Are you competent to run Windows safely?

I recently wrote about defending a Windows computer from the Clampi Trojan. Much of the advice, like disabling autorun, was pretty standard stuff. But, taken as a whole, it's a very long list of tasks and a huge undertaking.

Windows can be made secure, but the time, effort and required technical experience is beyond many. It could well be that most Windows users are not capable of maintaining a secure system.

This is an especially serious issue for anyone that uses a Windows machine for online financial transactions. If you can't maintain and run the machine securely (or hire someone to do it for you) then you need to be aware of the risks you take when doing online transactions. At the least, read Cyber attackers empty business accounts in minutes.

I wrote about one simple security test back in January that involved putting a couple files on a USB flash drive to test how your computer reacts to the tricks employed by malware to install itself from a USB flash drive.

A much bigger issue though, is keeping software updated with the latest bug fixes.

While Microsoft has made it fairly painless to keep Windows and Internet Explorer updated, what about the Flash player plugin, which needs to be updated separately in IE and Firefox? And the Adobe Reader, which frequently needs updating? Not to mention many other popular programs such as iTunes, QuickTime, Firefox, Skype, Instant Messaging programs, Java, Real Player, an email client, a firewall, Opera, Chrome, WinAmp, alternative PDF viewers,  etc.

Popular software with known security vulnerabilities is an accident waiting to happen. As Microsoft has improved the way Windows self-updates, more bad guys are attacking other popular software, software that is more likely not have been kept up to date.

An excellent test of technical competance is provided by the Secunia Online Software Inspector

It's a Java applet and requires Java version 6. If you have an old version of Java, don't know what version of Java you have or can't get Java version 6 installed, then you fail at the starting gate. If the scan runs, but finds out of date, vulnerable, buggy software, you fail.

Fellow Comptuerworld blogger Douglas Schweitzer fails. The Security Sector blogger recent said "Like all Adobe users, I regularly get update reminders from Adobe but I have to admit that I often ignore the prompt and put it off till next time."

He's not alone. According to InternetNews.com, "security vendor Trusteer recently examined its own users and found that at least 80 percent were running unpatched versions of Flash and Adobe Acrobat." Secunia's stats show that 5 or 6 unpatched programs per computer are the norm. 

In my opinion, anyone who fails should Consider Linux for Secure Online Banking. A bootable copy of Linux, be it on a CD or USB flash drive, can provide a secure copy of Firefox, perfect for online banking.

Take that malware.

NOTE: Although you are much safer with a clean bill of health from the Secunia Online Software Inspector, it's not perfect. My biggest gripe has to do with software with known security vulnabilities that have not yet been patched by the vendor. I would like to see a warning about this, but there is none. Technically, what Secunia flags, is software that is missing an available patch. This is far different from having no known vulnerabilities.  

For extra credit, try its "thorough system inspection". If you are really ambitous, Secunia also offers downloadable software that scans for vulnerabilities in many more programs than the online applet.   

Updated August 14, 2009 with stats on vulnerable software. 

Copyright © 2009 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon