ExcellentSite - Protection

Why protect yourself?
It is important to protect your personal and financial information. Your computer may have a huge amount of personal and financial information about you, your spouse, your parents or your children. Personal information may include social security numbers, credit card numbers, account numbers or login credentials (passwords). If an identity thief has access to your personal information, it is very easy for the thief to cause serious financial problems.

Even if you don’t store personal information on your computer, you may be vulnerable. If your computer is infected with a program that logs keystrokes, your login credentials may be compromised. These infections could send your credentials to the software originator in an attempt to expose your financial or personal information.

Other infections don’t capture your personal information, instead they may turn your computer into a “zombie” thereby giving others control of your computer. Once your computer is under someone else’s control, they could use your computer to do anything including attacking other computers, financial institutions, etc. These attacks occur in the background and could go on for months without your knowledge. An investigation by the financial institution or law enforcement may lead to your computer being the culprit of these attacks. Do you want the feds knocking on your door because your computer is attacking a bank in another state?

Another source of hardship is when your computer charges expenses without your knowledge. An infected program may take control of your modem. The program silences the modem speaker and dials premium rate telephone numbers such as a “900 number” and leaves the line open, charging the toll to you.

Finally, malware infections on your computer can cause unreliable, erratic behaviour, system crashes, and slow speed.

How to protect yourself?

Software updates
One of the most important ways to protect yourself is to make sure your software is up-to-date. If your malware detection tool or firewall doesn’t have the latest updates, it won’t be able to detect or prevent new infections. If your operating system or application software doesn’t have the latest updates, you may be vulnerable to security flaws. No matter how much protection you have in place, if it’s not kept up-to-date, you will be vulnerable. The more out-of-date your software is, the more vulnerable you are.

Set ground rules
Are all of the users of your computer following the same rules? If you are diligent about security, but your spouse or kids aren’t, you will be fighting an uphill battle. Make sure all users know and understand the rules and why it is so important to follow them.

Firewalls
A firewall simply regulates traffic between your computer and the Internet. During normal use, your computer sends requests to servers and the server sends the requested data. However, if your computer doesn’t have a firewall, an intruder could send information to your computer without you making a request. An intruder could also request information from your computer without your authorization. The information could be malicious in nature. Therefore, the most common setting for a firewall is to block requests that are unsolicited. Most routers provide basic firewall protection. If you do not have a router, there are software firewalls that can be installed on your computer. For a list of reputable firewalls, see the ExcellentSite Freebies web page.

Malware
Malware is malicious software. Malware can pose as harmless software while performing malicious activity in the background or it can perform malicious activity in the background without any indication to the user that it is running at all. Software is considered malware based on the perceived intent of the creator rather than any particular features. Malware includes computer viruses, worms, trojan horses, most rootkits, spyware, dishonest adware, and other malicious and unwanted software. There are volumes of information about malware. By definition, all malware is undesirable and may lead to any of the problems described above. There are malware detection and eradication tools available from many vendors. Unfortunately, there is no one universal tool that detects and eradicates all malware. Some tools work best for viruses. Other tools work best for spyware. Some run in the background, constantly scanning for new infections. Other tools run only when invoked and scan your computer for existing infections. For this reason, many people feel the need to have multiple malware detection tools. However, running multiple malware detection tools in the background can cause your computer to run extremely slow. This defeats the purpose of using malware detection tools. A good solution is to have one reputable malware detection tool running in the background with other tools available for scanning during off-peak times. For a list of reputable malware detection and eradication tools, see the ExcellentSite Freebies web page.

Social infection
Another source of malware infection is through “social infection”. Some malware disguises itself as a malware detection tool. To entice you to download and install their (fake) malware detection tool, they advertise that your computer is infected and needs to be cleaned. If you download and install their malware detection tool, your computer will become infected. Avoid these scams by only using reputable software.

Phishing
Another social infection is known as “phishing”. The most common source of phishing is spam email. In a phishing attempt, a legitimate looking message contains a malicious URL link. If the recipient visits the URL, their web browser displays what appears to be a legitimate website (typically a financial institution). However, this legitimate looking website is fake and the phishing website creators hope that you will be tricked into entering your login credentials. If you do enter your login credentials, this fake website can use your login credentials to access your financial information. Visit the Anti-Phishing Working Group website for extensive information about how to detect, avoid, and report phishing.

Downloading software
Although some point to point (P2P) software is malware, even legitimate P2P software can be used to download malware. If you plan to download software, be sure to download it from a reputable source. Just because the website looks fancy or legitimate doesn’t mean that it’s safe to use. For the same reason, the description of a download file could not only be false, but may include some very intriguing verbiage to entice you to download it. Remember, they’re advertising and will do whatever it takes to infect your computer.

Email attachments
Malicious email attachments have been a source of problems for many years. We have all heard the warnings about opening email attachments, but many people incorrectly feel safe in opening email attachments that come from a known source. Many viruses capitalize on this false sense of security. Some viral infections target the address book of the infected computer. It sends an email to every address book entry with a copy of the virus attached. The recipient incorrectly feels safe in opening the attachment because it came from someone they know. Hence, the infection spreads.

Limited accounts
Windows defaults to administrative access for all users. While this is the least restrictive way of using your computer, it also leaves your computer wide open for attack. An administrative account has full access to all areas of your computer. Therefore, an infection can infect the core operating system files. This is bad because the operating system controls your entire computer. To limit your exposure, run the computer as a limited account. A limited account cannot access or change any of the core operating system files. This keeps the integrity of the operating system in place. Any infection on a limited account only affects the limit account user. Another benefit to using limit accounts is that you and your users cannot accidentally delete or change any core operating system files.

There are some inconveniences with using a limited account. However, these inconveniences far outweigh the troubles that a core operating system infection causes. The biggest inconvenience with a limited account is that software cannot be installed with limited account privledges. Only an administrative account can install software. Once the software is installed, you should return to using the software from a limited account. Unfortunately, some vendors do not write software for use on limited accounts. However, with some configuration changes, most software will run under a limited account.

Backups
Backups are extremely important. Backups not only protect you from malware and other infections, but also hardware failures and disasters (fire, tornado, flood, hurricane, theft, etc). There are MANY backup solutions and volumes of information about backing up. The important thing to remember is that backups need to be performed regularly, include all important data, be verified, be stored in a safe location and rotated. A good rule of thumb is to backup after every 8 hours of work. If you work all day long on your computer, it is recommended that you backup your data, daily. If you use your computer approximately one hour per day, it is recommended that you backup your data weekly. For safe storage, backups should be stored in a separate location from your computer. A fire could wipe out your computer and your backups if they are stored in the same location. Once you have a backup plan in place, verify that the backups are working correctly. Some backup software has a “verify” option that checks the integrity of the backup data. It may not verify that you have included all of your important data, but it does verify that what was backed up is good. Finally, when backing up, be sure to rotate your backup media. If you only backup to one media source and the backup gets interrupted, you may lose not only your computer data, but your backup data, too. For a list of reputable backup software, see the ExcellentSite Freebies web page.

Summary:

  • Take security seriously. Lack of security can cause serious problems.
  • Protect your data. If you don’t think your data is worth protecting, your computer certainly is.
  • Keep software up-to-date.
  • Use a reputable firewall.
  • Use reputable malware detection and eradication tools.
  • Don’t run multiple malware detection tools at the same time.
  • Avoid scams that claim your computer is infected and you need to “click here” to clean it.
  • Never click spam links.
  • Be extremely careful of ANY downloaded software. Is the source reputable?
  • Be extremely careful of ANY attachments - even if it is from a known source.
  • Watch out for phishing websites.
  • Use non-administrative accounts if possible.
  • Backup, backup, backup! It’s not IF you have a problem, it’s WHEN you have a problem.

Resources

Home | Features | Packages | Policies | References | FAQ | Contact Us


Copyright © 1999-2017 by ExcellentSite - All rights reserved.

Valid XHTML 1.1!   Valid CSS!

Page last modified: Thu, Jul 2, 2009 at 04:42:01