Friday, October 19, 2007

Why isn't your computer secure?

I just came across an article the other day about how to check that your computer is secure. While reading it, it occurred to me that this is a fairly strange situation we've gotten ourselves into. If we buy a car, we have standards to guarantee it's safe to drive. If we buy a refrigerator, it comes with a warranty usually lasting years, and you know it's going to work for at least a decade.

But when we buy a computer, we have to buy additional things to make it complete, to finish the job of "securing" your computer before it's safe to use. This isn't life and death, but it's odd that we accept it as normal.

The very first thing the article mentioned was to install a firewall. If you're connecting to the Internet, this is a crucial thing, and it should be included at the operating system (OS) level. For any modern OS, this appears to be the case. OS X, FreeBSD, Linux and even Windows XP or later include firewalls in their basic OS offering. So far, so good.

Next: the article recommended using anti-virus software. Okay, for many people this seems like a normal thing to do. To many, it's not even a thought. And this is where I diverge with the article: I don't think anti-virus is the right approach to securing your PC at all. Viruses happen because there are vulnerabilities in software. Basically, virus writers take advantage of the fact that software can be accidentally used inappropriately. The count on the fact that the maintainers of the software won't get around to fixing the bugs they find and they don't have an efficient way to patch things up. So we have the bandage solution of using anti-virus software. Outside of the Windows world, free operating systems like Linux-based OSes have come up with ingenious ways to keep systems up-to-date and may not even need anti-virus software at all. Couple this with the proven POSIX security model that separates administrative functions from user functions and viruses are nearly impossible on these systems.

And tagging right along with that idea is what I'll call crapware: all that nasty software that either spies on you, tracks your web surfing habits, puts annoying pop-ups on your screen at regular intervals and generally slows down your computing experience. This should NEVER happen, but it does regularly on Windows-based operating systems. OS X (the Mac OS) and any Unix-like operating system (such as FreeBSD or any Linux-based OS) simply does not allow this to happen. To install software without your knowledge would require breaking into the main distributor's computers and placing the software there, to be mass installed at the next update. But with security measures in place, this just doesn't happen -- breakins are caught and tainted code removed before it has a chance to affect an ordinary user like yourself!

The article also mentions changing your browser security settings -- a uniquely Microsoft approach to web browsing. For Microsoft, the web browser is so closely tied to the OS that web pages actually have access to critical parts of your computer. Again, no other OS has this flaw, and there have been several warnings to not use Microsoft's Internet Explorer because the security model is so bad.

In parting, the article also mentions securing your wireless connection. This is a good idea, but not as critical to protecting your computer as the OS itself. If your OS is secure, the network it connects to is almost irrelevant. Protecting yourself is as easy as making a change: use an operating system designed to protect you. Amazingly, the alternatives are better at this than Microsoft, and getting better every day!

No comments: