Slashdot Mirror
The Symantec Guide To Home Internet Security
r3lody writes "There are many households that have high-speed Internet connections, yet most people are simply not doing enough to protect themselves from the many exploits that exist. The Symantec Guide to Home Internet Security by Andrew Conry-Murray and Vincent Weafer was written to speak to those people. Symantec Press is the publisher, yet it remains reasonably vendor-neutral. This book is for non-technical people. Its ten chapters cover a relatively slim 240 pages, so it should not intimidate someone who is not a computer professional. Also, you do not really have to read the book front-to-back, but you can focus in on the chapter or chapters that interest you and have fairly complete information." Read on for the rest of Ray's review.
The Symantec Guide to Home Internet Security
author
Andrew Conry-Murray and Vincent Weafer
pages
240
publisher
Symantec Press
rating
8/10
reviewer
Ray Lodato
ISBN
0321356411
summary
A slim volume packed with valuable information for non-technical Internet users.
The first chapter gives the reader a basic overview of the risks of using the Internet without some steps to protect yourself. Fraudsters, those who ply you with get-rich-quick schemes and other spam-delivered scams, are distinguished from hijackers who compromise your machine for local data or to make it part of a “bot farm”. The remaining chapters discuss various aspects of security exposures, how to protect yourself from them, and conclude with a checklist of high points and “Helpful Resources” that contain web sites, phone numbers, and occasional additional side-bars with more in-depth examples.
The next chapter is a very informative chapter on preventing identity theft. This part of the book is worthwhile, even if you don’t use the Internet for financial transactions. The authors mention how your personal data can be stolen from company databases, despite precautions you yourself have taken. There are discussions on social engineering and dumpster-diving, as well as phishing scams and keyloggers. The best part of the chapter is the “Recovering from Identify Theft” section. Hopefully you will never need the information there, but it’s very helpful to see it collected in a simple bulleted list. The second side-bar at the end discusses a personal account of a brush with identity theft.
Chapter 3 covers firewalls, which most people think is the only protection they need. It discusses the basics of Internet Protocol (IP), and what firewalls can and can’t do. Lists of both free and commercial firewall products are provided. It wraps up with a few sites that can test your firewall settings to see if you are really protected or not. There were a couple of minor errors (for example, 192.101.432.156 is offered as an IP address, but the third number can’t be more than 255), but most non-technical people need the product lists provided.
The following two chapters cover the various forms of “malware” (viruses, worms, adware, spyware, and Trojans). Conry-Murray and Weafer provide several preventative actions you can take to avoid infection — the most important involves using your common sense (e.g. “Use a firewall” and “Don’t Open Strange E-Mail”) They wrap up by describing how to remove malware via the available anti-spyware programs.
The final category of unwanted Internet debris is spam. The authors state that for most people “spam is an annoyance rather than a plague.” However, they go on to disclose figures that estimate anywhere from 50 to 90% of the 30 billion e-mails sent each day are spam. To explain why spam works, a side-bar talks about Jeremy Jaynes, who was convicted in November 2004 for spamming. He generated about 10,000 credit card sales per month. Two-thirds of those were returned, yet he still netted more that $100,000 a month.
Chapter 7 covers securing Windows XP. At the time of publishing, Microsoft had come out with XP Service Pack 2, with the Windows Security Center. A large section deals with installing SP2 and configuring the Security Center. It’s kept at a level that most users can comprehend and follow, making it another very worthwhile chapter. The following section describes securing Internet Explorer 6 in great detail. The authors do suggest, however, that you might want to use a different browser, such as Firefox or Opera. The thinking is that Firefox and Opera will be more secure because fewer exploits are targeted towards them.
Locking down Windows and IE is not enough to keep your family safe. That’s why they devote the next chapter to “Keeping Your Family Safe Online.” Pitched mostly to parents of younger kids, chapter 8 starts by talking about blocking objectionable content using IE’s Content Adviser. Sexual predators is the next topic, and the authors give the reader good information on how to monitor your children’s online activities, as well as how to report solicitations to the authorities. The final topic revolves around file-sharing software. While they mention the prospect of downloading viruses, the legal ramification of potentially housing illegal downloads is the most important lesson to take away from this section.
Many homes are now using wireless access points. Unfortunately, poor configurations open them up for eavesdroppers and bandwidth hijackers. The simple precautions of changing and hiding the network name (SSID) and changing the password will do a lot, but encryption using WEP, WPA, or WPA2 will help a lot more. They also go into the security issues of public hotspots, including the prospect of “Evil Twins” (user computers that offer a look-alike access point just to steal your personal information).
The book wraps up with a chapter on “Privacy and the Internet.” Anyone who conducts any transactions over the Internet has their personal data stored on a computer that might be accessed online. The key precaution is to not divulge any information you don’t absolutely have to. Data Brokers collect amazing amounts of information on each of us. Three major companies, Acxiom, ChoicePoint and LexisNexis are individually described, with information on how to get reports on what information they’ve recorded, and possibly how to opt-out of having it stored.
Andrew Conry-Murray and Vincent Weafer conclude the book by giving the reader five basic steps to protect themselves online. However, I prefer their final, single simple rule: Use Your Common Sense.
The Symantec Guide to Home Internet Security, though a slim book, is packed with a lot of valuable information pitched to the non-technical user. I believe that anyone with a computer connected to the Internet would benefit from reading this book.
You can purchase The Symantec Guide to Home Internet Security from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.
The next chapter is a very informative chapter on preventing identity theft. This part of the book is worthwhile, even if you don’t use the Internet for financial transactions. The authors mention how your personal data can be stolen from company databases, despite precautions you yourself have taken. There are discussions on social engineering and dumpster-diving, as well as phishing scams and keyloggers. The best part of the chapter is the “Recovering from Identify Theft” section. Hopefully you will never need the information there, but it’s very helpful to see it collected in a simple bulleted list. The second side-bar at the end discusses a personal account of a brush with identity theft.
Chapter 3 covers firewalls, which most people think is the only protection they need. It discusses the basics of Internet Protocol (IP), and what firewalls can and can’t do. Lists of both free and commercial firewall products are provided. It wraps up with a few sites that can test your firewall settings to see if you are really protected or not. There were a couple of minor errors (for example, 192.101.432.156 is offered as an IP address, but the third number can’t be more than 255), but most non-technical people need the product lists provided.
The following two chapters cover the various forms of “malware” (viruses, worms, adware, spyware, and Trojans). Conry-Murray and Weafer provide several preventative actions you can take to avoid infection — the most important involves using your common sense (e.g. “Use a firewall” and “Don’t Open Strange E-Mail”) They wrap up by describing how to remove malware via the available anti-spyware programs.
The final category of unwanted Internet debris is spam. The authors state that for most people “spam is an annoyance rather than a plague.” However, they go on to disclose figures that estimate anywhere from 50 to 90% of the 30 billion e-mails sent each day are spam. To explain why spam works, a side-bar talks about Jeremy Jaynes, who was convicted in November 2004 for spamming. He generated about 10,000 credit card sales per month. Two-thirds of those were returned, yet he still netted more that $100,000 a month.
Chapter 7 covers securing Windows XP. At the time of publishing, Microsoft had come out with XP Service Pack 2, with the Windows Security Center. A large section deals with installing SP2 and configuring the Security Center. It’s kept at a level that most users can comprehend and follow, making it another very worthwhile chapter. The following section describes securing Internet Explorer 6 in great detail. The authors do suggest, however, that you might want to use a different browser, such as Firefox or Opera. The thinking is that Firefox and Opera will be more secure because fewer exploits are targeted towards them.
Locking down Windows and IE is not enough to keep your family safe. That’s why they devote the next chapter to “Keeping Your Family Safe Online.” Pitched mostly to parents of younger kids, chapter 8 starts by talking about blocking objectionable content using IE’s Content Adviser. Sexual predators is the next topic, and the authors give the reader good information on how to monitor your children’s online activities, as well as how to report solicitations to the authorities. The final topic revolves around file-sharing software. While they mention the prospect of downloading viruses, the legal ramification of potentially housing illegal downloads is the most important lesson to take away from this section.
Many homes are now using wireless access points. Unfortunately, poor configurations open them up for eavesdroppers and bandwidth hijackers. The simple precautions of changing and hiding the network name (SSID) and changing the password will do a lot, but encryption using WEP, WPA, or WPA2 will help a lot more. They also go into the security issues of public hotspots, including the prospect of “Evil Twins” (user computers that offer a look-alike access point just to steal your personal information).
The book wraps up with a chapter on “Privacy and the Internet.” Anyone who conducts any transactions over the Internet has their personal data stored on a computer that might be accessed online. The key precaution is to not divulge any information you don’t absolutely have to. Data Brokers collect amazing amounts of information on each of us. Three major companies, Acxiom, ChoicePoint and LexisNexis are individually described, with information on how to get reports on what information they’ve recorded, and possibly how to opt-out of having it stored.
Andrew Conry-Murray and Vincent Weafer conclude the book by giving the reader five basic steps to protect themselves online. However, I prefer their final, single simple rule: Use Your Common Sense.
The Symantec Guide to Home Internet Security, though a slim book, is packed with a lot of valuable information pitched to the non-technical user. I believe that anyone with a computer connected to the Internet would benefit from reading this book.
You can purchase The Symantec Guide to Home Internet Security from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.
The Symantec Guide to Home Internet Security
Oxymoron?
Are there any cheat sheets available in the book? I'd be happy to shell out some cash to get the quick and dirty tips inside the book. Step 1, Step 2, Step 3, etc.
Also, how well does this cover Mac topics? I'm curious about the (ugh!) integration sometimes required to connect PCs and Macs, especially for individuals and small businesses.
How to Download YouTube Videos
$20 for information that can be quickly gleaned in 5 minutes from a couple of big sites like about.com? Oooookay.
Nice review. No idea why you posted it here though.
Linux, you magnificent bastard, I read the fucking manual!
This is incomplete.
Whats a BOFH to do?
There are many ways to secure yourself, and one of the easiest is to use an operating system that doesn't fill a huge percentage of the market.
I'm not a blind Mac Fanboy, but I have sight enough to see Apple offers computers that are more than sufficient for average home use. The flaws they had have disappeared. Admittedly, Windows has its place as well. I still keep a Windows box for gaming, I use Windows at work, and I troubleshoot it for friends and family who haven't made the switch.
But, for me, security is no longer a chore.
If I only had a moose...
Buy our stuff.
(Apologies for the title to the Bishop in "Spaceballs")
"As God is my witness, I thought turkeys could fly." A. Carlson
I am of a younger generation and perhaps I am missing some things, but I was always under the impression both of my own and fellow co-workers that the Symantec line of products flat out sucked. Loaded, bloatware, horrible performance... In all respects, what are my fellow /.'s opinion on Symantec in general? And following with that, why should I believe a damn thing they have to say at this point?
NO, book on security, technology, etc, that is anything more than a couple of pages long is going to interest is going to be anything Joe SixPack buys and reads to teach themselves what they need to know. Joe SixPack or my grandmother is not interested in knowing or learning about the technology, they just want it to work.
Just like driving a car, they don't care how it works, just how to use it and that they need to take it in for maintenance at regular intervals. Joe SixPack or my grandmother should take their computer in for maintenance or have someone competent set it up and that competent person create a "dummy guide" of make sure your subscriptions to anti-virus, anti-spyware (or setting them up on Ubuntu), etc are up to date and click here for help and do this if this happens. If anything else happens call someone for help.
Dell and others are helping nobody by including trial versions of "anti-virus" programs. I can't even count the number of times those trials have expired and the people haven't gotten virus definition updates for 6+ months.
Here's one, and only one, way to protect yourself from virus.
Don't visit porn sites; warez; emule.
That ought to keep you safe from viruses/trojans...
Previewing comments are for sissies!
Personal firewalls suck, it has been proven that they usually can be penetrated from both sides.
They also confuse the user and teach him to "click accept or nothing will work", which is barely something you want your user to do.
It's a much more sensible advise to tell your user to turn off unnessesary services, especially since there are now simple applications which do that work for you.
http://www.dingens.org/index.html.en
Non-technical users don't want to read a book. That's why they are non-technical and that's why they give Symantec money to ostensibly keep them safe.
Isn't the reality that unix derived systems are largely immune to virtually all known pathogens?
If so, just buy a mac or better yet use Linux.
That is all.
There. My 2 cents are deposited.
The hip way to get your IP. No ads, ever.
Now, some people really need to use it, if they have more than one computer in the house. And there was no mention of protecting yourself from attacks coming from the Internet.
Simply irresponsible, I say, and by rights the ISP ought to be liable for it.
Request your free CD of my piano music.
...can you remove it from your bookshelf without sending all of the other books aflame, and causing the shelf itself to collapse into shavings?
Slashdot: Playing Favorites Since 1997
Maybe this is mentioned more in the book but companies like Acxiom aren't relegated to only collecting online data. Acxiom provides data mining and tracking for large retail stores like Walmart. Anytime you don't pay with cash at these mega retailers, Acxiom will get your personal data and spending habits. I'd be interested in reading this just to see how they recommend opting out of these companies. If they don't get you online, they'll get you at the cash register.
"a slim 240 pages"
That's the whole problem. If we need that much space to explain people how to be online without being owned, 90% of 'em won't read it, and will get owned.
Until we've solved that problem - and it's not a technological one, there is no geeky solution here - there is no real security for the average computer user.
Assorted stuff I do sometimes: Lemuria.org
I read this as "Symantec Guide to Homeland Security" and got very frightened! :P!
The first rule of Symantec Home Internet Security, is don't install Symantec Home Internet Security.
Right... a book on home internet from security from Symantec. I'd defiantly trust pointers on internet security from a company which makes anti-malware software which is incapable of stopping threats or detecting them in the first place.
The book was published in September of 2005. So don't expect much of anything to be current.
I was wondering why there wasn't any mention of Vista in the review.
When I looked at the title of this /. article, I read "The Symantec Guide to Homeland Security." Given how Homeland Security has performed since its inception, it sounded very believable that Symantec would be writing a guide to it.
Overrated Moderation: This posts sucks... because.
As an experienced IT professional, I'm comfortable setting up WPA2-PSK (AES) on my laptops, desktops, and other wireless bits like my Wii and Smartphone.
But for the average schmuck who just stolled home with a new "link-sees" wireless box and new wireless laptop 'puter - they won't bother setting up security, they'll stop when the lights are blinkin' and the porn is streaming.
AOSS seems to be the way to go if more manufactures supported it. Push a button on the access point, and it goes into training mode for 60 seconds. Push a button in the AOSS client program on the device and the two setup a nice encrypted connection without nary a password prompt or "WEP, WPA, or WPA2?" question.
"Security for Absolute Idiots" is what we need... or just disconnect those dumbasses from the internet.
Today, in a bold move, Symantec Inc. has re-branded their renowned Internet Security software package. "Our research shows that customers relate better with hybrid names and acronyms." Said a Symantec representative. "We feel that our new product, Symantec InSecurity captures the uneasiness customers have with our product and the internet in general."
Having tried this firewall for myself when I eventually got XP (before going on to Linux), is that their new firewall was the fastest way to get my brand new clean install of WinXP on a dual core computer to it's knees in it's speed of use. I did another clean install just to get the speed of a dual core machine back, the computer ran like it was on a 486 with that firewall. Wasted my money.
Take Nobody's Word For It.
which eliminates Symantic's.
Slow down, cowboy! It has been 4 hours since you last posted. You must wait another few hours.
I've been using Kaspersky as my anti-virus, and while it's usually rated as one of the most effective, it's gotten really annoying. At first it was just the hundreds of megs of log-files, though I've mostly limited those. But some time in the last six months, its virus tables added some pattern that's in most of my Eudora mailfile backups, and it'll tell me file names but not position in the file. AFAICT, I received some email that either contained a virus or contained a string that Kaspersky thinks looks like a virus signature, and either it's still there or (more likely) I deleted it but hadn't compressed the mailbox file to get rid of it at the time I did the backups. I've cleaned up a few instances of this, but there's some I just can't find sigh.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
More important, though, is having an external firewall that keeps the riff-raff attacks off your computer, at least long enough for you to download Windows updates and anti-virus updates to a new computer. Typical Windows XP computers without them tend to get owned before they have time to get their updates in place, and by keeping out some of the noise, they also reduce load on the computer's operating system. While NAT is overall an abomination that breaks the Internet End-to-End Model, it does at least block some kinds of attacks, and makes it harder for computers that do get owned to send out packets with forged source addresses.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Chapter One: The Computer
The "computer" is the rectangular box with a few buttons on the front. The "monitor" is the box with the pretty pictures. These two terms are not interchangeable.
Chapter Two: The Internets
Also known as the "web", this is where porn comes from.
Chapter Three: Computer Security
Both the computer and the Internets are very dangerous - Terrorists use both. To keep your computer absolutely secure, DO NOT CLICK ON ANYTHING, EVER.
THE END
I'm not tense. I'm just terribly, terribly, alert.
Regina: Is Blu-Ray a carb?
Cady: YES.
You can hold down the "B" button for continuous firing.
yeah lets put an elefant in our place so there will be just enough room for us, this way noone else gets in. and he'll shit inside, eat our food and slow life down in general... Symantec? why are they still in clogging up business? maybe because of pre-installation just like Msoft?
Dont Judge The situation by the Misfortunate. Goga.
Anything relying on the home user doing or not doing something is bound to fail. Click here to have all your bank account details sent to the Russian mafia and your computer reduced to a doorstop.
davecb5620@gmail.com
'Fraudsters .. are distinguished from hijackers who compromise your machine for local data or to make it part of a "bot farm"'
.. discusses the basics of Internet Protocol (IP), and what firewalls can and can't do"
.. "Use a firewall" and "Don't Open Strange E-Mail")'
..
Would this machine be a Microsoft Windows machine or any other kind of 'computer'?
"Chapter 3
Does it say they don't work, especially the software ones. They are ineffectual as things like RPC over HTTP and SOAP are designed to - bypass the firewall.
'The following two chapters cover the various forms of "malware" (viruses, worms, adware, spyware, and Trojans)
What OS does this malware predominatly run on, give examples. Does Symantec say how to tell if an email is 'strange' without opening it. Wouldn't you have to be psychic?
"The authors state that for most people "spam is an annoyance rather than a plague"
A hundred spam emails a day isn't an annoyance. Why the f*** in 2008 can't you innovators design an email system that provides security, identity and protects against viruses/spam/malware, come on, where is it?
"The thinking is that Firefox and Opera will be more secure because fewer exploits are targeted towards them"
No, the thinking is that they are more secure because they don't use activeX and they aren't welded to the OS like IExplorer.
'I believe that anyone with a computer connected to the Internet would benefit from reading this book'
Since when did Microsoft Windows become synonymous with 'a computer'. A better advice would be to upgrade to a real 'computer' like a Mac or Linux. If you must do online transactions use the Knoppix CD and reboot after each online transaction. Finally my advice garnered from years of experience, if you want to stay safe online and you have to use Windows is:
don't use Internet Explorer
don't use Outlook Express
don't use msOffice
davecb5620@gmail.com
Securing a computer? That's easy, just follow these small steps. 1.) Uninstall Symantec 2.) Install Kaspersky 3.) Get a firewall 4.) Stay away from the Geeksquad. 5.) STOP SURFING PORN!