Strong Password

Creating password sounds easy. But have you ever think for a moment if the password that you created is good enough?

There are many comprehensive guidelines available on this topic. I am not going to go into details any of those. Bore you to tears does not give me any pleasure at all.

Golden rule to stay ahead in password security is to ask, what 'ammunition' does the potential thief might have against you.

ATM card's pin
In the case of ATM card, snatch thief might find IC, driving license, letters, and receipts in the snatched bag. Therefore, IC's number, date of birth, vehicle registration number, and home address are some very bad choices for bank ATM card's pin.

Computer related password
For computer related password, the most common attacks are guesswork and brute-force.
- Guesswork might be lethal if the profiles or preferences of the password's owner are known to the attacker
- Brute-force attack is done by trying a large number of possibilities, until one hit the jackpot. Say, for a 4-digits number password; ranging from 0 to 9999, there are only 10,000 possibilities. Computer needs only few milliseconds to generate all the combinations!

Strong password
A good password is one that is difficult to guess, and in the case of computer, with too many possibilities to generate within practical time limit. Such password is known as strong password.

Guidelines to create strong password
- Minimum 8 characters length
- Mix of uppercase and lowercase letters, numbers, and symbols
- Use non-dictionary words

e.g. Deriving from a simple phrase, you can have a strong password
Phrase: why do you like chocolate so much?
Password: y2UlkCoco$m?

Before you start celebrating your brilliant creativity in creating a strong password, make sure you can remember it and keep it safe!

If you need to test your boredom immunity further, continue with these;
http://www.microsoft.com/protect/yourself/password/create.mspx
http://en.wikipedia.org/wiki/Password_strength

.

Windows XP's Login Security

Do you need to login into your computer before you start using it?
If you don't, this article is for you.

Login functionality is not compulsory for Windows XP if the machine is not connected to a domain server. However, it can still be used to add a level of security to the machine.

Reminder:
This login feature is not hack-proof. Do not assume this feature alone is enough to keep your files safe if the machine falls into the wrong hand.

If login is activated, a screen similar to the one here will be appear when the machine starts.

All user accounts will be listed on the screen


Activate Login

To activate the login feature, follow the steps below;

Start - Control Panel - User Accounts

OR

Display can be toggled between Category View and Classic View.

To enable or disable login;

Start - Control Panel - User Accounts

- Do not disable Guest Account as this causes local resources inaccessible from other computers.
- Disable Guest Account if your computer does not use a local network. Otherwise, problems might occur in the sharing. Check out more at http://support.microsoft.com/kb/300489
- NOTE: If the Guest Account is not disabled, anyone can login the computer using the account.
- Open the Administrator Account

Administrator Account

- Use "Create a password" to activate
- ("Remove my password" is displayed instead if login is already activated).
- Follow the instructions to complete the process.
- Restart your computer and login using the password you just set.


IMPORTANT

If somehow you managed to forget your password, you will not be able to login into your computer anymore. If this happened, you can either;

1. Re-install your machine and lost all your files
2. Find someone to hack the login module
   

If you are confident that eventually you will forget the password, you should prepare a password reset disk before that day arrives. Guide is available at the link below

How to create and use a password reset disk for a computer that is not a domain member in Windows XP
http://support.microsoft.com/kb/305478/

.

Browsing Privacy

As you surf through the Internet, copies of web pages, browsing history, cookies, and other data accumulate in your computer, with most of them in the browser's cache. These data are automatically managed and their existence is hardly your concern if not for the security issues they pose.

As far as these data are concern, there is only one protection method available, that is to delete them. The deleted data will be automatically reconstructed again later on, as needed.

Guides to manually delete cache data;
- Mozilla Firefox 2
- Internet Explorer 7

It is advisable to delete the cache's data after performing sensitive transaction such as; online banking and credit card related transaction.

Cleaning Tool (CCleaner)

For Windows user, a FREE cleaning software is highly recommended. Besides deleting browser cache's data, it also removes temporary data generated by some other softwares.

CCleaner (Pls check their license) http://www.ccleaner.com/

NOTE:
Software Uninstalling and Startup Programs Management functionalities are also included in the CCleaner. Please check the help files for details.

.

Clear Browser's Cache (Mozilla Firefox 2)

To clear the browser's cache;

Tools - Clear Private Data

Options to delete individual group or all data

.

Clear Browser's Cache (Internet Explorer 7)

To clear the browser's cache;

Tools - Delete Browsing History

Options to delete individual group or all data.

.

'Homeland' Security - Protect When Connect

If our home is broken into, we usually know what was stolen. If our computer is 'broken' into, do we know what was stolen? Usually we don't. Is ignorance a bliss?

The only computer that needs no protection is the one unplugged and locked away in a safe.

The scope we are covering here is fairly limited. It is about protection of HOME computer when it connects to an unprotected network or the internet.

How to protect then?

Not armed-guards required but solutions of the following categories;

- Antivirus - Anti-spyware - Firewall (software-based firewall is sufficient)

A very brief explanation on their functions;
- Antivirus searches the storage media (e.g. hard disk) and removes any potential threats
- Anti-spyware protects against malicious softwares
- Firewall serves as protective boundary that monitors and restricts information travels in and out of the computer


Solution
Such solutions are aplenty. There are also commercially available suite-solution that bundles all the 3 categories into a single-unit product. Finding good ones is not as easy though. That is not the topic.

Below are examples of some FREE softwares available. You can compare them against other softwares before deciding on what to use. Many commercial softwares offer free-trial usage. Paid softwares do have very valid reasons for their existence.

Just bear in mind that not all softwares are created equal. Some worked, some don't. Some sucks, some thrilling.

Antivirus

AVG Anti-Virus Free Edition (Pls check their license) http://free.grisoft.com/

Anti-spyware

Spybot - Search & Destroy 1.4 (Pls check their license) http://www.safer-networking.org/en/index.html

Firewall
If you are using Windows XP system, you have the choice to use Windows Firewall. However, you need to first update your system with Windows XP Service Pack 2 (SP2).

1. Where to get Windows XP Service Pack 2 (SP2) 2. How to use Windows Firewall

Alternatively, you can use;

ZoneAlarm Firewall Free Version (Pls check their license) http://www.zonealarm.com/

After installation, it is advisable to scan your computer for virus and spyware.

It pays to spend some time understanding the firewall solution you are using. If used correctly, it can help to identify malicious softwares that eluded the detection by other security softwares.

.

Windows Firewall

For Windows XP, Windows Firewall comes in Windows XP Service Pack 2 (SP2) package.

To enable/disable Windows Firewall;

Start - Control Panel - Windows Firewall

(NOTE: If the Windows Firewall icon is not found here, most probably your system is yet updated with SP2)

Windows Firewall - General

Turn on the firewall

Windows Firewall - Exceptions

(Optional for more control) Configure individual program's setting here.

.

Windows XP Service Pack 2 (SP2)

To check if your computer has been updated with SP2;

Start - Control Panel - System

"Service Pack 2" message indicates that the system has been updated with SP2


Where to get SP2

Reminder: This is a major update. It is advisable to backup your important files before proceeding.

Installer can be downloaded from Microsoft.
http://www.microsoft.com/downloads/details.aspx?FamilyId=049C9DBE-3B8E-4F30-8245-9E368D3CDB5A&displaylang=en

Alternatively, you can use the Windows XP's Automatic Updates feature to update;

Start - Control Panel - Automatic Updates


Note:
If you use the installer to update, you may want to keep the installer for future use.

.

Computer & Internet Security

We will be discussing some computer & internet related security issues here in few days time. Do drop by if you are interested.

Geeks are welcome to share their knowledge as we move along.

The main priority is to equip everyone with sufficient knowledge in pertaining to computer/internet security. I will post guidelines in series of small postings according to their relevance with immediate adoption by readers in mind. Some tools and utility softwares that I find useful will be introduced.

Major areas to be covered are as followings (not in any particular order).

Computer security
Topics from securing computer to maintaining security will be discussed.

Files security
Files are foremost important when working with computers. Protecting confidential files will be one of the key highlights.

Privacy
Removing traces of unwanted information permanently

.