Three basic ways users can protect themselves — and their computers
Stephen Adler, responsible for security systems at Microsoft, was in Athens in November to present the company’s authentication systems at a conference held at the National War Museum. The «cyber-sheriff» spoke to Kathimerini about new software – with names such as Cerberus – that is being developed. He said the most common threats in cybercrime are attacks by viruses and worms. In a number of recent cases, viruses carried Internet landmines that could erase entire programs and data from users’ hard drives. «Information that has been saved, such as text files and e-mails, can be transferred onto the computer of the person who launched the virus. There is a more recent application, the so-called Trojan horse or spyware, that is installed into users’ computers without their knowledge. Normally, this spyware is downloaded when a user opens a suspicious e-mail or logs onto a dangerous website. The threat is even greater because they can steal the user’s codes or stored data and therefore learn classified information or credit card numbers,» he said. Adler also warned against the more traditional methods of fraud, such as pseudo-offers via e-mail. All users should exercise caution when opening e-mail or visiting websites that advertise big cash prizes. When something appears too good to be true, it just isn’t. He said Microsoft’s strategy is based on new initiatives in all sectors: technology, cooperation with industry, training and, of course, the application of the law. «First of all, we are participating in a new program, the Virus Industry Alliance, in cooperation with leading anti-virus logistics designers, such as Network Associates and Trend Micro. The program provides an early warning system for our customers, informing them of all the new viruses that are attacking Microsoft products.» Training, he said, is the key to raising users’ awareness of the dangers they face when surfing cyberspace and they need to know how to protect themselves. «An unsuspecting user is very much like a driver who leaves the car with the window open, the keys in the ignition and his valuables on the front seat,» warned Adler. Microsoft is making substantial investments in user training and education; through information bulletins posted regularly on users’ computers, publications on security and regular safety posting on the Internet. «You might, for example, remember our ‘Protect your Computer’ campaign against the Blaster worm. We showed users how to activate their own firewall, how to install an anti-virus program and how to regularly update their systems through patches. We are also sponsoring a number of radio and television awareness programs around the world,» he explained. The company is in constant contact with the authorities in almost every country, ensuring that its customers are being protected. «A recent example of our cooperation with the authorities is the creation of the Anti-Virus Reward Program, which received 5 million dollars in funding and helped authorities locate and arrest people who are creating viruses and other destructive codes on the Internet,» said Adler. He advises three simple steps for the average user: First of all, the use of an Internet firewall, which forms a kind of protective barrier between the user’s computer and a hypothetical intruder. It is very useful for people using Windows XP. The second step is updating security systems regularly. Microsoft’s most recent programs include automatic updates. The third step is to use anti-virus programs that update themselves regularly. Of course, the tools already available on Microsoft Office and Internet Explorer allow users to locate viruses and Trojan horses and to reveal dangerous websites and e-mails. «Network security requires vigilance and knowledge. In many cases, it is simply a matter of using common sense. It is a good idea to have a good user ID and password and never tell others what they are. It is a bad idea to store passwords and credit card numbers anywhere on the computer without protecting them with some sort of code, and it is also a bad idea to download suspicious-looking sites from the Internet. «Also, if you are using the Internet for any type of financial transaction, make sure that you are doing so on a secure connection. SSL software and connecting to a reliable company are absolutely necessary for this. If you want to make sure that SSL software is being used, check that the web address begins with ‘http’ and that an icon of a lock appears on the bottom right-hand corner of the web page,» said Adler. Businesses use more developed security systems. The most important thing however, especially in the context of an internal network, is to limit access to the bare minimum, thus limiting the spread of potential viruses. Businesses should have a comprehensive security system based on ISO 17799. Then there are the authentication systems. Each user of an authentication system has only one ID. The system has to confirm this ID if one wants to run certain functions. There are many ways to submit the credentials of a user. The most common is electronically, where the user types in a username and a password. Another method is through a smart card, which must be accompanied by an access code. There are other, more developed, methods, such as the use of biometric data such as finger prints or retinal scans. «Moreover,» said Adler, «we have already established certain protocols to solve the problem of system compatibility. One of the most well known is the Cerberus protocol and X.509 Public Key Infrastructure (PKI), both of which can run on Windows.» As for the limits to freedom on the Internet imposed by stringent security, Adler admits that sometimes, this kind of legislation may lead to violations of users’ privacy. «But your question is more about politics than it is about technology. We are creating software that protects both the security and the privacy of users. From that point on, it is up to government and legislative bodies to find the balance between security and privacy.»
