you miss regarding the first three layers of protection, and the more dangerous things you do, the more it is prudent to run some anti-spyware program in real time, rather than merely for monthly scans. I recommend Sunbelt Software's Counterspy for that purpose. If you can't control what the computer is doing (if it is in an open area or you have teenagers accessing it), then real-time protection is advisable. Nov 13 2012 - This product was discontinued. Another layer of "after the problem" protection is Intrusion Detection. WinPatrol is my product of choice here. It protects you by monitoring startup programs and file associations and is an excellent line of defense protection and control. Good backups. If you haven't got good backups, you are playing Russian Roulette with your computer's information. Even without infection, computers and hard drives die or are stolen. You want multiple copies, some off site, and probably one system for rapidly changing information and another for archival storage. If you implement most of the prescribed suggestions in the four layers of security you are unlikely to suffer the ill effects of a malware or virus attack. Date: May 2008 This article is licensed under a Creative Commons Attribution-NoDerivs 3.0 Unported License.
		I attempt to provide reliable information, but make no warranty as to the accuracy or safety of these articles. I disclaim all legal responsibility for what following these instructions may do. Follow my advice at your own risk