Malware Protection is not paranoia
The Cyber-thugs are not slowing down. If you own a computer you know about malware, viruses, worms, Trojans, spyware, and adware. These words are now common vernacular, and most of us would agree–that is a shame. “Social engineering” used to be a term used in the social sciences; now that word is more commonly used among computer professionals. The definition is evolving with usage and now “social engineering” more often means the art of manipulating people into divulging confidential information or performing actions that allow malicious people access (typically that access is to their computers, network, or financial and private information).
Our language is changing and so is the face of organized crime. Twenty years ago malware was created by pocked-faced kids as pranks. We would click on a link and a caterpillar would eat our screen. That was the first wave. During the second wave individuals found ways to monetize malware and started to steal identities. This third wave now includes organized criminals who have seen the opportunities created by e-trade and e-commerce and have become so prolific the internet has gone from 5,000 malicious codes a day to 95,000 unique malicious codes introduced into the network every day. They are gunning for us and they are gunning hard.
We spend over $4 billion dollars each year fighting malicious software. As with any virus, we create the “cures” and the “virus strains” get stronger. These viruses are also in different classes and affect our systems in varied ways. Some viruses will create just minor annoyances, like popup ads in our browser, while others can steal confidential information, destroy data, or even bring our whole network down.
One such malicious code that uses both a Trojan and social engineering is a new variant of malware that circumvents mobile SMS security procedures and goes right after your wallet. The SpyEye financial Trojan steals banking codes by tricking users into changing the phone number connected with their accounts. Click Here for more information. Other codes, like the DroidDream Trojan went after the Droid phones specifically and was masked as an app to download. Once downloaded it could steal information on the phone. Now our phones are being targeted as well as our computers!
How do we protect ourselves from all the malware out there? The following are just a few tips to help avoid malware and protect yourself from those who want to do you harm:
• Windows updates – make sure you are updating your OS at least a couple times a month. This is the first line of defense and needs to be done on your phone as well as your computer.
• Anti-Virus Software – there are many out there so choose carefully. We highly recommend avast! because they are “Best in Class” when it comes to the most recent definitions, ease of use, and the tightest security.
• Firewalls – A firewall is hardware or software that acts like a gate to protect your network from malware and hackers. Most routers have firewalls built in but need to be configured. Don’t assume this is automatically set up; ask your administrator (or your 14 yr old kid if this is at home).
• Suspicious offers – Don’t open any text, SMS, or offer that comes to your phone. Know the source or delete.
• Alternate Browser – Browsers such as Firefox or Safari are less susceptible to the evils on the internet as IE.
• Active X – If you are using Internet Explorer tighten the security settings.
To do this, Open IE and Click Tools > Internet Options > Security > Internet (Globe Icon) > Click Default Level and APPLY.
NEXT, Click the Custom Level Button and adjust the settings as follows (some settings will already be properly set):
* SET Download signed ActiveX controls to Prompt
* SET Download unsigned ActiveX controls to Disable
* SET Initialize and script ActiveX controls not marked as safe to Disable
* SET Installation of desktop items to Prompt
* SET Launching programs and files in an IFRAME to Prompt
* SET Navigate sub-frames across different domains to Prompt
After changing these settings as noted, please Click OK. If you are prompted to save the settings, click YES.
Finally, click APPLY and OK to finalize these settings.
There are many other advanced tips but this is a good start. Above all, be paranoid. If it seems suspicious, be suspicious.