Russ Harvey Consulting - Computer and Internet Services

Security Strategies

Security Software | Avoiding Pitfalls | Prepare For Recovery | Use Email Wisely

Strategies to prevent infection from viruses, spyware and other on-line threats

Security Needs Have Changed

At one time virus threats were simpler and the software necessary to detect and eliminate them was too.

Today's Computers Face Greater Threats

Today's computers face much more dangerous threats coming from multiple sources at the same time.

Some security software is better than others at finding and quarantining infections, but no single product can detect everything that's out there, especially when it changes by the minute — not by the day, by the minute!Windows Secrets

Multifaceted Attacks

More recently, these attacks have become multifaceted (blended threats) requiring more than one form of security software. A blended threat can expose you even on websites you'd think were safe because many bring together information from many external sources — all potential avenues of vulnerability.

All it takes for a website to become vulnerable is for the owners to use a weak password or older software such as an outdated WordPress installation or a plugin that is compromised.

Government & Corporate Spying

Governments are collecting more about you and your Internet activities, supposedly to protect us all from terrorism. I'd describe this extreme collection of personal data as creepy rather than protective.

Some of these appear to be designed as instruments of Cyber warfare designed by nations and corporations — the only ones with the resources needed to develop these sophisticated programs.

For example, FinSpy (PDF–415 KB) was developed to monitor Mobile and Security-Aware Targets that regularly change location, use encrypted and anonymous communication channels and reside in foreign countries.

Zero-day Exploits

Zero-day exploits are those that take advantage of weaknesses in software that have either not been patched by the vendor. Often the vendor is unaware of the vulnerability, but hackers and government agencies like the NSA have stockpilled these to attack the computers and phones of their victims.

These vulnerabilities can be exploited immediately. There is also a strong black market for zero-day exploits and not only for hackers.

Many companies have abused the intent of the U.S. DMCA to prevent researchers and pro-privacy organzations from seeking out these vulnerabilities with the misguided belief that everyone is safer because no one knows about them. More likely they don't want to spend the resources patching zero day exploits.

Frequent updates of Adobe Flash and other software are an attempt to patch these exploits.

Spying or Keeping Us All Safe?

Police and agencies like the CIA and NSA use these to spy on citizens and other countries. There has been a call for zero day explots to be identified so weaknesses can be patched.

In 2014, it took software companies an average of 59 days to create and roll out patches for zero-days—up from only four days in 2013. — Symantec

The pressure on the American tech companies to work with these agencies is very strong and may account for some of the long-term vulnerabilities in software and hardware. It is the same thinking that demands back doors to encryption software.

Fake Security Warnings

Watch for fake security warnings.

These are sudden warnings about dozens or hundreds of infected files. The alert is designed to upset you and get you to either install something dangerous or to pay for software that won't help you.

Many Infected Files Unlikely

That many infected files is unlikely unless you have been running without current security protection for some time.

Instead of panicking, run a full security scan using a product from valid antivirus vendors.

Know Your Security Software

Knowing how your security software actually warns you of threats is critical if you want to avoid these nasty infections. You DON'T want to provide them with your credit card any more than you would a street-corner hoodlum.

Phishing Attempts

Never follow links in an email to sites requiring login information — especially those threatening to close your account and requesting your user name and password. Instead, type the correct address directly into your browser to visit the real site. Report the message to your financial institution and delete the message and attachments unopened. More….

Prevent the Spread of Infections

There are several things you can do to prevent the spread of viruses, spyware and other infections to your computer:

  • Purchase and use current security software.
  • Rein in your curiosity.
  • Avoid contamination from foreign flash drives and other external sources
  • Turn off or remove unneeded Windows services.
  • Use email wisely — particularly when forwarding information.
  • Be aware of weaknesses within your software.
  • Prepare for recovery.
  • Stop using obsolete/unsupported software including older versions of Windows.

Look for more detailed information in the following sections.

Return to top

Avoiding Security Pitfalls

One of the significant issues with security is the aspect of social engineering. Too often it is the computer operator that makes a bad decision that can lead to a security breach.

Avoid Contamination From External Sources

Always run a security scan on re-writable media (USB drives, CDRW, floppy disks etc.) that have been used on someone else's machine.

  • Run a full scan on the drive to ensure it is free of problems that may have been inherited from the other computer(s).
  • People usually trust a “free” CD that comes in the mail. DON'T.

Physical Security

Anyone with physical access to your computer can be a risk.

  • Do not allow unauthorized access to your computer. This includes well-meaning friends or relatives who may be more knowledgeable than you about computers, but may add software that increases your vulnerability.
  • Have clearly defined rules about computer usage for your children. Limited-access accounts are recommended (Windows installs accounts with administrator privileges unless you specify a limited account).
  • Be sure to have your computer serviced by a trusted technician or service. You may wish to remove or password-protect sensitive material first.

“Virtual” Security

Because most computers today are continually connected to the Internet, you need to be careful to protect your data and the security of your computer.

  • Use a software firewall like ZoneAlarm which, when configured properly, will stop Internet access to malicious programs — provided you don't automatically give permission for every program requesting such access.
  • A hardware firewall (router) will not stop outbound activity.
  • Use strong passwords that include a variety of characters (mixed-case letters and number and character, where permitted) rather than recognizable words.
  • Passwords should be varied and changed regularly. If you can easily say your password, you're probablyh vulnerable.

Download Safely

When downloading software, take precautions to avoid infecting your computer.

  • Download files into a standard directory (the Downloads folder is recommended) then scan the folder for viruses and malware before you use them.
  • Some sites want you to install their “downloader” software. Don't. This obscures what is being downloaded and can add unwanted or exploitive software to your system.
  • Many programs download to the desktop so that uneducated folks know where to find the files. Configure these downloads to go to the Downloads folder.
  • I strongly recommend that you never install file-sharing programs such as “LimeWire.” These programs open your computer to downloads from unknown sources — often pirated or otherwise tampered with.
  • Do not use pirated software. Use only legitimate software from trusted sources.

Ensure you are downloading what you think you are.

  • Watch for misleading “download” buttons that are designed to make money for the site rather than simply provide you with the software you asked for.
  • Check a file for digital signatures. Right-click the file and select Properties. The Digital Signatures tab should provide the identity. Also check the Details tab for information. If neither of these provide information about what the file is and who created it, how will you know what it is 6 months from now?
  • If the program's name doesn't clearly indicate what it is for, place it into a folder that describes it adequately so you know what it is. You might not want to install such software.

Turn Off and Remove Unneeded Services

Many services installed are not necessary for the average user but provides additional vulnerable points for infection, especially from blended threats.

  • Most users do not need server capability or telnet.
  • If uninstalled, you do not need to maintain the patches for vulnerabilities for these services.
  • Removal may also help your computer run faster since these services require memory (RAM) while running.

One example is bluetooth, a wireless communication protocol. While useful in connecting devices it can also be used to attack your system.

Turn Off AutoRun

AutoRun is a convenient method of automatically launching programs when a CD or USB drive, etc. is inserted. However, this can be used by malicious programs to infect your computer.

Be Aware of Weaknesses Within Your Software

Weaknesses exist in operating systems (Windows, Macintosh and Linux) as well in the software that runs on them (browsers, email clients, word processors, etc.).

Update Windows and other software to close known security vulnerabilities that can be patched.

  • Do not install patches emailed to you. These are almost certainly harmful.
  • Don't run obsolete versions of Windows, including Windows XP or Vista. Update Windows when support expires or move to a currently supported version of free alternatives like Linux.
  • Don't run obsolete versions of your programs. Purchase newer versions when support expires or move to quality free alternatives.

It is unfortunate that Microsoft chose to use malware tactics to move people to Windows 10. They also provided unhelpful descriptions of available updates so people would install the telemetry updates that many Windows 7 and 8 users were trying to avoid by not accepting the free update to Windows 10. As a result, many folks stopped updating Windows altogether.

Other Software

All software should be patched where updates are available. However, office, plugins and Internet programs are the most vulnerable.

Run only currently supported software. Once support expires you should seek out a currently supported and suitable alternative then uninstall the vulnerable (unsupported) program(s) once you've transferred any personal settings or data.

  • You should be running the latest version of your web browser available to your operating system (usually free). You'll need to update Internet Explorer even if you're using another browser (recommended for security reasons).
  • Similarly, watch for vulnerabilities in email clients.
  • Office software needs to be current as well. If your office software is no longer updated, LibreOffice provides most of the features of Microsoft Office and it is free.
  • Many plugins such as Java as well as PDF viewers like Adobe Reader add special vulnerabilities because they are universally installed across multiple operating systems.

I strongly recommend uninstalling software you haven't used in a while. This avoids issues with security flaws and potential problems with software that is providing you with no benefits. In most cases you can reinstall the current version if you need it in the future.

Windows More Vulnerable

Windows is more vulnerable to infections because it is poorly designed from a security perspective.

  • It is widely distributed and the sophistication of the average user is not very high (Microsoft made Windows to be "easy" not secure).
  • Why bother writing a virus for a rarely-used operating system where the knowledge level of the average user is more sophisticated?
That said, Mac computers have become more popular (just have a look in any coffeeshop) and so has its status as a target for viruses and malware. Mac users need to install security software.

Windows Update

Windows Update is Microsoft's method of updating Windows and other Microsoft software.

  • Critical Updates make your computer less vulnerable to viruses and other attacks.
  • Ensure that Windows Updates is set to automatic.
  • It is a good idea to check manually for updates from time-to-time as this will allow you to view additional non-critical updates and ensure that automatic updates are being installed correctly.
  • Always install service packs. If you have issues with installing Vista Service Packs on Vista Basic computers with low resources do what you can to increase the resources (usually by investing the needed RAM upgrades).

Don't Run Obsolete Software

Running older Windows versions makes you more vulnerable. Microsoft has ceased sales of all versions of Windows prior to Windows 10.

  • Windows 7 is more secure and will often run on more recent Windows XP or Vista machines. It is the last version of Windows where content is fully contained on your own computer.
  • Windows 8.1 takes advantage of modern hardware security (UEFI) but also requires logging in using your Microsoft ID (an online connection) in order to take full advantage of its features. This makes it more vulnerable.
  • Windows 10 can run on more hardware than ever before, but is different than any Windows previously. Microsoft claims it is the safest Windows ever, but it is Software as a Service and there are privacy concerns. Even searches for local content are sent to Bing.

If you're running a version of Windows older than those listed above you should immediately move to replace them with a newer version or current version of an alternative operating system like Linux or Mac.

Return to top

Prepare For Recovery

  • Maintain regular backups of your computer, especially critical data. It is better to be over-prepared than regret your laxness later. This is the only recovery option for ransomware other than paying the ransom (and hoping they honour their end of the deal).
  • Keep current copies of key system files and critical documents on a flash drive or other removable media.
  • Follow a regular backup strategy.
  • Store copies of critical files off-site. A fire or other disaster could destroy your backups as well as your computer.
  • Backups stored online (in the cloud) could be vulnerabile to ransomware attacks.

Return to top

Use Email Wisely

Do Not Forward Everything

Today it is too easy to forward information to everyone at the touch of a button.

Take a moment and decide if you'd forward the item if you had to retype it or photocopy it, then pay to snail-mail it to all the folks you're about to send it to. In most cases this isn't true.

If you've had to change your email address because of the amount of junk you're receiving, you're probably guilty of forwarding it to everyone else.

Use an "Opt-In" Approach When Forwarding Mail

Be kind and don't assume that everyone wants to get the cute jokes and other material that floods your mailbox.

  • Many people have significant amounts of legitimate email to deal with and such messages are usually unwelcome.
  • Ask people before placing them on your list. This is known as opt-in (as opposed to the opt-out that spammers favour).

Do Not Report “Infected” Messages to the "Sender"

Please don't waste Internet bandwidth telling a person that they have sent an infected message.

  • Virtually all infected messages (as well as spam) have forged headers (false address information).
  • The "sender" listed in the message is almost certainly not the one that transmitted the message.
  • Both statements can be verified using the information found in the message's full headers

Don't Click on Weird Links

If you receive a message with no text in the body except a weird-looking link, the sender's account has been hijacked. Don't click on the link.

  • These usually come from webmail accounts rather than computer-based email clients.
  • In most cases their account has been compromised because they used a weak password.
  • A phone call may be a better option (with a suggestion that they view the resources on this site).

Beware of Unexpected Attachments

If you receive a message with an unexpected attachment, don't open the attachment.

Use BCC:

Use BCC: (blind carbon copy) when sending messages to groups rather than revealing a list of related addresses to everyone the message goes to.

  • Many email programs harvest all the incoming addresses into their email address book.
  • Many virus worms automatically spread by sending infected emails to everyone through the address book listings (without warning the infected computer's owner).
  • You have no control of the message once it is sent. Forwarding a quoted message with all the original addresses intact is an invitation to spam and is a disservice to your friends.

Return to top

Avoid Social Engineering

Rein in Your Curiosity

Social engineering can be used to increase our vulnerability to spreading viruses. The human element of curiosity is a significant risk factor — one that no security program is going to protect you from.

One example, the ILoveYou virus, exploited the human desire to be loved to get people to open an infected message.

  • Know your security software and how it responds. Fake “security” software depends upon your ignorance.
  • Hoaxes are just one form of deception that takes advantage of this trait.
  • Choose from known brand-name security vendors and only download from trusted sites.
  • Do not respond to pop-up warnings about infections on websites you visit. Most are scams that will likely infect your computer and leave with a false sense of security.

Social Media

Avoid embarrassment (or worse, a security breach). Be careful about how much information you provide. Facebook is NOT your friend.

  • Many outgoing links on Facebook are obfuscated (disguised) so you don't know what you're opening.
  • Facebook links are often designed to capture your morbid curiosity that lead to unsafe locations.
  • This is great for advertisers but a disaster from a security point of view.

Checking Out New Software?

Before downloading and installing new software or responding to an unexpected warning, search for information on the Web. Your search results for a particular piece of software or warning should give you more information than you need to make an informed decision.

  • Problematic software generally shows up in such a search. (How to make an effective search.)
  • Avoid the first few offered search results as these are generally “sponsored” results (ads) and are generally not in your best interest.
  • Search results should give you more than you need to make an informed decision.
  • In the case of risky software, you DON'T want to be the first kid on your block to try it.

Free or “Found” Media

External media is another form of social engineering. Everybody likes free stuff. But that “free” item may end up costing your or your employer a great deal.

  • Placing a DVD or thumb drive that arrived in the mail may be all it takes for your system to be compromised.
  • Scattering a few infected thumb drives in an employee parking lot is one method of gaining access to a secure location.

All it takes is for one person to place the media into their computer and the whole network can be infected.

Return to top

Related Resources

Related resources on this site:

or check the resources index.

Return to top


If these pages helped you,
buy me a coffee!


www.RussHarvey.bc.ca/resources/strategies.html
Updated: August 1, 2017