Mountain View Computer Users Group

Over the past few years, we have all seen an increase in online crime, spam, phishing, pharming, stolen identities, social engineering, bad advertising, rumors, zombies, viruses (virii), trojan horses, worms, and other malware. All of it pretty much intended to separate you from your hard-earned dollar.

In response, over that same period, I've seen a lot of wailing and gnashing of teeth by the public at large, their representatives, commercial security agencies, and perhaps the loudest of all, the inadequately trained media. Reading between the lines, I see an increasing number of people who truly feel that they cannot win, they can't break even, and they can't even get out of the game - that is, if they can even identify the game in which they are playing.

On the other hand, I've seen an ever increasing amount of FUD, that is, Fear, Uncertainty, and Doubt, being spread by the media and security companies in order to grab your attention and encourage you to buy their products. So that is at the bottom of everyone's plan: Money, gelt, the old vig, that which really makes the world run, and so on. They want your US$29.95, US$495.00, or some price in between.

Yet, very rarely do we, you and I, see anyone give the general public the absolute first step to gaining back your feelings of security and of having the power to actually do something. Instead, everyone says, "Buy my product, and your problems will be over. No guarantees, of course, so you'll have to buy the next version of my latest and greatest product in order to be safe when this version dies on you. No money back. It's your fault if this product's protective influence runs out. Buy my next product to be secure."

The MVCUG President, John Buono, and I have our disagreements about personal security or Information Assurance, as it is now optimistcally called. We generally disagree at a pretty high technical level, and I'm not writing this article just to respond to some of his (valid - shhh!) points; I'm writing this for our member who just bought his first computer, and his long-suffering wife who will have to do the real care and feeding of the new toy in the house. I do know that John agrees with me about the importance of you taking this first step, and what it means to your ability to go out there and battle dragons on your own.

Continuing the build-up: Do you remember those two nerds from high school? You know, those two kids, one of whom was the school nerd who got stuffed into his locker at least once a week? Who had to do everyone's homework? Or the other guy who had the same prescription glasses and really ugly frames? But never stooped to doing everyone's bidding? What was the difference between the two? Hint: It is the same thing that will help you on your way to a more secure computing experience.

Attitude.

That's right: The first step on your way to being secure is having the attitude that you aren't going to be a victim any more. It is a simple decision: You aren't going to be polite or nice to those machines who send you email, aka spam. You aren't going to help out a stranger (for example, Mrs. Kvambe from Nigeria or Saudi Arabia or wherever), no matter how beguiling her story sounds. You are going to stand up and take charge of your computer, and not let anyone make a fool out of you. Well, that last version of attitude may be a bit powerful for a first step, but that level of conviction will come as you gain confidence that you can control your computer.

Well, that's wonderful: You stood up from your computer chair and shouted to the world (or more likely, the room at large) that you weren't going to take it anymore. Your wife looked up from her magazine and said "That's nice, dear. Now sit down." Try not to break the chair on your way down from the dizzying heights of that conviction.

OK, so you are starting to take that first step. But what follows it? What is the next step? What is the forty-leventh step after that first one? Actually, they are all the same: Knowledge. More knowledge - but with a bite this time.

You do have access to the largest repository of information in the history of the world, and while not all of it is free, you can dive in almost anywhere and get a good start. That's the good news. As always, that good news is counter-balanced by the bad news: There is a lot of information out there; some of it is good, and some of it is bad. You have to determine which is which.

You should actually start out by looking at a lot of the pages you may already have, or start at Google and look for security information. If you have somewhat of a technical background, you may want to start at the U.S. National Institute of Standards and Technology (NIST) Computer Security Division (CSD) Computer Security Resource Center (CSRC). Take a quick tour of their Web site; there is a lot of fascinating information up there, and it is all yours for the taking. Yes, Virginia, your tax dollars do work some of the time.

If you aren't into that technical stuff, I have some pretty bleak news for you. You are going to have to get up to some kind of speed - no, you won't have to learn how to program your computer, or chase electrons all over the computer, but you are going to need to know more than just how to read your email or play solitaire on your PC. You may want to take your computer (after calling to make sure they do this kind of work!) to one of the computer maintenance shops in town and ask them to help you secure your box - and what you should do to keep up with the Jones in protecting your stuff - important information such as your bank, credit, and mortgage account numbers. If you are really hard up, you can come to a User Group meeting, talk with some knowledgeable people, and learn even more about how to protect your computer.

The bottom line in all this discussion is that you have to take the first step, and like an infant taking its first step, you may stumble, but you have to follow with a second step, a third step, and then a good walk. As the old song says, if you fall, just pick yourself up, dust yourself off, and start all over again. The only real failure is not trying to take that first step.

And lest you believe that those around you have all this knowledge and experience and didn't "suffer those slings and arrows of outrageous fortune", let me be the first to disabuse you of that notion. You should hear the number of times John or I have had to say "oops!" - but we are still in there pitching and swinging at wild throws.

So why don't you join us?

- 30 -