I read an article and decided to post about it since it is related to Internet security, cyberlaws, and cybercrimes — topics I have recently considered to blog about. The article talks about Internet defamation and libel which are common occurrences in the Internet nowadays. This is probably because those who are not familiar with how the Internet works think that the anonymity afforded by the Web is sufficient to shield them from any liability arising from cyber bullying, libel or defamation. Unfortunately, hiding under a screen name does not afford you the protection you thought you had—specially if you use that anonymity to defame someone who decides not to let it pass.

Even for hackers, the most difficult part of compromising the security of a system is NOT the breaking in part but the covering-your-tracks part. Why? Because anonymity is nothing but a false sense of security. If the hacker decides not to cover his tracks thinking that it is unnecessary as he is already anonymous anyway, then it won’t be long before he hears the Feds knocking on his door with a warrant to serve for his arrest.

In a post I just came across, Andrew Kameka said that if you are to defame someone on the Internet, be sure to have a team of expensive cyber-lawyers and a couple million dollars or so. You might also need a lot of paperbacks just in case you are given some years after the gavel falls instead of simply being asked for some loose change. (A few million of them)

Rosemary Port learned that the hard way. She thought that lambasting Liskula Cohen and calling her names on her blog without revealing her real identity is safe. She thought wrong. A US court forced her blog host, Google, to reveal her identity. The next thing she knew, she’s already a star. If big G could be asked to cooperate, any other blog host would also be as cooperative as not one of them has a choice on the matter.

If you are reading this and you happen to be a blogger, always be mindful of the dangers of Internet or online defamation and libel. It could land you in places you don’t want to be.

I’ve already talked why it is desirable to install security software first. Now, let us talk of what types of security software to install. Actually, there are a bunch of them. There are keyloggers, password crackers, (yes, you need those to determine the strength of your own) port scanners, IDS, (with weird names like SATAN and SAINT. lol) and more. But don’t fret. Those security software are not essential for most users. I’ll try to discuss them in a future post on Network Security Software. Here, let’s focus on the essential security software that you really need to install on your PC.

Antivirus Software

Prior to the Web—or before it became mainstream, at least—there is only one essential security software to install for the average home user; and that is the antivirus software. During those times, I’m not even sure if the term security software was already used because there is only one anyway. (vis-à-vis an average user) An antivirus software scans and removes computer viruses, worms, and trojan programs. A good antivirus software should prevent the infection in the first place. They detect these viruses either by signature or by behavior. Antivirus software can also be real-time or scan-based.

An antivirus software using signature-based detection checks the files in your computer and compares it to a database of known virus signatures. If there is a match, the antivirus software reports the file as a virus. This means that your virus signature database must be up to date. Otherwise, a new virus won’t be detected by your antivirus software as its signature is not yet in the antivirus software’s database. There will be misses in this system and its magnitude is proportionate to the age of your virus signature database.

If your antivirus software uses behavior-based detection, it observes the behavior of programs in your system. If it acts like a virus, the antivirus software flags it as so. Needless to say, there will be a lot of false positives with this system. The fun thing is that most antivirus software will be reported as a virus by other antivirus software using behavior based detection. The reason is that most of the functions of an antivirus software like reading all files in a directory, locking it, taking charge of main memory, etc., are very virus-like.

Most modern antivirus software, however, uses a combination of the two. Some call their behavior-based detection system as heuristics. What’s confusing is that other antivirus software use the term heuristics as an advanced form of signature-based detection. But let’s not bother you with that, shall we? Normally, they go through signature detection first so as not to waste time doing heuristics when the file’s signature is, in fact, already in the virus signature database.

As mentioned earlier, an antivirus software can either be real-time or scan-based. A scan-based antivirus software will only run if told to do so via right clicking a file to be scanned or by selecting it in the Programs menu. A real-time antivirus software, on the other hand, will load itself into memory as soon as your operating system starts and oversees all running processes.

You need one and only one antivirus software with real-time protection. If you install two or more, you will not be increasing your computer’s security. In fact, you will weaken it. That is because both antivirus software will be trying to kick and lock each other out. That’s just how they work. You can, however, install another scan-based antivirus software. There would be no conflict in that setup. You’ll end up with a real-time antivirus software and two scan-based antivirus software. (the real-time antivirus software almost always includes a scan-based antivirus software)

Spyware Software

When the Internet escaped from the educational institutions and military facilities and entered into the household, things got a little bit more complicated. People started to connect and viruses, worms, and trojans began spreading at a faster rate compared to the previous age of sneaker net. E-commerce emerged and credit card transactions followed. Then came a new breed of malware called spyware. These sneaky little pests are similar to viruses except that they mainly gather data instead of harming your computer.

Security software companies created spyware software to combat this specific threat. A lot of money is lost due to spyware and spyware software aims to prevent this. Spyware software operates similarly to an antivirus software. There are also real-time spyware software and scan-based spyware software. Since spyware hide in a lot of places, spyware software works double time in tracking them. A common place where spyware software hunts for spyware is in browser helper objects. Some antivirus software already include spyware software.

But even if spyware software is installed in your computer, you should still be very careful with what sites you visit. Spyware software is not yet as mature as antivirus software and new spyware pop up all the time. In addition, it seems to be easier to get infected by spyware than by a virus. Merely viewing a site can get you infected when you need to download and install something first unless it is just Flash or Silverlight. (Be wary of message like: click here to view this site.)

In addition to spyware software, you can also protect yourself by disabling scripting in your browser. (ActiveX, VBScript, or JavaScript) But you will also loose some website functionality if you do so. It’s a personal call and greatly depends on what sites you frequently visit. Me, I don’t disable it.

Firewall Software

The third security software that you’ve got to have is a firewall software. If your computer were a house it is one with a lot of doors. These doors are called ports and firewall software acts as the guard. There are 1,023 common ports or doors to your computer. Depending on installed software like messaging, chat and games, it could, however, go as high as 65,000! Not all of those will be open but a lot of them could be. And you have to know which. If you don’t guard your ports, hackers can easily enter your system while whistling a tune. Could you sleep at night if even one of your 65,000 doors are unlocked or open? How about a hundred? There is a reason why Microsoft included a built-in firewall software with their operating system.

Firewall software allows you to monitor your ports, specify which ports are opened, specify which program can access which ports and which protocol can be used by what program in which port. The best firewall software will allow you a very fine grained control over the above variables. Windows has a built-in firewall software but it only allows limited configuration. For ordinary purposes, though, I think this built-in firewall software is enough. Your question is probably which port should you open and which should be closed. Ideally, all unnecessary ports should be closed in you firewall software. And what is necessary would depend on what software you have in your machine. Windows default firewall setting is a nice place to start.

Note that firewall software screens incoming and outgoing data transmissions. This means that a firewall software can augment your spyware program. Aside from making sure that hackers cannot enter your system from the outside through open ports, it also prevents unauthorized outbound communications. As I said, spyware is meant to spy and gather data like account information, browsing or purchasing history, and data for determining demographics. It has to send this data some time. When it does, your firewall software can flag it and prevent the connection. So, even if a spyware managed to pass through your spyware software undetected, it can hopefully be caught by your firewall software.

There are a lot of things I want to write about these topics. I am even considering separate blogs for each of the topics above. They are so deep and change so fast. What I am able to provide here is just a bird’s eye view of sorts. I’ll try to probe deeper in succeeding posts. Or maybe, I’ll just write a book. ;) (kidding)

I mentioned in a previous post how the word hacker had been inaccurately used to refer to a cracker who breaks into and compromises the security of computers and networks for personal gain or for the simple thrill of it. This confusion was started by the popular media. Given its influence and extensive reach, it’s too late to be able to do anything about that now. And while I defiantly resisted to go with the flow in the past, there are substantial reasons to give in finally.

One of the things I hope to do with this blog is to inform people about computer security, network risks, privacy, etc. With that, hopefully, they will have a better awareness of the dangers lurking in the unsavory regions of the Internet and hence, have better chances of survival. :) People do not often hesitate to visit a questionable site if they do not know, for example, that the site has the capability of storing some personal information including their browsing history and preference for a particular (ehem) cup size.

But before I could even think of informing, I need to reach out to them first. And I cannot do that if I use the correct term cracker instead of hacker because they mostly use the latter in their search queries. So, I finally decided to use the term hacker even when referring to crackers regardless of my feeling on the matter. Something’s gotta give and between me and the million, it’s not gonna be the million.

So, what do you think is the lesson in all this? For me, if enough people call a duck a dog, then that’s what it’ll be called. To the duck, all I could say is that it has my sympathy but that it should start learning how to bark. Now, imagine if enough people call you a Jedi Master… But you know I’m kidding, right? Seriously, there really are times when it’s sensible to give up even _ for a greater good.