He is absolutely right, PC’s are sold, and most people buy them in the same way as they buy anything else like a TV, a kettle or even a car. They expect the PC to sit there, allow them to read their e-mail, write a few letters and just work, in the same way that they expect that their kettle won’t suddenly burst into flames. Essentially with all of them they are bought to just work. The description of what happens is spot on too – the free security software never gets extended, and people put up with a lot – I know of people who quite happily clicked through about 20 porn filled pop-up windows to get to a browser window to do their online banking, without even considering what else could be on the machine onto which they are typing all their important financial details. I’ve also known a number of people who maintain that they don’t need anti-virus or security software because they don’t view dodgy sites, and don’t open attachments from unknown sources – all of them have ultimately found out to their cost that their are nasties on the Internet now that will transfer onto a PC without any intervention at all from the user, and generally ended up having to spend a lot of time and/or money getting their machines sorted out.
In fact, in general I tend to find that many people don’t start taking PC security seriously until they have had a problem like this. However, it’s not too difficult to protect yourself. Craig has some good advice and recommendations for both paid for, and free alternatives for the various essential bits of software that you need before you let your PC near the Internet. I also strongly back up his advice to go get a proper router instead of using a USB based ADSL connection. The added protection by having this extra layer between you and the internet makes a big difference.
Of course, the one suggestion I would make that Craig wouldn’t, is to consider whether you really need a PC at all. Want to read some e-mail, browse the web, do your online banking and write a few letters? You do all of those on a Mac – I do – our PC gets used for games mainly, everything else is on the Mac. Go along to somewhere with knowledgeable staff, like John Lewis or even better one of the six Apple Stores around the country to see one in action. If you can’t get one of those, get hold of a Mac magazine such as Mac Format or MacWorld – you’re even going to be able to pick up a Mac from Tesco now! Of course, I’d still recommend getting hold of a virus checker, and following Craig’s good practice, even with a Mac, but currently it’s a much safer platform to work with, and certainly not buried under nearly so much of the spyware and viruses that attack PC’s.
Last night, the BBC showed a documentary on the UK Hi-Tech Crime Wave, which even for someone pretty up to date with the selection of security threats was pretty worrying, and was probably downright terrifying for the average user without proper virus checking, firewall or spyware detectors! As Dave Oliver has also chosen to comment on Howard’s decision to get a Mac, it also seems like a good opportunity to highlight why a Mac is now my main machine rather than a PC.
Looking at the programme first, it was primarily a whistlestop tour of the various methods by which criminals are making money from the Internet. Amongst other things it included a former chair of a local Police authority who had Â£2000 spent on a debit card that he never lost, which led to a discussion of skimming, where shops swipe the card information on the magnetic stripe on the back of your card (and still there even on new Chip and Pin cards), and then use the numbers online. They also interviewed an online retailer who has had problems with people using such stolen card numbers to buy goods, and who says that with his current losses eating into his profit margins, he soon will be unable to afford to keep the business going.
From there, the programme looked at the more PC based threats, firstly looking at the phising scams that have hit almost every major bank worldwide. From there it moved on to the more worrying key logging, and screen logging spyware, including another small businessman whose PC got infected with such spyware that recorded all his account details. The programme also looked at how the banks are trying to avoid the keyboard loggers by using drop down menus, but that the criminals are fighting back with applications that record the contents of your screen as well.
The final part of the programme looked at how infected, broadband connected PC‘s are used, detailing an attempted extortion against an online gambling site, where a bot-net (an group of infected PC‘s remotely controlled) was used to mount a denial of service attack, and then the attack followed up with both e-mail, and telephoned threats of extortion. According to the programme, the UK is one of the largest sources of infected PC‘s, and to be honest I’m not surprised.
The programme finished by encouraging everybody to ensure that they had up to date anti-virus software, firewalls and anti-spyware software installed, and to some extent that is where a lot of the UK problems come from. There are several people I know who still maintain that they don’t need to keep up to date anti-virus software as they don’t open any suspect e-mails. However, even people who are careful still get infected. I know of two people whose brand new PC‘s were infected in the short time the new machines were connected to download the latest virus definitions!
This leads neatly on to the reasons why I mainly use our Mac rather than a PC. Firstly a bit of background. We actually have both a PC and a Mac, and I would never have considered a Mac prior to the arrival of MacOS X. In my time with the PC I’d always messed around with alternative operating systems, particularly those that were Unix-like such as Linux, and particularly BeOS. However whilst they all had advantages over Windows in terms of interface, security and so on, ultimately I still needed to come back to Windows for software compatibility, and support. Whilst it was fun to play around with the different systems, for a machine that I could reliably keep up with e-mail, write documents and browse the web, and easily fix on the occasions it went wrong, Windows could not be beaten.
Anyway, to cut a long story short, when I spotted an end of line EMac in a sale, I picked it up. Initially it was used in a similar way to BeOS, for specific tasks, with web browsing and e-mail remaining on the PC. However over time I have gradually switched. The big changes were when the e-mail was switched over, which was as a result of a couple of events. Firstly back in 2001 Beth got sent a virus through her yahoo account – which she browsed with a web browser, and the virus downloaded onto the PC, so I decided to try and set up our e-mail so she could use a calusari.demon.co.uk address, but keeping the mail separate. When it happened, all the PC solutions cost money, or required a switch to Linux, so I left it. However a while after we had got the Mac, Microsoft Outlook, which I was using for e-mail really messed up, to the point where I couldn’t send and recieve e-mail. Looking at the Mac, it included a full Sendmail server, and following a guide on O’Reilly I was able to set up our current system where Beth and myself have separate e-mail accounts. Similarly over time, one by one, things that I used to do on the PC have switched over to the Mac. Compatibility isn’t a problem either – the whole St James Parish Profile was put together using the Mac version of Office , with the other contributors using PC‘s.
Alongside the fact that I am able to do everything I need, one of the other things that keeps me on the Mac is the security. As more and more people have issues with viruses and spyware, the Mac remains largely unaffected. Whilst there are the same security issues that affect other platforms, whether due to the size of the market or whatever, the Mac isn’t affected by the volume of viruses and spyware that affect Windows. It is worth saying at this point that whilst there isn’t a problem now, technically the Mac could be attacked in the future, (have a read of this MacWorld article for some of the myths) so I still ensure I maintain up to date protection. However it is true to say that largely I don’t worry too much about it. As the US National Security Agency said in December 2004:
The systemâ€™s default configuration is one of the most important security features provided by Mac OS X. First, as stated above, the root account comes disabled in Mac OS X. Second, network services are all initially disabled. Third, the initial logging setup is consistent with good security practice.
While we found that there are indeed a few minor improvements worthy of acknowledgment, in particular, some rather low-level improvements that don’t show to the admin or user, overall, SP2 did little to improve our system’s practical security, leaving too many services and networking components enabled, bungling permissions, leaving IE (Internet Explorer) and OE (Outlook Express) vulnerable to malicious scripts, and installing a packet filter that lacks a capacity for egress filtering.