Computer Security for the Home User

This guide is aimed at the home computer user. If you're reading this you probably have one PC or at most two or three connected as a small home ethernet LAN. You have an ADSL or dial-up Internet connection and you probably run some flavour of Micosoft Windows. As a home user you may not feel that security is something you need to treat as a priority. After all its not like you're a bank or other obvious target for attack. In fact every system connected to the Internet is a potential target. Most big companies have qualified IT staff to keep their computers secure so the inexperienced home user is an attractive target to many attackers.

There are many reasons why attackers target home computers. Most people have sensitive files on their PCs such as business information, private emails and even credit card and bank account information. Your PC can also be a target not for the data stored on it but simply for its resources such as CPU and Internet connection. The last few years have seen an increasing trend towards distributed systems being used by attackers. Large numbers of Internet-connected PCs are hijacked and used together to send spam or carry out DDoS attacks. Many attackers know the IP address ranges of the modem pools of the main ISPs and scan for insecure home users regularly.

The following list outlines six steps that you can take to protect your home system from external threats. It isn't possible to be 100% secure but following this advice will help you to minimise the risks.

1. Install Anti-Virus Software.

   A big threat in today's networked environment is software generally described as malware. The most commonly encountered types of malware are viruses and worms. The main difference between the two is that a virus spreads by infecting legitimate files whereas worms are completely self-contained and generally spread by exploiting network vulnerabilities. Both can arrive on your computer via an email attachment. Viruses can get on your PC due to an infected file being downloaded from the Internet and worms can install themselves on your computer by exploiting any vulnerable network software that you are running.

   Because of these risks it is a good idea to never open email attachments from people you do not know. You should also install anti-virus software and use it to scan everything you download. You should scan your whole hard disk regularly as well. Most anti-virus software can not only detect malware but also remove it so its an important piece of software to have. A popular free anti-virus program for Windows is AVG Anti-Virus.

2. Install a Personal Firewall.

   A personal firewall controls the network traffic going in and out of your PC. This is essential for several reasons. Firstly, malicious hackers and automated software (worms) both attempt to gain access to home computers by scanning for vulnerabilities in the operating system and network software being run. An 'out of the box' unfirewalled Windows PC has all kinds of network services running that can give other Internet users far more access to your machine than you probably want. For example, shared folders on your PC can be accessed over the Internet. Using a personal firewall to filter unwanted incoming traffic greatly reduces the likelihood of your computer being broken into. It is also important to filter outgoing traffic from your PC. This is because some malicious software that can find its way onto your PC will attempt to connect out over the Internet to send spam, take part in attacks against other computers or even send your personal files to the software's author.

   A good Windows firewall is ZoneAlarm. If you don't want to pay for the full version they do a free version that is quite adequate for home users. If you're running Linux then Firestarter has similar functionality. An important point for Windows users is that Windows XP comes with a built-in firewall but this only filters incoming packets and not outgoing. This means it does not protect against, for example, a malicious program running on your PC emailing your personal documents back to an attacker as described above. XP users should install something like ZoneAlarm and then disable the built-in Windows firewall.

3. Apply Security Patches.

   An important part of keeping your home PC safe and secure is keeping up to date with security patches from your software's vendor(s). If you run Windows be sure to use the Windows Update function. This can usually be found on the 'Start -> All Programs' tab. Windows Update downloads and installs any bug fixes and security patches that are available for your operating system and associated MS applications. It upgrades your MicroSoft software to the latest versions and hence you are less likely to be vulnerable to known security holes. Linux users may have to do all this manually although some distributions (eg Debian) have similar features that upgrade everything to the latest versions over the Internet.

   Whether you use Windows or Linux you should keep an eye on the websites of any software that was not bundled with your operating system and which you manually installed. It is important to install any patches and upgrades as they are made available by the vendors.

4. Encrypt Sensitive Files and Emails.

   If you have sensitive files on your PC and/or you ever send sensitive information by email then you need to get to grips with using encryption. Encrypting data transforms it in such a way that it can only be read by people with the correct key. This means if someone gains unauthorised access to your computer or your email they will not be able to view your data as they cannot decrypt it.

   A very useful program for encryting emails is PGP. Explaining how to use it is outside the scope of this guide but it comes with detailed documentation. Bear in mind that the person you are sending encrypted emails to must also have PGP in order to be able to decrypt your message.

5. Choose Strong Passwords.

   When choosing passwords for your email accounts, online banking, encryption keys etc it is important that you select a strong password that cannot be guessed or broken by brute-force. Generally this means using passwords at least eight characters long and not using something obvious like your wife's name. Our guide to choosing a password goes into a lot more detail and if you follow the principles it covers you will be a lot less vulnerable to having your password compromised.

6. Make Regular Back-ups.

   If the worst happens and your data is destroyed, either accidentally or deliberately, you will be faced with the task of restoring your system. This is why it is essential to back-up your data at least once a week. There are several storage mediums that can be used for back-ups such as ZIP disks and removable hard disks. As CD writers are so cheap these days the simplest method is probably to use CD-Rs or CD-RWs. These typically store about 700 Mb of data each. If you copy all your work, emails etc to CD at the end of every week (or even every day) then you will not lose too much work should something go wrong.

   An important point to remember is that you should store your back-ups somewhere other than the location of the computer being backed up. Otherwise, the event that destroys the data on your PC could destroy the back-ups too. For example, if your house burns down this could destroy your back-up CDs along with your computer. A burglar breaking into your house could steal your back-up CDs as well as taking your computer. So its a good idea to store your back-up CDs at the house of a trusted friend or somewhere else where they are both safe and accessible. Most banks allow you to store small items in the safe at your local branch for an annual fee so this is also an option.

In conclusion, computer security is quite a complex field but you don't need to be an expert to vastly improve the security of your computer at home. By following the tips above you can get the maximum benefits from the use of your PC whilst minimising the risks from viruses, spyware, worms and malicious hackers.