Tips for a short talk on computer security

Hi
a police officer has asked me to give a short presentation to a local community about computer and internet security, as part of a drive to raise awareness among the public. Other speakers will be giving talks about home security and physical security, etc., so I won't have much more than about 25 minutes or half an hour. I think my biggest problem will be squeezing so much into such a short space of time.
If you had to do something similar, which issues would you prioritise, and what methods would you use? A whiteboard? Powerpoint on a projector? I expect the audience to have not much more than a superficial knowledge of computer security. I expect to raise awareness about viruses, spyware, firewalls, and privacy, among other things. I would appreciate insights and tips about how best to approach this. I am not entirely devoid of ideas, but I'd like to hear your views and advice.
Thank you.

 

I would stress the importance of keeping the OS and other programs such as browsers, Java, Flash, media players etc. updated. Secunia Software Inspector can help with this task. It's also important to have an inbound firewall (hardware or software) to prevent attacks from bots. Most don't realize that when our machines are connected to the internet, they are constantly bombarded with inbound attempts looking for vulnerabilities.

You could mention that keeping their security software definitions updated is important. New malware is created all the time and without the proper definitions, it could slip by their protection. If they can't renew a paid subscription, tell them there are a few free solutions. Also caution them to be careful about fake, rogue software.

A cleaning program like ccleaner is also a good idea. If they make any financial transactions online, it's a good idea to clean the browser cache, cookies etc. before and after the transaction. Also give examples of good and bad passwords.

Downloads also can be dangerous. Only download recommended "safe" programs from known "safe" places. It's also a good idea to scan them with on-demand scanners or upload them to a service such as Virus Total or Jotti.

Good luck!

Edit: A handout with URLs of malware cleaning forums, good software and security forums, Secunia Software Inspector, free AV and anti-malwares softwares, safe download sites, etc. might help.

 

It is also important to remind them what happens if they were to let their computer become compromised.

Loss of privacy, their credit rating, theft, and most importantly,

USE OF THEIR COMPUTER TO STEAL FROM OTHERS!

 

I would make everything as simple as possible and include something on limited v admin accounts, using gpedit and software restriction policy, outline the best practices on-line mentioning securing browsers and using a router and backing up.

 

Hello,
I would not go too much into software details.
I would try to explain that computers are not toys.
I would stress the importance of browser - use Firefox.
I would show them something nice, like Compiz on a Linux! You can use Sabayon or Dreamlinux for that, no need to install.
A few tips on backup and such.
Mrk

 

Very briefly, just a few pointers:

I don't think such a technical approach is a good idea for the average user.
If it's not simple and easy, it won't work. I'm assuming they use Windows XP, if it's Vista they'll have to deal with nasty popups and many will want to disable whatever does that (I have never used Vista).

While it is a very imperfect solution, advising them to use a good firewall, a good antivirus, and one good real-time antispyware application is a start.
Firefox is not as safe as many think, it has a large market share unlike a few years ago, and quite recently some Firefox vulnerabilities were instantly publicized on Secunia ! Open source has its disadvantages.
Internet explorer 7 can be relatively safe if one uses higher security settings for all zones (allow direct cookies, block indirect cookies, don't allow session cookies) and you have security software that monitors changes/attempted changes of IE 7.

A URL scanner like mywot or Finjan's thing adds to security.

Customize security software and your browser !

If they use a wireless or other networked connection, make sure they configure it safely, which can be tricky.

Uninstall software like the old insecure Shockwave player that comes with Windows XP service pack 2, and make sure they keep their software updated.

Advise them that clicking on certain things on the screen can be very bad, and that not everything is what it looks like. Give some examples, like redirects to other websites, rogue antispyware/rogue antivirus programs, ransomware, dangerous video codecs etc. Don't have them install an ActiveX if they are not sure if it's safe and necessary.

Make them aware that they should only download from safe websites (especially if it's software). But even 'safe sites' can contain malware.

If they do security sensitive things like e-banking, they should reboot before doing that, and log out after that (and reboot again?).

Just a few suggestions.

With a setup like this I've encountered only one low risk adware program and some cookies on my computer over the past two years.

I'm not sure if removing the browser history is such a good idea, it's inconvenient and isn't relevant information stored in the index.dat files or cache ?

Most people won't have the stomach for Linux, or a demanding HIPS.

And of course there is the issue of backing up data and using imaging software/hardware.

 

Fly, I would think the most important thing is to 'make everything as simple as possible.'

Mmm, I really don't think I was being too technical. If the target audience has only a superficial knowledge of computer security, then informing them that you can go a little further than using an account where you can do anything and an antivirus to chosing to be a limited user and reducing the exposure would be beneficial to them, something like SRP natually follows and I think could just be mentioned.

I was thinking along the lines of the benefits of using antimalware, firewall, router following with reducing the exposure to threats.

 

Keep it simple:
Talk a bit about the different malware types, and how they harm the average user. Try to destroy the "what do I care, I don't do anything important on my computer" belief.

After that talk about prevention: patched OS, alternative browser, updated AV.

Anything more advanced than that will be to much trouble and will be boring for them.

One more thing, I would remark the risks of rogue AV's or AS's.

 

introduce them to returnil and saving important things to external drives

 

Good idea! Thanks!

 

Your welcome