I often
hear people say "I only want a Home Computer", as though that does
not mean it needs to be powerful! The truth is the very opposite, a business
workstation has a limited amount of software and is generally controlled so
that staff are not allowed to install additional software, which goes to making
a business computer quite a bit easier to control and monitor.
The home computer is going to need all the resources possible as it will be
used in a wide variety of ways that are not expected of the business
workstation. For example, we consider the storage of photographs and
manipulation of them a trifling affair. We want to watch DVDs, play music and
arrange playlists to our own preferences. We want to watch Television, use them
as Skype phones. We want to be able to design cards, possibly our children will
want to download music from unknown sources. Naturally we want to browse the Internet and do E-Mails. Certainly we are not going to accept a computer with security
policy restrictions that prevent us from installing new software! As a result
home computers are complex animals requiring far more resources than the
business workstation. We also expect this computer to simply work without
maintenance or attention of any kind.
Alas this can never be! Our expectations are far too high, we think that
anti-virus software can keep us secure. We fail to recognise that the
developers of these systems are only reacting to things that have been done,
yes they may protect against already known threats and their heuristics
algorithms might even catch new variants of older threats but they cannot
guarantee safety against all new threats as has been shown over the last
several years. Why? The answer really lies in Microsoft making their system
"user friendly". If we were all very computer literate (a much
overused word I will talk about later) and configured our computers with the
restrictive policies adopted by larger businesses the risks would be far lower.
At risk
of upsetting the security companies, I will give some general advice.
Security in today's world starts with a sound router, it is no good using a
modem to connect to the Internet. By a sound router I mean one that has a
proper firewall built in, and not simply relying on NAT which is only the first stage of a firewall, it must have a "Deny All" statement which means it will deny access to the internal network of all traffic that was not requested by one of the computers on the internal network. Examples of the major brand names that have this facility built in are Netgear, Dlink, Linksys, Edimax, Vigor and Belkin (you still need to be careful as some models may only have a NAT firewall). Examples that do not have this functionality are BT Home Highway Hub and several others supplied "free" by service providers.
All wireless routers are a risk unless well configured. By well configured I mean that they are set up for access control. Access control means that someone has to manually log on to the router to instruct it to allow access to a new device ... it is not controlled by passwords. This is the only secure wireless network (even though windows will tell you you are connecting to an unsecure network), all password and passphrase systems are hackable, the complexity only expands the length of time needed by the hacker. OK, being hacked through your wireless router is not likely but still possible, passphrases for wireless devices should be at least 15 characters long. The old wisdom of passwords being at least 8 characters long belongs to the past, when computers were not as powerful as today. That idea came from the DOS era, however the more powerful computers of today and cleverer hacking software mean that an 8 character password, regardless of combining capitals and numbers is soon cracked.
If you want wireless access in the home my own belief is that it is better to have a wired firewall router and a wireless router running off that router. Any PCs that carry sensitive data should be connected to the wired router and operate in a different network subnet, not accesible to other computers on your network. The networking of printers and other shared resources is unfortunately a lot more complex, when you adopt this strategy. Generally this secondary router should be placed in the first routers DMZ (De-Militarised Zone) and naturally any xbox or playstation should be placed in the second router's DMZ. For this sort of network you probably need a proper network engineer to configure it. Subnetting is not part of simple networking.
I have outlined how you create a reasonably secure infrastructure that is comparable with the strategies used by business. Having created the infrastructure one can now consider security software on the PCs. The PCs that are always only going to connect to the internal network should only need good anti-virus/anti-spyware or anti-malware software. Laptops that are going to be mobile and connect through other networks need full security suites. A word of caution however, none of this software is going to protect you against yourself.
Configure your browser not to accept third party cookies and disable any popup blockers unless they give you the option to look at the popup, and always check what pop-ups are being blocked . Pop-Ups that are unrelated to the website we are visiting are usually an indication of malware of some sort on the computer (assuming you have disabled 3rd party cookies). They are a warning that you need to be looking at the computer. Pop-Ups from the Internet that invite free security scans etc are always invalid and should be ignored, if they cant be moved to the background by clicking on the web page you were visiting, reboot your computer, don't I repeat don't click on any part of them, even the X to close.
Avoid installing toolbars into your browser ... they might have a few useful functions however in reality they are simply collecting information from your computer about your browsing habits.
Try not to use Internet Explorer and adopt something like Firefox or Opera as
your default browser. These have the advantage that they are not totally integrated into the system, rather sitting on top as separate systems and are therefore less vulnerable, they can also easily be uninstalled and re-installed when something goes wrong, which is not the case with Internet Explorer. If you ask why I excluded Google Chrome or Apple's Safari in my recommended browsers, it is simply because they are driven by commercial interests which could be at odds with your own interests.
A lot of
people fail to understand E-Mail. Fundamentally there are three systems in use.
POP, IMAP and HTTP. POP stands for post office protocol and is the system
offered by most service providers. In this system mail for you is sent to a
server (normally your ISP) where it is stored until your computer logs in and
collects the mail. Once your computer has collected the mail it only exists on
your computer. HTTP is the protocol that is used for browsing the internet and
in this case the the service provider keeps the E-Mails on his server and you
are logging in to that server to read the mails. They remain on that server
until you delete the mails. Examples of HTTP mail accounts are of course
hotmail, yahoo and gmail. The advantage of this system is that if your computer
hard disk crashes you don't lose your E-Mails, as they are stored on the
server. Finally there are IMAP accounts which amount to a combination of POP
and HTTP, your mails are being stored on both a server and your own computer.
E-Mail Clients are the programs we use to access our E-mail. The more
common ones are Outlook and Outlook Express from Microsoft while others include
Thunderbird from Mozilla.
Outlook Express has been dropped by Microsoft since the launch of Vista and its
replacement Winmail which was not very successful in Vista is no longer
provided in Windows 7 by default.
If I look at the two, Outlook and Outlook Express, Outlook Express is
technically better than Outlook. Outlook is only good when directly behind an
Exchange Server (Microsoft's mail server system) and its main advantage in
this scenario relates to being able to share calendars and other features. This
advantage disappears in the home environment. Thunderbird is my choice, mainly
because it is better at IMAP than either of the Microsoft products, however, Thunderbird is not much good when sitting behind an exchange server.
The main drawback of Outlook is that it stores all mails in a single file, each
new mail simply being tagged on behind the last mail. No matter how many subdirectories you make it is still one database file (or mbox file) Outlook Express and
Thunderbird have the advantage that each new subdirectory you create is a
separate file, meaning that the mbox files are smaller and less likely to crashe your email system, provided you regularly compact your E-Nail files.
Part of the problem with E-Mail is that when it was invented no one anticipated
that it would become as large as it is to-day, even less did they think that
the E-Mail client would become the main (almost only) filing system adopted by
computer users, making the corruption of the rather cumbersome file a near
critical disaster for many people. None of them were created with simple backup
mechanics, and the files are stored in hidden folders, making backup much more
difficult to the non-technically aware.
I will examine Email and the various systems a little deeper later.
Originally dubbed the "Information Highway", I prefer calling it the "Information Jungle"! It is a little like a library I used to believe that when I found something in a book that was a fact, as I grew older I learnt that 99% of what is written in books are only opinions and one has to weigh them up carefully before accepting. Much of what we call science today is also only an opinion (with a higher probability of being true) and we should also weigh up carefully and reach our own conclusions. This is equally true of the "Information Jungle"
As long as we are aware that the Internet is a jungle, we have a reasonable chance of remaining safe, because we will take due care. In the same way, just as we would not allow our young childern to wander off into the jungle on their own or go playing with people unknown, we should always allow them access to the internet under supervision, until they have developed the maturity and ability to remain safe. There is nothing like a good dose of sceptism to keep us safe. There is no software that will do this for us, it is our duty to bring up our children to be "street wise" in all things and not to abrogate our responsibility to others. I am not saying that children's natural curiosity should be curbed, simply that we should be aware of what they are doing on the Internet.
I will also discuss the Internet in a bit more depth later and give guide lines for keeping safe.
There
are several components to a PC, however we don't need to know much about them.
Computers have traditionally been sold on a basis of "speed", this is largely
misguided as they should be sold on a basis of their power. If I use a Motor Car as an analogy, we could build one with only a top gear that can really go faster than anything else, but alas we would only be able to start on a downhill and would grind to a halt the first time we came to a hill where our speed or momentum is unable to take us to the top. In order to get to grips with some of the terminology I will outline the main components and their
functions.
Main Board(also known as motherboard)
This is probably the most vital component of the computer, yet you will seldom see any details details in the marketing pitches. All the other components making up the computer are plugged in to this main board in one way or another. The key components of the motherboard apart from the circuitry providing connectivity
between the various components are two chipset chips known as the north and south bridges. These chips control the interface with the graphics card and the
hard disks. They define the speeds (or more accurately thre frequencies) at which the computer is going to communicate with the components. A fast processor is only going to be as fast as the main board will allow. A fast processor on a lousy mainboard is always going to be lousy.
CPU (Central Processing Unit)
This is the Ghz you hear about when you buy the computer more important than the Ghz are the type of processor and how many cores it has. If the frequency is anything above 2.5 Ghz and there is more than one core we can recognise this as a powerful computer. The extra cores do not increase the speed but contribute to the computer not slowing down too much, when multiple applications are running.
RAM (Random access memory)
These are the megabytes referred to by the sales literature. While in todays environment we generally need at least 2048 Meg if we are using Windows 7 and about half that if we use XP or Linux. Generally all computers respond to having extra RAM, however there are limitations 32 bit operating systems are generally less stable when one exceeds 3 Gigs or (3072 Meg).
As important as the amount of Ram is the speed or frequency at which it operates. The rate at which this is able to communicate with the processor is defined by the main board.
Ram is only available to the computer while it is switched on, anything stored in Ram is lost on the computer switching off.
Hard Disks (Hdd)
These make up the permanent storage of the computer. They are the Gigabytes in the marketing language, and shortly we will probably be talking about Terrabytes! Data stored on them is not lost when the computer is switched off. To give you some concept of what the capacities mean, all the text that makes up the King James version of the Holy Bible makes up slightly less than 500 Megabytes or half a Gigabyte.
Various types of Disks have different speeds at which data can be read or written to the disk as well as different speeds at which the hard disk heads will locate a particular bit of data on the disk. This is further complicated by the disks having differing amounts of cache (another word for memory) of their own.
No doubt all this has confused you even more, I have only been trying to illustrate that you cannot choose a computer by Ghz, Megabytes and Gigabytes. I can build two with equal "specs" in that regard but the one will always outperform the other.
Until recently it seemed that there was only one choice Microsoft and Windows. After their Vista debacle the time has come to assess the options a little more carefully. 1. There are a vast number of people using Windows, which makes it a lot easier to get help when you have problems.
Fundamentally there are 3 options open to us:
Microsoft Windows
Apple Macintosh
Linux Based Machines
Windows
While a Windows machine is the most commonly used, it is not neccesarily the best choice for all.
The Windows system has at its core the NT File System (NTFS) designed in the early 1990's for Microsoft's NT Servers it has been little updated in the 16 or so years of its life. Fundamental problems like, the lack of proper journalling, limited range of file permissions and a strong tendency to creation of fragmented files leaves it more vulnerable to file corruption, placing a great need for maintenance on the user.
The registry based configuration of programs and operating environment is continually changing, with updates to programs and the operating environments and no simple tools to keep it clean. Making maintaining a Windows machine beyond the capability of 99% of users. Yet, the overall efficiency and performance of the machine is very dependent on registry being kept clean and compact. Because of the very nature of this ever expanding database it is particularly vulnerable to file fragmentation and corruption often rendering the machine unuseable.
The vulnerabilty of the Windows System to Viruses and Mal-Ware is also a cause for concern. Particularly as these are more and more targeted toward raiding people's bank accounts and credit card information. While, Microsoft claim that their system is targeted because of their market place dominance, the truth is that their system is particularly vulnerable as it allows direct installing without the need for user intervention. Many of these bits of malware could run on a Mac or Linux System but remain harmless in those environments as the user needs to give concious permission for them to run.
These various factors when combined leave a Windows machine, that is not being maintained by a good technician, in need of being re-installed every couple of years. The progressive slowing down of the machine results in growing frustration and ultimately the machines being discarded after about four years.
The cynic in me says that the failure of Microsoft to address these issues is simply part of their business plan bringing forward the date on which they will earn a new license fee out of you. Most of their software and licenses expire with the death of a machine and you are "legally" required to buy new software for any new machine.
All this said, Microsoft must be the dominant choice for most people because:
2. Microsoft preferential Licensing system for schools means that our children are being taught on Windows machines and need them for their homework.
3. Machines running Windows are relatively inexpensive, and one is given a lot of freedom of choice in the software you can use, most 3rd party software is developed specifically for the Windows platform.
I will discuss the frailties of Windows in a later section, together with possible remedies or methods of removing some of the frustrations.
Apple Mac Until a few years back I would only recommend using a Mac if you were going to be dealing with a lot of Graphical manipulation. Certainly there was no doubt that Macs were far better than PCs in this specialised niche. I now believe that a Mac is a very viable alternative to Windows for all people, who can afford the cost differential.
In outline a Mac uses a true Unix kernel as its core operating system. In this way a Mac is a lot nearer to the heart or foundation of "modern" computing. Because of the unix kernel and more robust file system a Mac is virtually invulnerable to all the malware that floats around the Internet today. While it is possible for a user to infect his profile with malware this cannot spread throughout the computer without user intervention to drag the malware into the programs area of the computer. This is an over simplification, but fairly represents a difference in the underlying priciple, it requires user intervention to make a file truly executable, so the virus or malware would need to persuade you to put it in a place where it can run.
Another reason that helps make a Mac a good choice is that it gives you far less choice about how things are done. It's software options cater for virtually any computing need you may have, but you don't have the same freedom of choice. Strange that I say limited options are a good idea, however as most of us are not technical this makes using the computer far more straight forward.
In general terms where I said the average life of a Windows based PC is between four and five years mainly as a result of the frustrations created by the computer becoming slower as it ages, I think it realistic to talk of a Mac having a lifespan of between 8 and 10 years or roughly speaking until hardware failures start raising their head.
The disadvantages of using a Mac lie mainly in the fact that there are not so many people around who can help you when you have problems. You might also find that hardware problems cannot be handled by the average PC shop. This will no doubt change as we move into the future, as there are clear indications that the Mac market share is growing, which will bring about a greater need to ensure that servicing of machines is more readily available.
On balance a Mac, although requiring a higher capital outlay is likely to prove equal in cost (to a Windows based PC) over its life-time. It is capable of doing everything that can be done on a Windows machine and in its speciality areas far better. The limited choice of alternative programs to do the same thing actually makes it easier to come to grips with and therefore more intuitive. Software has a consistent graphical interface making it easier to learn to use other programs.
Therefore, if you are not born and bred on a Windows platform, dont have children who need to be able to do things in the particular way they are taught at school, and can afford the initial price differential, a Mac is the better choice for most.
Linux based machines Linux is the generic name for systems that embrace the kernel developed by Linus Torvalds in about 1991 as his MSc thesis. This was released under the GNU General Public License and the source code is freely available. As such Linux is not owned by anyone but is freely available to everyone. There are several companies that have made use of this ever evolving kernel (1000's of developers around the world are continually contributing to this evolution) as the basis of offering their own particular flavours and selections of software. The primary ones being Red Hat, SuSe (owned by Novell) and Ubuntu (from Cannonical) Each different distribution has slightly differing ways of configuring and installing things but all use the same kernel a true unix kernel.
To a large degree Linux has been the preserve of technical people, as without any one company promoting it, you were often left to your own devices to get things installed. That all changed with the Microsoft release of Vista which was an atempt to address some of the security issues in Windows. Vista was fairly disatrous and lots of people have ended up experimenting with Linux.
Big names that are solid Linux companies today include Google, IBM, Novell, Cisco and many many more. In that regard the age of Linux has arrived. Linux has become a true collaboration of literally millions of people from all around the world, the system in any of its many flavours is a viable alternative to Microsoft with the clear advantage that it is not as resource intensive as Windows, so PCs that couldn't cope with Windows any longer are fully viable with Linux.
As with a Mac you are virtually invulnerable to malware from the Internet as it takes even more than dragging and dropping to make something executable, horror of horrors you need to go onto the command line to change permissions on files! This does not leave you totally invulnerable as like any other system you could be hacked into, with relatively small precautions this is unlikely.
So for anyone with a spirit of adventure Linux is a fair alternative, it is fun to play with and if you have a technical bent you are even allowed to play under the bonnet and develop your own improvements!
For a more detailed discussion click on the links below: