If the Government’s PCs aren’t safe, what chance do you have?

By | March 1, 2012
This content is 9 years old. Please, read this page keeping its age in mind. Thank you.
In the Computers newsletter this time:
  • If the Government’s PCs aren’t safe, what chance do you have?
  • TalkTalk decide which of your emails you’ll never get to read
  • Digital Photography videos – ready by end of March, I promise…
Hello 

Computer security is big news – and it’s not just people like you and me who need to worry about it. Big companies, small businesses and even the government are concerned. Which makes you think – if they’re concerned, what chance do I have to keep my PC safe?

If the Government’s PCs aren’t safe, what chance do you have?
Not long ago there was a piece on Radio 4 about how some high tech businesses along with the help of the government have set up a “dirty lab” to try to fight against hackers getting into government and business computer systems. And a few people have asked me “Tim, if even the government’s computers aren’t safe, what chance do I have?”

It’s a reasonable worry to have – after all, businesses and governments have more money to spend on making sure their computers are secure. But you have one or two things going for you, too.

Most hacking depends on carelessness – out of date anti-virus programs or people clicking on a link in a dodgy (fake) email. Businesses and government departments have rules to stop people being careless – but there are so many people working there that there’s often someone not following the rules. They might write their password down on a bit of paper – or use the same password for something highly secure and for something that isn’t secure.

What’s more, a lot of hacking aimed at government departments isn’t aimed at getting into the system. It’s aimed at crashing the system, which is much easier to do. If a system is well protected, then getting in is hard. But you can set up a batch of computers to try to download everything the website has, all at once. That can overload the website, with the result that the website stops working. It’s called a “Denial of Service Attack” and a lot of hackers use them just to cause havoc. They could do the same to you, but it wouldn’t be a big problem if you had to turn your PC off for a minute, then turn it on again. For a big system of lots of servers with a big website on it, that can be quite an undertaking – and while it’s going on, the website isn’t working.

The sheer busyness of big organisations helps the hackers, too. If you want to crack a code so you can get into a system, it helps if you have as much data as possible – as much of the information going back and forth, even if it’s in code. Then you can start to look for patterns. A home PC just doesn’t leave as much information to be hacked – and only a small amount of it is in code (eg passwords). A government system has a lot more information going back and forth and a lot more of it might be in code. The Tax website is a good example – lots of information and lots of it is automatically encoded.

One thing that makes a big difference is whether the system is set up to allow people elsewhere to access it. In general, your home PC isn’t – to use it, you have to be sat at it. And that makes it much harder to hack. But lots of business or government systems are set up so people can use them from elsewhere, either because people work from home or simply so you can access them to put your information in (for example the tax website). So unless you set something up to allow “remote access”, it’s very hard for someone to control your PC from elsewhere. You can get remote access programs, generally designed so someone can help you with any technical problems without visiting, but I’m not too keen specifically because they can lead to a way in for a hacker. In theory they’re safe but it’s one more way in, particularly if you forget to turn it off properly or anything like that.

There’s one last big difference – how much the hackers want to get in. A lot of them are driven as much by warped pride as by desire for gain. And hacking into a government website or the system of a big company is a bigger achievement (and financially more lucrative) than hacking into your home PC. There are hackers just hacking into home PCs, but many of the most talented are spending their time targeting big systems instead.

In a nutshell, although companies and government departments have fancy systems, they have some big disadvantages too. In general, as long as you have a firewall turned on (Windows 7 and Vista come with one already set up) and have some security software (eg Microsoft Security Essentials, Norton, MacAfee or AVG), and don’t click on links in emails from dodgy sources, then you’re well protected and hackers will go after the easy pickings – people who haven’t taken the precautions you have.

TalkTalk/Tiscali decide which of your emails you’ll never get to read
How do you define “temporarily”? I’d wager it’s differently from how TalkTalk define it.

Nearly all email accounts have a spam filter set up automatically. It looks for emails it thinks are spam and filters them off – usually putting them into a folder marked “spam” or “junk” which you can double check later. It’s worth checking as all spam filters delete something that wasn’t actually spam from time to time. (Which is why we delete our spam by hand at The Helpful Book Company – so customers’ emails never get deleted by the computer thinking it was spam)

Most email companies have them set up in the webmail system – so you have to go to, for example, www.talktalk.co.uk and log into your email there to see the spam folder.

Unless you actually use TalkTalk or Tiscali. They have a message saying:

We are improving our spam protection system. While we are making these updates, your spam folder will be inactive. This is only temporary and you will be able to manage your spam email again after we have completed the changes. Rest assured that you are still protected by our spam filters in the meantime.

In other words, you can’t access your spam folder. They just delete anything they think is spam – and that’s it. You never get to check whether it was actually an email you wanted.

“Fair enough,” you might think “they say it’s only temporary, while they improve the system”. Except they’ve been saying this for at least a year. So not very temporary.

It’s a big enough problem that the Revenues and Customs are warning people that they won’t get their email “receipt” for tax returns if they have a TalkTalk or Tiscali email.

Unfortunately, there’s not much help I can give you. They might be deleting your emails without telling you but there’s nothing you can do to stop them (short of switching to another company). But it’s worth knowing because if you’re waiting for an important email and it doesn’t arrive, it might have been deleted so you might want to contact the sender and get them to send it again.

Digital Photography Videos
Last time I briefly mentioned I’ve been working on some new videos about digital photos – they’ll cover things like how to use your digital camera to get the most out of it and how to edit, print and share your photos once you’ve got them onto the computer. I’ve also found a good free program for editing digital photos that doesn’t need you to ring up and register or anything like that. It’s the one I’m using myself now.

I’ve had one or two setbacks (like the display on the computer I’m using stopping working and showing everything green!) but it’s going along well now – and I’ve got a particular reason to be determined to have them available to order by the end of March. I’ll explain why next time, but it’s a very good reason!

Yours
Tim Wakeling
PS Feel free to forward this email on to a friend who might find it helpful.  If you’ve had it from a friend, you can sign up so you don’t miss any here.  It’s free, we’ll never pass on your email address and you can cancel any time you like.

Leave a Reply

The name you enter will be displayed. We collect your email address but do not display it. Full privacy policy here. Required fields are marked *