Browsed by
Month: August 2017

The Most Basic of Basics

The Most Basic of Basics

There are three elements of safer computing:

  • Confidentiality — keeping what must be private, private
  • Integrity — making sure no changes are made without your authorization
  • Availability — making sure you can get to everything you rightly should be able to

Everything I am going to suggest to you in these pages supports at least one of these elements.

There are a lot of things to talk about, and some of them need a pretty detailed discussion. But to begin, I am going to ask you to look at the most basic – even unglamorous – things that are just so important they should never be neglected. So let’s start right out with the most unglamorous one of all, but also the one most effective at helping you recover from the greatest variety of hazards.

Backup

All your important data should be backed up, ideally in two or more different ways. For example, if you copy everything to Google Drive or Dropbox, you should also get an inexpensive removable drive like a Passport or a MyBook and copy everything to that.

Backup is really cheap protection against so many hazards, everything from a ransomware infection to a house fire. Using different locations diversifies your protection. If the MyBook is in the house next to the computer when fire breaks out, it’s not likely to be usable as the backup. On the other hand, if you need to get files back quickly after a mishap like an over-enthusiastic disk cleanup, a MyBook will be five to fifty times as fast as pulling data back down from somewhere on the internet.

Make sure that however your backups run, they don’t require you to remember to do something every time. You can set them to be scheduled for a certain time or choose a backup scheme that runs continuously, monitoring for new or changed files all the time and backing them up in the background. The schedule you choose determines how much data you can expect to lose after a disaster. What this means is, if you suppose you might lose your main disk at any random time, and you have a backup that runs once a week on a schedule, then your data loss from what hasn’t been backed up can be up to seven days’ worth of changes. If that’s tolerable to you, then a weekly schedule may be just fine. But if you cringe at losing even seven hours – never mind seven days – of changes to your data, you should be looking for a backup that runs daily or continuously.

Finally, a bit that too many people forget: testing.  Every so often (I would suggest once a month: set a calendar reminder), you have to test your backup to make sure it does what it says on on the tin.  Pick a file at random from a recent backup, and restore it.  Don’t overwrite the original; choose another location.  You want to be able to confirm that the restored file and the original match.  Besides confirming your backups actually work, it also keeps your hand in on working the restore process.  In an actual emergency where you need to restore critical data, deer-in-the-headlights is not a good look on you.

A wide variety of free and low-cost backup software is available. Check out these superb write-ups from Tech Support Alert, a site that specializes in reviews of freeware. For Windows, browse to http://is.gd/WinBackup and for Mac, http://is.gd/MacBackup

 

Questions?  Send them to questions@safer-computing.com

 

This article originally appeared in the May, 2016 edition of The Empty Closet

Safer Computing

Safer Computing

I call this blog “Safer Computing” because I want to evoke some of the same ideas we think about when we talk about “safer sex.” We know sex with others can’t ever be 100% absolutely safe. So we are being clear-eyed about those risks when we intelligently reduce them until the benefits outweigh the risks.

Computers were originally conceived to be super-calculators. Even the so-called “killer app”, the one that caused the IBM-PC to explode in popularity in the ’80s, was VisiCalc. VisiCcalc was one of the earliest commercially successful spreadsheet applications. But most of those early PCs were also being connected by their owners to modems, and later to LANs at work, DSL and broadband at home. We all quickly discovered that these things were not only super calculators, they were also supercharged communicators. And since communication involves other people, sooner or later there were bound to be problems with some trying to victimize others. Not to mention the potentially disastrous results of honest mistakes.

On this blog, I will discuss various security and safety issues involving computers, tablets, smartphones and connected devices. The things we do with computers are really not new or complicated. Buy a book. Read the news. Pay our bills. Catch up with friends. If I can explain these things as we do them digitally so they are as easy to understand as going to a bookstore or opening a newspaper, I will consider my mission accomplished.

Technologists are quite proud of the new and efficient and somewhat complex ways they’ve worked out to do these otherwise simple things. They want you to appreciate the engineering marvels they have wrought. So they can sometimes back up a dump truck full of technical terms, and make up a few new ones, and bury any plain meaning there might have been. The way to make my points about using computers, smart devices and the Internet more safely will be to DE-mystify the concepts. You will not find a lot of technical jargon here, and on the rare occasions you do, there will be a plain-English definition. If using your computer and the Internet to pay your bills electronically can be as easy-to-understand as writing checks and sealing them in envelopes, we’re all going to have a good time.

And one more thing: I want this to be interactive. I want to make sure that I deal with topics of concern to you. Therefore, I have opened an email inbox for you to send me your questions. Please, send your questions to questions@safer-computing.com and I will answer all that I can, here.

Horse Battery Staple is Correct After All

Horse Battery Staple is Correct After All

The password advice we all hate – upper and lower case, numerals and punctuation, change it frequently – is wrong.  We knew this in our guts, but now Bill Burr, the original author of the NIST report that started it all in 2003, has recanted.

So now, we’re back to this.

The Electronic Frontier Foundation has word lists you can use for this.  They recommend dice to safeguard your picks from any system compromise you may have.  If you’re a little less paranoid about it, you can use this Google sheet I have prepared from the SOWPODS.

Finally… DON’T change the pass phrase you make, unless you have a positive reason to believe it’s been compromised.  Changing passwords on a regular schedule makes people tend to use predictable passwords.  And no good can come of that!