Security in the Internet Age
Best practices for PC and Internet Security
Virus and Malware Protection
Virus – a malware program that, when executed, replicates by inserting copies of itself (possibly modified) into other computer programs, data files, or the boot sector of the hard drive; when this replication succeeds, the affected areas are then said to be “infected”.
Malware – short for malicious software, is any software used to disrupt computer operation, gather sensitive information, or gain access to private computer systems.
Your PC needs protection from malicious Browser Helper Objects (BHOs), browser hijackers, ransomware, keyloggers, backdoors, rootkits, trojan horses, worms, malicious LSPs, dialers, fraudtools, adware, spyware, infected and malicious URLs, spam, scam and phishing attacks, online identity (theft), online banking attacks, social engineering techniques, Advanced Persistent Threat (APT), botnets, DDoS attacks…
Resources:
AV-Test.org – reports test results for Windows anti-virus programs
AVG, avast! – free virus scanning software for Windows PCs
Malwarebytes – application for Windows PCs that finds and removes malware
CCleaner – utility program used to clean potentially unwanted files
Spybot – Search & Destroy – scans the computer hard disk and/or RAM for malicious software
ClamAV for Linux
avast! for Android
Platform Operating System differences
Should I run anti-virus software on:
Windows? You’d be crazy not to…
MAC? Even though viruses aren’t a big problem on Macs, phishing, adware, and spyware can still ruin your day as you surf the net. You’re also at risk of passing virus-laden e-mails on to your Windows brethren. So, yes!
Linux? Maybe. Though you’re immune from Windows viruses, Linux systems could be used as Mail or File servers, in which case you definitely want to run software that will protect your users. But even if you’re not running these servers, you should still consider running something like ClamAV to keep Windows machines safe.
ChromeBooks? Nope. There’s no way to install local software on a ChromeBook, so there’s no way to catch a virus. BUT, browser security is an issue but Chrome has an excellent reputation in this regard. Web apps you use are still vulnerable to having their data stolen. What’s changed is your local computer can’t be compromised and turned into a spam bot or have a keyboard logger.
Android? Sure. avast! for Android protects “phones and/or tablets against malware attacks and locate them if they’re ever lost or stolen” and is probably a good idea.
And what about Windows XP? Can I still ‘safely’ use it? Well, yes and no. As you know, XP has been end-of-lifed by Microsoft, meaning no more security updates or patches are coming from them for XP. XP also still has a very large installed base and makes a very juicy target for hackers and scammers. Only if you keep on top of your virus and malware software by keeping if functioning and updated will your XP platform be able to resist the attacks. If you don’t, it will become a support nightmare or worse. An upgrade to Windows 7 (about $90 for the license), or hardware replacement for older machines is recommended.
Useful articles:
Do both MACs, PCs and Linux systems require Virus Protection?
What about Antivirus software for Linux?
Windows XP End-of-Life – what to do?
Best Practices
From: Internet Safety Tips – A Comprehensive Resource
Source: http://www.complianceandsafety.com/safety-tips/internet-safety-tips.php
System
- Protect your system – adware, spyware, viruses
- Turn on your firewall
- Don’t open e-mail you don’t know
- Block pop-ups(a)
- Take care when downloading software(b)
- Encrypt(c)
- Log off websites after use, especially when using public PCs(d)
- And delete history and cookies after using public computers
- Protect your wireless network – password protect, and hide SSID(e)
Social Networking
- Anything you say can and will be used against you…
- Think twice before posting anything about yourself or others
- Consider everything you post as ‘public’ information
- Disclose minimal personal information
- Don’t forward others’ email without their permission
- Close unused accounts
Identity
- Scams – what to look for and how to avoid getting pulled in
- Identity theft – worse case, someone assumes your identity and obtains your financial information
Passwords
- Don’t give out personal information, or type user names or passwords on insecure sites
- Create long/difficult passwords and don’t use ‘predictable’ letter or number sequences
- Change passwords periodically and don’t reuse old passwords
- Don’t repeat your username in your password
- Don’t store your passwords online*
- Avoid using personal information (age, address, phone number, SSN, etc.) in a username or password
- Don’t give out personal information to a stranger (full name, password, contact info, financial info, family info, etc.
* Read my article about RoboForm 7 as safe way to store passwords online and to manage complex passwords
Other useful articles:
Don’t Forget Your Windows Login Password – Or Else…
Reset Windows passwords with the help of Linux
Warning! Your Password has been stolen!
5 million Gmail passwords leaked onto the web in another Russian hack
RoboForm 7 – what is it and why do I care?
My e-mail account has been hacked! What do I need to do next?
Something to think about before recycling that old PC?
Dave Winer wrote about this extensively and notes the same problem
Glossary (definitions from wikipedia.org:
malicious Browser Helper Objects (BHOs) – because BHOs have unrestricted access to the Internet Explorer event model, some forms of malware have been created as BHOs
browser hijackers – modification of a web browser‘s settings. The term “hijacking” is used as the changes are performed without the user’s permission.
ransomware – malware which restricts access to the computer system that it infects, and demands a ransom paid to the creator(s) of the malware in order for the restriction to be removed.
keyloggers – the action of recording (or logging) the keys struck on a keyboard, typically in a covert manner so that the person using the keyboard is unaware that their actions are being monitored.
backdoors – a method of bypassing normal authentication, securing unauthorized remote access to a computer, obtaining access to plaintext, and so on, while attempting to remain undetected.
rootkits – a stealthy type of software, typically malicious, designed to hide the existence of certain processes or programs from normal methods of detection and enable continued privileged access to a computer.
trojan horses – a non-self-replicating type of malware program containing malicious code that, when executed, carries out actions determined by the nature of the Trojan, typically causing loss or theft of data, and possible system harm.
worms – a standalone malware computer program that replicates itself in order to spread to other computers.
malicious LSPs – LSP (Layered Service Provider) technology is often exploited by spyware and adware programs in order to intercept the communication across the Internet.
dialers – refers to dialers that connect without the user’s full knowledge as to cost, with the creator of the dialer intending to commit fraud. Providers of such dialers search for security holes in the operating system installed on the user’s computer and use them to set the computer up to dial up through their number, so as to make money from the calls
fraudtools – a malware program that pretends to be a well-known program, or a non-malicious one (such as an Antivirus), in order to steal money and/or confidential data.
adware – any software package which automatically renders advertisements in order to generate revenue for its author.
spyware – software that aids in gathering information about a person or organization without their knowledge and that may send such information to another entity without the consumer’s consent, or that asserts control over a computer without the consumer’s knowledge.
infected and malicious URLs – infected via the use of a ‘drive-by-download’ exploit. This is how malware can download and install itself on your machine simply by loading a web page that contains it.
spam – use of electronic messaging systems to send unsolicited messages (spam), especially advertising.
scam – an attempt to defraud a person or group after first gaining their confidence, used in the classical sense of trust.
phishing attacks – an attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication.
online identity (theft) – someone pretends to be someone else by assuming that person’s identity, usually as a method to gain access to resources or obtain credit and other benefits in that person’s name.
online banking attacks – attacks on online banking are based on deceiving the user to steal login data and valid TANs.
social engineering techniques – the psychological manipulation of people into performing actions or divulging confidential information.
Advanced Persistent Threat (APT) – stealthy and continuous computer hacking processes, often orchestrated by human(s) targeting a specific entity.
botnets – a collection of Internet-connected programs communicating with other similar programs in order to perform tasks.
DDoS attacks – a distributed denial-of-service (DDoS) attack occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers.
Personal firewall – an application which controls network traffic to and from a computer, permitting or denying communications based on a security policy.
Encryption – the process of encoding messages or information in such a way that only authorized parties can read it.
Embracing the Cloud
What is the cloud?
The cloud simply refers to software and services that run on the Internet instead of on your computer. Apple iCloud, Dropbox, Netflix, Google Drive, Microsoft Office 365, Gmail – those are all examples of cloud services, and there are many, many more.
Where is the cloud?
The cloud consists of large groups of remote servers that are networked to provide centralized data storage, and online access to computer services or resources. Most of us participate in what’s called a “public cloud”. These cloud services are rendered over a network that is open for public use. Public cloud service providers like Amazon AWS, Microsoft and Google own and operate the infrastructure at their data center and access is generally via the Internet.
Is it secure – can I trust it? Public Clouds…
- Are hardened thru continual hacking attempts
- Attract the best security people available
- Get the latest security gear due to economies of scale
Heck, yeah! Weighing all the benefits – low cost, good security and reliability, and access to data and services anywhere, anytime, the cloud rocks!
OK, tell me more. What Cloud services are out there for me to use?
We’ll talk about Cloud storage, back-up, apps and utilities – read on:
Cloud Storage – a model of data storage where the digital data is stored in logical pools, the physical storage spans multiple servers (and often locations), and the physical environment is typically owned and managed by a hosting company.
Examples: Amazon AWS, DropBox, Google Drive, Microsoft OneDrive, iCloud… Which is right for me?
Cloud Back-Up – a service that provides users with a system for the backup, storage, and recovery of computer files.
Examples: There are MANY, but my favorite right now is Carbonite. You can find more information about Carbonite features here. Suffice to say that Carbonite has saved our bacon a few times and is well worth the ~$54/year we pay when renewing under the 3-year contract for their ‘Basic’ service level. As icing on the cake, Carbonite provides a remote access application that allows individual files to be downloaded to any computer using a web browser.
Comparison of online back-up services: http://en.wikipedia.org/wiki/Comparison_of_online_backup_services
Cloud Apps (generically called ‘Cloud Computing’) – infrastructure is off-site (provided by a third-party) and accessed via the Internet, users can connect from anywhere. Maintenance of cloud computing applications is easier, because applications do not need to be installed on each user’s computer and can be accessed anywhere, anytime.
Examples: Google Docs, Microsoft Outlook.com (both free) – and many, many more thanks to the introduction of the Google ChromeBook…
Why aren’t Microsoft Office 365, and Adobe Creative Cloud on the list? Glad you asked…
Cloud ‘Utilities’
Books – Kindle Cloud Reader, OverDrive, Hoopla
Video – NetFlix, Hulu Plus, Amazon Instant Video
Printers – Google Cloud Print
FAX – RingCentral, and others
Converters – CloudConvert.org
Password Managers – RoboForm, Dashlane, LastPass, KeePass, and more
What is a password manager? It’s a program that keeps your passwords and other logon information in an encrypted database. That way, you only have to remember one password–the one that opens the password manager.
But are Password Managers safe? Good question. But without one, you’re going to use the same password over and over again, and pick passwords that are easy to remember and, therefore, easy to guess.
Here’s what Lincoln Spector at PCWorld has to say about it:
“I strongly recommend against any cloud-based password management service–especially if that service can access your database. If the service can recover your forgotten password manager’s password, or if it can turn over your passwords to your next of kin, that company has access to your passwords, and can be hacked.
Instead, use a local program on your computer. That way, the encryption stays close to home. It’s not on the Internet, and even if someone did get ahold of your data file, it would be useless without the password.”
Banking, Credit Card transaction processing…
Closing Comments: In case it’s not apparent, the ‘cloud’ is where computing (and even entertainment to some degree) is headed. Complex operating systems and the high performance platforms required to run them are expensive and must be maintained. Purchased applications are expensive and become obsolete quickly. By choosing wisely, and investing some time in learning how to use the cloud effectively, you’ll save money with little loss of functionality. For many (but not all) it’s a journey worth taking…
Other useful articles:
What’s the best way to back up your data? Physical back-up or the ‘cloud’?
RoboForm 7 – what is it and why do I care?
Free Microsoft Office! Check out Office Web Apps…
Convert your files in the Cloud – cloudconvert.org (beta)
Google Cloud Print – a cool new capability from Google
Microsoft Office Apps for iPad – I’m not so sure…
Adobe’s Creative Cloud – a really good idea!
