The Windows Baseline

People ask me for advice when buying a new computer all the time. The machines are advertised with CPU clock speeds, hard drive and RAM amounts, Gigahertz and Gigabytes and all sorts of other jargon. But what do those numbers actually mean, what can the machine actually do?

Obviously there is some benefit to knowing the ins and outs of a computer machine, just like there is a benefit from knowing the ins and outs of a car, but not everyone has that kind of time or interest. In the end its a tool and people buy it to do a job, whether that's spreadsheets or lolcats.

The Windows Experience Index is a number assigned to a computer by the Windows System Assessment Tool. It's incredibly useful for boiling down the components of a machine and assigning them a score, and then assigning an overall score to the entire machine. The tool is available in Windows Vista, 7, and 8.

This is an example of a benchmark, and a useful benchmark at that. All benchmarks are artificial, and not necessarily a guarantee of how a machine will run in real world situations, but there is correlation. In the end you get what you pay for. If you're looking for lolcats, you can probably skimp on the score quite a bit. If you want to manipulate spreadsheets, you might want a little more umph for the numbers. And if you're trying to play the latest games, then yes, you're going to need to pay for that higher number.

I'm Still Going to Use Microsoft Security Essentials

This article came up the other day, and it’s a little jargon-full, but it seemed like a very important topic for the average user. This is particularly important because Microsoft Security Essentials (MSE) is one of the most popular virus protection programs, and now that it’s built into Windows 8 that is only likely to increase. I know that since its release, I have always recommended it to friends and family. It’s free, easy to use, and updates along with your Windows OS. Now, based on the article headline, you might think that I’m changing my mind, but I’m not, and here’s why.

The article in question: http://www.ibtimes.com/microsoft-security-essentials-fails-antivirus-certification-test-second-time-row-microsoft-disputes

The main point here is the difference in goals of the certification test and Microsoft’s own testing goals, summarized most succinctly in the article that Blackbird is looking at the viruses that are missed by the software by category, whereas Microsoft designs its software based on consumer impact. To me this means that while this certification test is important and useful, it is also biased by being more artificial. Microsoft’s own tests too are by definition artificial, but the company is striving to obtain real world results.

The second major thing to look at when talking about all these percentages of malware, is the encountered numbers. What this means is that malware might affect your machine, but you may never come into contact with it. And this hits on one of the points that I have always emphasized, this is about the person using the machine and not the machine. Even if MSE was 100% effective, a person can still mess up a machine. If you are using safe browsing habits, not opening links from spam emails, or browsing untrustworthy websites, you’re not going to encounter this malware. The point is, no one should be depending entirely on their antivirus software to completely protect them. There are many other ways for your data to be compromised, such a phishing and other social engineering scams.

At the end of the day, my take away is this, I’d rather Microsoft fail an artificial certification and continue to focus on real word tests than for the company to design their software in an artificial setting that scores 100% in the lab, then completely fails the consumer in the real world. (Ahem, video card benchmarks, cough).

This week we are discussing information security plans. I’m sure many people have seen these and had to read them at some point at work, but what about at home? This linked article here gives a great example of enforcing some InfoSec at home, with a demographic that may not be entirely savvy enough to understand the trouble they can get in without it.

First of all, let’s cover the benefit of explicit rules such as these. The crux of computer issues comes from human error. If we examine the McCumber Cube, education and policy seem to stand out as the areas where the user can screw up. A perfect system is only that way until someone who doesn’t know how to use it does.

Phones are just tiny computers, more powerful now than any computer I played DOOM on growing up, and kids are getting them. I wasn’t allowed on the internet when my parents weren’t home in middle school, and these devices are connected to the internet all the time. There is a need for rules, policies outlined explicitly so the user understands the authorized uses of a device and their own responsibilities.

The linked list includes a lot of social, parenting, and politeness type rules, but it also includes some great rules regarding information security. Chief of which, and I think it matches places of employment for adults, is that the phone does not belong to the child and the password will always be known by the true owner. This seems to jive with corporate policies about browsing Facebook all day instead of getting work done, the machine is there for a reason and the corporation will check and see that you are using it as such.

The acceptable and unacceptable uses of this technology are clearly outlined. So while this may not cover all the parts of a traditional Enterprise Information Security Policy, I think it’s going to serve this parent and child very well.

Web link: http://gizmodo.com/5972721/every-parent-who-gives-their-kid-an-iphone-should-make-their-kid-follow-these-18-rules

The Intruding Hackers

The FBI is taking the threat of hacker intrusions, shouldn’t you? In the current technological world we live in, it’s obvious that a response like this is necessary from the FBI. Not only for the sake of private companies, but for the wider country, our infrastructure is becoming more and more networked. Attacks like these are an enormous threat to national security.

But what about home security? Just as our national infrastructure becomes more and more networked and connected, more and more of our personal information is stored on our home networks and computers. This information is valuable, both to you and to a potential hacker looking for credit card numbers or other personal information they may be able to sell for profit.

Prevention is necessary, and I certainly hope that you are keeping your machines updated and your antivirus software on, as well as steering clear of the more unsavory corners of the internet. But what about  when an incident does occur? Do you have a plan to deal with that?

How do you detect and intruder or other incident? What steps do you take to stop the violation? How do you recover from it? In the cyber security world these kinds of questions are addressed in an Incident Response Plan. Maybe you don’t need to go through all the paperwork, but being able to answer these questions could help you out a great deal when the inevitable happens.

FBI Reference: http://www.fbi.gov/news/stories/2012/october/cyber-division-focusing-on-hackers-and-intrusions/cyber-division-focusing-on-hackers-and-intrusions