Jerome Segura, a Security Analyst at ParetoLogic of Victoria, B.C., Canada, just posted a nice piece on computer security practices with a different perspective in his “Malware Diaries” Blog.
He begins his list of security tips by considering four classes of users:
- the pre-baby boomers: These folks rarely touched a computer in their lives and if they did, kudos!
Typical use: Work, Solitaire, Printing stuff. - the early and late baby boomers: They have been interacting with computers pre-Internet and have good notions but lack the ‘modern day stuff’.
Typical use: Work, e-mail, Online searches. - the 70’s – 80’s users: These guys are definitely into computers, maybe a bit more gaming and such. They possess quite a good sense of computing.
Typical use: Games, Work, E-mail, Online Dating, Forums - 90’s to present: Some of them were born with a computer or handheld device. Their lives would not be possible without the MSN, Skype and more recently all the social engineering glitter.
Typical use: Twittering, Facebooking, Online shopping.
then makes further distinctions by level of security knowledge and awareness:
- extra-cautious (paranoiacs)
- those who somewhat understand
- those who are over-confident
- security conscious folks.
His “ABCs of online security” is a list of 11 practices that could create a sound security consciousness for everyone, but especially for all those non-technical home users out there.
“- Today’s computers are connected to the Internet and are therefore much more at risk than their ancestors.
“- The Internet is fun but also dangerous.
“- People don’t know what they do and can easily be duped.
“- The more cool stuff, the more risks.
“- The right choice of software and hardware can protect your computer but will not make it 100 percent safe.
“- Updates should be applied religiously.
“- If you aren’t sure about something, check it. Files and Websites can be analyzed prior to opening.
“- Computers are not demons but they can be zombies.
“- Browsing to a site (ANY site) can infect your computer.
“- Backups are your best friends.
“- Virtual Machines are an acceptable way to have an affair (and get infected) behind your computer’s back.” (I think he means “an acceptable way to experiment with potentially malicious sites and files.”)
There’s always been a tendency among the technoroti to look down their noses at non-technical users. Personally I don’t think there has been enough effort put into public education on computer security. It’s way too common to blame the victims and that just doesn’t work. The money they spend for rogue anti-malware products and the cash siphoned out of their bank accounts help fund the criminal groups that prey on all of us.
When it comes to computer security, we’re all in this together.
The U.S. Computer Emergency Readiness Team (US-CERT) has a great page of security documents for all levels of users: http://www.us-cert.gov/cas/tips/