To Overseas Practitioners: Basic Computer Security Setup and Usage
July 1, 2003
Recently, some overseas Falun Dafa practitioners' personal computers were infected by computer viruses or invaded by hackers. Some email accounts were stolen by hackers and used as fake individual electronic mailboxes to transmit viruses. Several practitioners' computer electronic mails were read. Some hacker software was embedded into computers, providing convenience for the evil to interfere. These situations resulted in enormous losses to ourselves and to those practitioners whom we had contact with. Moreover, this kind of loss was often very difficult to measure and size up within a short period of time.
Overseas, since our living environment is safe and relaxed, many practitioners have not realized the dangers of using the Internet, have thought such dangers are few and far apart, or that it is unnecessary to worry too much about these things, based on our limited understanding of security issues. The reality is, however, the Internet does not have national boundaries, so hackers may be able to intrude on an unprotected computer system as conveniently as they would enter their own computer systems. If we do not pay attention to security issues, it is as good as assisting people who seek opportunities to persecute us. If other related important computer information is exposed, or damage is even caused to practitioners in Mainland China because our computers are hacked, such a loss simply is not what we should incur or could make up for by ourselves.
Certainly for Falun Dafa practitioners, the key to security issues is to build up and maintain righteous thoughts. But when facing security issues, what is not righteous thinking? It is carelessness toward the evil, not having unshakable righteous thoughts, neglecting, and even failing to understand basic security technology, or failing to properly do damage control, etc. Actually for the last four years, the root causes of all previous leakage of key information and security oversight have been caused by the xinxing problems of practitioners. Some problems even resulted in losses to practitioners in Mainland China. The lessons should cause each of us to be calmer and more rational: acting less blindly and self-assertively; using more wisdom and rationality. We should not have to experience every lesson over again, otherwise it defeats our purpose of using righteous thoughts to reduce losses.
As Falun Dafa practitioners who are validating the Fa in the human world, not facing security issues seriously is not just an issue of personal fear. Whether or not we can clearly realize and rationally take essential security measures is an issue of whether or not we can be responsible to other practitioners, responsible to the whole process of validating the Fa, and responsible to the Fa itself.
Here we suggest some minimum security measures, hoping those practitioners who are using computers to do Falun Dafa related work can make sure the following basic security measures are taken, in order to do well, by being responsible for ourselves and other practitioners, in spite of being very busy.
We use several sections to discuss computer setup and usage.
1. Computer Basic Security Setup:
1. New security loopholes are frequently being discovered in the Microsoft Windows System. Many of these are used by hackers to attack Microsoft Windows software. Therefore the latest Microsoft Windows patches must be promptly installed.
A. The manual installation: click on Start, then click on Windows Update, then download and install "Critical Updates and Service Packs," following the prompts. If this procedure has never been done before, tens of patches may have to be installed. Multiple rounds of installation and computer restarts may be necessary, until the number of remaining "Critical Updates and Service Packs" is zero (0). This step must be frequently carried out, at least once a month.
B. The Microsoft Corporation provides "Windows Critical Update Notification" to automatically search for the critical patches. Use the manual installation procedure to install Windows Critical Update Notification in the Control Panel first; later this component will automatically search for the patches to be installed, and will notify you as soon as such patches are discovered.
2. Installation of firewall software can effectively guard against malicious programs. Pay attention to firewall software on the market. Actually many of them, including those developed by famous companies or those bundled with other software such as anti-virus software, cannot achieve the effects as claimed. At present the most recommended firewall software is ZoneAlarm, which can be downloaded at http://www.zonelabs.com/. The free edition is good enough. The Pro edition can be purchased if conditions permit. After it is installed, ZoneAlarm will pop up a window display to request permission whenever a request is made to access the Internet or to enter this computer from outside. Generally, all requests of entering into your computer from outside should not be permitted, unless you know they are caused by your own operations and are needed. For requests of accessing the Internet from your own computer, only those prompted by your own operations should be permitted. When there are requests to access the Internet while you are not running any operations, then it is possible there are malicious programs running.
3. Anti-virus software is a necessary safeguard tool to access the Internet. Famous ones are Norton Anti-Virus, McAfee Virus Scan Online, etc. Because new viruses keep coming up on the Internet, make sure the anti-virus software used can automatically renew viral definition files, otherwise the function of anti-virus software will be underutilized.
4. For those practitioners who are using broadband Internet access at home, a router should be used, even if there is only one computer. A router has functions that firewall software can not provide. It can also allow multiple computers to access the Internet simutaneously. Do not directly connect the computer to a modem to access the Internet. Make sure to buy a router, not a hub or a switch, because a router is much more secure than a hub or a switch, and its speed is also much faster.
5. When overseas practitioners use computers to clarify the truth about Falun Dafa by sending emails to Mainland China, or when posting articles on the BBS, chatting, etc., make sure to realize these can cause your IP address to be the target for evil to attack. Therefore, in addition to employing all the above security measures on all computers, it is best to use separate computers for telling the truth about Falun Dafa and doing other related work. Especially for those practitioners who are doing Dafa work and involving information about other practitioners or sensitive information, different computers must be used separately. The lessons we have had in this aspect are severe enough.
Moreover, after a computer is hacked, hackers can also attempt to take this computer as a base to enter into other computers in the same family network or local area network (LAN). Therefore if conditions permit, two routers may be used. The first router is for the connection between the DSL/Cable Modem and other computers which need strict protection, plus the second router. The computers used to tell the truth about Falun Dafa are then connected to the second router. In this way, even if the truth-telling computers are hacked, it is still difficult to break the second router to attack other computers connected to the first router.
2. Handle Electronic Mail Securely
1. Choose good online email service providers. Electronic mail is the most widely used communication tool among us. The first step is to choose a good provider. Since Yahoo, Hotmail, Msn.com and AOL have close ties with the Chinese government, and are suspected of cooperating with Chinese web spies to monitor Falun Gong practitioners, let us not use these email service providers. Moreover, it is better to use ones with the SSL encryption function, if possible.
Furthermore, mailbox login keywords need to be 12 characters long, containing upper and lower case letters, symbols and numbers. This is not meant to frighten people; some practitioners' Internet Service Provider (ISP) companies have already told them that there are some IPs from mainland China trying to hack into their mailboxes.
2. Client side email software. Commonly used email software includes Netscape Messenger, Outlook Express, Eudora, etc. Netscape Messenger uses Netscape as a browser and is more secure, but its functions are limited. Relatively speaking, it is easier for Outlook Express to be attacked by viruses, etc., but it is more convenient to use. So specific needs should determine which one to use. For Outlook Express, the following setup is recommended:
- Under Tools-->Options-->Security, select "Restricted sites zone (More secure)"
- We discovered that web spies can forge a practitioner's name, but using another email address, send virus emails to other practitioners. Therefore, in order to avoid saving wrong mail addresses in our address book, please do not select "Automatically put people I reply to in my Address Book" under Tools-->Options-->Send. Always use addresses in the address book to send emails, including email replying.
3. When forwarding an email, please note to delete unnecessary information that the receipients do not need, in order to protect other people. This includes irrelevant email addresses, telephone numbers, etc. Some practitioners use their own telephone numbers as part of their email "signatures." Although this somewhat convenient, it will also create security loopholes. Especially for those practitioners who are working on projects, please pay enough attention to it.
4. Sending emails to Mainland China. Currently almost all of the electronic mailbox services on the market do not hide the IP address. In other words, every email you send out contains your own IP information. If a receiver is a web spy, your IP will become a target for attack. If you can change your IP, please change it after sending an email to an unknown person.
If any practitioner has any better suggestions, please provide them or make corrections, in order to insure that our computers work better for Falun Dafa.