Configuring Microsoft products for safety, security and privacy
This page explains why you need to change settings in Windows but
if you just want to know how to do so then visit each of these pages,
starting with the first:
Why change e-mail and browser settings
Internet Viruses and other malware have had increasing media attention
over the past 3-4 years as the cost and disruption that can be wreaked by a
sole juvenile delinquent regularly breaks the billion dollar barrier.
You could contribute!
What has changed for the worse in the past 6 months is that the professional
criminal community have decided that there is a substantial profit to be made
at relatively low risk - a dangerous cocktail for potential victims.
Unlike hackers, criminals are focussed on profit rather than glory or fame -
they prefer to be inconspicuous and rich. This change in perpetrator has
led to a dramatic change in the objectives and behaviour of malware
- software aimed at doing harm.
Trojan horses are the ultimate weapon and goal of most attacks even though
they will use Worms and Viruses to propagate themselves in what is call
a blended threat.
Trojans take control of your PC, install methods for neutralising firewalls
and Anti-Virus and typically then await instructions from their 'master'
- a remote site which it regularly contacts for new malware and scripts
to execute - either funded by blackmail or in their spare time they attempt
to increase the size and capability of their army - your PCs!
Hackers naturally target the weakest link(s): Windows and the bundled
(MS) applications that provide e-mail and Web access - Outlook (Express)
and Internet Explorer.
With a small number of changes to the settings for each of these programs
it allows you to instantly switch from being in the 95% that are at
severe risk to the 5%.
By changing the settings from the MS defaults to those more appropriate
to this century the chances of being inadvertently infected are reduced.
The only consequences that result from restricting the MS products in this
manner are that you need to know the simple ways to grant to those
web sites and e-mail senders that you REALLY TRUST a slightly higher
privilege use of your PC as described in How to trust a web site which is where
you should start to ensure you are happy with the process even though it is
a one-off exercise for each site that you need to promote - most people do
not have more than half a dozen.
Background for the more technical reader - the root(s) of the problem(s)
PC software assumed the 'P' in PC meant 'Personal' as in 'Single User'.
There was no attempt in the early days to have any security at all.
That was because those PCs were not connected and programs were only installed
by the owner ('P'!) of the PC.
('Real' computers (e.g. mainframes) had security systems even back in the '80s
which operated independantly of even the operating system - controlling
access even to those who have physical access to the hardware.
Early Viruses started to spread by 'Floppy disk' where anyone foolish enough
to leave one in a PC at startup would auto-run whatever the diskette chose!
When e-mail became popular this was a breakthrough for the Virus writers as
this was a much faster propagating medium for them to exploit.
This time programs would typically be programs hiding as benign attachments.
When Microsoft introduced a feature called 'Active-X' it was designed
to provide web developers and even e-mail senders with the ability to make
the recipient's experience more interactive and exciting by allowing them
to directly interface with internal parts of Windows
that is the core of the problem!
referred to as a 'Sandbox' - i.e. a play area - Active-X can do virtually
anything that the user's permissions allow - read and write files being the
most obvious and painful examples!
Why is Active-X such a problem when I don't use it?
The problem is that you DO! You actually don't need to click upon
ANYTHING - just load a page that you might have thought was innocent
or worse still click on a link in a Spam e-mail 'out of curiousity!'.
Similarly - if Outlook Express isn't configured securely then it can
perform irreparable damage in the sub-second that an e-mail is in front
of your eyes - even in the preview pane!
By trying to capture the developers of web sites with the prospect of
providing a more exciting web site MS have left open the biggest 'can of worms'
that has ever been created - biggest in many respects!
Just to confirm that this was such a serious mistake - the latest MS version
of Internet Explorer (IE 7) actually has Active-X disabled by default - you
can't get much more of an admission of error and guilt...
I hope that has been useful. Any Comments, suggestions or corrections
to: Contact us please.
This would be especially useful if the software environment you have is
different to mine and the headings, text or prompts are different.