Tuesday, October 12, 2010

Tips and Tricks to help protect yourself from malicious hackers.

“Their intention is to infect your computer so that you don’t even know you’ve been infected.”
Hardly reassuring words for computer users or business owners. Cybercrime continues to flourish for one simple reason: it’s profitable.
Hackers use two broad approaches: Either they sneakily install malicious software on your computer to control it or steal your information, or they trick you into giving up your information voluntarily.
The malicious software can enter your system when you visit a shady website, or open an e-mail attachment carrying a virus. If it infects your machine, it might hand control of your computer over to networks that will rent it out to spammers, who will use it as a junk-mail-sending machine.
Or worse, it might install “key-logger” software that takes careful note of every word you type – usernames, passwords and all – and sends it back to hackers, who can co-opt your online accounts, take your money, and even represent themselves as you to your friends.
None of these things bode well for small businesses, which are often focused on the job at hand more than they are on information security. But there are new responses to these threats. In increasingly perilous seas, how do you stay on course without giving in to paranoia?
Here are some suggestions:
1. Don’t open unexpected attachments, even if they come from friends.
E-mail attachments are a great source of malware. But nowadays, they don’t just come from dodgy strangers, they can come from your best friends.
When certain malware infects computers, it will scan e-mail address books and send malicious messages to every contact, making it appear that the message comes from a friend. Oftentimes, they’ll contain messages such as “Here’s the PDF I said I’d send,” but they’re getting more clever and more subtle all the time.
If someone you know sends you an e-mail with attached files that you weren’t expecting, or that seem strangely generic (“Hey, check out these pictures!”), make contact with the sender first to make sure it’s genuine.
“If it sounds unbelievable, it totally is,” says David Mirza Ahmad, a cyber-security veteran and one of the founders of Subgraph, a Montreal-based security start-up. “Look for cues in the e-mail: Is the e-mail worded a little differently? Is it normal to receive random files from this person? If there’s a file, there should be context.”
In fact, any unexpected behaviour from friends on social networks should be taken with a grain of salt. Social networks are the latest frontier for hackers because they engender so much trust. If a Facebook friend starts posting items they wouldn’t normally post, be careful: their account might have been compromised, and the items might be a trap.
2. Update, update, update.
Even if you never opened another attachment in your life, you can still let viruses in, even by doing something as simple as visiting the wrong website at the wrong time.
The software that runs modern computers is enormous and labyrinthine, and hackers are always finding new holes that they can use to sneak malicious software onto computers – usually by injecting. And software makers such as Microsoft, Apple, and anti-virus makers, are constantly rushing to patch those holes. It’s a never-ending game of cat-and-mouse.
This is why it’s essential to keep your software up-to-date, and up to the minute. You need to update three things: First, your operating system (such as Windows or Mac OS), which receive updates to plug security holes as they’re found. By default, these will install automatic updates – it’s important to let them. Second, your web browser (Internet Explorer, Firefox, Chrome) needs to be up-to-date for the same reason. New versions are free to download. This goes expecially for users of Internet Explorer 6, an older version of the popular browser that was well-known as a security nightmare.
Finally, your virus-checking software needs constant updates to know which malware to look for today.
3. Be very careful about following login links from e-mails.
The next trick is to keep from getting tricked. Increasingly, scammers will try to convince you to give away your login and password for a phony web page that’s set up to look like a real one.
It’s called “phishing” – as in, going fishing for victims. You’ve probably already received some that use banks as bait: An e-mail arrives, prompting you to visit your bank’s website to “verify your login information.” It will direct you to a page that looks like your bank’s website, but it is really a false front that passes your login information on to hackers.
So far, these have been fairly easy to spot. But scammers are getting smarter: they’re now sending e-mails that look like new-friend or message-waiting notices from social networks such as Facebook or LinkedIn.
Always be cautious. Watch out for vague-seeming notifications. Pay careful attention to the URL at the top of the web page. If there’s any doubt, don’t follow the link from the e-mail, but visit the social network’s page directly and log in there.
4. Use different passwords.
Password safety isn’t the be-all and end-all of security, but it’s an important rudiment. You’ve probably been regularly warned not to use simple or easy-to-guess passwords. But it’s probably even more important (and, yes, more annoying) not to use the same password for every online service you use.
The reason is simple: If, by installing a key-logger, or tricking you with a phishing trick, a hacker gets the username and password for one site, you can bet he’ll turn around and try it on every other service you’re signed up with. You could wind up being locked out of everything at once.
If remembering a dozen different passwords is unwieldy (and it is), consider using at least two groups of passwords – one for not-so-important sites, and different ones for the really sensitive logins. Or, Mr. Mizra suggests using desktop software that uses one master password to access all the individual passwords - software such as the Mac OS Keychain or PasswordSafe for Windows.
5. Don’t think you’re smarter than the criminals.
So you know the ropes on the Internet. You know a malicious e-mail when you see one. Still, sometimes curiosity gets the best of you, and you click, thinking that you’re not going to divulge any personal information or download any suspicious files. Surprise: the bad guys have anticipated that, too.
“People believe that the operating system will protect them from everything they want to do; that by clicking on this link they’re smarter than the criminal,” Mr. Masiello says. “The criminals have got smart to this kind of thing.”
Tricks such as interstitial pages, pop-ups, and unpatched browser exploits can infect a computer before the user has clicked a single button or typed a word on a malicious web page.
And if you’re reading this on a Mac – don’t get too smug. For all of Apple’s marketing, Macs aren’t actually more secure, they’re just targeted less because fewer people own them. Malware comes for everyone, and – unfortunately - the only real solution is diligence.

63 comments:

  1. Good article I'll point people this direction so I don't have to go over telling them these things that they should know but don't think about.

    ReplyDelete
  2. Common sense helps me most of the time, but these are some good tips.

    ReplyDelete
  3. this is some great information.

    ReplyDelete
  4. hmmm ill have to start being more secure

    ReplyDelete
  5. Nice guide and very true. It's a shame it tends to be people without knowledge that fall for these

    ReplyDelete
  6. Getting a Mac solves alot...
    Altho, I would never use a mac for anything but browsing, because they suck overall.

    ReplyDelete
  7. Great article :) I think I will write about idenity theft today, so feel free to check it up later

    ReplyDelete
  8. I don't even trust password generators. Nope, I just use 'plzdonthackmebr0' for every site and email.
    Also, updates are for chumps. :)

    ReplyDelete
  9. Don't have these problems! BTW KOOBFACE is back... and Android phones are being hacked as well

    ReplyDelete
  10. I told the doctor, "It hurts when I push here." He said, "So, don't push there."

    I say disconnect. The only way to truly be secure is to prevent any access. Do we really need the internet? I'm going to sell my internet on craigslist or ebay.

    ReplyDelete
  11. good reminders - i'll direct some friends to your list here

    ReplyDelete
  12. Good tips just today I got some strange emails from a friend who seems to be infected with a virus

    ReplyDelete
  13. It's so funny this isn't common sense for most people. :D

    ReplyDelete
  14. good standard operating procedures.

    ReplyDelete
  15. I don't get viruses. ever.
    <_<
    >_>

    But thanks for the tips.

    ReplyDelete
  16. Seems like most of this stuff should be common sense. A good list nonetheless for those 'other' people

    ReplyDelete
  17. this is essential information over there. i hope you can spread the word more

    ReplyDelete
  18. ironic I read this blog post the week AFTER my computer gets cyber AIDS and crashes. oh wells.

    CLAN IN DA FRONT, LET YA FEET STOMP...

    ReplyDelete
  19. General tips that most computer literate peeps should follow.

    ReplyDelete
  20. this is relevant to just what I was thinking about

    ReplyDelete
  21. What about linux users, can we be smug? lol

    ReplyDelete
  22. they should make this mandatory knowledge before allowing anyone access to the internet.

    ReplyDelete
  23. ^^^ Keep an install disc handy XD

    ReplyDelete
  24. luckily, I check my mail every 2 weeks lol
    and then I delete almost all mail that I receive :)

    ReplyDelete
  25. whoa, your blog's got a good amount of followers!

    ReplyDelete
  26. I got an email once, and they said they were from Paypal and they were updating their safety-routine.
    I was basically told to write my username and password, followed by all my personal information, and then send it to them.

    I even tried filling the form out with false information, but when I tried to send it, it didnt work.. stupid brainless hackers dont even put any time into doing it well -.-

    ReplyDelete
  27. Thanks for the tips, good to be safe

    ReplyDelete
  28. Great info!
    This is very relevant to the computing world thanks

    ReplyDelete
  29. Always secure, always really cautious

    ReplyDelete
  30. I think a few friends of mine would benefit from this, how hard is it NOT to click a random email link.

    ReplyDelete
  31. i have a linux mint cd... in case any tough viruses are being stubborn

    ReplyDelete
  32. im not sure how people manage to get so many viruses, 90% of them are obvious as fuck. and google chrome will prevent pretty much everything that you dont go out of your way to install

    ReplyDelete
  33. these are important tips! i don't like leet haxors.

    ReplyDelete
  34. great info there, keep up the good work...showin love, you should check out my blog's newest post

    ReplyDelete
  35. dont answer stupid security questions honestly lol!

    ReplyDelete
  36. Usually keep that shit out of my computer, but of course you can never stop it totally.
    All we can do is keep trying.

    ReplyDelete
  37. Good tips ! Using common sense :)

    ReplyDelete
  38. Protection is number one priority! KEEP THE HACKERS AWAY!!

    ReplyDelete