Don’t cha :) wanna know how I stay secure on my laptop?

M’ll hurt me for this, but all my PCD fans in the building, stand up! lol. I clearly am a fan of the Pussycat Dolls and I’m not ashamed to admit it. I feel like singing their first single “Don’t Cha‘ at the top of my lungs. Life is good. I feel stronger than I’ve been in a long while. Getting the courage to do things that terrify you is incredibly empowering. Getting positive strokes (PDF) from people that matter has been instrumental to my remaining optimistic. I am excited for the reunion that’s coming up on Saturday. Granted, I’m still learning everyone’s names, but I look forward to meeting everyone again and just taking a crapload of pictures.

I’m currently at Starbucks and just jamming with my spanking new HP premium headset which produces incredible sound. Granted that I’m no discerning audiophile, but the sound’s pretty crisp and clear to me. It was less than $30 and it should last a long time barring any accidents with the vacuum. Yeah, M totaled my last headset and I’m totally exposing his transgressions to the world. Anyway, I haven’t done anything ‘new’ with my laptop except for the little fact that I had to reformat my hard drive. This decision didn’t come lightly, but it has been the best decision.

When I first got the laptop, I was so excited that I didn’t pay attention to certain things. This time, I made sure to install and uninstall things in the right order such as: install all Windows updates (restart), update all installed non-Windows programs (restart), add new Microsoft programs (restart), run Windows updates and install any applicable updates (restart), update all non-Windows programs again (restart) and a final Windows update run. This took place over a course of 24 hrs and it wasn’t all that bad primarily because of my fast processor. I am so glad I spent that extra $125 to get a slightly faster Core 2 Duo processor T8100 (2.1 gigahertz versus 2.0 gigahertz). After I installed all my essential programs and had all the updates, I made sure to create a properly labelled PC backup file. Thanks to my foresight in buying Windows Ultimate operating system, I didn’t need Acronis True Image to do that job. Microsoft Vista Ultimate comes with a built-in backup utility which is painless and works as advertised. I actually used it to restore my approximately 7GB music library, my 2GB worth of pictures and similarly sized folders. Compared to my experience with XP, Vista Ultimate is the bomb diggity. πŸ˜€ I don’t User Access Control enabled so I have eliminated about 90% of my initial frustrations. You see, I pride myself on being a somewhat savvy internet/computer user and I know NOT to download “free Acrobat 8.0” or “free <insert shareware program>” from bad sites that are obviously not kosher. It’s the same with the advance fee fraud. I know NOT to send money to some faker from US or Nigeria who is claiming to be “Abacha’s son”. If you don’t want to take ownership of your computer/browser experience, you will “hate” Vista. UAC is an extreme hand-holding measure that has sadly come to be required. Maybe I’m being too harsh because there is malware that can creep into your computer. However, simple safeguards like:

  1. Preventing automatic file downloads and opening (i.e. set Firefox/IE to always ask you, the user, if you actually wanted to download or open said file)
  2. If you use the password remembrance feature in Firefox, remember to set a master password so no peeping Tom sniffs your passwords. This can be done easily with freeware programs like SIW which if run on the unprotected computer will expose the passwords. I know because I’ve done it to my computer by simply inserting a USB with the utility into my test computer without a master password and sure enough, by running SIW from the USB key, I was able to see and save the exposed passwords & corresponding user names!
  3. Use a complicated password for Windows logon e.g. my current password is: longer than 10 and has symbols, characters and numbers. In Vista and other editions, you can set a security policy for the computer to force users to generate good passwords. Right now, if I create an account on my computer, it has to be longer than 8 letters and meet complexity requirements i.e. symbols and numbers. lol. I’m paranoid, I know.
  4. Use a good internet security tool e.g. Bitdefender Internet Security. There are free alternatives, but if you are keeping really sensitive materials on your laptop which is always for me, you will want to pony up money for your antivirus/antispyware security suite.
  5. Remember to go through your list of programs every 2 weeks. By that, I mean actually clicking on the program and checking to see if there have been any security updates, etc. Not having updated software is one of the ways you can easily get infected and I’m speaking from personal experience. In fact, M’s dad got a relatively harmless PC infection because he hadn’t updated his antivirus definition files for several months! lol. He is a safe surfer so he got off easy. If he had been into downloading torrents and illegal stuff, he would have been a world of trouble because his system was outdated. If you are like me, you probably have a crapload of programs and it could be a pain to manually check for updates. Some programs come with options to automatically check for updates without having to run the program e.g. Apple’s Quicktime, Adobe Updater, etc. However, there is a free tool that I’ve used (and still use) to monitor the patched status of programs on my computer. The Secunia PSI vulnerability scanning tool is the indispensable tool for those who are slightly paranoid about the status of programs on their PC.

I’ll quit ranting about this for now, but there are a lot of other things I do to protect myself and I’ve not had a serious infection in a long while. In fact, any detections by Bitdefender often come from programs that could be called hacking tools that I knowingly downloaded. I really have not dabbled into computer security deeply, but I would love to enroll in a class to learn more about the innards. One of my favorite sayings is “a little knowledge is a dangerous thing” because the person with the “little knowledge” could be deceived into thinking they know it all. I won’t even pretend to understand how things work. I just know that my way works and I’ll work from that. πŸ™‚ Good night!

Sshhhhh! Surf using SSH Tunnels. :)

Update: Forget all the crap masquerading as a tutorial that I just wrote. πŸ˜€ Please visit this website (“Secure Linux/Unix access with PuTTY and OpenSSH“) which told me everything I needed to know. From learning how to add Putty directly to Windows PATH (which allows me to run Putty.exe directly from the “Run” command), to setting up my authorized_keys file, to configuring Putty & Windows to automagically log me into my SSH server, this tutorial and article does it all!

Okay, the first time I heard of Secure Shell (SSH) tunneling was probably last year when I re-started my blog. What are SSH tunnels? Well, the most common usage for SSH tunnels is to ensure a secure passage way for your packets of information to reach their destination. In this scenario, you would use an SSH tunnel when connecting over an insecure or monitored WiFi connection. This sounds simple enough except that all the “tutorials” I stumbled upon were written by users who were running Linux or Mac. Without too much preamble, I’ll just write up what I did to get connected. As you may or may not know, my web host is Dreamhost. One of the first things I did was check out their DreamHost Wiki which is rather detailed. The easiest and simplest solution that has worked for me is the password authentication set-up. You can automate your SSH tunnel, but I haven’t figured out how to do that yet even though there are scores of how-tos. So, first things first, I’m using 2 tools:

  1. Firefox browser with SwitchProxy extension installed
  2. Putty (installed or portable) or any SSH client: I had to scour the web for a 64 bit version of Putty although the x86 or 32 bit version would have worked on my computer.

Some quick pre-requisites for SSH tunneling that I didn’t know before:

  1. you have to have a server that supports it. Luckily for me, DreamHost allows me to make the decision to have or not have SSH. For others, you may have to dig into your control panel or contact your web hosting providers to request SSH access.
  2. you need to have a soft and padded table nearby for the amounts of head-banging that will happen because searching takes a while to find the hidden gems. πŸ™‚

If you are familiar with regular FTP clients like I am, it’s a snap to set up your server’s address with the default port number of 22. In the picture, all I did was create my server address (blahblah.clom) with the port number. Then, I typed in the name of the session “blach” and hit “save” and as you can see, it saved my entry as “blach” under “Saved Sessions”.

Your next task will then be to edit “blach” session. You will do this by clicking on your saved session (in this case, blach) and hit “load”. Then, you click on the SSH entry in the left hand pane which is under “Connection”. This is the screen you should be on:

According to Dreamhost‘s instructions (which I followed), all you need to do here is write the “Source port” number in the allowed section and leave the “Destination” blank. Then, you select “Dynamic” and leave it on “Auto”. I know this is esoteric and really not doing a good job of explaining, but I’m trying to understand this myself.

Anyhow, once you have done this, scroll back up (see the first picture) and click on “Session”. Then, highlight your session (in this case, blach) and hit save to save your changes. This was the easy part. What I didn’t know was that in order to activate the SSH tunnel, you need to first open up the connection by logging into the SSH server you are using. So, you do that by opening up Putty (see the first picture again) and highlighting the session you want to open. Then, you simply click “Open”. It should ask you for a username and password in my case. There are ways to make this automated i.e. via keys, but I haven’t figured out how to get that working. Anyhow, once you are logged in, make sure you change the connection options in your browser of choice and in my case, that’s Firefox. Now, since I only intend on using the SSH tunnel on insecure WiFi networks, I needed an extension that would make it easy for to toggle between Firefox not using the SSH tunnel and using the SSH tunnel and all sites I read recommended SwitchProxy. Configure SwitchProxy as I’ve shown in the picture above and you’re all set to go!

That wasn’t so painful, was it? I kid, but seriously, if you want to know more about this stuff, Google is probably your best, yet worst friend. πŸ™‚ Happy hacking away at your computer!!