Setting Up Security for Computers

(Clearwisdom.net) The details in the following article are quoted from the newspaper Computer. I think that it is useful for Dafa practitioners to protect the security of their computers, especially the security of the user who is an administrator. I am posting it so that everyone may learn about it.

When installing your computer's operating system, the first thing you should do is turn off the network, and the easiest way to do that is to unplug the network cable. This is because, during the process of installation, after the network components are successfully installed, the installation program will continue to install the other components. Once the network components are installed, in principle, others can already access this computer through the network. So, if the installation program doesn't have the proper patches [for protection against the latest security exploits], then this computer is unprotected and exposed to the network. Before installing the security packs and patches, viruses might have already infected the computer, so we suggest that you install all the security packs [and patches] before you hook up your computer to a network.

Moreover, you need to pay attention when choosing an installation program. Some people like to use the illegal versions of installation disks from the pirated market, such as the "N in 1" install disk, and the "Universal Ghost mirror disk." Actually, those are not reliable, and they might include viruses, Trojans, or spyware programs.

The consequences can be very serious if you do not set up the administrator password. Few people pay attention to this while setting up their account. Take Windows XP as an example. When installing the XP operating system, the installation program will set up two accounts: Administrator and Guest. The first one has the maximum rights and privileges, and it is the default account when you start the computer. The latter has only basic, minimal rights. This is different from Windows 2000. When running Windows XP for the first time, you can set up your own account from the welcome screen. Many people, after they set up their own daily account, will ignore the administrator account that has been set up during the installation. This is a big security loophole. Because this account has maximum rights, you need to set up a password for it. Many people don't pay any attention to it. They might not set a password for it at all or just set up a weak password. The consequences may be very serious, because even if you have installed a security program on your computer, for hackers, it is like a computer without any security.

Hint: The most direct way other people use to enter a computer system through the administrator account is to log in locally. Although you won't see the Administrator account on the welcome screen of Windows XP when you start the computer, you can open the dialog window to log into this account by pressing "Ctrl+Alt+Del" twice. From that window, you can enter Administrator and corresponding password to easily log into the system and get all rights to operate the computer.

To protect account security, you should do the following:

1. Set up a strong password for the Administrator account so that others won't be able to figure it out by guessing. Here is the procedure: in the dialog window "Run," type in "lusrmgr.msc" and then hit "enter." The "Local Users and Groups" window will show up. Click on "user" in the left panel in the window. Then right click on the "Administrator account" in the right panel of the window. In the menu, select "set password." Then set up a strong password using the dialog window. Also, to avoid any losses, you need to pay attention to the warning dialog that shows up before you set up the password.
2. Rename the Administrator account, making it hard for others to get into it. Here is the procedure: type in "gpedit.msc" in the dialog window "Run," then hit "enter." A window called "group policy" will show up. In the left panel of the window, choose "Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Option." Open "Security Option," then double click "Accounts: Rename administrator account" in the right panel of the window. Rename it in the dialog window. Hint: Give it a strange name so that others won't be able to guess what the account stands for. Avoid using general names like "Admin," "root," etc. The more uncommon and more un-noticeable the name, the better.

Also, you needs to pay attention so that, for daily use, it is better to set up an account with moderate rights (not maximum) and only log onto the Administrator account when some changes need to made to the system settings. This way, even if a virus from a running program file infects your computer, the virus won't be able to infect the computer system or spread even wider, since this account for daily use doesn't have the maximum rights or privileges.

Note: In Windows XP Home Edition, you can only log onto the Administrator account in Safe Mode but not in Normal Mode, so you must start up in Safe Mode to set up the Password for this account.

Weak passwords have the following features:

1. Too short, e.g., only 4 ~ 6 letters or numbers
2. Simple combination of numbers and letters
3. Uses an important date (birthday) or a telephone number or some words that can be found in a dictionary
4. The same password is used for a long time without changing it

Strong passwords have the following features:

1. It has more than 10 digits.
2. Using a combination of lower case, capital letters (in most cases, the passwords are case-sensitive), numbers and special symbols
3. According to the level of importance, you should change the passwords regularly. Also you should always set up new passwords from time to time instead of rotating several of the same passwords.
4. Passwords need to be complex, but also easy to remember.
5. It is not a good password if it is so complex that you have to write it down on a piece of paper.

One needs to also secure the flash disk to prevent documents from being stolen.

Nowadays, there is software called "FdiskThief" that can steal important documents from the flash disk as soon as you plug the disk into the computer. To avoid this, when using others' computers, you need to do some work beforehand.

For example, you should set up a secure disk in the Flash disk by using software like Dekart Private Disk or Truecrypt. [These programs encrypt the contents of the Flash drive.] Then read and write all the important files into this secure disk (folder). This way, all the important files will be secured, and others won't be able to steal it.

December 13, 2005

Chinese version available at http://www.minghui.org/mh/articles/2005/12/16/116475.html

 Yearly Archive   Printer Version