February 06, 2003, 3:14 PM — A coalition of technology companies and others doing business on the Internet have released a list of nine steps they believe consumers and remote workers should take to protect themselves and keep their computers from being used as weapons on the Internet.
The Internet Security Alliance's (ISA) recommendations, published in its new "Common Sense Guide for Home and Individual Users," won't be a surprise to most company system administrators, but some of the steps may be new to many Internet users, according to speakers at a Thursday press conference. In July 2002, the Internet Security Alliance, which represents about 2,500 technology and Internet companies, also released its "Common Sense Guide for Senior Managers," and both guides are available at http://www.isalliance.org/.
More consumer education is needed about Internet security, said Orson Swindle, a commissioner with the U.S. Federal Trade Commission (FTC). He prefers a proactive approach, with publications like the ISA's, instead of consumers finding out about security issues when a virus is making the rounds.
"We have long way to go, and we literally do need events every month to raise awareness," Swindle said. "I believe that good privacy and security practices help build consumer trust and confidence, and without trust and confidence, I am almost certain the benefits of information technology and communication ... will never, ever reach their full potential."
The nine recommendations are divided into seven basic actions and two advanced actions. The seven basic actions are the following:
-- Install and use antivirus programs.
-- Keep your system patched.
-- Use care when reading e-mail with attachments.
-- Install and use a firewall program.
-- Make backups of important files and folders.
-- Use strong passwords.
-- Use care when downloading and installing programs.
The two more advanced actions:
-- Install and use a hardware firewall.
-- Install and use and file encryption program and access controls.
Some of the items are easier recommended than implemented. The vulnerability allowing the Slammer worm, which hit Microsoft servers worldwide in late January, was first identified eight months earlier, and Microsoft Corp. issued a patch for it six months before the recent attacks, noted Dave McCurdy, executive director of the Internet Security Alliance.
"There are many people who should have been aware, but had not taken action," McCurdy said.