Avoid Security Pitfalls | Prepare For Recovery | Use Email Wisely
Security Needs Have Changed
At one time virus threats were simpler and so was the software necessary to detect and eliminate them.
Greater Threats Today
Today's computers face much more dangerous threats coming from multiple sources at the same time.
Some security software is better than others at finding and quarantining infections, but no single product can detect everything that's out there, especially when it changes by the minute — not by the day, by the minute! — Windows Secrets
The "detect and prevent" approach has reached its potential, and attackers have learned how to bypass this defense method. What's more appalling is that studies have shown that 68 percent of breaches take months or longer to detect.
Zero Trust policies are quickly being adopted across the cybersecurity industry. They're based on a simple idea: don't trust any piece of traffic, regardless of whether it originates inside or outside of your organization.
— Menlo Security
More recently, these attacks have become multifaceted (blended) threats requiring more than one form of security software.
A blended threat can expose you on websites because often these sites bring together information from many external sources — all potential avenues of vulnerability.
All it takes for a website to become vulnerable is for the owners to use a weak password or older software (an outdated WordPress installation or a plugin that is compromised).
Government & Corporate Spying
Governments are collecting more about you and your Internet activities — supposedly to protect us all from terrorism. I'd describe this extreme collection of personal data as creepy rather than protective.
Corporations are engaged in massive collections of meta-data and creating profiles to encourage advertisers and sell to others.
Some of these appear to be designed as instruments of Cyber warfare designed by nations and corporations — the only ones with the resources needed to develop sophisticated programs like FinFisher or FinSpy.
FinSpy is a field-proven Remote Monitoring Solution that enables Governments to face the current challenges of monitoring Mobile and Security-Aware Targets that regularly change location, use encrypted and anonymous communication channels and reside in foreign countries.
Zero-day exploits are those that take advantage of weaknesses in software that have not been patched by the vendor.
A zero-day (also known as 0-day) vulnerability is a computer-software vulnerability that is unknown to those who should be interested in mitigating the vulnerability (including the vendor of the target software).
Until the vulnerability is mitigated, hackers can exploit it to adversely affect computer programs, data, additional computers or a network.
In the Wild
Once the zero-day begins to be exploited by criminals and state governments it is considered to be “in the wild” and updates are critical to protect consumers.
Often the vendor is unaware of the vulnerability until it shows up in the wild.
A Strong Black Market for Zero-days
There is a strong black market for zero-day exploits.
Hackers were much faster to exploit software bugs in 2021, with the average time to exploitation down from 42 days in 2020 to just 12 days.
These flaws affected firewalls, virtual private networks (VPNs), Microsoft's email server, desktop operating system and cloud, a code sharing platform, remote IT management products, and more.
Hackers and government agencies have stockpiled these for tools to attack the computers and phones of their victims. Now they are the bread-and-butter of the ransomware-as-a-service model.
Why Aren't They Fixed?
Many companies have abused the intent of the U.S. DMCA to prevent researchers and pro-privacy organizations from seeking out these vulnerabilities and having them patched.
These companies don't want the bad publicity of revealed zero-day exploits.
If a company has a history of not fixing vulnerabilities, it would be wise to look for another product. Unfortunately, that is not possible with proprietary hardware.
Obsolete? Upgrade or Uninstall
Frequent updates of software are an attempt to patch known exploits.
Criminals know about and exploit many zero-day vulnerabilities.
They also test older systems for vulnerabilities that have been patched in newer software but NOT in unsupported versions.
Upgrade or uninstall any software that becomes unsupported.
Spy Agencies Demand Access
Police and agencies like the CIA and NSA use zero-day exploits to spy on their citizens and other countries. They don't want these exploits to be identified so weaknesses can be patched.
American tech companies are pressured to work with these secretive government agencies which may account for some of the long-term vulnerabilities in software and hardware.
These same agencies continue to demand back doors to encryption software.
Both demands ignore the fact that such weaknesses threaten everyone and can be used by foreign governments and criminals.
Fake Security Warnings
Watch for fake security warnings about hundreds of infected files.
These are designed to panic you into either installing something dangerous or to allow malicious remote access to your computer.
These warnings are scams.
Ignore Displayed Phone Numbers
NEVER call any number displayed on the warning or provide your credit card information.
Scan Your Computer
Instead, run a full security scan using a product from valid antivirus vendors.
Seek Local Help
If you're unsure, contact a reputable local service company.
In Greater Victoria
Hire Russ Harvey Consulting
Any distance service is going to want remote access to your computer, just like the scammers.
Know Your Security Software
The best defense is to keep your protection current and to know how your security software displays its warnings.
Never follow links or provide login information to sites linked in an email — especially those threatening to close your account and requesting your user name and password. This is called phishing.
- Locate the contact information or website from an invoice or other document provided by that company.
- Place that webite address directly into your browser to visit the real site.
- Report the phishing attempt to the company or financial institution.
Delete the message and its unopened attachments.
If you receive an unrequested phone call and they ask you to provide personal information, don't.
Remember, they called you. Caller ID can be faked, so it is their identity that is unconfirmed.
Ask who is calling, then say you'll call them back. When you do, use a phone number obtained from a recent invoice or statement from that company.
Don't be surprised if they don't know what you're talking about. These are attempts at identity theft and are designed to defraud you.
Prevent the Spread of Infections
There are several things you can do to prevent the spread of viruses, spyware and other infections to your computer:
- Purchase and use current security software.
- Rein in your curiosity.
- Avoid contamination from flash drives and other external sources (especially found media).
- Turn off or remove unneeded Windows services.
- Use email wisely — particularly when forwarding information.
- Be aware of weaknesses within your software.
- Prepare for recovery.
- Stop using obsolete/unsupported software including older versions of Windows and email software.
- Essential tips to avoid getting hacked from Tom's Guide has 34 recommendations.
Look for more detailed information in the following sections.
Avoid Security Pitfalls
One of the significant issues with security is the aspect of social engineering. Too often it is the computer operator that makes a bad decision that can lead to a security breach.
Avoid Contamination From External Sources
Always run a security scan on re-writable media (USB drives, CDRW, floppy disks etc.) that have been used on someone else's machine.
- Run a full scan on the drive to ensure it is free of problems that may have been inherited from the other computer(s).
- DON'T trust unknown media unless you can verify its source and purpose.
Anyone with physical access to your computer can threaten its security.
Do not allow unauthorized access to your computer. This includes well-meaning friends or relatives.
They may be more knowledgeable than you about computers, but may add software that increases your vulnerability.
Set Rules for Children
Have clearly defined rules about computer usage for your children.
Limited-access accounts are recommended (Windows installs accounts with administrator privileges unless you specify a limited account).
Be sure to have your computer serviced by a trusted technician or service. You may wish to remove or password-protect sensitive material first.
Because most computers today are continually connected to the Internet, you need to be careful to protect your data and the security of your computer.
Secure Your Computer
Your router will not stop outbound activity. It is designed to prevent incoming threats.
You need to protect outgoing threats with a software firewall.
ZoneAlarm, when configured properly, will stop Internet access to malicious programs — provided you don't automatically give permission for every program requesting such access.
Protect Your Accounts
You need to protect all your accounts with passwords, but if you don't do it properly, you'll likely be hacked.
- Use a different password for every site or account.
- Passwords should be long and strong.
- Passwords should be changed regularly.
- Enable multifactor authentication where possible.
You're not going to be able to manage this yourself.
Use a password manager (but not your browser's built-in password utility) to remember passwords. LastPass is recommended.
When downloading software, take precautions to avoid infecting your computer.
- Watch for misleading “download” buttons that are designed to make money for the site rather than clearly indicating the correct download link.
- Do not use pirated software, only legitimate software from a trusted source.
- Watch for extra unwanted software before downloading as well as when installing software.
Store Files So You Can Identify Them
The desktop is a poor location for storing files. Use a Downloads folder for storing your downloads.
- Scan files for viruses and malware before you open them.
- Move PDF invoices, statements and similar documents to your Documents folder, preferably to sub-folders named for their source so that you can identify them later.
- You may need to rename some files so you can recognize them later.
- Store related files in a folder to keep them together.
Turn Off and Remove Unneeded Services
Many services installed are not necessary for the average user but provides additional vulnerable points for infection, especially from blended threats.
- Most users do not need server capability or telnet.
- If uninstalled, you do not need to maintain the patches for vulnerabilities for these services.
- Removal may also help your computer run faster since these services utilize system memory (RAM).
One example is Bluetooth, a wireless communication protocol. While useful in connecting devices it can also be used to attack your system.
Turn Off AutoRun
AutoRun is a convenient method of automatically launching programs when a CD or USB drive, etc. is inserted. However, this can be used by malicious programs to infect your computer.
AutoRun has been replaced with AutoPlay in Windows 10 and 11.
Click Start ⇒ Settings ⇒ Devices ⇒ AutoPlay.
Be Aware of Weaknesses Within Your Software
Weaknesses exist in ALL operating systems (Windows, Macintosh and Linux) as well as the software that runs on them (browsers, word processors, etc.).
Update Windows and other software to patch known security vulnerabilities.
- Do not install patches emailed to you. These are almost certainly harmful.
- Don't run unsupported versions of Windows.
- Update Windows when support expires; or
- move to a currently supported version of free alternatives like Linux.
- Don't run obsolete versions of your programs:
- purchase newer versions when support expires; or
- move to quality free alternatives.
It is unfortunate that Microsoft chose to use “malware tactics” to move people to Windows 10. As a result, many folks stopped updating Windows altogether.
All software should be patched where updates are available. Microsoft Office, browser plugins and Internet programs are the most vulnerable.
Run only currently supported software. Once support expires you should seek out a suitable alternative then uninstall the vulnerable (unsupported) program(s) after you've transferred any personal settings or data.
- You should be running the latest version of your web browser available to your operating system (usually free). Don't use Internet Explorer.
- Similarly, watch for vulnerabilities in email clients.
- Office software needs to be current as well. If your office software is no longer updated, LibreOffice provides most of the features of Microsoft Office and it is free.
- Many plugins such as Java as well as PDF viewers like Adobe Reader add special vulnerabilities because they are universally installed across multiple operating systems.
Don't Use It? Uninstall It.
I strongly recommend uninstalling software you haven't used in a while.
This avoids issues with security flaws and potential problems with software that is no longer useful to you. In most cases you can reinstall the current version if you need it in the future.
Windows More Vulnerable
Windows is more vulnerable to infections because it is poorly designed from a security perspective.
- It is widely distributed and Microsoft made Windows to be "easy" rather than secure.
- Why bother writing a virus for a rarely-used operating system?
That said, Mac computers have become more popular (just have a look in any coffee shop). Macs are now a target so they need security software installed.
Windows Update is Microsoft's method of updating Windows and other Microsoft software.
- Critical Updates make your computer less vulnerable to viruses and other attacks.
- Ensure that Windows Updates is set to automatic.
- It is a good idea to check manually for Windows Updates from time-to-time as this will allow you to view additional non-critical updates and ensure that automatic updates are being installed correctly.
- Always install service packs.
- You need to be running a major Windows 10 spring or fall update no older than one year old to remain supported.
Should You Install It?
Too often “optional” software is packaged with another program's installer or via pop-up ads.
Krebs's 3 basic rules for online safety:
- If you didn't go looking for it, don't install it.
- If you installed, update it.
- If you no longer need it, get rid of it!
Windows 10 comes pre-installed with Office (subscription required) and a bunch of other software including games. If you're not using them, uninstall them where possible (some have the “uninstall” option greyed out).
Don't Run Obsolete Software
Even though you're familiar with obsolete products, you need to uninstall them and replace them with currently-supported software.
Replacing old software can be pricey, but there's a serious risk of data loss if your system isn't kept up-to-date.
Don't Run Obsolete Windows
Running older Windows versions makes you more vulnerable. Microsoft has ceased sales of all versions of Windows prior to Windows 10.
Windows 10 can run on more hardware than ever before, but is different than any previous Windows version.
Microsoft claims it is the safest Windows ever, but it is Software as a Service and there are privacy concerns (e.g., searches for local content are sent to Bing).
If you're running an unsupported version of Windows, you should immediately move to replace it with Windows 10 or a current version of an alternative operating system like Linux.
Prepare For Recovery
It is better to be over-prepared than regret your laxness later.
- Maintain regular backups of your computer, especially critical data.
- Follow a regular backup strategy.
- Keep current copies of key system files and critical documents on a flash drive or other removable media.
- Create and maintain a recovery drive, re-creating it after every major update.
- Store copies of critical files off-site in case of fire or other disaster.
- Backups stored in the cloud could be vulnerable to ransomware attacks.
Backups are the only recovery option for ransomware. Paying the ransom only encourages repeat attacks.
Use Email Wisely
Do Not Forward Everything
Today it is too easy to forward information to everyone at the touch of a button.
Take a moment and decide if you'd forward the item if you had to retype it or photocopy it, then pay to snail-mail it to all the folks you're about to send it to. In most cases this isn't true.
If you've had to change your email address because of the amount of junk you're receiving, you're probably guilty of oversharing or have a “friend” that is.
Use an "Opt-In" Approach When Forwarding Mail
Be kind. Don't assume that everyone wants their mailbox flooded with cute jokes.
Many people have significant amounts of legitimate email to deal with and such messages are usually NOT welcome.
Ask people before placing them on your list. This is known as opt-in as opposed to the opt-out (what spammers favour).
Do Not Report “Infected” Messages to the "Sender"
Please don't waste Internet bandwidth telling a person that they have sent an infected message.
- Virtually all infected messages (as well as spam) have forged headers (false address information).
- The "sender" listed in the message is almost certainly not the one that transmitted the message.
- View the message's full headers for tracing information.
Don't Click on Weird Links
If you receive a message with no text in the body except a weird-looking link, the sender's account has been hijacked. Don't click on the link.
- These usually come from webmail accounts rather than computer-based email clients.
- In most cases their account has been compromised because they used a weak password.
- A phone call may be a better option (with a suggestion that they view the resources on this site).
Beware of Unexpected Attachments
If you receive a message with an unexpected attachment, don't open the attachment.
- An email with a notice to see the attached invoice was the method used to propagate the Locky ransomware.
- MS Office documents can use macros to infect your computer.
- Even images can be used to infect computers (particularly on older systems).
Use BCC: (blind carbon copy) when sending messages to groups rather than revealing a list of related addresses to everyone the message goes to.
- Many email programs harvest all the incoming addresses into their email address book.
- Many virus worms automatically spread by sending infected emails to everyone listed in the address book (the computer's owner is usually unaware).
- You lose control of the message once it is sent. Forwarding a quoted message with all the original addresses intact is an invitation to spam and is a disservice to your friends.