Forty-nine mouse clicks and 81 minutes. That’s how long it takes to properly set up and secure that new PC you got for Christmas, according to security vendor Symantec. Why should the recipient of a brand new, shiny, fast PC care? Because the “bad guys” find new PC users on the Internet in 20 minutes or less, Symantec research indicates.
What’s more, the number of bot networks increased more than six-fold in January 2005 compared to December 2004. Bots are programs covertly installed on a computer that allow an unauthorized user to control it remotely. Symantec attributes the bot spike to the number of new PCs appearing online in the new year.
“Internet crime indicators were up for 2005 and, increasingly, the payload of these attacks is a worm or virus that goes after confidential information,” Vincent Weafer, senior director of Symantec Security Response, told TechNewsWorld. “Increasingly, profit is the the motivation behind these attacks.”
The Missing Link
Despite ubiquitous warnings in the media, McAfee research shows that only 50 percent of home PCs are properly secured.
Failing to properly secure a new PC can lead to poor performance in the future, potential issues with identity theft, and to children being exposed to inappropriate content on the Web.
“All of these problems can be easily prevented,” said Marc Solomon, director of Product Management, McAfee Consumer Strategy and Marketing Group. “Building a solid security foundation is the key to protecting a brand new computer for years to come. It is much easier to secure a new computer when you bring it home than to try to clean up an old one that’s been infected with viruses and worms.”
Checking the List
Where do you begin? How do you ensure your new holiday PC is safe and sound? Understanding what occurs — and what does not — in the automatic setup is a good place to start.
Symantec purchased five different PCs from various channels — including directly from the manufacturer, as well as from a national electronics retail store, a national discount retailer, a national retail warehouse and a local made-to-order PC shop. On each machine, the company’s security experts attempted to mirror the user’s set-up experience.
Symantec examined the following criteria:
- How many “clicks” does it take to configure a new PC?
- How many times is the user prompted to make a decision that can impact security settings and/or given the option to abort the setup?
- Did all the Windows security patches get loaded at setup?
- What didn’t get installed?
- How long does this process take?
- Is the PC secure after the set-up process?
Symantec found 30 Windows patches are not installed during setup, some of which Microsoft rates as high priority or critical. The exercise indicates that it requires more than following the automated prompts to set up a secure PC.
“PCs are more secure today, but you, as the user, need to take an active part to make sure you are deploying the security patches up front and configuring your machine correctly,” Weafer said, “because there are increased attacks during the post-holiday season.”
While there are a number of steps that a new computer owner can take, the most important issues to keep in mind are application of security patches, installation of a trusted client security product, and how the PC will be connected to the Internet, Ed Moyle, a manager with CTG’s Information Security Practice, told TechNewsWorld.
“First of all, in most mainstream operating systems, ‘auto-update’ functionality is provided that makes it simple to download and install any security patches to the PC; many out of the box distributions do not come with the full set of security patches enabled,” Moyle said. “So it is a good idea for the new computer owner to find and use this auto-update capability as one of their first few activities on their new PC.”
Using the auto-update feature early on also helps to get computer users familiar with the patch-application process, which is to PCs as oil changes are to automobiles, Moyle said.
Install Anti-Virus Software
Over and above the application of patches, installation and maintenance of a trusted client security application — such as Norton, McAfee, or CA — helps to keep the PC protected from worms and viruses that may be circulating on the Internet, according to Moyle.
“A large number of those programs also come with built-in personal firewall capability, as well as anti-spyware protection,” he said. “As such, they can go a long way to helping the computer owner keep their PC worry-free.”
Lastly, a new computer owner should think carefully about how to connect to the Internet, Moyle said. Always-on broadband connections, like cable or DSL, are particularly attractive targets to hackers.
“If a computer owner employs an always-on connection of this type, it is a good idea to ensure that they use some type of filtering mechanism — such as a personal firewall, which is included in many client security applications, or a broadband router,” Moyle said. “Plugging an unprotected PC directly into a cable modem without some type of firewall can be a dangerous proposition.”
It’s best to leave a computer on all the time, Steven E. Brier, principal of Brier IT Services, told TechNewsWorld.
“Most of the security updates I see are delivered in the middle of the night and are installed automatically,” he noted. “I’d rather my clients spend a couple extra bucks a year on electricity instead of missing a security update.”
Safeguarding From Spyware
Spyware was a growing problem in 2005, and it is not likely to go away in 2006. Spyware is malicious software installed on a PC without the user’s knowledge or consent. Typically, it performs some type of undesirable activity on the system, including gathering personal information.
PC users can be exposed to spyware through a software virus, by installing a new program, or even by visiting a Web site, Chris Thatcher, national practice director of Enterprise Security for Dimension Data North America, told TechNewsWorld.
“Users who have been infected with spyware are often plagued by pop-ups and may experience significant slow downs in system performance,” Thatcher said. “They also run a risk of having personal or private information stolen.”
To help individuals and companies decrease the risk of spyware, Dimension Data recommends the following steps:
- Recognize popular spyware tactics. Do not download suspect software or launch unfamiliar attachments. Adopt the mantra, “Be careful what you click on.”
- Understand and communicate the risk to everyone in your home. If you are a parent, educate your kids about avoiding spyware as part of Internet safety.
- Set your browser to a medium-level security setting.
- Deploy security software on all PCs. Install software to prevent viruses and spyware. Personal firewalls can further thwart outsiders from accessing your private data and prevent applications from sending data out.
- Automate as much as possible. Use Windows Update, a consumer site that provides critical updates, security fixes and software downloads to keep Windows patched and current. Use the auto-update features of your anti-virus or anti-spyware software. Set up automated scans to occur on a weekly basis and scan incoming e-mails as they arrive.
- Use the right tools to protect yourself. Download and install tools like Ad-Aware, Spybot, SpywareBlaster and Spy Sweeper, in addition to anti-virus software.
“It may take a little more time to take these extra precautions,” Symantec’s Weafer said. “It may even take two hours if you have a slow connection. But it is worth the extra time to make sure your computer is properly and securely set up.”