Tuesday, June 16, 2009

Online Armor: Best Practices - 1

How to get the most out of Online Armor (without losing your hair)

In order to get the most out of Online Armor, you really need to understand what it's for and how it's intended to be used. If you understand these basic concepts, you'll understand what we're trying to do, how we're trying to do it - and hopefully how to make Online Armor slip into the background.

What's Online Armor for ?
When we first started developing Online Armor, it was called "BankSafe" and was designed to stop thieves emptying your bank account. It had a very, very simple purpose, though none of the banks in Australia seemed to be too concerned about this at the time.

As we developed it, we had other ideas. The scope of protection was extended to cover anticipated (and then-current) threats.

However, the basic principles remain the same:

  • If a dangerous program is not allowed to run, it will not be able to do bad things
  • If you do allow a program to run, and it starts to do things that are suspicious - tell the user about it.
  • If a trusted program runs, and does something that looks suspicious, don't alert- because it's trusted.
It would be fair to say that Online Armor is for helping you keep bad things from happening to your computer, and to stop those bad things sending your data to the "bad guys". Designed to help you protect yourself against internet malice.

Any program that you trust, mark as trusted.
On my laptop everything I run is marked as trusted. If I did not trust it, it would not be on my laptop.

If you trust it, allow it to run as trusted. You'll get NO popups if you trust all your safe programs, and have less chance of any problems.

If you don't trust the program, uninstall it.

I know some users try to control what programs can do, to try and limit them, to try and give them "what they need". That's not what it was designed for. Stopping programs from doing things they need to do may cause unforseen issues. If you understand this and want to fiddle with it - great. If not - please don't.

Autoconfigure Trusted Programs for Internet
One feature of OA I was very proud of was the idea that we could auto-configure trusted programs to access the internet. I came up with this idea after hearing the CEO of one of our clients swearing that his personal firewall asked him "all sorts of ******* stupid questions and broke his computer".

Here's the logic:
  • You install Yahoo Instant Messenger
  • This is a safe, Trusted program.
  • You want this to access the internet so that it can do what it does
  • You do not know (or care) about listening, ports, UDP, TCP, "act as server" and all that nonsense - you just want it to work!
Dodgy Analagy time: Imagine a mechanic repairing your car. You ask him to do an oil change. He asks you do you want him to use this wrench or that wrench to undo the bolt. He asks you about the type of oil. He asks you how much oil to put in the car. He asks you which oil filter to fit.

How many times do you go back to that mechanic? Autoconfigure trusted programs is the equivalent of saying to the mechanic "Look buddy, do what needs to be done, I trust you, so get on with it already!"

Make use of the "Run Safer" feature

I've written about run safer before. In simple terms, what it does is to limit the rights of programs to limit damage they might cause.

Once you have trusted all of your programs - and uninstalled the ones you don't trust :) Then it's time to apply some run-safer settings to selected programs:
  • Internet Explorer,Firefox,Opera,Any other web browser
  • Yahoo, Skype, MSN, and any other chat program you use
  • Outlook Express, Outlook, Incredimail, The Bat! and any email program that you use.
Now, you may think "But I trust these programs, and now you're telling me to limit what they can do?" - and the answer is YES!

Chances are, right now, you're logged in as a user with administrative rights. If you don't know what that means - then you definitely are - AND what that means is that programs that run get these rights too. They can do anything to your computer.

The problem arises when Great-Aunt Mabel gets infected - the virus sends you an email , you open it in Outlook Express and click the attachment. Boom. That program can now do anything on your computer it wants. Or, you're surfing a site and some strange file downloads and you accidentally run it. BOOM! That program too can do whatever it wants. The same applies to files you download through Skype (or your messenger of preference).

If you had used run-safer, then the running, malicious attachment or the downloaded file, or the file you got from Skype would be heavily restricted in what it could do.

Ok, you keep talking about Safe, trusted programs - what are they?
A safe trusted program is not dangerous. I know it sounds a little silly, but:
  • Programs you download from Microsoft are safe, even if you think Microsoft is the Devil.
  • Programs you buy on a CD in a store are safe.
  • Programs you get from trusted sources are usually safe.
If in doubt, you can use Google (or Bing) to do a bit of research before you install.

Generally speaking - big companies like Amazon, Yahoo, Electronic Arts, Quicken and so on - let's call em the brand names - are not going to release malicious software.

I know Sony did something stupid a few years back, but this was stupid, not malicious. Online Armor is not designed to protect you from stupid.

Some programs that are not going to be safe:
  • Something that tries to download automatically when you go to a web page is never going to be good.
  • Something you receive in email is unlikely to be good.
  • A web page that keeps popping up until you accept a program to install - this is almost always going to be bad, and it would be better to "end task" or power-off your computer.

If you followed my advice...
... then you should have trusted programs running on your computer. Your browsers and email clients should be set to Run Safer, which will help to protect you against dodgy drive-by downloads and email/messaging malware. You will have your trusted programs automatically configured for internet.

Using Online Armor like this should result in very few (if any) popups asking you hard questions that make you want to tear your hair out. Your programs will work. Runsafer will prevent (or at least limit damage) if you accidentally run something from a website you shouldn't have.

Add to Technorati Favorites

Add to Technorati Favorites