January 14, 2006

CHASE Presentation: PC Security - Viruses and More

This month's CHASE talk was given by Donald Forbes from Starlite Solutions. Unfortunately, it was a rather disappointing and difficult to follow presentation.

Donald is obviously a very clever man, but his slides were pitched at too in-depth a level for the audience and he has a tendency to become dragged off on a tangent to answer questions in far too much detail. For example, when asked what the letters RSA stand for, he would have been better stopping after explaining that it's the initials of the people who invented it - Rivest, Shamir and Adleman - and that it's a system of encrypting data. Instead, we got the beginnings of the theory of public key cryptography.

The takeaway message from the talk was if you want to keep your PC secure, don't connect it to the Internet. Strictly true, but not particularly useful advice for the attendees who, I think, were more interested in practical tips on mitigating the risks of being online whilst still being able to take advantage of the benefits of the Internet.

Jeff Veit made a valiant effort to keep the discussion on a level where more of those present could participate - asking for explanations of some of the jargon, and prompted the following list of "Top things to do to keep your machine safe":

  1. Make sure you've got a firewall between your machine and the Internet. Preferably one that's a separate hardware box, rather than just some software on your PC
  2. Use anti-virus software, and ensure you keep it up to date
  3. Regularly check your PC for spyware
  4. Finally, make sure your data is backed up so that you can recover from any problems. (After much goading from Jeff, I did get to briefly plug PeerBackup :-)

The other interesting bit of information I gained from the discussion afterwards is just how poor the UK banks' approach to security is - in Poland, one of their banks issues scratchcards with one-off security codes for each transaction (you scratch off a new panel to reveal a code you have to enter, which is then invalid for any later transactions), and another sends you an SMS with a code in whenever you're performing a transaction. Much better than the basic "enter the first, sixth and fourth" letters of your password that NatWest uses!

Posted by Adrian at January 14, 2006 07:47 PM | TrackBack

This blog post is on the personal blog of Adrian McEwen. If you want to explore the site a bit further, it might be worth having a look at the most recent entries or look through the archives or categories over on the left.

You can receive updates whenever a new post is written by subscribing to the recent posts RSS feed or

Post a comment

Remember personal info?

Note: I'm running the MT-Keystrokes plugin to filter out spam comments, which unfortunately means you have to have Javascript turned on to be able to comment.