|
'''Defensive Computingcomputing''' is a form of practice for computer users to help reduce the risk of computing problems, by avoiding dangerous computing practices. The primary goal of this method of computing is to be able to anticipate and prepare for potentially problematic situations prior to their occurrence, despite any adverse conditions of a computer system or any mistakes made by other users. This can be achieved through adherence to a variety of general guidelines, as well as the practice of specific computing techniques.
Strategies for defensive computing could be divided into two categories, [[network security]] and the [[backup]] and restoration of data.
== Network Securitysecurity == ▼Defensive computing is about taking steps when things are running well, to avoid or minimize problems down the road. In short, it's about being smart and planning ahead. <ref name="one">[http://att.com.com/8301-13554_3-9740197-33.html http://att.com.com/8301-13554_3-9740197-33.html], Introducing the defensive computing blog </ref> Strategies for defensive computing could be divided into two categories: [[Network security]] being the first one, and [[backup]], recovery procedures and file protection as the second.
Users put their computers at risk when accessing the [[Internet]] and other [[ Computer network|networks]]. The use of either of these allows others to gain access to a user's system and important information. By implementing certain strategies, defensive users aim to reduce the risk associated with network access. ▼
▲Users put their computers at risk when accessing the [[Internet]] and other [[networks]]. The use of either of these allows others to gain access to a user's system and important information. By implementing certain strategies, defensive users aim to reduce the risk associated with network access.
=== Firewall ===
A [[Firewall (computing)|firewall]] is a collection of security measures that protects a computer from harmful inbound and outbound traffic on the Internet and prevents the unauthorized access of computer systems. <ref name="twoone">[http://www.cs.unm.edu/~treport/tr/02-12/firewall.pdf http://www.cs.unm.edu/~treport/tr/02-12/firewall.pdf], A History and Survey of Network Firewalls</ref> These security measures are integrated into the form of special software that runs autonomously either on individual computer systems, or externally through built in software within [[Router (computing)|routers]] and [[]modems]].
Not all firewall software will protect computers from sending unauthorized or harmful outbound traffic.
An important defensive computing strategy is to seek and implement quality firewall software that filters both inbound and outbound traffic. <ref name="threetwo">[http://news.cnet.com/8301-13554_3-9923976-33.html http://news.cnet.com/8301-13554_3-9923976-33.html], The Pillars of Defensive Computing</ref>
=== Anti-Malwaremalware software ===
A basic strategy for all defensive computer users is to install and use anti-[[malware]] software.
Firewalls may not completely protect a computer. Malicious software may be able to get through a firewall and onto a system. Anti-Malware such as anti-virus, anti-phishing and email filtering software offer some protection against harmful software that reside within a computer. The amount of malicious software available over the Internet is steadily increasing. <ref name="fourthree">[http://www.washingtonpost.com/wp{{Cite news |last=Krebs |first=Brian |date=2008-dyn/content/article/2008/03/-19/AR2008031901439.html |title=Anti-Virus Firms Scrambling to Keep Up |language=en-US |url=http://www.washingtonpost.com/wp-dyn/content/article/2008/03/19/AR2008031901439.html], Antivirus|access-date=2023-04-26 Firms Scramblinb to Keep Up|issn=0190-8286}}</ref> It is important for defensive users to use to anti-malware that is both effective and easily updated in order to combat new strains of malicious software that are developed.<ref name="two">[http://news.cnet.com/8301-13554_3-9923976-33.html http://news.cnet.com/8301-13554_3-9923976-33.html], The Pillars of Defensive Computing</ref>
The other side of anti malware is that it contains serious vulnerabilities itself.<ref name="eight">{{Cite web |last=Taviso |date=2016-06-28 |title=Project Zero: How to Compromise the Enterprise Endpoint |url=https://googleprojectzero.blogspot.com/2016/06/how-to-compromise-enterprise-endpoint.html |access-date=2023-04-26 |website=Project Zero}}</ref> A malware could use vulnerabilities of anti-malware to launch malicious code.
An important aspect of defensive computing is for users to be skeptical of the data to which they have access via the Internet.<ref name="two">[http://news.cnet.com/8301-13554_3-9923976-33.html http://news.cnet.com/8301-13554_3-9923976-33.html], The Pillars of Defensive Computing</ref> Malicious software can exist in a multitude of different forms and many are misleading to general computer users and even some anti-malware software. Defensive users think critically about the information they can access, to reduce their chances of downloading and spreading malicious software. Strategies include scanning email attachments prior to opening them and manually filtering suspicious emails from inboxes. Users should be aware of persuasive subject lines and headings in emails from any address, as they may actually contain malicious software or spam, which can mislead users into false advertisement resulting in identity theft.<ref name="two">[http://news.cnet.com/8301-13554_3-9923976-33.html http://news.cnet.com/8301-13554_3-9923976-33.html], The Pillars of Defensive Computing</ref> ▼Defensive users can scan files they download prior to opening them and can also configure their computers to show file extensions, revealing potentially dangerous files that appear harmless[7]. Skepticism can also be applied to the websites visited by users. As with emails, users can be lead to false advertisements. Also, malicious software can unknowingly be downloaded and infect a computer, just by visiting a certain website. ▼
Anti-malware works by scanning files a network connections for known signatures. Those signatures can never be up to date. To be able to scan network connections, encryptions (SSL/TLS) need to be bypassed or even broken by anti-malware software. When monitoring emails anti-malware opens all attachments for analysis, a bug in this scanner can be used as a starting point for malware. Attackers just need to send malware to a mailbox that is scanned automatically.
=== Emails ===
Users should be extremely careful when opening email attachments. It is a very good habit to only open attachments after scanning them first with an up-to-date antivirus program. When the user receives an image file, he/she shouldn’t double-click on the attachment. The image viewing application should be opened first and then the image should be opened from within the viewing program. <ref name="eight">[http://www.melbpc.org.au/pcupdate/2206/2206article6.htm http://www.melbpc.org.au/pcupdate/2206/2206article6.htm], How To Protect Yourself From Virus Infection </ref>
It is questionable if malware scanners are even useful at all. Ex Mozilla developer Rober O'Callahan writes in his blog that anti malware software should be disabled (except windows defender)<ref name="nine">{{Cite web |last=Robert |title=Disable Your Antivirus Software (Except Microsoft's) |url=https://robert.ocallahan.org/2017/01/disable-your-antivirus-software-except.html |access-date=2023-04-26}}
Also one should beware of persuasive messages with headings that are out of the ordinary, or invitations that promise rewards or excitement. Most of them could be spam, misleading the user into false advertisement that could reach his/her private information.
</ref>
The important lesson is to always be skeptical about e-mail messages, and to not judge them based on the sender’s address. It is very easy to forge the sender’s address in an e-mail message. <ref name="three">[http://news.cnet.com/8301-13554_3-9763538-33.html http://news.cnet.com/8301-13554_3-9763538-33.html], A new e-mail scam </ref>
▲ An important aspect of defensive computing is for users to be skeptical of the data to which they have access via the Internet.<ref name=" twofour">[http:// newswww. cnetmelbpc. comorg.au/ 8301-13554_3-9923976-33pcupdate/2206/2206article6. htmlhtm http:// newswww.melbpc.org.au/pcupdate/2206/2206article6.htm] {{webarchive|url=https://web. cnetarchive. comorg/ 8301web/20060724025722/http://www.melbpc.org.au/pcupdate/2206/2206article6.htm |date=2006- 13554_307- 9923976-33.html]24 }}, TheHow PillarsTo ofProtect DefensiveYourself From Virus ComputingInfection</ref> Malicious software can exist in a multitude of different forms and many are misleading to general computer users and even some anti-malware software. Defensive users think critically about the information they can access, to reduce their chances of downloading and spreading malicious software. Strategies include scanning [[email attachments ]] prior to opening them and manually filtering suspicious emails from inboxes. Users should be aware of persuasive subject lines and headings in emails from any address, as they may actually contain malicious software or spam, which can mislead users into false advertisement resulting in [[identity theft ]].<ref name="two" >[http:/ /news.cnet.com/8301-13554_3-9923976-33.html http://news.cnet.com/8301-13554_3-9923976-33.html], The Pillars of Defensive Computing</ref>
Defensive users can scan files they download prior to opening them and can also configure their computers to show [[file extensions]], revealing potentially dangerous files that appear harmless.<ref name="four"/>
▲Defensive users can scan files they download prior to opening them and can also configure their computers to show file extensions, revealing potentially dangerous files that appear harmless[7]. Skepticism can also be applied to the websites visited by users. As with emails, users can be leadled to false advertisements. Also, malicious software can unknowingly be downloaded and infect a computer, just by visiting a certain website.
== Backup and Recoveryrecovery Proceduresprocedures == ▼Check [http://michaelhorowitz.com/bademails.html this link] for examples of unsafe emails.
Despite the efforts of a defensive computer user, the loss of important data can occur due to malware, power outages, equipment failure and general misuse. Although the loss of data cannot be completely prevented, defensive users can take steps to minimize the amount of data lost and restore systems to their previous state.
=== DownloadingBackup of files ===
A defensive strategy against unintentional data loss is the regular backup of important files. Users can make multiple copies of important data and store them either on the same computer or on another device such as a compact disc or an external hard drive.<ref name="five">[http://www.microsoft.com/protect/yourself/data/what.mspx http://www.microsoft.com/protect/yourself/data/what.mspx], How to Decide what Data to Back Up</ref> Users can also upload important files to the Internet, provided they have access to Internet storage services.
Users should be careful when [[downloading]] and opening files. Once again it is a very good idea to scan them with an up-to-date [[antivirus]] program before opening them. Users should configure their computers to always show [[file extensions]], in this way not letting dangerous files (EXE, VBS, BAT) appear as harmless (JPG, TXT, DOC). <ref name="two" />
=== Instant MessagingRestoration ===
Some operating systems give users the option of performing a procedure that restores a computer to a predetermined state. If no option is available, a user can obtain the appropriate restoration software for their system. In the event of a system failure or a serious case of data loss, a user can restore any lost or changed files and remove any malicious files that did not previously exist.<ref name="five"/>
On the Internet, a person’s identity is completely concealed. This anonymity comes into play even when users are [[instant messaging]] with somebody they know. All the responses from a friend’s computer may not actually be coming from the user’s friend. Some may be inserted by [[malicious software]] running on that person’s computer. <ref name="four">[http://news.cnet.com/8301-13554_3-10047186-33.html http://news.cnet.com/8301-13554_3-10047186-33.html], Defending instant messaging </ref>
== Good practices for protecting data ==
If a [[computer virus|virus]] infects a user’s friend’s computer’s instant messaging program, then it can insert anything into the chat windows and it will look like the message is coming from the user’s friend. Furthermore, it can provide a link for the user to click on that may lead to malicious software. <ref name="five">[http://www.eset.com/threat-center/blog/?p=148 http://www.eset.com/threat-center/blog/?p=148], It Doesn’t Hurt to Ask </ref>
▲== Backup and Recovery Procedures ==
In order to prevent data loss, it is a good idea to always back up one’s files.
There are many ways users can unintentionally lose information on a computer. Some examples include a child playing the keyboard like a piano, a power surge, lightning, floods, and equipment failure. <ref name="six">[http://www.microsoft.com/protect/yourself/data/what.mspx http://www.microsoft.com/protect/yourself/data/what.mspx], How to decide what data to back up </ref>
If a user regularly makes backup copies of their files and keeps them in a safe place, they can get some, if not all, of their information back in the event of something happening to the originals. <ref name="six" />
Users should back up files containing personal information such as banking records. They should also backup music, photos, personal projects, calendars and contact lists.
At some point, the computer the user is using will eventually [[computer crash|crash]] and the user will lose some files and data. Most of the times crashes are inevitable, but users can minimize the loss in different ways. Using [[System Restore]] is an option, but there are also other alternatives users can use.
If users have all of their personal information and files backed up, it will be very easy to restore their computers to the way they were before, which in turn would make the data loss minimal.
== Good Practices for Protecting One's Data ==
* Regularly backup important files, documents and emails.
* Do not use the administrator account for day-to-day activities.
* Keep antivirus and [[antispyware]] up-to-date with latest versions.
* Use different passwords
* Disable auto run feature from USB [[flash drives]]. Some viruses, specially [[computer worm|worms]], spread automatically through USB flash drives <ref name="seven">[http://news.cnet.com/8301-13554_3-10027754-33.html http://news.cnet.com/8301-13554_3-10027754-33.html], Be safer than NASA: Disable autorun </ref>
* Always connect to the Internet behind a firewall
* When in doubt, throw it out
<references/>
== See also ==
* [[End-user computing]]
* [[Network security]]
* [[computerComputer worm]]
* [[computerComputer security]]
* [[Defense strategy (computing)]]
==External links==
*[https://web.archive.org/web/20091221035542/http://blogs.computerworld.com/15280/defensive_computing_priorities Defensive computing priorities ] by Michael Horowitz December 2009
{{malware}}
[[Category:Security exploits|Insecurity]]
[[Category:Computer security]]
{{comp-sci-stub}}
[[Category:Backup]]
| 