Security Tools

Security is an interest of mine, so I wanted to describe some computer security tools I use. By no means does the use of these tools mean I am secure though. Security itself is more an attitude than a state. I recommend such books as Writing Secure Code, Second Edition if you want to get a good sense of software security practices.

Microsoft Security Essentials screenshot
Microsoft Security Essentials screenshot

First, I use Microsoft Security Essentials as my antimalware software. It is free software from Microsoft filling both antivirus and antispyware functionalities. The software prevents a very simple user interface. It either displays green showing that you are protected or it display red indicating that you are not protected. Antimalware software such as this are reactive though. They are of little or no good against new threats.

The next tool I have been using lately is LastPass. LastPass provides both an online encrypted store of passwords as well as the ability to generate passwords randomly. With it, I have been able to change several of my online passwords to passwords unique to those sites. Randomly generated passwords are computationally difficult to brute force. Because they are long and have characters other than just letters and numbers whenever possible, it would take a dedicated person over a million years to find the password. The advantage of having a password unique to different sites is that a password that is compromized on one site does not mean that passwords on other sites are compromised.

Another tool is Trusteer Rapport. The Rapport technology integrates into the Web browser to a deep level to prevent malware from capturing the screen, capturing keystrokes, or otherwise interacting with a Rapport-protected site. There are greater protections when the site, usually a financial institution, is affiliated with Rapport.

To help ensure that e-mail from banks and social networks is legitimate, I use the Iconix Truemark service. For companies that have affiliated with Iconix, the service will use and augment such technologies as SPF to mark e-mail that is definitely legitimate.

Another tool I use is a VeriSign Identity Protection security token. I also have a very similar RSA SecurID. These are devices used in two factor authentication. In order to log in to a site like Paypal or E*TRADE, I need to supply both my password and the code one of these devices generates. The code on these devices changes every thirty seconds or so. This means that not only do you have to go through a million years of brute forcing a password, you have to compress that million years into that thirty second window. Otherwise, the password will change on you. Beyond that, let’s say you saw my credentials. They won’t do you any good since the passwords become only useful one time.

Join the Conversation


Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.