With 2006 just getting underway, we are already in the midst of the first critical security issue, as Windows users, security administrators and the security industry struggle to battle the WMF Image Handling Exploit. But, the beginning of the year is also a time for making New Year's Resolutions. People will resolve to lose weight, quit smoking, get out of debt, and a myriad of other things. History has shown that most people lack the conviction of their beliefs and will never see their resolution through to completion. I have resolved to lose some weight every New Year's Eve for the past decade- still waiting to come up with a plan or the self-discipline to do it, but its a resolution nevertheless.
As you sit down to ponder 2005 and dream about 2006 I wanted to offer some things you can consider using as your Internet / Network Security resolutions. So, here is my Top 10 list of things you can resolve to do to be more secure in 2006:
- Choose a new / better password: Odds are good that you have been using the same password for quite awhile now. Odds are also good that your password is somehow based on your name, your child's name, your social security number, etc. Now is a great time for you to resolve to use stronger passwords to protect yourself and your data. See Password Security for more information.
- Keep your system patched: Vulnerabilities are discovered all the time in operating systems and applications. If you subscribe to an email distribution like Bugtraq, or turn on features like the Windows AutoUpdate you can stay in touch with what is going on and know when new patches are available that you should apply to your system. Managing and maintaining current patching is a full-time job for some network administrators. For those trying to manage patching for a number of computers I would recommend joining the PatchManagement.org list.
- Install and update antivirus software: New viruses, worms, Trojans and other malicious code are discovered every week and sometimes every day. It is important that you not only install a good antivirus software package, but that you check with the vendor on a weekly basis for any updates to the virus definitions and apply those as well. If you don't keep your antivirus software updated you may as well not even have it installed. If you would like to see some good antivirus applications that you can use for free, see Free Antivirus & Virus Removal Software.
- Install a personal firewall application: If you keep your system patched and your antivirus software updated you can rule out many of the threats to your system, but there are a number of other ways your system can be compromised. By installing a personal firewall program you can block unwanted traffic from entering your computer and many of the applications will also monitor how your programs interact with the operating system to alert you when you might be infected with a Trojan as well. You can find many good personal firewall programs here: Free Personal Firewall Software
- Don't open unknown file attachments: Malicious programmers try to come up with the best subject lines and message bodies for the emails they use to propagate their viruses, Trojans and other malicious code. Many times the email is in broken English that makes no sense in which case it should be obvious that you should delete it without a second thought. But, even if the message makes sense you should think twice about opening any file attachment you don't 100% know the origin or contents of.