Monday, July 16, 2012

Write Brain Report: JT Evans on Computer Security for Writers (Part 1) by DeAnna Knippling

Editor’s Note: This is the first of a three-part series. Look for the next installment on Monday, June 23.

JT Evans, as well as being a writer, is a computer security expert who started programming at the age of seven and has been a Certified Ethical Hacker since 2009. During his June Write Brain talk, he covered three main topics: how writers should take care of their computers, computer security basics for writers, and what the bad guys are doing with computers.

He also said that the nature of computer security is that it isn’t absolute; there’s only more secure and less secure. Increased computer security will lower the odds that you look like a fat, juicy target for thieves rather than give you an absolute guarantee of security. Often, that’s enough.

How Writers Should Take Care of Their Computers

Because security isn’t absolute, the best approach to security involves having multiple layers of protection, such as the following:
  • Patches. Many of the patches that you see from software companies address security flaws in their programs. New methods to take advantage of any given piece of software are being developed daily--thus, new methods to block off vulnerabilities are being developed daily, too. Upgrade and patch often, including turning on automatic updates for Microsoft products, Adobe products, and other software. Check weekly for updates to your software.
  • Virus protection. Approximately 20,000 new virus variants are being developed daily, so you need virus protection that updates itself daily. JT recommended McAfee, Symantec, and Kapersky virus protection and cautioned that with free virus protection, you get what you pay for.
  • Firewall. A firewall protects unauthorized data transfer with the Internet. That means it prevents unauthorized inbound connections as well as outgoing connections (in case your computer is infected and tries to infect others). A note on hosting a server (as for some computer games) on any machine on your home network--it’s inviting people into your network...that is, authorizing them to get past your firewall. Additional security is required before you set up a server!
  • Spyware protection. This prevents your cookies and other information from being shared without your authorization. Cookies are small bits of data that your system stores in order to make accessing and using certain websites easier--and it’s trivially easy to access the data in all your cookies (like stored passwords) if you don’t have spyware protection.
In addition to making your computer more secure, you need to make your data more secure. JT recommends the following plan:
  • Do a full backup every month. A full backup includes all your personal data on a computer system but not the actual software; for example, you should back up your Quicken data but not your Quicken software. There are multiple applications that will do this automatically for you.
  • Do an incremental backup every week. Incremental data is the data that changed since your last full backup. There are multiple applications that will organize this automatically for you.
Where should you store data? If you store it on “the cloud,” that is, on someone else’s server (as in Dropbox or Carbonite), then that data is only as secure as that company wants it to be. JT recommends that if you’re going to use cloud backup providers, pay for it--because otherwise, you may be paying for the service through unanticipated use of your data. If you’re going to store data on a cloud system (or even email it to your Gmail account), encrypt it first.

Some of the other options:
  • Network-Attached Storage (NAS). This is a separate piece of hardware that stores your files; it’s a lot like an external hard drive. A NAS is attached to a network and is able to handle file requests from other computers on the network even when your computer is turned off, unlike an external hard drive; it can also back up all the computers at your house.
  • DVD burner. DVD storage is cheap. However, keep in mind that the process of burning a DVD at home is not permanent (unlike DVDs you buy with the data already on it) and can degrade over time--about six months should be secure, but replace DVD backups after that.
  • Flash drives. Flash drives use a spark to literally burn the data on the drive. However, that spark can burn through the drive after repeated uses. Either buy new drives every year or use them as a permanent record that you won’t reburn, like a DVD. Flash drives are very durable and can survive temps of -40F to 190F without losing data. Buy flash drives with encryption capabilities. 
Doing backups is made a lot easier when you use backup software. JT recommended Genie Timeline for Windows and Time Machine for OSX machines (which is built into the operating system and is free). Also, encrypting your data is the smart thing to do; the best (and free) encryption system currently available is GNU Privacy Guard (GPG).

If you need more information, you can go to JT’s website, jtevans.net.

If you’d like a copy of his handouts, click here.

About the Writer:  DeAnna Knippling is a freelance writer, editor, and formatter married to a Network Administrator, and she was still embarrassed about some of her personal security practices after hearing JT's talk.  Check out her personal blog at www.DeAnnaKnippling.com or her small press at www.WonderlandPress.com.

2 comments:

  1. My own professional (IT, not security specifically):

    1. Microsoft's free Security Essentials provides decent anti-virus and spyware protection. MS has an incentive to keep PCs as virus-free as possible. That said, signature-based AV is beginning to become obsolete against serious threats. Better something than nothing, but the best protection is behavioral: beware of what kind of sites you visit, don't click on attachments or links you aren't confident about, etc.

    2. I use Backblaze as a (pay) online backup service. It's great, it's silent, and you don't have to *do* anything to make it work, which makes it the most reliable kind of backup you can have.

    ReplyDelete
  2. Dave,

    You're right that signature- and heuristic-based AV is becoming less and less effective. The AV companies are up against a wall as the virus writers are becoming more and more effective and eloquent in their efforts.

    Training is one of the top ways to avoid infection (which is one reason I did this presentation.)

    As far as cloud-based backup solutions go (pay or free): I have a general distrust of them, but that's my opinion. Here are some questions I have: What are they doing with my data? Are they properly protecting it from unauthorized access? Are they properly protecting it from loss (hardware failure, lightning strike, etc.)? Are they allowing "illegal" backups/uploads (see the Megaupload.com debacle that's going on) that may threaten my legal, private backups? I've called a few (to remain nameless) cloud backup folks and asked them questions along these lines and all I've received is the telephone equivalent of a "blank stare." It doesn't give me the warm and fuzzies. That's why I stick to host-based (external hard drive) or network-based (network attached storage [NAS]) solutions that are within my realm of control.

    Then again... I'm a control freak!

    ReplyDelete