• Return to Home
• Blog Home

Archives

• September 2010
• August 2010
• July 2010
• June 2010
• May 2010
• April 2010
• March 2010
• February 2010
• January 2010
• December 2009
• November 2009
• October 2009
• September 2009
• August 2009
• July 2009
• June 2009
• April 2009
• March 2009
• February 2009
• January 2009
• December 2008

Categories

• Business
• Individual

Recent Comments

• Sophie on Resiliency- How Do You Measure Up?
• Dean F. Wolff on Resiliency- How Do You Measure Up?
• Sherri Edwards on Making Ends Meet in a Slow Economy
• Joseph on Making Ends Meet in a Slow Economy
• Sherri Edwards on Making Ends Meet in a Slow Economy

Internet Risks, Part 2: Fighting Back – contributed by MyOffice Tech

How in the world can anybody be safe today?  The short answer is that you cannot be completely safe. There are just too many attacks on too many fronts for you to be successful in fending off all of them.  But, short of disconnecting yourself, there are specific things you can do to reduce your risk:

• Windows updates: First and foremost, keep your system updated.  Apply critical updates immediately and reboot when instructed to do so.
• Backups: Make sure you have an excellent computer backup system and methodology.  You need to use a backup system that automatically and regularly creates image backups of your hard drives to a USB or network drive.
• High-risk website categories: If at all possible, stay away from them.  If you must browse risky sites, do so while logged on to a “limited” or “standard” Windows user account as opposed to an “administrator” account.  This will limit the amount of damage that malware can do if it does get on your system.
• Links: Do not click any links in emails, instant messages, or in other communications unless you are certain of the authenticity of the message and trust the destination of the link.  Never click any link in an unsolicited message.  This is the primary attack vector for social networking sites, and phony messages from “friends” can appear to be quite real, so be very suspicious of any links in them.  Do not click on ads or external links on high-risk websites.
• Suspicious emails: Immediately delete strange emails from unknown senders without opening them.
• Anti-virus Systems: Select and use a top-rated anti-virus program or suite.  There are quite a few that cluster around the top but all of these have strong and weak points.  Remember that some free anti-virus programs are quite good, while some you have to pay for are sub-standard.  Visit www.av-comparatives.org for unbiased ratings and reviews.
• Secondary Anti-Virus Systems: Run several manual/”on-demand” anti-virus programs in addition to your main suite for a “second opinion”.  No single anti-virus suite or program is good at finding every type of malware.  I recommend that you download and install Malwarebytes (www.malwarebytes.org), Superantispyware (www.superantispyware.com), HitMan Pro (www.surfright.nl), and SpyBot (www.safer-networking.org).  Update them and run them often, but be aware of false positives.  Any malware found should be quarantined if possible, not deleted, to allow recovery of a file or files in the event of a false positive.
• Hardware Firewall: Use a quality appliance, one that performs “stateful packet inspection” and employs NAT (network address translation).  You must keep your firewall’s firmware updated.
• Software Firewall: These are usually included with higher-rated anti-virus suites.  Carefully read any messages presented to you by them, and research the processes that are requesting access before you allow it.  Generally, hardware firewalls and software firewalls do not conflict with each other.
• Applications: Keep your non-Microsoft applications, such as Adobe Reader and Java, updated.  Bear in mind that Windows Updates do not update such applications, and many of their update mechanisms are broken.  The best way to keep them secure is to use a fantastic piece of software called Secunia Personal Software Inspector (PSI). It identifies apps on your machine that are insecure and suggests how to fix them.  This program is free to non-commercial users and can be downloaded at:  http://secunia.com/vulnerability_scanning/personal
• Internet Browser: Use a more secure browser.  Mozilla Firefox is regarded as being more secure than Microsoft’s Internet Explorer, and is faster, too.  If you can tolerate re-logging into your favorite sites every time you reopen your browser, I recommend that you set your browser to automatically delete your history and cookies every time you exit.
• Browser add-ons: For Mozilla Firefox, I emphatically recommend “Web of Trust” and “BetterPrivacy”.  Web of Trust is one of best security tools you can have.
• Scan your downloads: Send any files you have download to Virus Total (www.virustotal.com) for analysis before you open, execute, or install them.  The current upload limit size is 15 MB.
• JavaScript: Disable JavaScript in your Adobe Reader.
• Email Preview Pane: If you can live without it, turn it off.
• Online banking: If at all possible, avoid it.  You can always use a bank’s automated telephone service for many of the tasks you perform online.  There is a new class of malware in the wild called “banker trojans” that are truly scary.  The usual method of operation is like this:  It sits on your computer, disguised and undetected, and waits for you to visit a banking site.  When you do, it redirects you to a phony, look-alike site where you “log in”.  This is where your credentials are stolen.  It then sends you to your bank’s real site and logs you in.  From your perspective, everything appears to be normal.  The malware then quietly deletes itself.  Funds are then transferred out of your bank account, usually in small amounts over a period of days or weeks so as not to trigger bank alerts.

You may still become infected at some point, despite your best efforts.  The malware may be able to be removed and the damage repaired.  If not, your system will have to be restored from an uninfected image backup from an earlier date.  If no image backups are available, your system will have to be wiped clean and the operating system reinstalled.  Depending upon the extent of the damage, your data may or may not be able to be saved before the restore or wipe.

The burden of remaining secure is high, but the costs of not doing so are much higher.  We cannot reduce our risks to zero, but we can certainly fight back.

MyOffice Tech is experienced in computer security and computer health issues for individuals and small businesses.  We would be happy to answer any questions you may have regarding these subjects and to assist you with implementation of enhanced security measures.

Ed Meadows
Manager
MyOffice Tech, LLC
http://MyOfficeTechLLC.com
Support@MyOfficeTechLLC.com

360-769-0050

One Response to “Internet Risks, Part 2: Fighting Back – contributed by MyOffice Tech”

1. Janice Says:
   May 18th, 2010 at 12:34 pm

   Thank you Ed and Sherri!!!!!

Leave a Reply

Name (required)

Mail (will not be published) (required)

Website