THE TRANSLORIAL TOOL KIT: SECURITY
The Tool Kit is an online newsletter that comes to its subscribers’ mailboxes twice a month. In Translorial, we offer a quarterly digest of Jost’s most helpful tips from the past season. BY JOST ZETZSCHE © 2008 INTERNATIONAL WRITERS’ GROUP, COMPILED BY YVES AVÉROUS
Let’s talk about security
I’m basing this article on a chapter in my e-book where you can find much more detailed information, including screenshots and step-by-step instructions about processes.
First, let me make this clear: I am not paranoid about security, and I don’t even use some of the things I’ll be listing. Still, it is helpful to know that they are around and can be used. As translators we would be foolish to completely ignore security concerns. Aside from the fact that we should be concerned about our own private data, we are also dealing with sensitive data belonging to our customers, and that comes with a certain amount of obligation and reputation to uphold.
Essentially we are concerned with two categories: malware and attacks.
Malware – malicious software – is software that was designed to harm or enter into your computer system without your consent (duuuh). These are the most common types of malware:
- Virus – A virus is a program that can copy itself and infect your computer without you knowing about it. These days viruses are typically transmitted through web-based means (e-mail, web pages, instant messaging, etc.), but they can certainly also be contained on a CD or memory stick. Just as in real life, viruses usually require an infected host.
- Worm – Here’s a little application that can spread itself to other computers without requiring a host for the transfer. Once it’s on a computer, it can do a whole lot of things, including turning the computer into a zombie (see below).
- Trojan horses – These are computer programs that disguise themselves as something else while installing malicious software on your computer. Once the program is executed, a backdoor program (see below) can allow unauthorized access to your computer by other parties. Or a keylogger may capture entered data, such as login and password information, account and PIN numbers.
- Spyware is software which in most cases is installed secretly on your computer. Just as the name implies, spyware primarily tries to spy on your habits and then transfers that information to third parties .
- Backdoor – This is a program or a method that bypasses normal authentication and protection and allows remote access to your computer.
- Adware is the least malicious of the lot and is often installed with the users’ consent. In the early days of the Internet, this was a way to support free programs through advertising. Some of the more obnoxious specimens of this kind may also generate pop-up ads.
Let’s move on to attacks, those intrusions to your computer that take place without any malware.
- Phishing is an attempt to acquire sensitive information, e.g., passwords, account information, or SSNs, by pretending to be someone else. You must have received e-mails pretending to come from banks or PayPal that ask you to just reenter your credit card number or your SSN for verification purposes. The way to find out whether these e-mails are real is to hover with your mouse over the URL and see whether the real URL matches the one that is being displayed.
- Drive-by download – Refers to the download installation of a program without you knowing it, when you visit a web site or display an e-mail message. This is one of the places where vulnerabilities in your operating system or your browser come into play, so it’s a good idea to have the latest round of patches.
- Denial-of-Service (DoS) – This term sounds militaristic for a reason. A DoS attack is a well-planned and executed effort to cripple a computer resource such as an Internet site or a service. Typically, DoS attacks attempt to consume the resources of a targeted computer so that it can no longer provide its services to communicate with its users. It usually achieves this by using a lot of zombie computers.
- Man-in-the-Middle (MITM) – A man-in-the-middle attack allows the attacker to read, insert, and modify messages between two parties without either party knowing that the link between them has been compromised.
Let’s start with the most basic protection: the router. The router is a little magic box that sits between you and the Internet, preventing any incoming traffic to your computer unless you have specifically requested it. An additional benefit of routers includes the ease of a wireless or hardwired network set-up.
Now, let’s talk about software. The most important programs you will want to have are a firewall, virus protection, and an anti-spyware program.
Even if you already have a router in place to protect you, this protection is not available while you are traveling, nor does a router protect you from an infected computer located in your own network.
This is where firewall software comes into play. It checks both incoming and outgoing network connections, at least if it’s a full-fledged firewall. (Up until Windows Vista, the Microsoft Firewall only inspected incoming traffic.)
If you feel that Microsoft’s firewall is not enough for your protection, you can select from a large variety of products, including ZoneAlarm, Sunbelt Personal Firewall, and CA Personal Firewall.
Of course, firewalls are also included in many Internet Security suites that many of you will have purchased instead of a stand-alone antivirus software program.
And that brings us to antivirus software. As you know, this kind of software attempts to identify, fend off, and remove computer viruses and some other malware.
There seems to be a large variety of programs on the market, but recently a number of products have flooded the market that are “false” products, i.e., malware on their own. They are usually offered for free, of course, but as a rule of thumb it’s a good idea to stay with the better-known-and sometimes also free-products.
You can find a long list of products on this Wikipedia page, many of which also come in larger Internet Security packages. The ones that I have used in the past include F-Prot, Norton Antivirus, McAfee Antivirus, CA Antivirus (all of which allow the installation on three different computers), Panda, Trend Micro, Kaspersky, and Grisoft AVG.
Anti-Spyware software again looks for certain “signatures” typical of such malware—also including the content of web pages that you’re browsing. Just as with antivirus software, you are also prompted to regularly scan all the files on your computer’s hard disk(s) as well as your computer’s registry to look for files and/or entries that are indicative of an infection.
Starting with Windows XP, the free Windows Defender has either come with the operating system or can be downloaded. However, it may be a good idea to have an additional product such as Spybot – Search & Destroy or Ad-aware. The former program is free, but the latter is free only for personal and noncommercial use.
While Anti-phishing measures can be found embedded in most of the recent versions of the popular browsers, such as Internet Explorer, Opera, Google Chrome, and Mozilla Firefox, it is also supported by most of the security packages or standalone tools (such as the Netcraft toolbar). However, I have found that the third-party products tend to slow the browser down.
There is no need to be scared, worried, or overly paranoid about securing your computer and protecting the information stored on it.
Simply install a router in between your high-speed DSL or cable-modem connection and your computer or home/office network, put one of the various Internet security suites mentioned above on your computer, and you have already established a very good baseline of protection. But most important of all, apply common sense:
- You wouldn’t want to fall prey to a scammer or non-reputable business, so apply due diligence and briefly google the name of new tools you are considering buying.
- Be cautious with the use of repair services for your computer and hard drive. If you have information on your hard drive that you would prefer not get into the wrong hands, consider having your computer looked at with its hard disk removed.
- Be cautious about selling your old computer or hard drive. If you have information on your hard drive that you would prefer not get into the wrong hands, consider removing your hard disks and physically destroying them—for example, with a sledge hammer. If this step strikes you as too violent, consider using the secure shredder function provided by various security products, including Spybot – Search & Destroy and PGP Desktop.
- Stay up-to-date on security-related patches for both your operating system and any applications you are running. A very cool program to do this with is Secunia Personal Software Inspector – it gives you a list of all necessary updates and links to those in one fell swoop.
- Stay up-to-date on firewall, antivirus, and anti-spyware signatures so that you always have the most current protection.
And, if you want to go the extra mile, consider the various kinds of disk encryption or use Digital Signatures. JZ