Thursday, December 10, 2009

In case of emergency, do nothing

Good article by security guru Bruce Schneier, who says for most users the best way to handle most disclosures of security vulnerabilities is ... do nothing.

Schneier on Security: Reacting to Security Vulnerabilities
The answer for this particular vulnerability, as for pretty much any other vulnerability you read about, is the same: do nothing. That's right, nothing. Don't panic. Don't change your behavior. Ignore the problem, and let the vendors figure it out.

...

It's much smarter to have a reasonable set of default security practices and continue doing them. This includes:



1. Install an antivirus program if you run Windows, and configure it
to update daily. It doesn't matter which one you use; they're all about
the same. ... Apple Mac and Linux users
can ignore this, as virus writers target the operating system with the
largest market share.



2. Configure your OS and network router properly. Microsoft's
operating systems come with a lot of security enabled by default; this
is good. But have someone who knows what they're doing check the
configuration of your router, too.



3. Turn on automatic software updates. This is the mechanism by
which your software patches itself in the background, without you
having to do anything. Make sure it's turned on for your computer, OS,
security software, and any applications that have the option. Yes, you
have to do it for everything, as they often have separate mechanisms.



4. Show common sense regarding the Internet. This might be the
hardest thing, and the most important. Know when an email is real, and
when you shouldn't click on the link. Know when a website is
suspicious. Know when something is amiss.



5. Perform regular backups. This is vital. If you're infected with
something, you may have to reinstall your operating system and
applications. Good backups ensure you don't lose your data – documents,
photographs, music – if that becomes necessary.



That's basically it. I could give a longer list of safe computing practices, but this short one is likely to keep you safe. After that, trust the vendors.

No comments: