This article will provide you with some useful techniques & recommendations to keep your on-line experience safe. There is also an article dedicated to email security
How does my computer get bugs, viruses & spyware?
- Downloading files, using file sharing programs like LimeWire, Kaazaa, torrents, emule etc.
- From Email attachments.
- From responding to phishing emails.
- From giving little Jimmy physical access to my computer.
- From internet sites.
- From me using weak, easy to guess passwords.
- Installing malicious active-x applications over the internet.
- Free programs, Screen saver, Weather watches, add on search bars etc.
- USB keys, (thumb drives) removable disks. etc..
What is a virus?
A malicious program that is attached to another file. A virus can only be spread by moving or transferring the infected file. It causes various degrees of malicious damage to your computer from deleting important system files or personal files to restarting your computer and much more.
What is a worm?
A malicious program that reproduces itself, unlike a virus, a worm has the ability to arrange it's own travel, often spreading over email, which is why this type of malware spreads so fast.
One of the most infamous worms was the, incorrectly named "I Love You" virus. They are usually downloaded as an email attachments, but can come from any source.
What is a Trojan?
Often disguised as a legitimate program, often under the "free" banner or attached to genuine software that has been repackaged by the hacker, to install itself at the same time the genuine software is being installed. It usually runs silently in the background without your knowledge. Often picked up from software seeded on file sharing sites. A Trojan can be overtly malicious, but most prefer to remain hidden, siphoning personal data from your computer to another party.
Trojans are also used by Hackers to create an open door to your computer which allow other malicious software to run i.e. a key loggers, redirectors etc. Some Hackers use this technique to break into other systems from your computer so as to remain anonymous themselves as the originator of the attack, these types of attacks can also be used to gather your internet banking details by monitoring for SSL connections then, using a keylogger, record your typing sequence, then communicating it to the thief.
What is spyware and adware?
The most annoying and common type of malware today, picked up very easily from various sources, often under the "free", "add-on" or "Search bar" banner. These applications are information gathers or Data miners, which gather information about You, your computer and Your habits, apart from violating your privacy, Spyware use valuable system resources maintaining themselves, leading to system instability and poor performance from your computer and an increased internet bill, which you pay for!
Many big name software vendors are allowing marketing companies to attach small applications to their own legitimate applications all in the name of profit. They don't call the application spyware, but it is, and they get a few cents from every application installed, this revenue adds up, when tens of thousands of people install it.
Adware often modifies your search results to stack them toward companies they are pushing; they also create pop-up pages trying to sell you things. Adware is often picked up from internet browsing or installing of software similar to Trojan infection methods.
What is a Hacker? -> Cracker
I use the word "Hacker" here because thats the term most people identify with, as someone who gains access to a computer for malicous purposes. The correct word for this type of person is actually a "Cracker". Often After access has been gained almost anything can be taken or loaded onto your computer. Crackers often use security holes or poor security implementations within your operating system i.e. Ms Windows to gain access. Crackers often use Trojans to initially gain access. Intrusion detection applications are often the only way to detect this type of attack if it is well mounted.
Can a single program protect my computer from all attacks?
No!
What can I do, to minimize the risk?
- Keep your anti-virus, anti-spyware and firewall software UP-TO-DATE.
- Keep your operating system up-to-date, get the latest patches & service packs.
- Never allow ActiveX installations unless you are 100% sure its valid.
- When installing, don't just click next. READ! & un-tick the, install search add-on box.
- Avoid installing any add-on "helper" programs, or freebies.
- Don't use Internet explorer 6 or previous versions. Internet Explorer 7 is OK
- Password protect all user accounts, use 'strong' passwords, i.e rQKq32dU.
- Don't use passwords based on family, pet or nicknames, birthdates.(Hackers start here.)
- Disable guest accounts.
- Avoid file sharing applications, P.S the kids won't like this!
- Don't use the same password for everything. Hackers try to break the weakest point of entry first, i.e. Hotmail then they try that password for more secure sites. Even if you don't use the same password, they get a good idea of HOW you think about passwords, i.e. persons name, a date, funny name, all this helps the Hacker.
How can I improve my wireless security?
- Enable WPA encryption and make sure its on.
- Configure MAC filtering on your router, its not hard.
- Turn off SSID broadcasts on your router, you can still connect, its just that other computers cannot see your network, through normal methods.
- Change the default name and password for your router; Hackers know all 'default' parameters of all manufactures.
- Routers keep logs, you can check these logs, to see who is connected, and who has been connecting to your network.
ActiveX installation popups.
ActiveX is a mechanism that allows web browsers to download and execute windows programs. Because of this functionality some very malicious software can be loaded onto your computer through this method. Be very cautious about allowing ActiveX installations on your computer. There are only three sources that I trust to allow ActiveX installations and they are Microsoft, Adobe and Apple. If in doubt ask someone who fixes computer systems for a living. Always use an internet browser that has phishing detection enabled, and DO NOT use Internet explorer version 6. Below are 2 examples of ActiveX installation windows.
Click the images below to view samples of these types of window pop-ups.
Closing, popup windows that refuse to close.
You may have experienced the annoying situation where an ActiveX or JavaScript popup window refuses to close even if you click cancel, the windows repeatedly pops up. NEVER lose patience and click OK or continue buttons. Methods that try to force you to install or agree to something, are only ever used by people who intent to load malicious or intrusive software onto your computer. The only way to end this loop is to force all open internet browser windows to close, which can be achieved on a windows machine by pressing the CTRL-ALT-DEL keys (once only) to open the task manager, then click on the applications tab on the top window and in the list below, highlight any instances of "Internet Explorer" and click the end task button.
Dummy pop-up windows warning of danger.
Don't fall for pop-up windows warning you of pending danger, with messages like "your computer is infected" and , "click here to download" a cure. You can often tell if a pop if fake by looking at the task bar at the bottom of your desktop,
if the popup has the same icon as your internet browser icon, then it is most likely fake, to be sure, close ALL internet browser windows, if the pop-up window no longer appears, it was fake. Some examples of fake popup windows are shown below.
Click on the thumb to see larger size.
Also beware of message windows, stating that, before you can open or play this file, you must install our program or codec, this technique is almost always used as bait to get you to install their software, which has some form of malware embedded inside it.
Keep your operating system up-to-date:
Security threats are always evolving, Hacker's are evolving and the tools they use are evolving, and so must you, if you want to keep your computer as secure as possible. Keeping your operating system up-to-date minimizes the number of holes and ports Hackers can tunnel in and out of. Applying Service Packs to Microsoft Windows operating systems, is a good idea because, it not only patches a number of vulnerabilities but often contains major security framework updates which make it harder for Hacker's to break into your system.
Banks and e-banking:
Banks could create a more secure, online banking experience, however most leave the responsibility of online security largely up to you. A notable exception are the few banks, that offer a system called a security token which is a small device that is used in conjunction with your access code and PIN to generate a temporary number to log into an online banking session, this number changes. Without going into too much detail, this 2nd level of authentication provides an ENORMOUS improvement to online banking security. Even if somebody obtains your password, they still need a number that is randomly generated by the token device that is physically separate, and not connected to your computer. I hope other banks will follow.
How can I make on-line banking as safe as possible?
- Always use a web browser that has phishing detection enabled.
- Ensure your anti-virus and firewall software are enabled & up-to-date.
- Get to know the feel of your on-line banking page.
- Know your bank's URL name and structure including forward slashes.
- If you suspect you have malware on your computer, don't use on-line banking at all.
- Make sure the padlock icon is being displayed.(never rely solely on this icon.)
- Click the padlock icon in your browser & check the sites security certificate details.
- Drag your mouse cursor over a few blocks of text, to confirm it's not just an image.
- If you suspect the site is fake, enter an incorrect password, if that is accepted, you know the site is FAKE.
What software is available to protect my computer?
The following list of applications provides a good balance of effectiveness, ease-of-use and frequency of updates. The Intrusion Detection applications do require a higher learning curve to use them effectively.
Security Analyzer's
Microsoft's Baseline Security Analyzer is a useful tool for checking security risks on Microsoft Windows© operating systems.download it here
Anti virus:
Kaspersky Norton AviraMcAfee VirusScan AVG antivirus
Anti-spyware:
Spybot S & D, Webroot Spy Sweeper
Firewall:
OutPost Pro Zone Alarm Kerio Personal Firewall Comodo Firewall