Complete Transcript of Interview – Randy Abrams - ESET
Let’s Talk Computers Radio Talk Show
Host Alan Ashendorf
December 6 2008
Alan: You’ve always heard that, “your wireless connection needs to be secure.” So you followed all the correct procedures to make sure that your wireless router and your wireless laptop are both configured for maximum security. But, now you find out that this security can be broken; and in less than fifteen minutes! How can you make sure that your computer is now being protected? Our guest today is Randy Abrams, Director of Technical Education with ESET. Welcome back to Let’s Talk Computers, Randy.
Randy: Hi, Alan. It’s great to be back. Thank you for having me.
Alan: Randy, we know we want our wireless system to be secured through multiple types of protocols that we can use to set up security. But, what type of protocols are available to use to protect our systems?
Randy: Well WPA encryption replaced WEP encryption, with the point of making it to make it so that other people can’t snoop on you and they can’t see the information going between your computer and wireless access points that you may connect to, such as at a Starbucks or in a hotel or in any other place that has WiFi, whether or not it’s paid or whether it is free (or even in your own home.)
Many people have laptops and use wireless to connect their laptops even at home and without the encryption then anything and everything that you type can be what we call, “sniffed,” where someone that’s in the vicinity can actually see what you’re typing. So, if you go log into bank account, then instead of the data being encrypted, which it should be in a different phase as well – it could be seen and even if it’s encrypted, it may not be between your laptop and your router.
Alan: Everybody says that, “When you’re setting up your router and your laptop, don’t use WEP.” What exactly is WEP and why should we not use that?
Randy: WEP (Wired Equivalent Privacy) was the first encryption protocol, the first way that they tried to hide data. However, there were very man problems with the way it was implemented. So, it was very easy to crack, to figure out how to get around it. So, they came out with WPA (Wi-Fi Protected Access) and WPA2, which were much more robust, but still not robust enough to stop the bad guys who want to crack it.
Alan: Usually when you buy your router or you get your laptop and you try to hook up to a wireless WiFi, it’s wide open out of the box and it really shouldn’t be that way, should it?
Randy: No, it shouldn’t, but it causes tech support calls if you have it encrypted out of the box and so they tend not to have it encrypted out of the box.
Alan: How should we handle this – because the last thing we want is for this wireless laptop to be wide open so that I’m not going to say anything bad about the neighbors or anybody down the street. You never know who’s going to be attaching to your system if your system is wide open.
Randy: That’s also correct. The WPA can limit access to your wireless system, as can WEP, just not real effectively. You want to have it protected. Some actually people leave their systems open on purpose, thinking that it’s really cool to give people free Internet access.
Alan: That’s a no-no, because when they give them free Internet access, aren’t they giving them free access to their own private network in some cases?
Randy: If they don’t have their firewall configured properly, then – yes, they could actually be giving them access to their own network, too. That is why you use “defense in-depth”; you need to have more than one level of protection. Today you need more than two or three even, in many cases.
Alan: For a home user, if you cable access, you just have a cable box. Most people think a cable box is really a firewall. However, a cable box is no firewall, whatsoever, even if it’s a cable box that’s wireless.
Randy: Correct. Well, the cable box itself is just a modem, essentially. It only translates the signal from the cable company to your computers so that you can talk to it. In addition to the cable box you need a router.
No, I have a router that’s a combination cable box and router, but it’s built specifically to have that. And then, the router has somewhat of a firewall; it’s not a high-grade firewall, but it does offer some level of protection. So, I also use a software firewall in my computer.
Alan: You can’t really have too much protection, because as you said, you have to have protection in-depth because these threats that are coming out now are so sophisticated and there’s so much money behind these people who are building these threats, aren’t they?
Randy: There is, because your computer is worth money to some of the bad guys; just to be able to use your computer to send spam is worth money.
Alan: I have heard the excuse that, “Nobody wants my computer; there’s nothing on my computer that anybody would want and so why should they worry about using my computer, because it’s so slow, anyway?”
Randy: It doesn’t matter. They have all the time in the world and it’s your computer, not theirs. The fact is that your computer is worth money to them in terms of being able to send spam; your computer is worth money to them because they can store illegal content on your hard drive. There are pirated MP3s and they can store them without your knowledge on your hard drive and if it gets discovered it’s going to look like you put those files there, yourself; and now you’re going to have problems with the police.
Alan: If you don’t think that this can happen and can happen to somebody who’s totally innocent and ruin his or her life, forever – you have a friend who something happened to their computer system. It changed their life, didn’t it?
Randy: Well, yes. In the case of Julie Amero, it was a matter that the school neglected to put any current anti-virus software on the school computer; they didn’t have web filtering, which they should have had. They just forgot to pay for it. They were running Windows 98, which was an insecure operating system, besides which one of the other teachers had gone to a greeting cards site and gotten the computer infected.
When Ms. Amero was teaching class, all of a sudden pop-ups started happening and it was displaying pornography on their computer. Now, the school and police and the prosecutor’s office have zero technical skills and so they assumed that she was browsing for porn.
As a result, she lost her job and went through a very lengthy court battle and because the state was completely unable to accept responsibility for false charges, she just recently agreed to a misdemeanor disorderly conduct, when there wasn’t no disorderly conduct, at all.
She had actually been convicted of endangering children or something like that and the conviction was tossed out by the judge, after it was discovered how completely inaccurate the prosecution’s testimony was. If that conviction had not been tossed out she would have been on the sex offender’s list for simply being a victim of Spyware and Adware.
Alan: This same scenario is repeated over and over again and this is where your ESET Smart Security comes in because you have defense in-depth for this.
Randy: It’s one of the defensive mechanisms that you use to prevent bad stuff from getting onto your computer. And there are actually other cases where the bad guys are compromising computers and installing pornography, child pornography on the computer.
People actually got arrested and then convicted because the pornography was there and they didn’t even know it was on their computer. It’s quite important to have a high-quality anti-virus product to help protect against getting the malicious software onto the computer that allows the bad guys to use your computer for their purposes.
Alan: I’m a hacker and a hacker to me is the good guy. The cracker is the bad guy. But, I actually watched one of these scams going down real-time on a PayPal scam and you could see the credit cards being deposited on a computer system that belonged to a school.
Randy: Yes, it’s very common. We’ve seen church computers that have been compromised and there was pornography on the church computers, even.
Alan: If you don’t really control what gets put on your computer, you can’t have this “Surprise – I didn’t know anything about it.” You have to rely on protection and you have to be proactive in the way that you do it.
Randy: It’s extremely important. You need to have the firewall; you need to have the anti-virus software. You also need to make good choices about what websites you go to.
Alan: Some of these websites download sites that say they are safe download sites. Well, to me, there is no “safe download sites.” There may have been a safe download site, but you can’t make that statement 24 hours a day, can you?
Randy: No, the bad guys are actually even attacking legitimate sites. Just recently CNET’s download.com was hosting fake anti-virus software. They didn’t realize that the software was a fake. The people that make this fake software are constantly changing their software so that the real anti-virus products don’t detect it. As a result, people could have gotten infected with Adware and Spyware for downloading something that was made available on download.com that looked like was a real anti-virus product.
So, whenever you’re going to choose a security product it’s very, very important that you do some research. Make sure that it’s properly certified. Check out the Web and see what people are saying about it, because usually if it’s the fake stuff, you have heard a lot of comments about it’s being Spyware or Adware.
Alan: You’ve got to remember that your computer system is kind of like a house. You have the inside of the house; you have the outside of the house; and then you have the “wild-wild west”.
You can protect the inside of your house, but when you get toward the outside of the house, you really have to do what I call “due diligence” to make sure that you are doing everything you can to protect yourself, because the bad guys are trying to change the sites. They are trying to buy good, legitimate sites to use them for drive-by downloads and you really have to be on your toes, don’t you?
Randy: Absolutely. The user who’s going to be secure is the user that understands that there is no 100% security. They realize that there are vulnerabilities and then take steps to educate themselves, to learn more about security and how to secure their computers and be more secure online. And they also regularly learn what is happening in the computer world so that they can stay up to date with the latest defense mechanisms.
Alan: Because if you go to a site and you accidentally pick up a drive-by download, it’s going to try to install on your computer system. It’s the software that’s on your computer system that is the last-ditch approach that’s going to pop up a box and say, “Whoa – wait, wait – we can’t do this!” That’s the part that you need to really protect. All of this other stuff, such as the “fence around the parameter” and everything else is great, but you are trying to protect the box, aren’t you?
Randy: Right, it’s the last line of defense. It’s like of like the seatbelt in the car – by the time you need the seatbelt, there is a bit of a problem.
Alan: What words of wisdom do you have to help us protect our computer system against all these new ”nastiest” that are coming out?
Randy: It’s very important that you keep your operating system up to date, but also, all of your programs, like your Adobe Acrobat programs; your iTunes; your media players. All other product that you have on your computer you should check because they often have vulnerabilities and if you patch those vulnerabilities then you protect from any attacks so that it doesn’t come down to the last line of defense.
It’s also important to have a good high-quality anti-virus product and a firewall and keep your security software current and-up-to date. Use the most current version and educate yourself; learn more about computer security because it’s become a required skill in today’s world.
Alan: They should actually teach this in school because computers are not going to go away; they’re just going to get more sophisticated and the bad guys are going to get more sophisticated because they are the ones that are putting all the money into finding loopholes and finding ways to get into our computer system. This is not every going away, is it?
Randy: No, it won’t go away. I do believe that probably in the next several years we will find that basic computer security becomes part of the elementary school curriculum. Knowing how to safely use computers has become an essential life skill in our society.
Alan: What are we looking at as far as the price of your ESET Smart Security and your award-winning NOD32 Software?
Randy: ESET NOD32 Software is $39.99 for a one-year subscription for one pc. Now, if you go from a one-year to a two-year license or if you go from a one-pc to a three-pc license then there are definitely price breaks.
ESET Smart Security is $59.99 and that includes firewall and the Anti-spam, in addition to the NOD32 Anti-virus engine. And again, for a two-year license there is a price break and for two-thee and four user packs, there are price breaks, as well.
Alan: If someone would like to find more information about the ESET Smart Security or your NOD32 Software, where would they go?
Randy: They can go to http://www.eset.com and also if they have general security related questions I am happy to answer them at the email askeset@eset.com.
Alan: Randy, as always, it’s been our pleasure to have you as guest here on Let’s Talk Computers, talking about how we can protect our laptops and our desktops and all of our Wi-Fi systems. We look forward to having you back on the air again, real soon.
Randy: I look forward to being back. Thank you so much.
Visit ESET on Facebook
Follow ESET on Twitter