Compare & Contrast
Lockdown: A Primer on Securing Your PC
by Anthony Paonita
ANYONE looking? Are you sure? These aren't idle questions. You can't be too cocky about computer security. Just ask yourself what would happen if you a) lost everything on your hard drive because of a destructive virus, or b) someone looked at your confidential files and e-mails.
Over the past couple of years, newspapers and Web sites have told lurid stories of computer security terror and viruses that were going to end life as we know it.
Just ask San Francisco's Orrick, Herrington & Sutcliffe. Paralegal Said Farraj e-mailed opposing counsel in a high profile case, offering to sell his firm's 400-page trial plan for a $2 million fee. (Charges are pending).
Unfortunately, most breaches are duller and more common than most people think.
To explain: You're more likely to reveal your secrets inadvertently, in a boring, everyday way. People wander by your computer. They're often curious. Or maybe a colleague or family member has to type a note on your laptop, for some reason. Hmm, what's in that file called "client admissions of fact.doc?"
So the best form of security is to use simple common sense. And software and hardware, most of it easy to configure and use, can do what common sense can't.
Practice Safe Computing
Remember that file named "client admissions of fact.doc?" Uh, bad idea. While it's important to have file names that make sense to you, it's also important not to hand information over to your opponent or the merely curious. Name your client's heartfelt confession something else.
But some eavesdroppers aren't deterred by cryptic or misleading file names. In that case, encrypt your file. On the most basic level, you can password-protect it. If you're using Microsoft Word, for example, when you save your file, click the "options" tab and it will present you with a dialog box into which you can type a password. Corel's WordPerfect has a check mark in the save dialog box to add a password to a file. Just remember that password.
Is password protection foolproof? No--a sophisticated hacker might be able to crack the file open. But the casual eavesdropper will be deterred. Speaking of passwords, try to come with a system of passwords to use that differ from the ones you use on, for example, your ATM card or computer network log-on. You don't want to give away the keys to the kingdom. And you have to balance complexity (computer experts love alphanumeric passwords with letters in different cases) with remembering them easily.
Sometimes, though, a password isn't enough. In that case, you can encrypt your file. There's a wealth of free software that you can download, such as Pretty Good Privacy (widely known by its initials, PGP), and Secret Stuff from Symantec, a company that usually sells its software in shrink-wrapped boxes [see chart]. Mac users can use OS 9's built-in data encryption, which involves protecting the file with a password, too. Curiously, you can't lock down folders with it, only individual files.
You shouldn't limit encrypting files to what's on your hard drive. If you're halfway conscientious about back-ups (and you should be), make sure the files you've offloaded to a recordable CD are protected. Remember that last trial strategy memo you sent to your client? Do the same thing, remembering to give your client a password, or key, that differs from your usual one.
Covering Your Tracks
Here's the opposite of backing up--planned destruction. There are some things you just don't want to have around. Microsoft learned that lesson when the U.S. Department of Justice's lawyer in the antitrust case, David Boies, used interoffice e-mails to devastating effect during the trial.
Normal e-mail has a habit of hanging around long after it's read, either on a hard disk or a server. But products like Disappearing E-mail and SafeMessage make it go away, in different ways. SafeMessage (about $100) requires you to log onto a secure remote server, while Disappearing E-mail sends messages as HTML text and after a given expiration date, they simply vanish to the sender and recipient.
Speaking of vanishing, most data recovery experts see a blank hard drive in a PC that's obviously been used as an opportunity. Data doesn't really go away when you "delete" it; your computer's operating system is merely told to ignore it. Why do you think there's that undelete function anyway? It's better to make sure that unwanted files truly die.
Symantec's Norton Utilities 2000 and Norton Utilities 6.0 for the Mac will, upon your instruction, make the stuff go away by wiping that section of the disk clean.
A lot of privacy freaks are, years into the Web revolution, still obsessed with browser cookies. All I can add to the debate is, life is too short. If you have credit cards, a telephone and a mortgage, "they" already know a lot about you. What was it that Sun Microsystem's Scott McNealey said? "You have zero privacy anyway. Get over it."
But if you're still leery about anyone know where you've been (virtually) you can take a look at some of the "anonymous browsing" software on the market.
A friend of mine, an information technology officer at a large financial institution, got a broadband Internet connection for his home PC last year. Just for curiosity's sake, he decided to take a look at how many people, if any, were trying to hack his computer. We watched as a couple of times a minute, the detection software he had installed warned of a possible attack.
So keep your door shut if you have DSL or a cable modem. How? By using a "firewall," a device or piece of software that helps keep intruders out. Most people have heard about firewalls from their law firm or corporate I.T. departments. For them, the firewall is a hugely complicated device that keeps squadrons of programmers employed and costs hundreds of thousands of dollars (OK, so I'm exaggerating a little).
But for normal, non-geek people, installing a virtual, software firewall doesn't have to be so daunting--and you don't have to hire my friend. And some are either free or very cheap.
For Windows PCs, there's Network Ice's Blackice Defender 2.1, whose vigilance, according to some reviews, is spectacular. I love the names of the levels of sensitivity--Trusting, Cautious, Nervous, or Paranoid. Network Associates, makers of the well-known McAfee virus detection software, lets you guard your personal information with Internet Guard Dog. When any program wants to send personal info, the program asks you whether it's okay. Free for the download time, for personal and single-use business users is Zone Labs Inc. ZoneAlarm, which some of my correspondents swear by. For Mac users, there's the shrink-wrapped Norton Internet Security.
My I.T .friend goes a little further. He's installing a hardware router, a device that can act as a firewall to keep unwanted intruders out of his home PC. Variations of these devices are tailored to the small office or home user, such as SonicWall.
Peace of mind isn't free. But a little investment up front can save you from expensive mistakes and intrusions later on.
Anthony Paonita is a senior editor of The American Lawyer and contributing editor to LTN.