Last week I wrote about the growing threat of botnets and the future of the Internet [Zombie Computer Threat Increasing]. I concluded, “By bringing this growing threat to the attention of more users, a groundswell of concern can be generated to force a more concerted effort by service providers to combat it.” The New York Times editorial staff has picked up the banner and joined the fight. In a recent editorial, it encouraged all computer owners to become soldiers in the battle of the bots. The editorial is short enough to produce in its entirety [“Wake Up Your Computer,” 12 January 2007]:
With great computing power comes great responsibility. Unsecured computers hurt their owners by exposing them to identity theft and stolen passwords. But they can also be conscripted as foot soldiers in a destructive online army: At best, it inconveniences all users by spewing noisome spam. At worst, it generates large-scale attacks on the Web sites of companies and even governments that can shut down networks at enormous cost.
These botnet programs represent a growing scourge, especially since so many Internet users won’t take the fairly simple steps needed to combat them. Users need to update their computers regularly, bite the bullet and upgrade when out-of-date software is no longer supported by its maker, use the firewalls that come with their computers, and install antivirus programs. Most states require car owners to buy liability insurance. Asking users to make a minimal effort to keep their computers from damaging others is not beyond the pale.
Affected computers are commonly referred to as zombies because they go through active motions unaware that they are even doing anything. First a virus or worm program compromises the computer. Then the criminal behind the attack can control it remotely. As John Markoff reported recently in The Times, a consensus estimate among experts is that 11 percent of the more than 650 million computers connected to the Internet are infected.
In the early days of the Internet, there was an optimistic vision of a virtual global village through which everyone around the world would be connected, leading to greater understanding and even peace. In this day of jihadi Web sites, that sounds about as realistic as the world adopting Esperanto as its official language.
There was a crucial difference between early adopters and the bulk of the Internet users of today. At the dawn of networked computing, the hobbyists and professionals online expected to have to learn and do a little work. As the Internet became the mainstream, the dedication of technology companies to creating easy plug-and-play products has made the Internet seem as though it requires less understanding and care among users than it does. Every user has a personal responsibility for our collective security, no matter how much of a hassle updates, firewalls and security patches may be.
Tom Barnett’s web master, Sean Meade, wrote a very helpful piece on how you can take “personal responsibility for our collective security.” I include it here in full:
Steve and Bradd have a post today, Zombie Computer Threat Increasing , about bot nets and zombie computers that made me want to double-check my computers and their security. This post links to an NYT article, Attack of the Zombie Computers Is Growing Threat that was interesting to me, but probably not to you. The NYT article links to some tips for protecting your computer, Tips for Protecting the Home Computer, but they’re pretty generic and bland, which is really why I decided to write this post.
In case you don’t know me, let me tell you where I’m coming from: I’m not paranoid about the Internet AT ALL. I buy things from Amazon and eBay. I trust secure sites to protect my information. I like PayPal. So if you’re looking for failsafe protection, you’ll have to look elsewhere (though I’ll tell you where).
(I’m also not going to talk a lot about what to do if you’re ALREADY infected with bots. If that’s the case, try Wikipedia’s entry on Zombie computers , and click on their link to A detailed account of what a zombie machine looks like and what it takes to “fix”it ).
Now, to get on with it.
I am both lazy and a big fan of Support Alert, so I’m just going to lean on Gizmo’s recommendations for this little tutorial. Gizmo is paranoid, and his computers are far more secure than mine. Just reading through his 46 Best-ever Freeware Utilities will point you to the kinds of measures he takes. If you’re that into it, you should also subscribe to his newsletter to make sure you’re getting the latest information.
Let me encourage you: this is not that hard and not expensive. My coverage is free and relatively easy. You should be able to pull this off if you can download software and install it.
Another great thing about Gizmo’s guides: he points to the pay options, too, if you really want to go whole hog.
Okay, here’s what you need, in my opinion:
1. Anti-Virus : I use AVG and like it quite well.
2. Anti-Ad/Spy/Scumware: I use Windows Defender (though it pains me, since I’m a little anti-Microsoft ;-).
3. Firewall: I use the Windows firewall as well, but may need to upgrade here.
4. Browser: If you’re still surfing with Internet Explorer, it is also a security risk. You may want to switch to Firefox or something else.
5. Wireless: If you have a wireless router, you should secure it with a password. The manufacturer should provide instructions on how to do this.
That’s it. If you get this much protection going, regularly updated, you are going to be, say, 95% of the way there. Beyond that, you better study up, maybe starting with Gizmo’s recommendations.
Ask questions in the comments. Someone else might have ’em, too!
Thanks to Sean for pitching in and providing some very helpful information.