Tags:

Help Me Convince My Mother-In-Law Her Files are Secure and Give Her XP Security Basics?
November 20, 2004 5:15 PM   Subscribe

WindowsXPSecurityFilter: How do I help my mother-in-law?

My Mother In Law has a laptop. She keeps confidential business records on it. She has windows XP, and has been reading up on all the latest security vulnerabilities and is very concerned that her business records are at risk for being copied, and more generally concerned that her operating system isn't secure.

She's running XP home edition (not sure if it's SP2). She's got a dial up ISP, and a wifi card (although no wifi ISP or connect networks I believe). She's running Macaffee's firewall (at the very least).

I can tell her what I think about how to secure her system (run a fire wall, disable wifi card, only use dialup), but the real problem is that she doesn't trust the operating system so she's cruising around the system looking for vulnerabilities such as 'International Agents' (some files she found on the system I think), the 'prefetch' directory (not sure why she considers this a threat), and trying to shutdown the RPC service.

Two basic questions:
A) is there something I can give her that will give her a high level of assurance that even IF a file were copied off her computer it would be of no value. Basically -- can I set up an encrypted store for her sensitive docs that's easy for her to use?
B) Given that I won't be able to assuage her concerns about the O/S in general, what information could I direct her to that would help her get a firm understanding of the O/S, the actual security threats that exist, and how to protect against them?
posted by daver to computers & internet (11 answers total)
 
There's lots and lots of encryption utilities here. There is an article on that page about Windows EFS, which is apparently a built-in encryption in Windows, plus lots of add-on encryption programs. EFS is built in (having just looked at the site) and easy to use. You may want to check out how robust it is, or look at the other solutions there.
posted by Dipsomaniac at 5:42 PM on November 20, 2004


Well, it seems XP Home doesn't support EFS. There's lots else to look at, though.
posted by Dipsomaniac at 5:43 PM on November 20, 2004


She should disable the Messenger service and File and print sharing. She should have a long 14+ characters or so password with mixed case and/or numbers and letters, i.e. gol03den29rod76. There have been threads on how to pick and remember secure passwords. There should be a new account with a longish name, i.e., SWMB19876 and a secure password and administrator rights, and the administrator account should be disabled.

If she doesn't use Wifi regularly, she should disable the card, and only enable it as needed. She should only be online when she needs to be. Confidential data should be stored on cds in the office, and another set in another location, and only the currently needed data should be on the laptop. Many people worry about security but leave the Administrator account with password as the password.

And she should be backing it up. The most likely scenario is that the laptop gets stolen while she's inside the gas station paying for gas, or some other momentary lapse of attention. The loss of the data, even if the thief doesn't want it, could be devastating.
posted by theora55 at 6:11 PM on November 20, 2004


A) Yeah, there's tons of encryption utilities. If they help her sleep at night, cool, but I've always thought they were a pain.
B) She needs to do a few things. First, update her computer regularly. That protects her against 99.99999999% of possible vulnerabilities, including any possible RPC problem. Second, run AdAware fairly regularly. Once a week will do. Third, stop using Internet Explorer and Outlook and switch to Mozilla. Fourth, stop believing everything she reads. ;)

If she's *really* worried about someone reading her sensitive files, she should keep them on a USB keychain device and back them up regularly to another device. She can work off of the keychain device and then just disconnect when she doesn't need to be using it, and she can use the backups in case her keychain device ever gets busted. Even encryption isn't foolproof and can get cracked; it's pretty hard to access something that's not even on the computer. Especially when her computer's hardly ever on the internet (dialup).

Feel free to print this out and give it to her or direct her here; you're welcome to quote me directly. Half of consumer-grade secuirty stuff is snake oil. It's useless. Garbage. Meant to give a false sense of security. I count most consumer firewalls and consumer antivirus protection in this realm; if you don't open email attachments and don't use internet explorer, it's unlikely that your antivirus software will update fast enough to catch a first-day virus, which is when they're dangerous. I haven't run with virus protection in about ten years, and I have not been virused. The most simple precautions are the best.

As far as people maliciously cracking her computer ... a) she's on a dialup network and is only connected sometimes, and never with the same internet address due to the nature of dialup. Why would a hacker bother with finding her? b) It would be highly unlikely that her business documents would be worth something to someone else. c) there's MANY easier targets, including people running unupdated copies of windows 98 while connected directly to cable modems, etc. These are the type of systems that are useful to crackers and are likely to be taken over. Hers? Never useful.
posted by SpecialK at 6:18 PM on November 20, 2004


Ack, sorry, that second-to-last paragraph was confusing.

If you don't use internet explorer or outlook and don't open email attachments, it's unlikely that you'll get exposed to a virus. On the other hand, if you do get exposed to a virus, it's unlikely that your antivirus software has updated it as most people are most vulnerable right when a virus has been released into the wild, which is when they're at their most dangerous.
posted by SpecialK at 6:25 PM on November 20, 2004


One of the nice things about the PGP suite is that you can encrypt a whole partition. The free version wont do this and do not even try to install the preWindowsXP versions as you will hose the system.

So if a hacker does get read/write access to her docs all he can pull are encrypted documents. This is easier than encrypting every file individually.

Been a while since I used pgpdisk, but I'm pretty sure this is how it works.

So you would make partition E: or something, and move her docs there.
posted by skallas at 6:46 PM on November 20, 2004


Also, if you want to save money you can download the newest version of Winzip and have her put her files in a .zip container. Have one zip file for work, porn, overthrowing the government, etc instead of normal windows folders.

Winzip now supports 256 (?) bit AES which is pretty damn strong. Not sure how well the implementation is but its super easy to use and most people are familiar with the zip concept.
posted by skallas at 6:56 PM on November 20, 2004


Apparently (after speaking with her again) I have a 3rd question as well.

How do I quantify the security vulnerabilities or threats of one operating system vs. another. Her basic concern seems to be that XP is insecure, that Home Edition is *more* secure than Pro, and that both are less secure than 'linux'. I realize these are moving targets, but is there any way to explain this kind of stuff without iterating through threats virus by virus?
posted by daver at 6:58 PM on November 20, 2004


There are published vulnerability histories out there. I believe OpenBSD is the most secure by this standard.

If shes going to move to UNIX, might as well go with BSD. Linux is less secure than the fanboys would have you believe.
posted by skallas at 7:54 PM on November 20, 2004


If you're worried about security, you should make sure that she installs all the patches that MS releases (not installing them is a major source of insecurity in Windows,) and that she works while logged in under a power user account as opposed to an admin account (this will prevent virii from running if they need to be installed first. Power users can't install.)

Beyond this, you should find a good pop-up blocker and a utility that will clean out the spyware that said pop-up ads have already installed. You might talk to her about switching to a non-MS browser. This will only help her in the long run.

I think all the previous advice is good, but it seems unlikely that switching to any Unix OS is going to really qualify as a solution for her. If it was, I'd say get a Mac and call it a day, but that's my bias.
posted by glyphlet at 8:17 PM on November 20, 2004


OpenBSD is the most secure, yes, but Linux isn't that bad. OpenBSD is really only the most secure until you install stuff on it (that rule generally holds for any other OS too). In this situation I would find it to be very counterproductive to switch off Windows, mainly due to the user's experience level. The advice here is good - you may also want to consult a guide to the XP services to see what's really needed and give her a list of things to turn off and tell her not to muck with it too much after that. Combined with the other advice here (esp. wrt using Mozilla products and AV - fwiw, AVG is a pretty good free AV program) she should be good. If you tell her that with these services off most of the threats she sees should be irrelevant to her, she might be a bit more comfortable with the machine. It's great in and of itself that she's actually thinking of security - most users don't.

If she moves to a high-speed connection at home, I would furthermore consider building a router for her based on OpenBSD. It costs more (either in construction costs or in electricity use) but it'd be very secure. Wouldn't waste the time on dialup, though.
posted by mrg at 9:51 AM on November 21, 2004


« Older NYCFilter: What is the best pl...   |  StuffingFilter: When it comes ... Newer »
This thread is closed to new comments.