Business Social Networking for New Zealand Businesses
STAYING SAFE ONLINE
ARCIS FRAUD DISCOVERY & EXPOSURE CENTRE
WEEKLY MAIL
By John Dierckx
Date 28 February 2009
--------------------------------------------------------------------------------------------------------------------------
STAYING SAFE AND SECURE ONLINE
Let me start this issue by making an apology for its late delivery. At the same time the late delivery is associated with the subject of this week’s theme: STAYING SAFE ON LINE. Even though I maintain relatively rigid security practices, once again it was shown that NO SYSTEM IS 100% FOOL PROOF!
I was confronted with a unusually high usage bill for my internet, with traffic showing amounts which I would normally not be able to generate. There were several potential causes identified but due to a lack of sufficient records on the part of the service provider I was not able to identify which source ultimately was the one that caused all this traffic and/or whether it might have been a combination of sources. At the same time I realized how important it is that to stay as safe and secure, not only to protect your information and to protect your system against viruses and other malicious threats but also to ensure that your connection is not being used by others. The latter can cause unnecessary traffic that may as such not be harmful bit could lead your registered usage to skyrocket past points considered to be fair use or as is the case in New Zealand, past a data cap on your internet connection.
#1 Know what is happening: viruses and malware is an industry
Too often when I hear people talk about the latest threats they read about, things are played down to “a bunch of kids” trying to get their kicks by spreading all kinds of malicious stuff around. Well think again, you are talking about an industry that is after your money and information. Nowadays it is all about money whether it means taking over a PC to send spam, or stealing financial logins and credit card info, or even hacking game accounts. There is a booming online black market through which everything is sold and purchased from DIY software kits to make malware to spam services using infected PCs to reams and reams of credit card data stolen by key logger malware.
And remember, with this market going professional the old tell tale signs like big pop ups and lost files have gone. Very similar to professional organized crime and fraud: the crooks want to draw as little attention as possible. Therefore it is more important than ever to be pro-active and do not wait until it is too late. Besides that more and more those with less noble intentions have been using means like breaking into email accounts and social network profiles to entice contacts to hand over money, as can be read on our blog.
Related content on blog can be found here:
• http://blog.arcisfdec.com/?cat=240 (Category Social Media)
• http://blog.arcisfdec.com/?cat=26 (Category Social Media)
#2 I am safe, I have a good virus scanner
For some reason there still appears to be this idea floating around that a good virus scanner is the answer to all your potential problems. WRONG! While a good anti-virus program will help a great deal it is far from an end all. As far as I know there is no 100% catch all threats solution. While antivirus companies are doing a great job trying to stay ahead, on a more than incidental basis the malware writers are ahead of the companies. Hundreds of new viruses are detected each month. In addition to that all too often I see that virus scanners are not kept up to date with the latest definitions. Having good antivirus software is a most important first start but not updating makes the software obsolete in weeks rather than months or even years. And since they not catch everything: consider running a second anti-virus program besides the default one.
AVAST (http://www.avast.org) offers a free alternative second virus scanner to complement the one you are already using for free. I use it next to Norton AntiVirus. Another well known alternative is AVG at http://www.avg.com.
Besides a virus scanner recommend the use of spyware scanners such as AdAware (http://www.lavasoft.com) and Spybot Search and Destroy(http://www.safer-networking.org/index2.html) and Advanced Windows Care which can be downloaded for free at http://www.iobit.com.
#3 Keep your software and OS updated
On a regular basis new vulnerabilities and exploits are identified in software an OS. Microsoft requires regular updates. The beloved phrase "If it ain't broke, don't fix it" may be true in many instances but I would say not in relation to you computer systems. Regularly I hear that after applying a recommended patch for a piece of software, people saw their updated software break or suddenly conflict with something else on the PC. It is an almost natural reaction to not want to fiddle with a setup that seems to be working and is seemingly stable. It needs to be remembered that many if not most of the patches and updates are security related. Ignoring these could seriously put your systems at risk. Many of these risks can be taken care of if you enable built-in automatic update features for things like Firefox and Windows. Some of the biggest risks come from things like old ActiveX controls that don't update and more importantly do not indicate that your system may be at risk and needs updating. It is a known fact that more than 95% of computers have old or insecure versions of software installed. Advcanced Windows Care, even the free version can scan for drivers that need updating.
But besides that, there is this tool called Secunia http://www.secunia.com which offers free online scanning of your PC as well as downloadable Personal and Corporate versions of this scanner: definitely recommended.
# 4 Don’t fall for the social engineering trap
We regularly warn about email scams that either lure you to malicious websites and have malicious programs attached in the form of e-card and well anything imaginable. It is still common belief that it is at all times easy to spot such scams: crappy layout, typing errors and the list goes on. But at the same time it is noted that the scammers get better at it every day and sometimes it is not as easy to recognize the scam from the real thing. Sites may be hijacked and email attachments including the attachment may look very convincing. Again, there is a good reason to keep your software up to date. And for those that have concerns about certain attachments: there is a great web service called Virus Total where you can upload files up to 10 Mb and have them scanned by I think around 39 virus scanners at the same time! Check the award winning application out at the Virus Total site: http://www.virustotal.com.
#5 Firewalls and Routers
One thing not to forget is firewalls and routers (especially of wireless networks). For a long time I have used Zonealarm which has a free firewall available (see www.zonelabs.com) but nowadays many of the antivirus providers offer so called Security Suites which include a firewall. PC World has done a recent test and the Norton Internet Security suite came out best. The test can be read here: http://www.pcworld.com/article/140127/top_allinone_security_suites.....
While the article speaks of all-in-one security suites it can not be stressed enough that no one of these packages is 100% fault proof and therefore I recommend additional programs and software as described above.
And then for those with wireless internet in the home and office: make sure that neighbours or passer by scanners cannot steal your wi-fi. As outlined previously: even if YOU don’t mind sharing with outsiders: you may end up with incredible internet bills if it leads to your wi-fi being used by others and you have a data-cap. In addition to that “loose” wi-fi represents a serious information security risk if outsiders are able to access your private data besides your network.
You can turn on your wireless router’s WPA- encryption which will often do a great deal of the work, but if you have a human weak link in your organization that spills the beans on the family/homebiz password you may still end up being piggy backed (think children here). Instead you could turn on the MAC address filtering in your router’s security settings. It is somewhat of a hassle entering the MAC addresses of all your devices but it is probably the best option since only known devices will be allowed to connect. Finding those mac addresses can be done by running ipconfig in the windows command console.
FINALLY
A substantial internet usage bill reminded me once again how important it is to keep your security up to scratch. And while I may have gotten away with it because of several reasons and because I had my systems well maintained, you may end up not being so lucky. As said before, many of the malpractices going on nowadays are aimed at one thing only: your money or your private information after which the money (identity theft) is the next target. This article is not meant to scare you away from using the internet and in fact I recommend anyone to may optimum use of all the opportunities available online. At the same time: complacency about your computer and internet security may turn these opportunities into a nightmare. The article provided you with a range of options through which you can secure you computer and internet activities. No system is fool proof but you can do your best to minimize your chances of being hit by something malicious.
• Secure your boundaries: firewall and router security.
• Antivirus alone is not enough, see (#2, #3, #4) and remember that it does not need to be expensive!
Some good free alternatives are available especially for for families and small businesses.
• Keep everything up to date
• Use common sense
• Don’t become complacent and make computer and internet security part of your routines
• If in doubt or not sure about what to do GET HELP.
WEEKLY MAIL
By John Dierckx
Date 28 February 2009
--------------------------------------------------------------------------------------------------------------------------
STAYING SAFE AND SECURE ONLINE
Let me start this issue by making an apology for its late delivery. At the same time the late delivery is associated with the subject of this week’s theme: STAYING SAFE ON LINE. Even though I maintain relatively rigid security practices, once again it was shown that NO SYSTEM IS 100% FOOL PROOF!
I was confronted with a unusually high usage bill for my internet, with traffic showing amounts which I would normally not be able to generate. There were several potential causes identified but due to a lack of sufficient records on the part of the service provider I was not able to identify which source ultimately was the one that caused all this traffic and/or whether it might have been a combination of sources. At the same time I realized how important it is that to stay as safe and secure, not only to protect your information and to protect your system against viruses and other malicious threats but also to ensure that your connection is not being used by others. The latter can cause unnecessary traffic that may as such not be harmful bit could lead your registered usage to skyrocket past points considered to be fair use or as is the case in New Zealand, past a data cap on your internet connection.
#1 Know what is happening: viruses and malware is an industry
Too often when I hear people talk about the latest threats they read about, things are played down to “a bunch of kids” trying to get their kicks by spreading all kinds of malicious stuff around. Well think again, you are talking about an industry that is after your money and information. Nowadays it is all about money whether it means taking over a PC to send spam, or stealing financial logins and credit card info, or even hacking game accounts. There is a booming online black market through which everything is sold and purchased from DIY software kits to make malware to spam services using infected PCs to reams and reams of credit card data stolen by key logger malware.
And remember, with this market going professional the old tell tale signs like big pop ups and lost files have gone. Very similar to professional organized crime and fraud: the crooks want to draw as little attention as possible. Therefore it is more important than ever to be pro-active and do not wait until it is too late. Besides that more and more those with less noble intentions have been using means like breaking into email accounts and social network profiles to entice contacts to hand over money, as can be read on our blog.
Related content on blog can be found here:
• http://blog.arcisfdec.com/?cat=240 (Category Social Media)
• http://blog.arcisfdec.com/?cat=26 (Category Social Media)
#2 I am safe, I have a good virus scanner
For some reason there still appears to be this idea floating around that a good virus scanner is the answer to all your potential problems. WRONG! While a good anti-virus program will help a great deal it is far from an end all. As far as I know there is no 100% catch all threats solution. While antivirus companies are doing a great job trying to stay ahead, on a more than incidental basis the malware writers are ahead of the companies. Hundreds of new viruses are detected each month. In addition to that all too often I see that virus scanners are not kept up to date with the latest definitions. Having good antivirus software is a most important first start but not updating makes the software obsolete in weeks rather than months or even years. And since they not catch everything: consider running a second anti-virus program besides the default one.
AVAST (http://www.avast.org) offers a free alternative second virus scanner to complement the one you are already using for free. I use it next to Norton AntiVirus. Another well known alternative is AVG at http://www.avg.com.
Besides a virus scanner recommend the use of spyware scanners such as AdAware (http://www.lavasoft.com) and Spybot Search and Destroy(http://www.safer-networking.org/index2.html) and Advanced Windows Care which can be downloaded for free at http://www.iobit.com.
#3 Keep your software and OS updated
On a regular basis new vulnerabilities and exploits are identified in software an OS. Microsoft requires regular updates. The beloved phrase "If it ain't broke, don't fix it" may be true in many instances but I would say not in relation to you computer systems. Regularly I hear that after applying a recommended patch for a piece of software, people saw their updated software break or suddenly conflict with something else on the PC. It is an almost natural reaction to not want to fiddle with a setup that seems to be working and is seemingly stable. It needs to be remembered that many if not most of the patches and updates are security related. Ignoring these could seriously put your systems at risk. Many of these risks can be taken care of if you enable built-in automatic update features for things like Firefox and Windows. Some of the biggest risks come from things like old ActiveX controls that don't update and more importantly do not indicate that your system may be at risk and needs updating. It is a known fact that more than 95% of computers have old or insecure versions of software installed. Advcanced Windows Care, even the free version can scan for drivers that need updating.
But besides that, there is this tool called Secunia http://www.secunia.com which offers free online scanning of your PC as well as downloadable Personal and Corporate versions of this scanner: definitely recommended.
# 4 Don’t fall for the social engineering trap
We regularly warn about email scams that either lure you to malicious websites and have malicious programs attached in the form of e-card and well anything imaginable. It is still common belief that it is at all times easy to spot such scams: crappy layout, typing errors and the list goes on. But at the same time it is noted that the scammers get better at it every day and sometimes it is not as easy to recognize the scam from the real thing. Sites may be hijacked and email attachments including the attachment may look very convincing. Again, there is a good reason to keep your software up to date. And for those that have concerns about certain attachments: there is a great web service called Virus Total where you can upload files up to 10 Mb and have them scanned by I think around 39 virus scanners at the same time! Check the award winning application out at the Virus Total site: http://www.virustotal.com.
#5 Firewalls and Routers
One thing not to forget is firewalls and routers (especially of wireless networks). For a long time I have used Zonealarm which has a free firewall available (see www.zonelabs.com) but nowadays many of the antivirus providers offer so called Security Suites which include a firewall. PC World has done a recent test and the Norton Internet Security suite came out best. The test can be read here: http://www.pcworld.com/article/140127/top_allinone_security_suites.....
While the article speaks of all-in-one security suites it can not be stressed enough that no one of these packages is 100% fault proof and therefore I recommend additional programs and software as described above.
And then for those with wireless internet in the home and office: make sure that neighbours or passer by scanners cannot steal your wi-fi. As outlined previously: even if YOU don’t mind sharing with outsiders: you may end up with incredible internet bills if it leads to your wi-fi being used by others and you have a data-cap. In addition to that “loose” wi-fi represents a serious information security risk if outsiders are able to access your private data besides your network.
You can turn on your wireless router’s WPA- encryption which will often do a great deal of the work, but if you have a human weak link in your organization that spills the beans on the family/homebiz password you may still end up being piggy backed (think children here). Instead you could turn on the MAC address filtering in your router’s security settings. It is somewhat of a hassle entering the MAC addresses of all your devices but it is probably the best option since only known devices will be allowed to connect. Finding those mac addresses can be done by running ipconfig in the windows command console.
FINALLY
A substantial internet usage bill reminded me once again how important it is to keep your security up to scratch. And while I may have gotten away with it because of several reasons and because I had my systems well maintained, you may end up not being so lucky. As said before, many of the malpractices going on nowadays are aimed at one thing only: your money or your private information after which the money (identity theft) is the next target. This article is not meant to scare you away from using the internet and in fact I recommend anyone to may optimum use of all the opportunities available online. At the same time: complacency about your computer and internet security may turn these opportunities into a nightmare. The article provided you with a range of options through which you can secure you computer and internet activities. No system is fool proof but you can do your best to minimize your chances of being hit by something malicious.
• Secure your boundaries: firewall and router security.
• Antivirus alone is not enough, see (#2, #3, #4) and remember that it does not need to be expensive!
Some good free alternatives are available especially for for families and small businesses.
• Keep everything up to date
• Use common sense
• Don’t become complacent and make computer and internet security part of your routines
• If in doubt or not sure about what to do GET HELP.
Add a Comment
About
© 2010 Created by VBIZNZ Administrator
Powered by 
.
You need to be a member of VBIZ New Zealand to add comments!
Join VBIZ New Zealand