Secure Computing: The Key Ingredients

Credits:
Written by Brian Satterfield on April 27, 2006
Originally posted at TechSoup.org

Just as locks, alarms, and watchdogs protect your home from intruders and thieves, security software helps guard your computer against threats like hackers, viruses, and harmful software.

Failure to protect your computers can result in the loss of your organization's valuable data, or even its funds. Fortunately, though, keeping your nonprofit's machines safe doesn't require a degree in computer science. The right combination of firewalls and antivirus, anti-spam, and anti-spyware applications can help protect your computers from the Internet's myriad security threats. We'll identify the security tools you should have in your arsenal, highlight key security features to look for, and help you decide which solutions best suit your nonprofit's size and budget.

Firewalls

Put simply, a firewall acts as a barrier between your computer and the Internet, shielding your machine from intruders like hackers (people who break into computers or networks) and malware (a catchall term used to describe various forms of malicious software, including viruses and spyware). A firewall monitors your computer for incoming and outgoing data, and allows you to restrict these transmissions based on both their origin and destination.

Although Microsoft added a firewall component to its XP operating system with the release of Service Pack 2, this built-in firewall only monitors incoming traffic, meaning that if an intruder does manage to break into a machine, he or she can still access your private data. For this reason, you'll want to make sure that any additional firewall software you add inspects both incoming and outgoing traffic.

Many desktop-based software firewalls will do just that, notifying you when the Internet attempts to send information (such as the contents of a Web site) to your computer and when your computer tries to send information (such as an instant message) back over the Web. Along with the notification, you will receive a prompt from the firewall asking you to accept or deny the data transmission.

This downside of this approach is that it often requires a great deal of user interaction, and can lead to confusion about what to approve and what to reject. To minimize this inconvenience, choose a firewall that comes with predefined settings that allow commonly used programs -- such as Web browsers and email clients -- to access the Internet automatically. The ability to whitelist (always allow) or blacklist (always deny) computer access to specific IP addresses or hosts will make your firewall even more transparent to users.

If you seek flexibility in configuring your firewall, look for a product with adjustable security levels. This will allow you to choose a lower degree of protection if you find that your users are receiving too may notices. For maximum security, make sure that the firewall you select can also run in so-called stealth mode, a setting that makes a computer invisible to hackers and other Internet-based threats.

Some firewall packages offer additional functionality, such as the ability to block banner and pop-up ads, while others can encrypt sensitive information like credit-card numbers. You might also want to look for a product with password protection, which will prevent users from changing the firewall's settings.

For full reviews and performance tests of popular standalone firewall programs, consult this Firewall Software Review from TopTen Reviews.

Antivirus Software

Almost every week, new computer viruses are released into cyberspace. These programs, which often spread as email attachments, can wreak havoc on your network or desktop computer. Antivirus software is a critical link in your overall security chain, protecting your organization's computers from many types of viruses, including worms (self-replicating viruses) and Trojan horses (harmful programs that masquerade as innocuous files or hide inside useful applications). It's worth noting that the majority of viruses circulating affect computers running Windows -- and not Macintosh or Linux -- operating systems.

Most antivirus programs on the market have the same core features, regardless of whether you buy them as standalone applications or as part of a larger security suite. This includes what's commonly known as real-time protection, whereby a program constantly monitors your machine for viruses and quarantines any invaders it detects. Many antivirus programs also integrate with email clients like Outlook and Eudora to inspect incoming attachments for viruses, though some of the simpler, standalone options lack this feature. If you plan to implement a solution that will protect your inbox, make sure it supports your particular email client and version.

The ability to initiate one-time virus scans and schedule frequent checks is also a standard feature in many antivirus programs. This latter tool can be useful if you don't think your organization's employees will remember to scan their machines regularly.

Antivirus software identifies most threats by comparing suspect files against a database containing definitions, or signatures, of known viruses. In order for antivirus software to protect your computer from recently released viruses, it's crucial that the program's vendor frequently update its definitions database. While most antivirus programs will at least prompt you to install these updates, choosing an application that automatically downloads new definitions in the background will ensure that you don't skip this essential step. Many programs let you define how often and when you'd like it to check for updates.

The downside to a definitions database is that a virus must be released into the wild before a vendor can learn its signature and add it to the database. To protect against brand-new viruses, some security software manufacturers incorporate heuristic detection features into their products. Programs using this method attempt to spot novel viruses by comparing potentially infectious files against previously released threats. Heuristic detection isn't perfect, however, and can waste a system administrator's time by incorrectly flagging harmless or useful files as viruses.

For full reviews and performance tests of some popular antiviral programs, consult PC World's The New Virus Fighters article. For advice on how to deal with specific virus-related problems, visit TechSoup's Virus Vaccination and Computer Security forum.

Anti-Spyware Software

Sooner or later, someone at your organization will accidentally install adware or spyware, two forms of privacy-compromising software found in abundance on the Web. To combat these pests, you'll want to equip your computers with one or more anti-spyware applications, which can remove both adware (which generates targeted pop-up ads) and its more malignant cousin spyware (which covertly monitors your online movements and records your personal information).

The anti-spyware solution you select should include a scanning engine that searches your computer for spyware-related files and components, then removes or quarantines them. It's ideal to choose a program that has at least two scan modes: a quicker one for routine spyware checks and a more thorough one to wipe out deep-seated infections that burrow their way into Window's core. (Note that spyware and adware don't target Linux and Mac platforms as frequently as they do Windows.)

Many newer anti-spyware applications also offer real-time protection. Anti-spyware utilities with this feature act as a virtual shield, alerting you every time an unknown or suspicious program attempts to install itself or change browser settings on your computer. When this happens, your anti-spyware application will prompt you to accept or deny the installation, oftentimes offering some guidance as to the program's threat level. This feature is particularly helpful in combating clandestine spyware infections that occur without user initiation, commonly referred to as "drive-by" installs.

Like antivirus software, most anti-spyware applications identify offending programs via definitions. To protect your machines against the latest spyware variants, it's very important to choose an anti-spyware product from a vendor that routinely updates its definitions database. To minimize hassles to those on your network, opt for a product that can automatically download and install updates. A scheduling utility is another convenient feature, as it allows you to automate spyware scans to run several times a week, ideally at times when users are away from their computers.

For full reviews and performance tests of some of the most popular anti-spyware programs, consult this CNET roundup  Ten Top Spyware Killers Reviewed. For more in-depth tips on removing spyware and other forms of malware, check out TechSoup's article Removing Spyware, Viruses, and Other Forms of Malware . For advice on how to keep spyware or adware off of your computer in the first place, read TechSoup's Ten Tips for Avoiding Spyware .

Spam-Filtering Software

Your time is too valuable to spend it manually weeding through emails shilling hair-restoration tonics and fake Rolex watches. And while spam often seems like more of an irritant than a security risk, junk messages with virus-infected attachments can spell a lot of trouble for your computers. Spam can also expose folks at your organization to phishing attacks, email scams that attempt to solicit sensitive personal data by pretending to be official documents from banks and other financial agencies. (To learn more about phishing, read TechSoup's article Don't Get Lured by Phishing Scams .)

Newer versions of Microsoft Outlook, Qualcomm Eudora, and Mozilla Thunderbird email clients incorporate built-in junk-mail filters, but if your organization is using an older releases or another email program, it's smart to equip your computers with spam-fighting software.

To make life easier for your users, choose a spam-filtering tool that works with your organization's existing email client. Look for features such as black lists and white lists, which will respectively let you block all messages from known spam purveyors and accept all messages from designated friends and coworkers. Seek out an anti-spam filter that's adjustable, in case too many work-related messages -- or not enough spam emails -- get routed to the junk folder. The ability to customize rules, like blocking all messages containing certain keywords, will also give you additional protection.

Another point to consider when choosing anti-spam software is how the application filters out junk mail. Some methods, while highly effective, may force users to jump through too many hoops. The challenge-response anti-spam system, for instance, requires senders to click a link or perform some other action to verify that they are not spammers. Yet while spammers won't take this extra step, potential volunteers and donors might not either.

By contrast, anti-spam tools using Bayesian filtering techniques have proven to be highly effective and do most of their work behind the scenes, comparing the contents of incoming messages to those already in a user's inbox. Yet even Bayesian filters can be foiled by spammers. To ensure maximum protection, therefore, it's a good idea to use an anti-spam program that uses a variety of filtering techniques.

Additional Security Tools

Equipping your organization's computers with a firewall and antivirus, anti-spam, and anti-spyware applications should prevent a large percentage of security threats from compromising your network. If you're feeling particularly cautious, however, you might want to consider adopting extra layers of protection. Below is a brief overview of additional security tools commonly found in security suites or as standalone products.

Due to an increase in phishing attacks, many security suites on the market are integrating tools that help end users identify potentially fraudulent emails. Generally speaking, these anti-phishing filters are similar to anti-spam filters, flagging messages that seem suspicious and quarantining them for later review by the user.

If your nonprofit has a wireless network, seek out a security suite with built-in WiFi protection -- even if you're already using WiFi Protected Access ( WPA) or another type of wireless security system. Though the amount of wireless security features may vary from package to package, what counts is the suite's ability to keep hackers from slipping through holes in your network.

If you're concerned about users visiting Web sites that distribute spyware or adware, consider installing an Internet-filtering application or a full-fledged security suite that provides filtering functionality. Web-filtering software allows an administrator to block specific sites by URL or keyword and can often be password-protected so that users can't disable it.

Finding the Right Solution for your Organization

When implementing a security solution across a network, you have a variety of options. Before you decide which is best for your organization, consider factors such as your budget, the size of your organization, and how much time your IT staff -- which may consist of volunteers, nonprofit consultants, or full-time employees -- can spend maintaining that system.

If your organization has three computers and only one IT volunteer, for example, installing a standalone firewall, anti-spam, antivirus, and anti-spyware software on each machine may be your best bet. There are many commercial and free options at your disposal, so do your research and try out products before you make a decision. A few free security programs you might consider include ZoneAlarm Free Firewall , Grisoft AVG Antivirus, Avira Antivir Personal Edition, Ad-Aware 2007 Free , and Spybot Search and Destroy .

If your nonprofit has 10 to 20 computers on its network, consider installing a security suite (software that bundles all the protection a computer needs into one package) on each machine. Security suites will generally set you back about $30 to $40 a user, but can be configured and maintained from a central control panel, saving your IT consultant, volunteers, or staffers the time and hassle of updating standalone applications or definitions. Some well-known security suites include McAfee Internet Security Suite ($99 for a three-user license); Norton 360; Trend Micro PC-cillin ($300 for a 10-user license); and Zone Labs ZoneAlarm Internet Security Suite ($392 for a 10-user license). One potential downside to security suites is that most work on a subscription basis, meaning you'll need to pony up cash every year to keep your computers protected.

Finally, if you're in charge of a large network, it makes sense to opt for an enterprise software solution, which can be controlled from a central server and extended to individual users. This can allow you to set up both hardware- and software-based firewalls on your servers and deploy enterprise versions of anti-spam, anti-spyware, and antivirus products to individual computers on your network. Many of the security suites mentioned above are available as enterprise-level products.

Don't Get Caught Unprepared

Choosing and implementing a security solution doesn't have to be difficult, but it is vitally important that your organization do so. If your computers aren't equipped with the proper software, your nonprofit is vulnerable to hacker attacks, data theft, and severe virus infections that can bring the workday (and your systems) to a screeching halt. If you make security a top priority across your network, you'll greatly reduce your chances of losing valuable data, time, and money.

Licensing provided by Creative Commons