Late last week the Obama administration released a document that outlined ideas and process for developing a more secure experience on the internet. There is a real and present danger from losing one’s confidential information through various cyber attacks. This leads to credit cards being charged for items you did not purchase, withdraws from your bank account, or even fraudulent accounts set-up in your name. It can wreck your finances, credit, and generally make life hell.

It’s worth reading the document if only to gird yourself against what will no doubt become the top panic topic du jour from the talking heads of media. The contents of the document will no doubt be distorted beyond measure.

My take from having read it is the technology and process already exist. There are many open source measures from PGP and OpenID that one can use to create a more secure precense on the web. The problem is it takes education and understanding – a focus that should have been the majority of the document but wasn’t.

Indeed, the strongest set of security tools and measures are completely useless if people don’t know how to use them and why they need to be used. Today’s internet environments like Facebook create habits that encourage one to lose their information. You become trained to click on any link someone sends (the quintessential internet security no-no), you friend anyone that sends you a request out of guilt, and post your daily information and habits for anyone to use to social engineer any answer out of you they’d like.

Creating good security habits, understanding how your information gets hacked and used, and knowing the basics for keeping the computers you use free of malware is a far better, far cheaper solution than any national internet ID plan.

Where do you get started?

One of THE best security podcasts available is Security Now! with Steve Gibson on the TWiT network. Few can interpret and relay complex information like Steve.

Though it’s a bit dry, The United States Computer Emergency Readiness Team has a good set of topics that is worth reading – from creating secure passwords to avoiding social engineering and phishing attacks.

All this is very similar to the old Smokey The Bear campaign – “Only you can prevent forest fires.”

Only you can prevent yourself from getting hacked.

Computer viruses, trojans, and malware in general all helps in the effort to hack computers with the purpose of corporate or government espionage, bilking money out of unsuspecting users, and in some cases just general mayhem. Already it has been used to wage a cyber war to cripple countries.

It’s a constant game of cat and mouse to write and deploy software or hardware that is secure. Patching is a regular thing in today’s world, with Microsoft’s Patch Tuesday being one of the more famous.

Computer security is a serious issue. At the local level, many home computers are potential targets to become computer-like zombies for enormous botnets that are then rented out for all manner of nefarious purposes. There are many ways to handle it – with a large one being proper education and instruction.

And that’s where a rather poor idea was put forth by Microsoft’s Corporate Vice President for Trustworthy Computing Scott Charney. In order to diagnose and secure computer,s Charney proposes a tax to pay for such procedures.

As reported in IT World,

So who would foot the bill? “Maybe markets will make it work,” Charney said. But an Internet usage tax might be the way to go. “You could say it’s a public safety issue and do it with general taxation,” he said.

There are so many better ways to keep computers, especially home computers, safe and secure.

How about:

1. Microsoft writing software that wasn’t so utter crap that most hacking is done with simple scripts.
2. Reversing Microsoft’s harmful strategy of not allowing pirated copies of their software to receive updates and patches. There are millions of computers on the net in China alone that are barred from getting patched and thus now part of the massive botnets that spread malware across the globe.

Microsoft, heal thyself first before even thinking a tax on everyone else.

Most good security boils down to a need for better education in our school systems on basic computer maintenance and security. From 1st grade we should be teaching the skills of how to keep software up to date, how to spot phishing attacks and malware, and how to keep your network clean.

Indeed, it should be as common place as reading, writing and arithmetic.

I was going to write a nice post on CSS. However, I kept running into these tangents about security. So in the interest of not creating one giant confusing post I’ll address security here.

Security is of major importance to the coder and end user.  We see today the results of lackadaisical attitudes towards security. Viruses, Trojans, worms, bot nets, and enormous amounts of packet clutter clogging bandwidth and in-boxes, stealing identities, and generally being a pain in the ass.

When things go wrong it’s almost invariably the result one of two areas. An ignorant and/or sloppy programmer or an ignorant and/or lazy end-user. The programmer who doesn’t take the time to understand what they are coding creates new vectors for attacks. The end user who doesn’t keep software up to date, use proper passwords and protections allows for those new vectors to be exploited.

Happily there are steps you can take to keep your computer secure.

1) Choose proper passwords. Ideally you want something that is over 26 characters long (notice how many sites ask for 6-8 characters. Sub par.). You want at least one capital letter and one numeral. If you can, make it a phrase. It’s easy to hack a one word password and the software to do so can easily be found.

2) Keep your software up to date. Patch, patch, patch. Notice this step wouldn’t be necessary if programmers took their time to output better quality, better tested code. Regardless, most of today’s bot nets, Trojans and worms can be wiped out by a simple patch. Amazingly hundreds of thousands of people can’t be bothered to do this simple step. Don’t be those guys.

3) Log out. If you use a site that requires a log in, don’t just close your browser or tab. Click on the log out button (then close your tab or browser). Far too many exploits today are taking advantage of active cookies.

4) If you are using IE for your web browser, pick a different one. Any other modern browser is better in regards to both speed and security.

5) If you have your email preview pane on, turn it off (and do yourself a favor, delete emails from entities you don’t know without opening them. If it’s important they’ll call).

Any modern machine should already have a firewall installed and just about everyone is behind a NAT router, so no real need to go into that.

Follow those five steps and you will significantly reduce the chance of getting something ridiculous on your machine and spreading it to others.

Finally, something my CMIS101 programming teacher turned me on to – the Security Now! podcast featuring Steve Gibson. If you are serious about web programming and programming in general, cut your security chops by listening to him every week. You’ll learn far more than you imagined possible. Perfect for the daily commute.