Tip for Today
Is your computer safe and secure?
The programs we’re using are getting more complex while software update cycles are getting shorter. Add the fact that we’re increasingly depending on computers connected to the Internet to this mix and what you have is a recipe for computer bugs and security holes. The good news is that these same factors can also be the best way to handle computer and the Internet related security issues and bugs. But only if you take the necessary steps to stay informed.
Things you can do to safeguard your computer
- STAY ALERT! Sounds simple? But do you really know if you have the latest patch for your browser, the software you use everyday or even the operating system that you run all your programs on? Don’t expect to hear about security issues and other software bugs in the traditional media such as the TV and news papers. Even if you subscribe to a technical journal, you may not get the news in time.
- Use email notification services : Subscribe to email notification services related to the software you use. Don’t forget to include your operating system, web browser and any other software that will connect to the Internet in this list. Almost all of these notification services are free and subscription information is usually found on the software publisher’s web site or the software registration card.
- Periodically check related web sites : If an email notification service is not available, add a task to your calendar to check your software publishers’ web sites at least every month, if not every week. You may have to search their news archives to find any security bulletins.
- Search newsgroups : Some software publishers may not provide timely information about their software glitches openly. In such instances, newsgroups dedicated to open discussions may help you to find related messages posted by other users. Be aware that the quality and the credibility of information gathered from newsgroups maybe lower than information retrieved using above two methods. Searching, rather than browsing messages one by one, is recommended when it comes to newsgroup postings. For example, search for:
“product name” AND bug OR fix
- TAKE ACTION Once you become aware of a bug or a security issue, carefully read the documentation for it and take the recommended action. For example, if applying a software patch is recommended by the software publisher, do so as soon as possible. Don’t delay taking action until the end of the month. Some software patches must be applied in a particular order. Applying fixes as they become available could make it easier to keep this order.
- KEEP DEFECTIVE SOFTWARE OUT OF REACH After applying patches to your current software installation, be sure to remove defective software from circulation and to document the actions you took for future reference. For example, if you receive a replacement CD or a floppy with a fix, remove obsolete disks from the circulation to avoid future confusions. If the fix was provided in a form of a patch (if you still need the original installation disks in case you have to reinstall the software), be sure to make a note of the patches you applied for future reference. You may want to keep a separate notepad for this purpose or simply label or mark the disks as a reminder to yourself.
If you’re responsible for maintaining more than just your personal computer, administrating a network for example, you should take extra steps such as examining server log files, renewing passwords and evaluating the effectiveness of your organization’s security measures. Following is a list of resources useful to all Windows users and to most other Internet users to stay up-to-date with security and other computer software defects related news:
- Deja News
Online tool for searching, reading and posting Usenet newsgroups.
- Microsoft Security Advisor Program
Security, Microsoft Security Advisor, Internet Security, NT Security. News, advisories, how to improve security.
- Windows Update
Get Windows 98, NT 5 and other software updates online.
- Internet Explorer Security Area
The place to get Internet Explorer related security updates.
- Microsoft Security Notification Service
The Microsoft Security Notification Service is a free e-mail notification service that Microsoft uses to send information to subscribers about the security of Microsoft products.
- CERT* Coordination Center
The CERT* Coordination Center studies Internet security vulnerabilities, provides incident response services to sites that have been the victims of attack, publishes a variety of security alerts, researches security and survivability in wide-area-networked computing, and develops information to help you improve security at your site.
- NTBugtraq Home Page
NTBugtraq is a mailing list for the discussion of security exploits and security bugs in Windows NT and its related applications.
- World Wide Web Security FAQ
W3C’s World Wide Web Security FAQ for webmasters.
- Netscape Security Solutions
Security issues related to Netscape products.
- Windows NT fixes FTP directory
- Computer Incident Advisory Capability
CIAC provides on-call technical assistance and information to Department of Energy (DOE) sites faced with computer security incidents. The other services CIAC provides are: awareness, training, and education; trend, threat, vulnerability data collection and analysis; and technology watch.
- Computer Security Technology Center, The
Located at the Lawrence Livermore National Laboratory, provides solutions to U.S. Government agencies facing today’s security challenges in information technology.