| Your Computer Is At Risk |
Top Recommended Solutions
Top Tips for Securing your PC
More Great Articles
|
| Convenience + Complaceny =
Compromise Plagued by spyware and adware that keeps reinstalling itself everytime you remove it? If you haven't kept your security patches up to date, the resuscitating spyware and adware may be the result of an Internet worm that reinfects your computer each time you access the Internet. Once the worm is in place - which will happen silently and without any action on your part - the worm installs a remote-access Trojan that then downloads adware and spyware and installs it to your system. All without your knowledge or consent. And it's not a single worm you need to worry about - there are multitudes of them circulating every corner of cyberspace. If you're fortunate, unwanted adware is all that will happen. But that same malicious code could also track your keystrokes and send the remote attacker a list of usernames and passwords it obtained when you visited an online banking site. Or, it may take the easier route and capture login credentials maintained by your browser's AutoComplete feature. If you're a gamer, it might sniff out login credentials for any MMORPG's you play online, or ferret out CD licensing keys stored for your favorite games. Once infected, your computer also silently begins infecting others, or may be used as a spam relay, or used to host pornography or other illicit - and often illegal - files. In any case, if your system is not fully patched, you're a wide open target for a variety of attacks, the severity of which can range from adware installations, to game hacks, to outright identity theft - not to mention the legal problems that might ensue if your computer is found to be harboring illegal material. A Common Thread Three recent articles in The New York Times, The Washington Post, and BusinessWeek magazine discuss just these types of attacks. BusinessWeek's "Invasion of the Stock Hacker" reveals the plight of two investors whose computers were compromised and whose investing accounts were nearly wiped out as a result. In "Invasion of the Computer Snatchers", Brian Krebs of The Washington Post interviews a 21-year-old who spends his days maliciously infecting as many vulnerable computers as he can, foisting adware and spyware onto them and then bragging about how he could do so much more harm if he chose. The victims interviewed by the reporters admit to not keeping their systems patched and had either no antivirus software or had not kept it up to date. Today's malicious code is not a prank. Thanks to improperly managed affiliate programs, there's big money to be made by infecting others with adware and spyware. And there's even bigger money for those who sell the infected machines to other organized cybercriminals, or sell off pieces of information gathered - such as your bank username and password. Common Misconceptions Many infections result from sheer complacency - users simply don't believe they can be infected or that they will be a target. Common misconceptions include: I use a Mac. I use dial-up. I use Firefox. I'm just a basic user. Mac users are susceptible and recent Mac viruses hammer home the point that it can happen as surreptitiously and easily as it can to PC users. It's also a mistake to believe that dial-up accounts are somehow 'safer'. If your computer - regardless of make or model or type of connection - connects to the Internet in any way, shape, or form, it is vulnerable. It takes only moments to discover, infect, and compromise an Internet-connected computer. Switching browsers isn't the answer either. Internet worms spread independently of the browser used. And those threats that do spread through web sites, email, and IM generally rely more on social engineering (i.e. tricking the user into clicking a link, downloading, or installing a file). In any event, vulnerabilities are constantly discovered - and exploited - in all browsers, including Firefox, Opera, and Internet Explorer. Attackers and malicious code don't care what type of user you are. Your computer represents a money chain to them and is equally valuable regardless - making you, or your computer, as much a target as anyone else online. Indeed, those who mistakenly believe they are immune are often those most at risk as they tend to be most complacent about security. To continue surfing safely, security patches must be installed as soon as they are available from vendors. Microsoft releases patches on a predictable cycle: mark your calenders to check for Microsoft patches the second Tuesday of each month. Apple doesn't have a predictable schedule, check for Apple security updates weekly. If you use Firefox, check for Mozilla Firefox security updates at least weekly. Use antivirus software and keep it up to date. Allow the antivirus software to update as often as it requests. (Update schedules vary widely among vendors - look for a product that updates at least daily). For those on a limited budget or those older PCs with limited system resources, free antivirus software can provide good protection. However, these free products don't offer robust adware and spyware detection. For solid antivirus and adware/spyware protection, McAfee VirusScan 2006 is an excellent choice. (Older versions of McAfee do not include robust adware/spyware protection). Use a personal firewall. Internet security suites generally include a firewall. If you are not using an Internet security suite that comes with a firewall, install the free, and superb, ZoneAlarm firewall. Don't rely on the built-in firewall that comes with Windows XP - it's trivially easy for attackers to disable it and it doesn't offer the more secure permission-based outbound protection offered by ZoneAlarm. If your budget will allow it, use a router in addition to installing a personal firewall. Most routers include network address translation (NAT) that will automatically block unsolicited inbound communication attempts. Routers are very inexpensive and have the added benefit of allowing you to easily share an Internet connection with other PCs in your home. Laptop Users Beware If you use a laptop, check out "Using Your Laptop at Starbucks: Is It Safe?" for important additional security steps you need to take to prevent compromise. An additional note for laptop users: If you use Google Desktop ensure that the "Search Across Computers" feature is disabled. (And if you've already enabled it, make sure you clear the contents from Google's servers. Otherwise, if your laptop is lost or stolen, the finder (or thief) may gain access to any Microsoft Word documents, Microsoft Excel spreadsheets, Microsoft PowerPoint presentations, PDF files and Text files located in the My Documents folder on your main PC. Don't Forget the Basics Regardless of how much protection you have in place, or whether you use a laptop, a PC, or a Mac, all the standard security precautions apply. |
|
| Your source for Your Computer Is At Risk | |