Computer Security: The Missing Link
Is your computer really secure? If you have antivirus software, malware scanners and a firewall, you might think you're safe from hackers, crackers and identity thieves. But chances are, you're missing one critical piece of the security puzzle. Read on to learn how to secure your software and truly lock down your computer...
Securing Your Software
You may feel safe behind a firewall and anti-virus software. But you're not. Bad guys can still get to your personal information stored on your computer, and even take over your computer and run it as if it was their own. The gap in your armor? It's the application software you use every day. Let's look at two recent examples.
Do you ever read Adobe PDF files, in your browser or with Adobe Reader after downloading? Tens of millions of people do; PDF is one of the most widely used file formats. But unfortunately, hackers have found ways to embed malware in PDF files that can spring to life when you view the document. Another high-profile case involved the Java software, which for years had been touted as a secure cross-platform application environment. Some serious security holes in Java prompted many pundits to recommend removing it altogether. New vulnerabilities are discovered in software every day, it seems.
Software developers issue patches and updates that close these doors to hackers in a never-ending game of Whack-A-Mole. A vulnerability pops up here, hit it with a patch. Another pops up over there, hit it with another patch. Developers provide the patches, but it's up to you, the end user, to whack the moles by applying these patches.
Staying on Top of Application Security
It's vital to keep all your software up to date with the latest patches and upgrades. If you haven't been keeping up with your Windows system updates, see Is Your Operating System Secure? and then come right back here. In addition to the operating system, the average computer holds about 80 application programs! Some are pre-installed, and some are downloaded from the Internet. How can you keep up with it all?
First, concentrate on the programs that are most often targeted by bad guys. They are the most commonly used programs: Microsoft Office, Adobe Reader, Internet Explorer, Skype, etc. The more people there are using a program, the more targets there are for a hacker's arrows. Naturally, the hacker goes after the biggest potential "market" for his malware.
Second, activate automatic update features when they are available. Then your software will check its home site for patches and upgrades every day, or week, or whatever. It can download and install updates without bothering you at all, or tell you when updates are available and give you the choice of when to install them.
Some security experts tell you to turn off automatic updates because a connection to a server is an open line through which hackers can invade your computer. But turning off auto-update closes one door while leaving untold numbers of others wide open. Who are you kidding? You're not going to remember to check for updates manually on a regular basis. You'll let it slide until your software is so outdated it contains dozens of vulnerabilities. Leave auto-update on and let the software remember for you.
Third, you can check all the software on your computer for vulnerabilities using the Secunia Personal Software Inspector (PSI). This free program comes from a trusted security site, and scans your software for known vulnerabilities. It will tell you which programs need updating and provide links to sites where you can download patches.
I recently ran PSI while researching the issue of software security, and I was very surprised by the results. I have security software in place, and I thought I was keeping up with all my patches. I felt pretty confident about the security of my computer. But PSI flagged Adobe Reader, Skype, iTunes, QuickTime, Java and a few others as needing updates. At least THREE of these vulnerabilities were marked Critical, meaning that under certain circumstances, an Evil Hacker could have exploited them to gain complete control over my computer. Yikes.
Other Software Security Tools
The FileHippo Update Checker is similar to PSI, and has been recommended by many readers here over the years. It runs a quick scan of your installed software, then shows a list of software for which updates are available. Keep in mind that when FileHippo flags an application, it's not necessarily due to a security issue. It's just letting you know that a newer version is available. During installation, the FileHippo "run at startup" box is pre-selected. If you don't change that, FileHippo will do a scan every time you start your computer.
I also recommend the free Qualys BrowserCheck scanner, which reports the status of your browser plug-ins. If any are out of date or need security updates, it will alert you and provide a download link to fix the problem. Run BrowserCheck in each web browser (Internet Explorer, Chrome, Firefox, Opera, or Safari) that's installed on your computer.
I want to issue a caution about the CNET TechTracker, which is yet another software scanner checker updater utility. Although this tool has gotten positive reviews in the past, I cannot recommend it for several reasons. The first has to do with the pollution of CNET by what I call foistware and crapware. Because of a variety of tricky and deceptive practices, it's nearly impossible to download anything from CNET without getting some other invasive or unwanted software. See CNET/Download.com: A Six-Part Horror Story for the details on that.
The second reason is that TechTracker is being discontinued, and it's features will be rolled into CNET's new Download App. I thought I'd give Download App a try, just so I could see if the Tech Tracker replacement was worth recommending. But no... the "recommended" Express Setup on the download page tried to foist the "Sweetpacks Toolbar," and wanted to change my browser home page and default search engine. After choosing the Custom Setup option, I noticed a sneaky pre-checked box giving permission to install all of the same crapware! After unchecking that box, the next screen blared "Support the ASPCA!" Turns out that option would have installed the "We-Care" browser parasite. At that point, I just said NO and decided to abandon the install. CNET, I'm done with you, until you clean up this mess. (Sigh.)
I started off this article by mentioning anti-virus and firewall protection as a given. If you're not 100% sure you have both of those bases covered, see my related articles Free Anti-Virus Programs and Do I Really Need a Firewall? to learn more.
Bottom line... the trusted software you use every day can be a source of danger to your personal information. Keeping your software up to date is your best defense. You cannot afford to let vulnerabilities go unpatched.
Your feedback on this topic is welcome! Post your comment or question below...
This article was posted by Bob Rankin on 24 May 2013
|For Fun: Buy Bob a Snickers.|
How Does Antivirus Software Work?
The Top Twenty
Google Search Alternatives
There's more reader feedback... See all 28 comments for this article.
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005
- Bob Rankin - All Rights Reserved
Article information: AskBobRankin -- Computer Security: The Missing Link (Posted: 24 May 2013)
Copyright © 2005 - Bob Rankin - All Rights Reserved