Computer Monitoring Tools

As security professionals we all know when our computers are trying to tell us that there is something wrong.  We also have our own techniques for poking around "under the hood" looking for trouble before it gets out of hand.  Like car enthusiasts, we know what each rattle and noise means and we take steps to correct the problem early.  But what about our parents and extended family members who don't have the same skills?  Like the temperature gauge or "check engine" light in your car, how does a typical user know that something is wrong?
Most newer operating systems have a system health and monitoring capability.  For example, in Windows 7 you do this:

• Log on as a local administrator on your computer, click Start, and then click Performance and Information Tools.
• Under Advanced Tools, select Generate a system health report.

And in Windows XP you take these steps:

• Log on as a local administrator on your computer, click Start, and then click Help and Support.
• Under the Pick a task, click Use Tools to view your computer information and diagnose problems.
• In the Task pane, click My Computer Information, and then click View the status of my system hardware and software.

Recognizing phishing and online scams

Recognizing phishing and online scams. Which is an interesting discussion. For example, would phishers still bother if no one clicked and freely entered their credit card and personal information? Would 419 scammers bother if no one responded to their messages? Since there is a profit motive behind the miscreants actions if there were a diminishing return, or the actual possibility or prosecution, would we continue to see so many of their emails and web sites? Philosophical questions aside, in oder to reduce the harm of scammer and phishers the people receiving the bait need to be able to recognize the messages as such and not respond or click.


Don't click or respond to the following:

• If the message does not appear authentic, it probably isn't.
• If it sounds too good to be true, it is.
• Do the content of the message appear in search engine results?
• If you hover your mouse over the link does your browser or security software silently scream at you?
• Seeing silly typos, formatting, or grammatical errors a professional would not make.
• If the message asks you to send your information to them, rather than the other way around.
• If you don't have an account with the company supposedly sending the email!

Here are some useful links:

http://www.microsoft.com/protect/fraud/phishing/symptoms.aspx
http://www.us-cert.gov/reading_room/emailscams_0905.pdf
http://www.gongol.com/howto/recognizephishing/
http://www.surfnetkids.com/safety/how_to_recognize_phishing-21760.htm

Cyber Security Awareness - Securing the Family PC

So today let's look at some common sense advice about the family computer. Yes, we all know the mantra about keeping the anti-virus software updated and the system patched (we'll talk more about that in a few days) but what else should we be doing? Some of the things that I recommend for the family PCs I work on include:

• Keep all computers in full view (no hidden machines, no illusion of privacy)
• Document computer details in writing (serial number, software, receipts, BIOS password, etc.) and keep the documentation in a fireproof box or safe
• Use an uninterruptable power supply (UPS) for PCs, laptops have their own built-in UPS - the battery
• Keep all of the hardware and software manuals, plus any software CDs/DVDs in one place that is easy to find
• Use a cable lock to keep intruders from stealing the computer should there be a break-in
• Throw a towel over the webcam (better: unplug the webcam)
• Unless it needs to always be on, consider turning it off when not in use
• Keep plenty of room around the PC so that air can flow through to cool it