Russ Harvey Consulting - Computer and Internet Services

Security Strategies

Preventing Infections

Avoid Security Pitfalls | Prepare For Recovery | Use Email Wisely

“Banking” in red 3D rendering with a corded mouse in front.

Security Needs Have Changed

At one time virus threats were simpler and so was the software necessary to detect and eliminate them.

Greater Threats Today

Today's computers face much more dangerous threats coming from multiple sources at the same time.

Some security software is better than others at finding and quarantining infections, but no single product can detect everything that's out there, especially when it changes by the minute — not by the day, by the minute!Windows Secrets
The "detect and prevent" approach has reached its potential, and attackers have learned how to bypass this defense method. What's more appalling is that studies have shown that 68 percent of breaches take months or longer to detect.

 

Zero Trust policies are quickly being adopted across the cybersecurity industry. They're based on a simple idea: don't trust any piece of traffic, regardless of whether it originates inside or outside of your organization.
Menlo Security

Multifaceted Attacks

More recently, these attacks have become multifaceted (blended) threats requiring more than one form of security software.

A blended threat can expose you on websites because often these sites bring together information from many external sources — all potential avenues of vulnerability.

All it takes for a website to become vulnerable is for the owners to use a weak password or older software (an outdated WordPress installation or a plugin that is compromised).

Government & Corporate Spying

Governments are collecting more about you and your Internet activities — supposedly to protect us all from terrorism. I'd describe this extreme collection of personal data as creepy rather than protective.

Corporations are engaged in massive collections of meta-data and creating profiles to encourage advertisers and sell to others.

Some of these appear to be designed as instruments of Cyber warfare designed by nations and corporations — the only ones with the resources needed to develop sophisticated programs like FinFisher or FinSpy.

FinSpy is a field-proven Remote Monitoring Solution that enables Governments to face the current challenges of monitoring Mobile and Security-Aware Targets that regularly change location, use encrypted and anonymous communication channels and reside in foreign countries.
WikiLeaks

Zero-day Exploits

Zero-day exploits are those that take advantage of weaknesses in software that have not been patched by the vendor.

A zero-day (also known as 0-day) vulnerability is a computer-software vulnerability that is unknown to those who should be interested in mitigating the vulnerability (including the vendor of the target software).

 

Until the vulnerability is mitigated, hackers can exploit it to adversely affect computer programs, data, additional computers or a network.
Wikipedia

In the Wild

Once the zero-day begins to be exploited by criminals and state governments it is considered to be “in the wild” and updates are critical to protect consumers.

Often the vendor is unaware of the vulnerability until it shows up in the wild.

A Strong Black Market for Zero-days

There is a strong black market for zero-day exploits.

Hackers were much faster to exploit software bugs in 2021, with the average time to exploitation down from 42 days in 2020 to just 12 days.

 

These flaws affected firewalls, virtual private networks (VPNs), Microsoft's email server, desktop operating system and cloud, a code sharing platform, remote IT management products, and more.
ZDNet

Hackers and government agencies have stockpiled these for tools to attack the computers and phones of their victims. Now they are the bread-and-butter of the ransomware-as-a-service model.

Why Aren't They Fixed?

Many companies have abused the intent of the U.S. DMCA to prevent researchers and pro-privacy organizations from seeking out these vulnerabilities and having them patched.

These companies don't want the bad publicity of revealed zero-day exploits.

If a company has a history of not fixing vulnerabilities, it would be wise to look for another product. Unfortunately, that is not possible with proprietary hardware.

Obsolete? Upgrade or Uninstall

Frequent updates of software are an attempt to patch known exploits.

Criminals know about and exploit many zero-day vulnerabilities.

They also test older systems for vulnerabilities that have been patched in newer software but NOT in unsupported versions.

Upgrade or uninstall any software that becomes unsupported.

Spy Agencies Demand Access

Police and agencies like the CIA and NSA use zero-day exploits to spy on their citizens and other countries. They don't want these exploits to be identified so weaknesses can be patched.

American tech companies are pressured to work with these secretive government agencies which may account for some of the long-term vulnerabilities in software and hardware.

These same agencies continue to demand back doors to encryption software.

Both demands ignore the fact that such weaknesses threaten everyone and can be used by foreign governments and criminals.

Fake Security Warnings

Watch for fake security warnings about hundreds of infected files.

These are designed to panic you into either installing something dangerous or to allow malicious remote access to your computer.

These warnings are scams.

Ignore Displayed Phone Numbers

NEVER call any number displayed on the warning or provide your credit card information.

Scan Your Computer

Instead, run a full security scan using a product from valid antivirus vendors.

Seek Local Help

If you're unsure, contact a reputable local service company.

In Greater Victoria
Hire Russ Harvey Consulting

Any distance service is going to want remote access to your computer, just like the scammers.

Know Your Security Software

The best defense is to keep your protection current and to know how your security software displays its warnings.

Phishing Attempts

Never follow links or provide login information to sites linked in an email — especially those threatening to close your account and requesting your user name and password. This is called phishing.

  1. Locate the contact information or website from an invoice or other document provided by that company.
  2. Place that webite address directly into your browser to visit the real site.
  3. Report the phishing attempt to the company or financial institution.

Delete the message and its unopened attachments.

Phone Fraud

If you receive an unrequested phone call and they ask you to provide personal information, don't.

Remember, they called you. Caller ID can be faked, so it is their identity that is unconfirmed.

Ask who is calling, then say you'll call them back. When you do, use a phone number obtained from a recent invoice or statement from that company.

Don't be surprised if they don't know what you're talking about. These are attempts at identity theft and are designed to defraud you.

Prevent the Spread of Infections

There are several things you can do to prevent the spread of viruses, spyware and other infections to your computer:

Look for more detailed information in the following sections.

Return to top

Avoid Security Pitfalls

One of the significant issues with security is the aspect of social engineering. Too often it is the computer operator that makes a bad decision that can lead to a security breach.

Avoid Contamination From External Sources

Always run a security scan on re-writable media (USB drives, CDRW, floppy disks etc.) that have been used on someone else's machine.

  • Run a full scan on the drive to ensure it is free of problems that may have been inherited from the other computer(s).
  • DON'T trust unknown media unless you can verify its source and purpose.

Physical Security

Anyone with physical access to your computer can threaten its security.

Do not allow unauthorized access to your computer. This includes well-meaning friends or relatives.

They may be more knowledgeable than you about computers, but may add software that increases your vulnerability.

Set Rules for Children

Have clearly defined rules about computer usage for your children.

Limited-access accounts are recommended (Windows installs accounts with administrator privileges unless you specify a limited account).

Servicing Computers

Be sure to have your computer serviced by a trusted technician or service. You may wish to remove or password-protect sensitive material first.

“Virtual” Security

Because most computers today are continually connected to the Internet, you need to be careful to protect your data and the security of your computer.

Secure Your Computer

Your router will not stop outbound activity. It is designed to prevent incoming threats.

You need to protect outgoing threats with a software firewall.

ZoneAlarm, when configured properly, will stop Internet access to malicious programs — provided you don't automatically give permission for every program requesting such access.

Protect Your Accounts

You need to protect all your accounts with passwords, but if you don't do it properly, you'll likely be hacked.

You're not going to be able to manage this yourself.

Use a password manager (but not your browser's built-in password utility) to remember passwords. LastPass is recommended.

Download Safely

When downloading software, take precautions to avoid infecting your computer.

  • Watch for misleading “download” buttons that are designed to make money for the site rather than clearly indicating the correct download link.
  • Do not use pirated software, only legitimate software from a trusted source.
  • Watch for extra unwanted software before downloading as well as when installing software.

Store Files So You Can Identify Them

The desktop is a poor location for storing files. Use a Downloads folder for storing your downloads.

  • Scan files for viruses and malware before you open them.
  • Move PDF invoices, statements and similar documents to your Documents folder, preferably to sub-folders named for their source so that you can identify them later.
  • You may need to rename some files so you can recognize them later.
  • Store related files in a folder to keep them together.

Turn Off and Remove Unneeded Services

Many services installed are not necessary for the average user but provides additional vulnerable points for infection, especially from blended threats.

  • Most users do not need server capability or telnet.
  • If uninstalled, you do not need to maintain the patches for vulnerabilities for these services.
  • Removal may also help your computer run faster since these services utilize system memory (RAM).

One example is Bluetooth, a wireless communication protocol. While useful in connecting devices it can also be used to attack your system.

Turn Off AutoRun

AutoRun is a convenient method of automatically launching programs when a CD or USB drive, etc. is inserted. However, this can be used by malicious programs to infect your computer.

AutoRun has been replaced with AutoPlay in Windows 10 and 11.

Click StartSettingsDevicesAutoPlay.

Be Aware of Weaknesses Within Your Software

Weaknesses exist in ALL operating systems (Windows, Macintosh and Linux) as well as the software that runs on them (browsers, word processors, etc.).

Update Windows and other software to patch known security vulnerabilities.

  • Do not install patches emailed to you. These are almost certainly harmful.
  • Don't run unsupported versions of Windows.
    • Update Windows when support expires; or
    • move to a currently supported version of free alternatives like Linux.
  • Don't run obsolete versions of your programs:
    • purchase newer versions when support expires; or
    • move to quality free alternatives.

It is unfortunate that Microsoft chose to use “malware tactics” to move people to Windows 10. As a result, many folks stopped updating Windows altogether.

Other Software

All software should be patched where updates are available. Microsoft Office, browser plugins and Internet programs are the most vulnerable.

Run only currently supported software. Once support expires you should seek out a suitable alternative then uninstall the vulnerable (unsupported) program(s) after you've transferred any personal settings or data.

  • You should be running the latest version of your web browser available to your operating system (usually free). Don't use Internet Explorer.
  • Similarly, watch for vulnerabilities in email clients.
  • Office software needs to be current as well. If your office software is no longer updated, LibreOffice provides most of the features of Microsoft Office and it is free.
  • Many plugins such as Java as well as PDF viewers like Adobe Reader add special vulnerabilities because they are universally installed across multiple operating systems.

Don't Use It? Uninstall It.

I strongly recommend uninstalling software you haven't used in a while.

This avoids issues with security flaws and potential problems with software that is no longer useful to you. In most cases you can reinstall the current version if you need it in the future.

Windows More Vulnerable

Windows is more vulnerable to infections because it is poorly designed from a security perspective.

  • It is widely distributed and Microsoft made Windows to be "easy" rather than secure.
  • Why bother writing a virus for a rarely-used operating system?

That said, Mac computers have become more popular (just have a look in any coffee shop). Macs are now a target so they need security software installed.

Windows Update

Windows Update is Microsoft's method of updating Windows and other Microsoft software.

  • Critical Updates make your computer less vulnerable to viruses and other attacks.
  • Ensure that Windows Updates is set to automatic.
  • It is a good idea to check manually for Windows Updates from time-to-time as this will allow you to view additional non-critical updates and ensure that automatic updates are being installed correctly.
  • Always install service packs.
  • You need to be running a major Windows 10 spring or fall update no older than one year old to remain supported.

Should You Install It?

Too often “optional” software is packaged with another program's installer or via pop-up ads.

Krebs's 3 basic rules for online safety:
  1. If you didn't go looking for it, don't install it.
  2. If you installed, update it.
  3. If you no longer need it, get rid of it!

Windows 10 comes pre-installed with Office (subscription required) and a bunch of other software including games. If you're not using them, uninstall them where possible (some have the “uninstall” option greyed out).

Don't Run Obsolete Software

Even though you're familiar with obsolete products, you need to uninstall them and replace them with currently-supported software.

Replacing old software can be pricey, but there's a serious risk of data loss if your system isn't kept up-to-date.
Acronis

Don't Run Obsolete Windows

Running older Windows versions makes you more vulnerable. Microsoft has ceased sales of all versions of Windows prior to Windows 10.

Windows 10 can run on more hardware than ever before, but is different than any previous Windows version.

Microsoft claims it is the safest Windows ever, but it is Software as a Service and there are privacy concerns (e.g., searches for local content are sent to Bing).

If you're running an unsupported version of Windows, you should immediately move to replace it with Windows 10 or a current version of an alternative operating system like Linux.

Return to top

Prepare For Recovery

It is better to be over-prepared than regret your laxness later.

  • Maintain regular backups of your computer, especially critical data.
  • Follow a regular backup strategy.
  • Keep current copies of key system files and critical documents on a flash drive or other removable media.
  • Create and maintain a recovery drive, re-creating it after every major update.
  • Store copies of critical files off-site in case of fire or other disaster.
  • Backups stored in the cloud could be vulnerable to ransomware attacks.

Backups are the only recovery option for ransomware. Paying the ransom only encourages repeat attacks.

Return to top

Use Email Wisely

Do Not Forward Everything

Today it is too easy to forward information to everyone at the touch of a button.

Take a moment and decide if you'd forward the item if you had to retype it or photocopy it, then pay to snail-mail it to all the folks you're about to send it to. In most cases this isn't true.

If you've had to change your email address because of the amount of junk you're receiving, you're probably guilty of oversharing or have a “friend” that is.

Use an "Opt-In" Approach When Forwarding Mail

Be kind. Don't assume that everyone wants their mailbox flooded with cute jokes.

Many people have significant amounts of legitimate email to deal with and such messages are usually NOT welcome.

Ask people before placing them on your list. This is known as opt-in as opposed to the opt-out (what spammers favour).

Do Not Report “Infected” Messages to the "Sender"

Please don't waste Internet bandwidth telling a person that they have sent an infected message.

  • Virtually all infected messages (as well as spam) have forged headers (false address information).
  • The "sender" listed in the message is almost certainly not the one that transmitted the message.
  • View the message's full headers for tracing information.

Don't Click on Weird Links

If you receive a message with no text in the body except a weird-looking link, the sender's account has been hijacked. Don't click on the link.

  • These usually come from webmail accounts rather than computer-based email clients.
  • In most cases their account has been compromised because they used a weak password.
  • A phone call may be a better option (with a suggestion that they view the resources on this site).

Beware of Unexpected Attachments

If you receive a message with an unexpected attachment, don't open the attachment.

  • An email with a notice to see the attached invoice was the method used to propagate the Locky ransomware.
  • MS Office documents can use macros to infect your computer.
  • Even images can be used to infect computers (particularly on older systems).

Use BCC:

Use BCC: (blind carbon copy) when sending messages to groups rather than revealing a list of related addresses to everyone the message goes to.

  • Many email programs harvest all the incoming addresses into their email address book.
  • Many virus worms automatically spread by sending infected emails to everyone listed in the address book (the computer's owner is usually unaware).
  • You lose control of the message once it is sent. Forwarding a quoted message with all the original addresses intact is an invitation to spam and is a disservice to your friends.

 

Avoid Social Engineering

Social engineering is often used to increase our vulnerability to threats.

A recent Nuix survey of 70 hackers at DEFCON 2016 found that 84 percent of respondents use social engineering as part of their attack strategy, and 50 percent change their attack methodologies with every target.
eSecurity Planet

Rein in Your Curiosity

The human element of curiosity is a significant risk factor that no security program can protect you from.

Don't Fall for Hoaxes

The ILoveYou virus, exploited the human desire to be loved to encourage people to open an infected message.

Hoaxes take advantage of this trait.

Watch for Deceptive Practices

Some websites use deceptive design patterns like pre-checked boxes that subscribe you to their newsletter or add extras like download insurance to your shopping cart.

Deceptive design patterns are tricks used by websites and apps to get you to do things you might not otherwise do, like buy things, sign up for services or switch your settings.
Mozilla

In many cases these practices are illegal but even if they aren't, you might want to leave that site and look elsewhere.

Know Your Security Software

Choose from known brand-name security vendors and only download from trusted sites.

Recognize Fake Warnings

Get to know your security software and how it responds to security threats.

Misinterpreting an “infection” can allow the hacker to gain total access in less than three minutes.

With just a few keystrokes, it's possible for a hacker to remove all antivirus software, create a backdoor, and capture webcam images and passwords, among other highly sensitive personal data.
Hacking Windows 10

You need to learn what a legitimate warning looks like.

Be Wary of Pop-up Warnings

Do not respond to pop-up security warnings except those generated by your security software.

  • Most such “warnings” are scams that seek to infect your computer.
  • Pop-up warnings containing phone numbers are always scams.

Phone calls from a “technical support” person are scams. Just hang up.

If you download and install the referenced software, you will be left with a false sense of security.

Verify Legitimacy of Emails

Don't assume emails are safe or that the sender's identity is what is stated in the email. Addresses can be forged or stolen.

Verify Information

If you're unsure about the legitimacy of an email (including unexpected attachments), call the sender before opening attachments or clicking on any links.

Never rely on the contact information in an email or dialogue box displaying a warning. Look it up in a recent invoice or statement you received from that company.

Microsoft will never list a phone number in a warning dialogue box.

Don't Be Hasty to Click

Take the time to determine if the message is legitimate, even if it appears to come from someone you know.

  • It is easy to copy images and use them to commit identity theft.
  • No legitimate company will ask for your password.
  • Links can be faked in an email or on a website.

Be wary of phone calls or emails that ask for personal information or insist you to go to a website to fix a problem.

These are scams, no matter who the sender claims to be.

Social Media

Avoid embarrassment (or worse, a security breach). Be careful about how much information you provide. Facebook is NOT your friend.

  • Many outgoing links on Facebook are obfuscated (disguised) so you don't know what you're opening.
  • Facebook links are often designed to capture your morbid curiosity and can lead to unsafe locations.
  • This is beneficial to advertisers but is a security and privacy disaster.
I only use Facebook to keep in touch with family and friends.

If that was true of the majority of Facebook users, elections could not be tampered with and fake news would die in its tracks.

Take Care In What You Share

If you wouldn't share it with everyone everywhere, don't share it online!

  • Only share what you'd like others to share about you.
  • Once posted, information is public forever. In an instant you could ruin someone's reputation — even yours.

Checking Out New Software?

Before downloading and installing new software or responding to an unexpected warning, search for relevant information.

Your search results for a particular piece of software or warning should give you more information than you need to make an informed decision.

  • Reports of problematic software generally show up in such a search.
  • Avoid the “sponsored” results (usually listed first). These are ads.
  • Search results should give you more than you need to make an informed decision.
  • You'll want to verify your search results for accuracy.
  • In the case of risky software, you DON'T want to be the first kid on your block to try it.

Free or “Found” Media

“Free” external media is another form of social engineering.

Everybody likes free stuff. But that freebie may end up costing your or your employer a great deal.

  • A DVD or thumb drive that arrived in the mail may be all it takes for your system to be compromised.
  • Scattering a few infected thumb drives in an employee parking lot is one method of gaining access to a secure location.

It only takes one person to place that compromised media into their computer to compromise the whole network. If you're that person, what do you think your chances of retain your job will be?

Related Resources

Related resources on this site:

or check the resources index.

Buy Me A Coffee

 

Return to top
RussHarvey.bc.ca/resources/strategies.html
Updated: December 2, 2022

Copyright © 1996– | Privacy | Navigation | RHC Design