chapter button
home index glossary

 

Keeping Your Computer and You Safe

There are two overall types of problems that you can encounter in computing. One is programs that sneak up on you, and the other is things that you do, or don't do.

Malware, the first type is "...short for malicious software which consists of programming (code, scripts, active content, and other software) designed to disrupt or deny operation, gather information that leads to loss of privacy or exploitation, gain unauthorized access to system resources, and other abusive behavior." To learn about the various types, go to http://en.wikipedia.org/wiki/Malware

For an excellent review of the difficulties, download the January 2011 Presentation (Power Point) about CyberCrime from http://gcpcug.org/genmeetpres

 

Software Protection Against Malware

Anti-Virus Software

The best line of defense against malware is an antivirus program. There are many available, some are free, others have a yearly charge. When deciding on a program, look at the reviews, and NEVER download one that is offered to you through email, or on a site that you did not access specifically to investigate or buy an anti-virus program. And yes, Macintosh owners, there are now enough of you to entice the malware producers to go after you.

Simply downloading and installing an anti-virus program is not enough. Anti-virus software can only protect you against viruses about which they know. There are 3 to 10 new viruses discovered each day, hence the need to constantly update this software. Most of these software products allow you to set the program to automatically update itself.

Go to the top of the page

Firewalls

A firewall is a system that protects your computer from unauthorized access. They can be implemented in both hardware and software. A firewall examines all messages entering or leaving your computer and blocks any that do not meet specific criteria. They are especially vital if you have a broadband connection to the Internet, although it is not unheard of for a modem to be disconnected from the owner's ISP and silently reconnected to another overseas creating a monstrous phone bill. When broadband ISP service is set up a hardware firewall is included, but there is also a need for a software firewall. One word of caution, never run more than one software firewall at a time. Because most anti-virus programs today include firewalls, be sure to turn of the Windows firewall before using. To do this in Windows, open the control panel and click on Security Center. Excellent information about firewalls, including information about free ones and reviews can be found at http://www.firewallguide.com/ while lengthy detailed information about firewalls can be found at http://en.wikipedia.org/wiki/Firewall_%28computing%29

Actions for You to Take

Besides installing and regularly updating anti-virus software and a firewall, there are other actions that will keep your computer safe and you from tearing out your hair!

Backups

The best line of defense is to make regular back-ups of your work. This can be done on a flash drive, a CD or DVD disk, or to an external hard drive. If you want to backup all your work and keep it backed up, an external hard drive is the easiest answer. There are ways that this can be done automatically using the backup and restore program.

Another alternative is to use a program that backs up your computer in the "clouds." For a list of these see http://en.wikipedia.org/wiki/List_of_backup_software.

In any case, if you are working on something that would result in your considering hara kiri should it be lost, save continually while you are working on this project, back-up locally every day, and be sure that a copy is in a different geographical location.

Email DOs

Don't believe everything you read in an email. A current scheme involves an email message that looks as if it came from a friend, that is, the return address is the one you know. The email tells you that the sender is in a distant location, and has been robbed. Usually this location is foreign and the message will tell you that the sender has lost his or her passport and credit cards and can't get home unless you send money, usually to a Western Union office. What has happened is that the sender's email address has been hijacked and this message sent to everyone in the sender's contact list. The best course of action here is to call the individual on the phone and tell them what happened. The best prevention towards being the "sender" or person whose email address is hijacked is to make your password difficult enough so that a hacker will decide that it is not worth the effort to crack it.

As further protection, if you have any messages in your inbox that you wish to safe, copy them and put them into a regularly backed up folder. And, keep a copy of your contacts in a safe place and back them up regularly.

Phone Apps

There are many apps available from many sources. If you wish to stay malware free only download apps from the official app sites for the type of phone you have.

Go to the top of the page

Actions to Avoid

Spam

NEVER respond to or buy anything, even if you think you need it, from an unsolicited email, or SPAM. SPAM offers are 99% fraudulent. If you are interested in the product do a search on the Web and buy from another source.

To prevent SPAM, be careful of where you put your email address. Only give an organization your email address if you have read their privacy policy and agree with them and trust them. For others, open a free account with Yahoo, Hotmail, Google or any other service. Then use this address whenever you are asked for an email address for any form you fill out on the Web.

If you order anything online using the free email address (and it is smart to). Right after ordering, go to that mail site, read the order confirmation, and forward it to you other address for record keeping. One other caveat - go to that site approximately once a week and delete all the junk mail that will accumulate there.

All About Spam, Spim (spam in instant messaging) and Spit (spam in voice over telephone protocol [VOIP]). Good information for getting around some problems.
http://www.webopedia.com/DidYouKnow/Internet/2006/spam_spit_spim.asp

Getting Rid of Spam. From Webopedia's "Did You Know?" series, this is an excellent article worth reading if you are interested in cutting down on the spam you receive.
http://www.webopedia.com/DidYouKnow/Internet/2002/GettingRidofSpam.asp

 

Attachments

Malware can enter your computer by either accessing the Web, or email attachments. The best defence against malware delivered via email attachments is to NEVER open an email attachment that arrives out of the blue, i.e. you don't have any reason to expect it. Even if it is from someone you know. If you really want to see what is in the attachment and can't contact the sender, save the attachment to a folder and have your anti-virus checker scan the file before you open it. This writer has found multiple worms in files with the extension ".pss" (Power Point Shows) currently making the email rounds.

 

Responding to a Call Purportedly from a Vendor

Another effort to harm your computer can start with a call supposedly from a vendor such as Microsoft. The caller will tell you that they have been getting mega error reports from your machine and they would like to help you fix this issue. Then the individual on the other end of the phone requests you to go to your computer and he/she will assist you to clean up a lot of dangerous viruses that are on your machine. From there follows instructions of exactly what to do.

Another version, has someone calling to warn all private computer owners that Windows had contracted a virus and it was being downloaded with the updates and to follow the instructions she or he will give you.

The rule is that unless you initiate the call, NEVER listen to a caller's instructions. Hang up and if you are worried make a call to the official number for the vendor, NOT the one that they may give you.

Go to the top of the page

Email and Social Engineering

Another type of problem in email uses "social engineering," or relying on people's good nature to comply with the request. A common one, is a message from a friend telling you that they are stranded someplace and need money. What has happened is that the friend's email address has been hijacked and these emails sent to everyone on his or her contact list. To assure that you do not become the person whose email address is hijacked, it is imperative to make the password to your email account too difficult to make it worth the effort of a scam minded individual to break into.

Email messages from unknown individuals should also be avoided. Clues to problems are misspellings.

Social Engineering Fundamentals, Part I: Hacker Tactics (2010 by Sarah Granger). Must reading!!! The cause of most security breaches. The basic goals of social engineering are the same as hacking in general: to gain unauthorized access to systems or information in order to commit fraud, network intrusion, industrial espionage, identity theft, or simply to disrupt the system or network.
http://www.symantec.com/connect/articles/social-engineering-fundamentals-part-i-hacker-tactics

Phishing

Phishing is a takeoff on "Fishing." In this scheme, an email is sent to you purportedly from a bank, or other financial agency. You are told to go to an URL that appears to be the real Web site, but there you are asked for personal information such as account numbers or passwords. Keep in mind that one should NEVER respond to this type of email. Legitimate groups do not ask for this information via an email. For more information see Phishing in Chapter Five. Page 69 in the text tells you how to determine if the address on which your mouse rests is the real address, or a phony.

See information about "spear phishing" in Chapter 20.

Go to the top of the page

Chain Letters

The quickness with which information can spread on the Internet encourages some to take advantage of this. Unsubstantiated rumors can easily be spread by the Internet. Thus, take with a grain of salt anything that stretches your credibility, especially those messages with no source that one can check. Also be wary of those that give a source - every time I check such a source I find that it is phony. Unfortunately, there are many damaging rumors circulating on the Internet - from both sides of the political spectrum. If you can't verify the information in a message, don't pass it on - at best it is supposition based on something taken out of context, at worst, a downright untruth.

Chain letters are one of the most prevalent of this type of Internet abuse. Incidentally, if you are accessing the Internet through an agency account it is advisable that you refrain from passing on ANY chain letter. Many institutions have policies against chain letters. Penalties range from a warning to losing your account to losing your job.

Chain letters often appear very legitimate and appeal to a desire to do some good. One that makes the rounds routinely asks for a get well card to be sent to a given person who wants to be in the Guinness Book of Records, or it may ask for an email message to be sent to an individual for the same reason. After performing the given deed, you are asked to pass the letter on. You may be promised good health if you pass the letter on, or that something bad will happen if you break the chain.

Or, a chain letter may warn of something such as the Klingerman Virus. Any report of a virus that you receive by email is 99% likely to be hoax. Before passing on a warning, check it out at the Snopes site . Besides telling you if a rumor is false, this site also verifies those that are true. Do not trust a message that says that it has been checked at SNOPES. Every time I see one of these and check it, the message is untrue!

A realistic appraisal of some chain letters should identify them immediately as a hoax. If you are asked to send money, or offered a freebie beware. Check with Snopes before you make a decision as to how to react.

If you are tempted to pass on the letter, think ahead to the possible consequences. Sending thousands of get well cards or electronic messages to one individual is going to create a big problem to the recipient. Also, chain letters are used by some to get a list of current email addresses.

Let the rule "Check out anything before you pass it on and be very skeptical" guide you in how you handle chain letters or other Internet received warnings.

Go to the top of the page

Report Scams

The Internet Crime Complaint Center (IC3) is a partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C). IC3's mission is to serve as a vehicle to receive, develop, and refer criminal complaints regarding the rapidly expanding arena of cyber crime. The IC3 gives the victims of cyber crime a convenient and easy-to-use reporting mechanism that alerts authorities of suspected criminal or civil violations"

Generally they will not investigate crimes of less than $5000. However, they keep a database and when enough of the same scam are found, even if individual amounts are small, the FBI will investigate.

Go to the top of the page

Created October 25, 2011

home Glossary index glossary index