Experts: Nothing Is 100 Percent Secure

With good resources, anyone can monitor your computer activities, experts say.

Aug. 8, 2007 — -- You can install all the computer virus protection software you want, but if someone is determined to find out who you're e-mailing, technically they can, security experts say.

And that may be particularly true if that someone -- or something -- is the federal government.

"There's a lot you can do to make it hard," said Charles Miller, the principal security analyst at Independent Security Evaluators, a Maryland-based firm that successfully took over the iPhone a few weeks ago, prompting Apple to release a security patch last week. "If they have the resources of the federal government, they're going to be able to see [what you do] no matter what you do."

On Monday, President Bush signed into law an expansion of the Foreign Intelligence Surveillance Act, or FISA, which gives the government expanded rights to intercept phone calls and e-mails without warrants as long as the information being intercepted relates to foreign terror intelligence. Democrats and some civil liberties groups have said that the law goes too far.

"You cannot keep things absolutely safe," Pradeep Khosla, dean of Carnegie Mellon's college of engineering, told "The lesson to be learned here is everything can be hacked into -- it's just a matter of time."

To help consumers, Khosla and Carnegie Mellon have developed The site advises average users who may not necessarily be the focus of a government investigation how to deal with cybersecurity issues.

Khosla's best advice for people worried about security issues is this: "Be aware."

According to Miller, there are various technical roadblocks that someone can throw up for would-be hackers.

"If you're smart and you're paying attention to what you're doing you can probably be safe from [hacking]," he said.

Expert: Encryption Is a Key

There are a few ways your computer activity can be monitored. One, someone could monitor all the traffic leaving your house, such as e-mails and instant messages. The best way to combat this is with encryption, Miller said.

Encryption works when two people communicating have special keys, or passwords. Encrypted e-mail is "scrambled," and the only way for recipients to read it is if they have the "matching" key.

"Encrypt your e-mail. Encrypt your hard drive. Encrypt your instant messages," Miller said.

Encryption is available on e-mail and many instant messaging systems, including AOL Instant Messenger.

Another way your activity can be monitored is if someone tries to break into your computer remotely via some type of spyware.

"Always make sure your systems are up to date. Don't do something stupid like double click on your attachments," Miller said.

"Your computer's probably going to be pretty safe," he said. "It's the thing that the user does that's probably going to be pretty unsafe. … It's going to be pretty difficult to do anything unless you really help them."

Even links aren't harmless. Miller's security firm demonstrated this when it remotely took control of an iPhone using a Web site that it controlled.

A Complicated Password

Miller also suggests making your passwords complicated. It should have "at least 10 letters and numbers uppercase lowercase, doesn't have an English word in it," he said.

If someone physically obtains your hardware, having a complex password makes it more difficult to use what security experts call "brute force" to get it.

Nothing makes you 100 percent safe, Miller said. Encryption keys can be compromised, "key sniffers" can be surreptitiously installed on your computer, and don't even think about using your work computer to check your personal e-mail.

"They own the computer you're sitting at," Miller said. "They're probably going to be in even better shape to [look at your personal e-mail]."

Simpler Is Better

Chris Swenson, director of software industry analysis at NPD, however, believes that simpler steps to protecting your computer and yourself may be better than all-out e-mail encryption.

"The leading security software does a very effective job of protecting your computer against [spyware]," he said.

Updated software, a secure wireless connection and backed up files will be enough for most users, Swenson said.

But for Miller, even that isn't enough. The bottom line? Make it as secure as you can and hope for the best, Miller said.

"Raise the bar high enough and hope they move on to the next guy," he said. "That's true for computer security in general."