Computer Security Alerts for End Users - Be Alert, Not Alarmed.

[thorfinn]

If you use a computing device that is not maintained by a corporate IT department, you need to know that your device is likely vulnerable to security issues. It doesn't matter whether it's a Mac, a Windows PC, a Nokia Phone, an iPhone/iPad, an Android phone, a Windows Mobile, a Linux laptop, an XBox or Playstation, all computing devices have security issues from time to time. What does differ a little is how quickly they get fixed, and how quickly you can find out about them and install the fix, and the type and scale of problems, but really, the take home message is that all computing devices have security issues.

If you own a device that connects to the Internet in any way (and pretty much everything does now), then you have a device that can be potentially be hacked by any random other person on the Internet. If that happens, you are really stuffed. Your computer (or phone, or whatever) will be used to conduct all kinds of illegal activities (like hacking other people, sending spam, etc), all your personal data can be made public leading to identity theft, online banking theft and worse,

Ultimately you, as the end user, need to be informed. If you don't even know that your computer/phone/games console/whatever might have a security problem, that means it is sitting there waiting to be hacked and controlled by someone else.

The first place you should be looking for timely information is a known security updates publisher. For normal people, I highly recommend the Australian Government's Stay Smart Online Alert Service (AusCERT funded by gov.au) and the US CERT: Non-technical users page.

US CERT and AusCERT also have much more detailed alerts, which are more focused at professional systems administrators than for "normal" people. If you have the time and inclination, I recommend AusCERT.

• Stay Smart Online Alert Service (AusCERT funded by gov.au)
• US CERT: Non-technical users page
• Stay Smart Online (Australian Government)
• US CERT
• US CERT RSS Feeds and Mailing Lists
• AusCERT
• AusCERT RSS Feeds
• AusCERT National Alerts Mailing List

I know those security updates may look daunting and confusing for many people, especially ones not involved in the IT industry. Please, really, really, take the time to learn enough to understand what the security updates mean and how to take appropriate action, and get informed about the computing devices you use, at least enough to know how to update your Operating System and any Software you use. Use Wikipedia to search out any terms you don't understand, ask around any computer geeks you know for help. We want you to stay safe, I promise.

The main things you need to care about on any given security alert is:

1. Does it apply to you (does the Operating System match one you use, and/or is it about Software you use)?
2. Do you need to do anything (is there an "update your software here" link in the update, or other instructions)?

If the answer to both of those is yes on any given security alert, then please, go and update whatever needs updating. If you don't, your computer will remain vulnerable to a known security exploit - which means that at some point in time, your computer will eventually be hacked by some bad person, leading to all the issues above.

So please, for your own safety, Be Alert, not Alarmed. The world needs more lerts.

Edit: This post was originally written before the existence of the Stay Smart Online Alert Service, which was launched shortly afterwards. The post has been edited to recommend non-IT experts to go there first, rather than directly to US/AusCERT.

Post lives at http://thorfinn.dreamwidth.org/50262.html (
comments). Log in using DW OpenID Help then comment there