John over at Church IT has put up a short post about “Monitoring Your Church Staff’s Internet Usage“.

Those of you who read this blog regularly will know that I’m a wee bit passionate about protecting your own equipment and in helping guide your children down the path of healthy surfing and computer use. So you won’t be surprised to know that I’ve added a comment or two.

Today, the following comment was added:

I just don’t know about actively monitoring staff or employee computers. It seems like spying. I’ve always found that having everyone sign a computer and internet agreement policy and then locking down everything that wasn’t email or internet browsing through the router was plenty. There’s no reason to spend any amount of money or time installing monitoring software. It makes people feel like you don’t trust them and they don’t really work anyway. If you just have to see what your staff has been doing on the web most routers keep a log of every site visited and with what computer and at what time.

Well I was going to type up my reply on John’s blog but it started getting a little long, so instead I’m answering it here. (more…)

Let me ask you a few questions:

• Do you protect your data at home with passwords, encryption, etc?
• Do you use different passwords for different sites?
• Are you seen as the computer expert in your household?

Yes?

Then let me ask you one more question:

• How would your loved ones get to the important and necessary data if you suddenly die?

I know. That sounds brutal. But allow me to explain. (more…)

A few years back in another guise I wrote a piece about securing ones Wi-Fi network.

I’ve decided to re-visit that article and see how much of it is still relevant. The original had 22 points and some I still don’t agree with. Age and time have not mellowed my beliefs and in one I used to stand pretty much alone.

• (more…)

There is a lot of good information out there on how to secure your PC’s and I don’t intend to repeat any of these. What I do want to do is document what I tell my friends and family in one place so that I can easily point them at it – rather than me waffling on each time. I also want to add in a “how to” remain safe when using your PC.

The order in which these steps are approached greatly depends on individual circumstances – is the machine brand new, has it already been used on the web … and so on. Anyway, without further ado:

• ensure all OS updates / patches have been applied
• install a software based firewall
• install a reputable AV application
• use malware scanners, etc on a regular basis

And that is the sum total of it.

Well, no, it isn’t but that is the basics. Of course questions will arise such as what firewall, what AV, what do I do with the alerts, etc., and it is these I will attempt to answer now.

1. Update your PC. Ensure your PC is running the latest service pack and has got all the latest patches. This one is a simple matter of going to the Windows Update site and following the prompts.
2. Install a firewall. There is a lot of debate as to whether you need this with some thought being that ‘if you’re behind a router and have up to date AV then no you don’t’ – however I strongly disagree. We all fall prey to installing software or clicking on something that perhaps we shouldn’t and this is where a software firewall comes into it’s own. Software firewalls primarily work by alerting the user to outbound connections and it is these we need to be most wary of – as once we allow an outbound connection the reverse is also true.My current choice of free firewall for home use is Tall Emu’s Online Armor <sic, but equally as good is Comodo’s. There are marginally better paid versions (including Tall Emu) but I’d suggest keeping an eye on Matousec’s site for the latest news.
3. Install anti-virus. This is an absolute must. These days, most AV software will also do basic malware scanning so please don’t fall into the trap of buying a suite (av/firewall/malware/etc all in one). The decent free versions out there are from Avast and AVG but for what it’s worth I use Nod32 for £30 a year.And whilst here, you must make sure you keep you AV signature base up to date.
4. The rest.

My other advice is:

- do all your surfing in a sandbox / virtual session – this will keep your surfing sessions separate from your day to day PC activities and you can more or less click on anything without affecting your PC. Once done, close the sandbox session and all you’ve just done disappears. This includes installing apps that you want to try. For this I recommend (and use) Sandboxie – which is also free.

- don’t click on anything you don’t recognise. This includes the latest attachment from your mates unless you are expecting it. If in doubt, question it.

- use online AV scans periodically to supplement your installed one. A second opinion is always worth it. Here’s Trend, Bitdefender and Panda Security versions.

- use anti-malware scanners from time to time, such as A-Squared or Window Security variants.

- don’t use IE it is a security nightmare. If you insist you like it better, or websites only work with it then install and use Firefox along with IE Tab.

- use some form of web filter to semi-automate you being shielded away from the bad sites. For a free one that works well but is currently a one size fits all approach, then try Bluecoats K9.

- don’t use Outlook or any of its variants. Or if you insist on doing so, then get a Google mail account and then collect your now mostly filtered mail from there. Locally also run spamfighter to grab anything that google misses – between the two you’ll have a mostly spam free inbox.

That, in a nutshell is it. Yes I could go on and on, but then a line needs to be drawn somewhere. What I will add is that if you suspect your PC of being infected already then a slightly different approach needs to be taken.

Jim’s post about over at Church Tech Matters about the bogus security software Antivirus XP 2008 has set me to thinking – again.

I remain amazed that some people consider it still ok to surf the web without adequate protection. Let me clarify that – here I mean machines with Windows installed – before the *nix and Mac crowd start hollering. I can understand that some people don’t have access to cheap, free and useful advice but when that same set of people are my family and friends then I shake my head in anguish.

These same folks (bar one) all ask for my assistance in their purchases and as part of my patter I always tell them not to be swayed into buying the AV / Firewall / Whatever App that the store wants to push and we will do better with freebies. So, they get their shiny new box set it up and then I come along and do my magic for them. Whilst there I spend a fair bit of time on ’safe surfing’, what to look out for, what to beware of,  what not to do and so on.

Only the other day my best buddy confessed that his PC was messed up and he was fed up with it so was going to buy a laptop all for himself. He mostly blames the messed up PC on his children (teens) and the junk they download. After he’d finished his rant my first question was what AV was he using and after getting a puzzled shake of the head followed it up with well what firewall then. So then ensued the lecture … but I don’t feel convinced that he’s going to listen and what’s more he’s now gone wireless and I’ll lay good odds that it isn’t secured either!

So, and getting back to my point, all this has got me to thinking about my advice. Rather than repeating it ad nauseam, why don’t I document it and then just update it as prevailing thoughts or technology change? To that end I’m going to work on a, I hope, fairly simple and straight forward document and publish it here. I may even give it its own page or similar. If any of you have anything to add or suggest changes then please do email me.

Oh, and once done I’ll put a link to it from this post.