Saturday, January 16, 2010

Preventive Maintenance

    There are heaps of reasons why Linux is more secure than Windows. Some believe that it's because Windows is the dominant OS and so that's the one that all the hackers want to attack - but this is a long way from being the principle reason why Linux (and BSD, as well as Mac) is safer than Windows. Most of the reasons are related to it's illustrious but very ancient predecessor, Unix. This operating system was designed, right from the beginning, to be used on a network - and in the days when computers were terribly expensive, security was a priority right from the outset. Normal users could only change their session and could not do anything to the core system itself.

    What this translates to today is that any machine running Linux has a modular structure. As with Unix, a normal user cannot do anything that could be dangerous to the computer. Such actions can only be undertaken by opening a special session called 'root' which requires a specific password. What this means is that if someone wanted to attack your computer, (s)he would have to find a way of getting past this security procedure, which would be very difficult indeed. In Windows, on the other hand, it is much easier to do such operations, and so the potential hacker has much less work to do. Indeed, there are probably only two ways to get into the heart of a Linux system: 1) Do a directed attack against one particular individual; 2)Try to dupe users into installing the virus as root. For most people, this second is more likely. For example, there is a virus at the moment that works by trying to persuade you that you need to install a codec to read a multimedia file. All you have to do is click on the link and install it as root...This is a virus directed at Mac at the moment, but such nasties could also be written for Linux.

    Another reason why Linux is more secure than Windows (and also why it's more secure than Mac) is that, as it's open source, it is constantly being worked on. 24 hours a day, 7 days a week someone somewhere is probably looking at the code; and if a problem is identified the solution can appear very quickly indeed, sometimes only hours after the problem was spotted.
Finally, Linux has something that the other operating systems couldn't possibly have, at least not to the extent that Linux has it: software repositories. If I want to download a program, and of course I do often, I do so from a server maintained by the official community of my version of Linux (Debian) - this means that the software has been checked very thoroughly before becoming available.

    So, viruses are very, very unlikely in Linux, but that doesn't make them impossible. However, as Linux is modular in nature, any damage done could only be very limited (unless you foolishly install it yourself as root). As for spyware, that would need to be installed in the directory containing your Internet browser, which is protected by this root password. This is why we don't see such malware on Linux.

Windows Users (XP, Vista, 7)


People don't like change, and to switch to Linux just for security reasons, may be unreasonable, for average users. Why would you when there is so much anti-virus software available. The truth is, that if you practice the right procedures, your PC will be secure no matter what operating system you use. Without even adding another expense there are things that can be done to keep your Winows operating systems more secure then the average user.

    One of the most crucial methods to staying more secure is to have a user account for installing certain applications and configuring the system (Admin). Then create child user accounts with very limited permissions for daily use. Basically whatever files the user can touch, the same would also apply to a hacker.
    Still while using a child account malware, spyware, adware, will get into the PC and affect them accordingly. The best solution to this problem is the free download of spybot search and destroy, with the tea timer running in the background. Any virus that can make it into the system can remain dormant, and run as soon as a user logs in as admin to install a program, it could even be the program itself. That's why anti-virus software is installed and run frequently, but they can only catch items that are known by them.

    My anti-virus software of choice, is Comodo AntiVirus. Comodo is a Certificate Authority, and is the second-largest issuer of business-validated certificates. Comodo's certificate profile includes OV certificates, DV certificates, EV SSL Certificates and Multi-Domain Certificates, Unified communications Certificates, email certificates and Code signing certificates. Comodo CA undergoes an annual WebTrust audit by Ernst & Young.

    Who wouldn't feel safe with Comodo on there side? I know I would, they have the background and experience in keeping data safe. They help keep viruses off of PCs and say " when your business expands and see us more sophisticated security is needed.

The Comodo companies offer many free products through their website, available for public download. Most notable of Comodo's free products is the Comodo Internet Security freeware program, incorporating Comodo's firewall, Host Intrusion Prevention System and antivirus.

Other Comodo branded freeware security tools include an Anti-Malware tool, and a Memory Firewall, a free solution that protects against over 90% of buffer overflow attacks. For an additional fee, Comodo product users can subscribe to Comodo's computer cleaning and optimizing services for real-time computer assistance.

Comodo also offers a free registry cleaner program, now included within the Comodo System Cleaner. The regular use of this software can dramasricly increase performance, registry errors are a major factor in average users PCs that slows them down.

With proper usage of the Account Permissions, Spy-Bot, and the Comodo's Internet Security viruses should become a very rare occasion, and not be able to do to much damage. When installing the Comodo Internet Security be sure to disable the windows firewall before you begin. Comodo's Firewall is far more secure, and should be used.

Put an Old PC to Work!

Now there are tons of guide for what I'm about to explain, so 'll just discuss the benefits of such processes. Now these two tips can be done individually or on the same system.

Network Proxy Server
A function that is often combined with a firewall is a proxy server. The proxy server is used to access Web pages by the other computers. When another computer requests a Web page, it is retrieved by the proxy server and then sent to the requesting computer. The net effect of this action is that the remote computer hosting the Web page never comes into direct contact with anything on your home network, other than the proxy server.
Proxy servers can also make your Internet access work more efficiently. If you access a page on a Web site, it is cached (stored) on the proxy server. This means that the next time you go back to that page, it normally doesn't have to load again from the Web site. Instead it loads instantaneously from the proxy server.

Squid is a full-featured web proxy cache server application which provides proxy and cache services for Hyper Text Transport Protocol (HTTP), File Transfer Protocol (FTP), and other popular network protocols. Squid can implement caching and proxying of Secure Sockets Layer (SSL) requests and caching of Domain Name Server (DNS) lookups, and perform transparent caching. Squid also supports a wide variety of caching protocols, such as Internet Cache Protocol, (ICP) the Hyper Text Caching Protocol, (HTCP) the Cache Array Routing Protocol (CARP), and the Web Cache Coordination Protocol. (WCCP)
The Squid proxy cache server is an excellent solution to a variety of proxy and caching server needs, and scales from the branch office to enterprise level networks while providing extensive, granular access control mechanisms and monitoring of critical parameters via the Simple Network Management Protocol (SNMP). When selecting a computer system for use as a dedicated Squid proxy, or caching servers, ensure your system is configured with a large amount of physical memory, as Squid maintains an in-memory cache for increased performance.

If you happen to have Ubuntu on your old PC then the install is as easy as one command in the terminal:

sudo apt-get install squid squid-common

Configuration steps can be found on Ubuntu's website.

Completes the Home Network and Theatre...


...and installs nicely on your proxy server machine
XBMC is an award-winning free and open source (GPL) software media player and entertainment hub for digital media. XBMC is available for Linux, OSX, Windows, and the original Xbox. It also runs on an appletv and a live-bootable cd or usb flash stick. Created in 2003 by a group of like minded programmers, XBMC is a non-profit project run and developed by volunteers located around the world. More than 50 software developers have contributed to XBMC, and 100-plus translators have worked to expand its reach, making it available in more than 30 languages.

While XBMC functions very well as a standard media player application for your computer, it has been designed to be the perfect companion for your HTPC. Supporting an almost endless range of remote controls, and combined with its beautiful interface and powerful skinning engine, XBMC feels very natural to use from the couch and is the ideal solution for your home theater.

Currently XBMC can be used to play almost all popular audio and video formats around. It was designed for network playback, so you can stream your multimedia from anywhere in the house or directly from the internet using practically any protocol available. Use your media as-is: XBMC can play CDs and DVDs directly from the disk or image file, almost all popular archive formats from your hard drive, and even files inside ZIP and RAR archives. It will even scan all of your media and automatically create a personalized library complete with box covers, descriptions, and fanart. There are playlist and slideshow functions, a weather forecast feature and many audio visualizations. Once installed, your computer will become a fully functional multimedia jukebox.

It is difficult to put into words all that XBMC can do

Have all the entertainment in the house in one spot, and access it from multiple sources .I enjoyed coding a little python game of snake, that played in XBMC on my original hacked xbox, it was the first time I could say I coded my own xbox game. Even though it wasn't even coded in any C language, or with any microsoft tools. XBMC dash was like the windows OS on my xbox, I could check my email, surf the net, and had I the videos on the inernet in a few little scripts that organized them and presented them nicely for browsing. XBMC would make a great bedroom companion. It has an auto off feature, and what I like to do is list to groove salad on and the xbox shuts off after an 90 minutes.

There are hundreds of scripts written in python that make viewing content of all sorts of the internet. From games, to tvshows, lyrics of the current song playing, or record internet radio.


K.I.S.S - Stay Smart Be Secure

Keep it simple stupid. Is what was told to me. Stay smart if you use windows, remember to use a less privileged user account, and watch what programs you install. Sometimes the programs are the viruses themselves, and the program does exactly what it is supposed to due. Check who made the software and where it is you are downloading it from. Most software produces create a file called an md5-checksum and post on their site. This md5 is a fingerprint of the software, and the results will tell you whether or not someone has messed with the file.
Leaving a PC on 24/7 365 is also a security threat. Hackers can use a feature that is similar to that of the boaters radar ping. They can send out there pings, and attack the results millions of times a second, without even lifting a finger. This problem is solved with proxy servers, the other solution is only avalable as a feature of some routers.


Awesomely eerie instrumental.