All Systems Go: by Jason Robertson
IT administrators swear by this motto: “Always ensure your software is fully updated.” If we never download updates and patch our products, the system will be vulnerable, and those vulnerabilities are easily exploited by hackers.
And it’s not just updating the computer that’s important – we must also update Java and Flash.
About a year ago, there was a hacking competition for the Mac OS, which is very secure. On Day 1, they had just the Mac with the base operating system, and no one could hack it. On Day 2, they installed all the approved Mac OS apps, and no one could hack it. On Day 3, they installed all other apps that you would normally find on a Mac, and one of them was Adobe Flash. A hacker was able to gain full access to the computer based on a Flash vulnerability.
Adobe has since released patches and updates, but their software consistently gets hacked and makes computers vulnerable. If we don’t use Flash or need it, it’s best to remove it.
Kill and remove viruses
Updates are nice, but we also want something to kill and remove viruses This is where anti-virus software comes in. There are two main types: residential and commercial. The commercial versions allow for central control and reporting, which means admin can centrally deploy. With commercial, there is a licensing period for updates; after the license expires, the commercial anti-virus software will still work but will not get any new updates. With residential anti-virus software, when the license runs out, the software stops working.
Most people favor free versions of software, but when it comes to free anti-virus software, be sure to download the free version — and not a virus.
Block data theft
Besides viruses, there is malware, or spyware, to watch out for. What is the difference between malware and a virus? Viruses are usually self-replicating and try to damage to your computer – kill the operating system, corrupt files and cause data loss. Spyware does not cause harm. It collects usernames, credit card info and passwords, harvesting as much sensitive information as it can, then upload that data to its server.
Anti-virus companies don’t usually include anti-spyware products. Always install an anti-malware program, such as Microsoft Defender, Spybot Search and Destroy, or Adware (Malwarebytes). Defender and Spybot Search and Destroy are both free. In my experience, the free versions are generally better than the versions that are paid for.
Build a wall
Firewalls can be software or hardware. They keep hackers from getting into your network from the internet. A firewall can be installed on the computer as software, or a hardware firewall can be built into the modem/router. But remember, just because it’s built in doesn’t mean it’s turned on.
All apps/programs that access the internet use ports to communicate to the internet; the firewall blocks that port from outside access. Firewalls are great because they keep hackers from getting into our network, but be a little careful as they also could keep us from doing what we need to do.
MacAfee SiteAdvisor, or WebAdvisor, is a free tool to make sure we don’t go to websites that host viruses and spyware. It works by having a database of all the bad websites, and preventing or warning us from going to them.
‘Suites’ not a good idea
In order to sell us more products, the major manufacturers of anti-virus software have created “internet security suites,” which are packages with everything included: anti-virus, anti-malware, firewall and SiteAdvisor. It sounds like a good idea, but it’s generally not. Most companies do one thing well, but not everything well. With internet security suites, they try to do too much and end up hurting the end user, locking down the computer so much that it can cause more headaches than it’s worth. Security suite software can block users from legitimately accessing the internet, and often users will have no idea how to gain access to the internet from their computers again. Let each vendor do what it does well, and avoid the suites.
Privileges and permissions
Proper use of privileges and permissions is important. Every operating system ever built has login options with different permission levels. A “root user” in Linux can do anything. In Windows, there is the “user,” who cannot install software and change programs, and the “administrator,” who has full control.
It’s always a good practice to create a user account with only user permissions, rather than letting everyone log in as administrator. Why? When a virus comes into a computer and the virus activates, it will have the permission level of whichever login is active. If the user is logged in as admin, the virus will be able to do anything it wants – self-replicating, installing itself into auto startup and login, editing our registry – and it can be a real nightmare for those not experienced with removing and killing processors and cleaning the registry.
Browsers are not born equal
The main internet browsers are Internet Explorer, Firefox, Chrome and Safari. My advice is to not to use Internet Explorer, as it allows a computer to connect to other computers in a way that other browsers do not. Internet Explorer offers a lot of functionality – we can use active X programs to create little programs within Internet Explorer, and it allows us to remotely control a computer from other computers – but this functionality also offers a lot of security holes. With Internet Explorer, a hacker could go straight into the computer.
In contrast, there is not a lot a hacker can do with Firefox, Chrome or Safari. Since they mainly browse the web, the worst that can happen is that the user will be sent to a different website.
Vigilantly tending to the basics will help keep all computers on board safe from attack. Make sure all updates are done; use a reliable anti-virus, anti-malware and firewall; set user-only permissions; surf the internet using SiteAdvisor; and try not to use Internet Explorer unless absolutely necessary.
Jason Robertson, director of technical crew placement agency Robertson ETOS (www.robertsonetos.com), has more than 17 years of combined AV/IT and ETO experience on board megayachts. Comments are welcome below.