Though you may be entirely unaware of it, there could be software on your computer which endangers your security — and that of the whole country. What software is out there? How safe are you online? And how do you protect your computer and yourself from the latest security threats?

Do you have highly sensitive personal information on your computer? Do you run an anti-virus program and keep it up to date? If you’re like most people, you answered Yes to the first question, and No to the second.

A survey (PDF) by the National Cyber Security Alliance, a Washington-based nonprofit group sponsored by both government agencies and private companies, found that 62 percent of homes with broadband access to the Internet did not regularly update anti-virus software. Nevertheless, it said, 86 percent kept sensitive information on home computers.

“There is an enormous need to educate non-computer professionals on computer security — there are a lot of naive users out there,” said Bruce Schneier, chief technology officer of Counterpane Internet Security Inc. in Mountain View, Calif. — Newhouse News Service

As one of the world’s foremost experts on encryption, computer security and physical security, Schneier knows what he’s talking about, which is why you find me citing him so much around here.

The Threats

The most common threats to your computer’s security are viruses, worms, Trojan horses, and spyware/adware. All of these have something in common: they install themselves on your computer, usually without your knowledge or consent. They can cause malicious damage to your computer, send your sensitive personal information to persons unknown, or run unauthorized programs to benefit marketing companies, hackers, criminal organizations or terrorists.

Viruses are small bits of code that attach themselves to legitimate programs, such as Microsoft Word. If you have a virus and launch the infected program, the virus runs first, infecting other programs on your computer and attempting to spread itself to other computers, and sometimes doing malicious damage, such as erasing your hard drive or misspelling words in your documents.

Worms act much the same way, except they do not attach to a legitimate program; they are standalone. A worm will enter your computer, spread itself to other computers, possibly cause damage to your files, but it isn’t attached to any legitimate program.

A Trojan horse is a program that claims to do one thing, but instead does something else. Such a program may e-mail itself to everyone you know, claiming to be a naked picture of Natalie Portman or a collection of jokes. But when you try to open it, nothing happens. Nothing that you can see, anyway. The Trojan horse works its evil behind the scenes.

Spyware and adware generally get on to your computer through deception as well. By pretending to be a legitimate program that offers you some benefit, such as a nice toolbar for Internet Explorer, these programs secretly send personal information about you and your Internet browsing habits to unscrupulous marketers, and can also pop up unwanted advertising on your computer.

Viruses, worms and Trojan horses are commonly released into the wild by so-called “hackers” (they’re nothing of the sort). But they’re starting to be used more frequently by organized crime and terrorist organizations. Once they have a program on your computer, they can command it to do almost anything they want, such as send millions of unwanted spam e-mail messages, or to launch a denial of service attack on a Web site, such as the Department of Homeland Security’s web site. (In this type of attack, a Web server is flooded with bogus connections until it can’t handle any legitimate traffic.) Because the organization will typically have control of hundreds of thousands, or even millions, of computers, it’s fairly easy for them to knock a site offline this way.

Sometimes the threats come from unexpected sources. Just this week Sony was forced to recall 52 CD titles after it was discovered that the copy protection mechanism contained on the CDs contained a rootkit (a type of Trojan horse) which could cause damage to the computer, and which was being used by malicious attackers to take over computers without fear of being discovered — the Sony rootkit was hiding the malicious software!

Impact

If your computer is infected with viruses, worms, Trojan horses, or spyware/adware, it could be contributing to any of a number of serious security threats:

• Phishing, in which a fraudster sends spam to millions of people, trying to deceive them into giving up their personal information. Someone doing this will generally commit some type of credit card fraud or identity theft. Maybe even against you.
• Spam. These types of programs are very frequently used as relays to send hundreds of millions of unwanted e-mails to millions of people. Sometimes the spam solicits people to engage in a money making scheme, after which they find they’ve been scammed out of hundreds or thousands of dollars.
• Loss of privacy. Your computer may be sending information about everything you do online to unknown parties, who then use it to send you pop-up advertising, marketing, and even more spam.
• Terrorism. There have already been reports that terrorist organizations are experimenting with using these types of programs not only to cover their tracks when they use the Internet, but also to launch Internet-based attacks on government and business sites.

Security is a Process

To keep yourself safe online and ensure that your computer isn’t contributing to a global security threat, not to mention compromising your own security, there are some things you need to know.

Stay Safe Online has eight steps they recommend to keep you and your computer safe online, and they make a good starting point.

1. Protect your personal information. It’s valuable. Be aware of who is asking for your personal information and how they intend to use it. This will help protect you from fraud and identity theft.
2. Know who you’re dealing with online. Sometimes companies do need to send you e-mail and ask for your personal information, but many of these e-mails are not legitimate. Go directly to the company’s Web site by typing in their address. This also helps protect you from fraud and identity theft.
3. Use anti-virus software, a firewall, and anti-spyware software to help keep your computer safe and secure. While it’s not always pleasant to think about keeping your computer secure, a few dollars and a few minutes of your time go a long way toward keeping malicious software off your system. For more on this, see Securing your Windows computer.
4. Be sure to set up your operating system and Web browser software properly, and update them regularly. Much malicious software enters your computer via the Internet Explorer browser and Outlook Express e-mail program. If you choose to continue to use them, be sure they’re properly secured and kept up to date. But strongly consider replacing them with Mozilla’s Firefox browser and Thunderbird e-mail program, which are much more secure.
5. Use strong passwords or strong authentication technology to help protect your personal information. If you use simple passwords, malicious hackers may be able to guess them by using automated programs. These programs will try to guess simple passwords, such as every word in the dictionary. To defeat them, use passwords which contain numbers, symbols and aren’t based on words in the dictionary.
6. Back up important files. I fell victim to not keeping backups myself not long ago. After losing a lot of important files, several weeks of important e-mail, and spending weeks putting everything back together, I keep backups regularly now. Don’t wait until you get burned; make a backup now, and do it regularly.
7. Learn what to do if something goes wrong. If your computer starts acting strangely, it may be a symptom of malicious software or hackers in your computer. Disconnect it from the Internet temporarily until you can have it thoroughly checked. If you suspect you may be the victim of credit card fraud or identity theft, contact your bank(s) and the Federal Trade Commission.
8. Protect your children online. Be aware of what your children are doing online. Consider installing parental control software, but know that it is no substitute for proper supervision. Your kids probably know more about the Internet than you do, and might be able to bypass parental control software.

On an ongoing basis, ensure that your system and your anti-virus, firewall and anti-spyware programs remain up to date, and run them regularly to ensure that nothing malicious has gotten on to your system.

Security is a process, not a computer program. The threats to your security will evolve over time, and the proper responses to those threats must also evolve. Consider reading Web sites such as Security Awareness for Ma, Pa and the Corporate Clueless which provide timely security information in an easy to understand format.

Get rid of Internet Explorer and Outlook Express, the two largest entry vectors for malicious software. Replace them with Firefox and Thunderbird, or programs of your choice. (Yes, there are choices!)

Also consider installing and using an operating system other than Windows. I’ve been having some really good experiences with Ubuntu Linux lately, and you can even try it out without having to use any of your hard drive space to install it. If you like it, then you can go whole hog and install it on your computer.