If you talk to computer experts, the most common home computer vulnerability is a lack of user sign-in procedures - also referred to as "log-in," "sign-on" or "log-on" procedures. Computer sign-in procedures are integral to home computer security and are a form of authentication designed to limit user access to you, or to other people you deem necessary. The concept of signing in to a computer system derives from the practice of punching-a-clock before beginning a day's work in a factory. The term was coined by IBM personnel during early computer development.
In short, you should establish two user accounts on your home computer systems - an administrator account for software - and a separate daily-use account for normal use. The administrator account will have full privileges to allow you to perform all home computing functions such as downloading software. The daily-use account will have limited privileges and will not allow you to download or install software while signed in to the account.
You should also limit the time you are online while signed in as administrator on your home computer. For example, it is not wise to stay signed in as administrator while researching online for a writing project. If a hacker, automated virus or other malicious attacker were to enter your computer while you are signed in as administrator - all permissions, user names and passwords could be obtained by the attacker, and it may not be possible to remove the security breach from your computer without reformatting your hard drive.
In general terms, it is relatively easy for those with criminal minds to enter your computer via randomly scanning the Internet for vulnerable computers, or by obtaining your home computer IP address from a spam email message, to attempt to sign in to and control your computer from a remote location (one of many reasons you should not open or reply to spam email).
Obviously, you must sign in as administrator to download software and security updates from the Internet - that is the specific purpose for establishing a separate administrator user name and password. However, the trick is to only stay signed in during short download/update periods to minimize the time your computer may be targeted.
Both of your new user accounts should have separate, hard-to-guess user names and strong passwords to ensure you, or those you designate, are the only persons who can sign in and use your computer(s). Do not use words or dates such as personal names or birth dates for user names and passwords. Create two separate user names with at least eight characters, randomly selecting combinations of letters, numbers and symbols that are hard to guess. For example, choose AAABBB123strong as your administrator account user name and VERY456safe as your daily-use user name. Do not actually use the above two user names - they are noted for example purposes only. Do not use the word "admin" or "administrator," or any other words remotely associated with the terms "administrative" or "user," for user names.
Do not use the word "password" or "pass" or anything similar for your new passwords. Create passwords with at least eight characters, randomly selecting combinations of letters, numbers and symbols that are hard to guess. For example, use DDDEEE789### as an administrator password and VERYcomplicated$$$ as your daily-use password.
Keep in mind that user names and passwords are case sensitive. Legibly write down all user name and password information to store in a safe, physical world location. If you lose the information you may have to reformat your hard drive to gain access to your computer.
Turn off all other user accounts on our computer. If you use an office or home office computer within a network, ask your network administrator to assist you with accomplishing all of the above.
Ensure your operating system firewall is switched to the "on" position. If you have anti-virus software that establishes a separate firewall in the "on" position that is also fine - but one of the two firewalls must be on.
Establish additional firewalls on all computer connections where it is possible to do so.
Download or purchase as much anti-virus and anti-spyware software as possible. If you use more than one type of anti-virus software, the programs should not conflict with each other.
Enable the automatic software and security update settings on your computer(s); run manual anti-virus and anti-spyware scans often; and schedule scans that run when your computer is on but not in use.
In a nutshell, it is impossible to stop a determined hacker or automated virus from entering your computer, but there are many additional layers of authentication and protection you may take to minimize risk. The general idea is to force hackers and viruses to skip past your computer, as they do not have time to concentrate on one computer that is more secure than others.
In short, you should establish two user accounts on your home computer systems - an administrator account for software - and a separate daily-use account for normal use. The administrator account will have full privileges to allow you to perform all home computing functions such as downloading software. The daily-use account will have limited privileges and will not allow you to download or install software while signed in to the account.
You should also limit the time you are online while signed in as administrator on your home computer. For example, it is not wise to stay signed in as administrator while researching online for a writing project. If a hacker, automated virus or other malicious attacker were to enter your computer while you are signed in as administrator - all permissions, user names and passwords could be obtained by the attacker, and it may not be possible to remove the security breach from your computer without reformatting your hard drive.
In general terms, it is relatively easy for those with criminal minds to enter your computer via randomly scanning the Internet for vulnerable computers, or by obtaining your home computer IP address from a spam email message, to attempt to sign in to and control your computer from a remote location (one of many reasons you should not open or reply to spam email).
Obviously, you must sign in as administrator to download software and security updates from the Internet - that is the specific purpose for establishing a separate administrator user name and password. However, the trick is to only stay signed in during short download/update periods to minimize the time your computer may be targeted.
Both of your new user accounts should have separate, hard-to-guess user names and strong passwords to ensure you, or those you designate, are the only persons who can sign in and use your computer(s). Do not use words or dates such as personal names or birth dates for user names and passwords. Create two separate user names with at least eight characters, randomly selecting combinations of letters, numbers and symbols that are hard to guess. For example, choose AAABBB123strong as your administrator account user name and VERY456safe as your daily-use user name. Do not actually use the above two user names - they are noted for example purposes only. Do not use the word "admin" or "administrator," or any other words remotely associated with the terms "administrative" or "user," for user names.
Do not use the word "password" or "pass" or anything similar for your new passwords. Create passwords with at least eight characters, randomly selecting combinations of letters, numbers and symbols that are hard to guess. For example, use DDDEEE789### as an administrator password and VERYcomplicated$$$ as your daily-use password.
Keep in mind that user names and passwords are case sensitive. Legibly write down all user name and password information to store in a safe, physical world location. If you lose the information you may have to reformat your hard drive to gain access to your computer.
Turn off all other user accounts on our computer. If you use an office or home office computer within a network, ask your network administrator to assist you with accomplishing all of the above.
Ensure your operating system firewall is switched to the "on" position. If you have anti-virus software that establishes a separate firewall in the "on" position that is also fine - but one of the two firewalls must be on.
Establish additional firewalls on all computer connections where it is possible to do so.
Download or purchase as much anti-virus and anti-spyware software as possible. If you use more than one type of anti-virus software, the programs should not conflict with each other.
Enable the automatic software and security update settings on your computer(s); run manual anti-virus and anti-spyware scans often; and schedule scans that run when your computer is on but not in use.
In a nutshell, it is impossible to stop a determined hacker or automated virus from entering your computer, but there are many additional layers of authentication and protection you may take to minimize risk. The general idea is to force hackers and viruses to skip past your computer, as they do not have time to concentrate on one computer that is more secure than others.
Source...