Specialized Computing Blog

Online computer security is critical right from the moment you switch on your brand new computer. Here are 7 Simple Steps to Online Computer Security (Information Security online).

1. Install anti-virus and anti-spyware software.

Install Anti-virus and Anti-spyware software on your computer before you start surfing the first time. The difference between a computer virus and spyware is that – a virus is a malicious piece of computer code that can be implanted on any computer and it can result in destruction of the file systems of your computer and can be transferred from one computer to another and spread like the biological virus. A spyware is a program that collects information about you without your knowledge or consent. A spyware does not spread like a virus.

2. Keep your computer firewall ON all the time

Most anti-virus soft wares come with a firewall. If the operating system that you are using is Microsoft Windows XP Service Pack 2 (SP2) or Macintosh OS X, then it has an in-built firewall. Usually, the firewall is off when the computer is shipped to you, so make you read instructions on how to turn on the firewall. A firewall prevents direct communication between your computer and another computer (a hacker’s computer).

3. Turn on the automatic software updates feature

Turn on the automatic updates feature of your anti-virus, anti-spyware, OS, and firewall on and stay current. This is a good online computer security measure. It is important that you have the most current protection. Hackers search on the internet for computers that are either unprotected or don’t have the latest protection features. Hackers can hack into your computer and install software on your computer. This will enable them to steal login details of your online bank accounts, other membership sites like Ebay, Paypal etc. and also send Spam emails that appear to originate from your computer. Sending Spam emails that appear to originate from your email address can result in your account being revoked!

4. Store your computer information safely

Storing your computer information safely can help the technician who is fixing/ restoring your computer. For example, on Windows, Click Start and then choose Run. This will bring up small window wherein you need to type ‘msinfo32’ without the quotes. This will bring up a system window. On this widow, choose the file menu and then Export. Export your system information on to a CD. Similarly, for other operating systems, search on Google.com for information on storing the system information on a CD.

5. Backup important files

It is important to back up important files. Determine what you would do to restore your computer if it has been attacked. Pretend that your computer file system has been corrupted and then what steps would you take to restore. You will realize that having a backup can make things easy for you.

6. Use strong password authentication

When you signup for an online membership like online bank, , Paypal, Ebay etc., do not use weak passwords that can make it easy for people who know you or have your some information about, easy to hack. Using your significant other’s name, child’s name, pet’s name etc. are weak. Use something stronger like first letters of the address of the house where you were born concatenated to your birth year or something along those lines. It is best if the password is NOT some meaningful word!

7. Protect your personal information

If you are asked to give out personal information like phone number, address, SSN, identification numbers etc. on the internet, use more caution. Find out exactly why and how they will be used. If there is a link in your email that asks you to login by clicking on the link, then don’t! Usually genuine emails don’t ask you to login directly by clicking a link in the email. If you want to login to your membership accounts, always open a new browser and then type the URL of the website (to login to Paypal account, type paypal.com on the new browser instead of clicking on the link from an email that is asking you to login.).

If you are giving out credit card information, then the page that accepts credit card information must have secure encryption. The URL usually begins with https instead of the regular http. If you right click and select properties, the Connection section should read something like 128 bit encryption (High) and also must have 1024 bit exchange.

Following these 7 steps to online computer security can protect you and your computer from online attacks. Be sure to visit computer security groups in Yahoo (groups.yahoo.com) and Google (groups.google.com) for some free online computer security information.

Increasingly sophisticated software, faster networks and online communication have brought many technological advances and benefits. However, with it have come increased security risks including many previously unknown ones as the bad guys harness this very same technology to further their evil ends.

Some of the more common threats and ways of overcoming them are:

Viruses – These are malicious software codes that cause undesirable effects on your computer. A virus is designed to spread itself without the knowledge of the computer user. A computer may become infected through downloads from the internet using CD’s or disks with infected programs or from other computers on the network. Another extremely common way viruses spread is through infected email attachments. Given the many modes of transmission viruses are clearly a threat online as well as offline. The old adage “Prevention is better than the cure” is particularly true in the case of computer viruses. You can save yourself a whole heap of trouble and countless hours of misery by avoiding infection in the first place rather than trying to repair the effects of viral infection. Some simple rules can help you achieve this:

1. Install a reliable and reputable anti virus software and run regular scans. Preferably have the scan run on boot up.

2. New computer viruses are created everyday. Ensure that your anti-virus software is kept up to date with the latest virus definitions.

3. Do not download software from questionable or unknown sources. Always scan software using your anti-virus software before executing or installing on your computer.

4. Do not open email attachments from unknown senders. It is best to use an anti-virus software that automatically scans your email and can warn you if any threats are detected.

Worms – These are a type of virus which replicates itself and takes control of computer resources. The main distinction between a worm and other viruses is that a worm does not necessarily have to live within a host program and can run itself.

Trojans – these are malicious programs that masquerade as something useful thereby enticing the computer user to execute them and unleash their nasty payload.

Spyware – these are programs usually installed secretly along with other software whose purpose is to capture information about the computer user, the computer installation and other sensitive information about computer usage. This information may then be transmitted to a third party either by email or through the software “calling home” to transmit information to a remote website. Depending on the nature of information collected and transmitted this could pose a serious security risk.

Adware – propagated in a manner similar to spyware, these programs serve to pop up advertisements on the user’s internet browser or desktop. These programs too may capture information about the user’s browsing or purchasing habits so that advertisements may be tailored to suit.

Keyloggers – These are programs that record keystrokes entered through the keyboard and then secretly transmit this information to a third party. Naturally this can expose passwords, credit card details and other important information.

Control of worms, trojans, keyloggers, spyware and adware is achieved using similar strategies to those adopted for viruses, namely using appropriate anti-virus software including spyware and adware scanners and avoiding executing programs obtained from unknown sources.

Hackers accessing and taking control of a computer is another serious risk especially today with the widespread use of “always on” broadband internet. Hackers may exploit vulnerabilities in legitimate software or use trojans or viruses they have implanted to gain control of a computer which they can then use for sending unsolicited commercial emails (spam) or for other illegal activities. The idea here is to shield the perpetrator from detection as the illegal activity appears to originate from the computer they have taken control of.

In order to minimize risk of hacking attacks it is important to ensure that software used including the operating system is kept up to date by installing all vendor supplied updates and upgrades especially critical and security related updates. An effective firewall is another vital defence against unauthorized access by third parties. A firewall could be installed on the modem used to connect to the internet or as a software program that runs on the computer. The firewall serves to control who and what programs are allowed to accept or make connections with the internet. A firewall can also be useful in detecting and controlling programs like keyloggers which attempt to call home.

Phishing is another security phenomenon that has seen an alarming increase in recent years. Criminals are employing increasingly convincing and sophisticated means of sending emails which appear to originate from legitimate websites. However, links in these emails actually lead to websites controlled by them where they can capture valuable personal information such as logins and passwords. This is commonly used to cheat unsuspecting users by tricking them into revealing online bank login details etc. The golden rule in dealing with phishing attempts is to treat all emails which request personal information with at least skepticism if not suspicion. Never click a link in an email and enter login information or other personal information as the ultimate destination of that link may be cleverly concealed. When logging into online banking sites for instance always type the address in the browsers address bar. It is also important to pay attention to security features on webpages where sensitive information is input. A webpage address that starts with https: and shows a padlock symbol is secure. This means that any information transmitted from that website is encrypted and is therefore not at risk if intercepted.

There are offline risks to your computer as well. For instance it is important to select strong passwords which cannot easily be guessed. Ideally they should be at least 8 characters long and not consist of a regular word or name and comprise a combination of numeric and non-numeric characters. The strongest password would serve no purpose however, if a hacker is able to get you to disclose it to him. It is important to always be on the look out for social engineering attempts which aim to get you to unknowingly or knowingly reveal sensitive information such as passwords.

Needless to say physical security of your computer is also vital. The best antivirus software and firewall will not protect a laptop left in full view in an unlocked car! Maintenance and adequate care of hardware should not be neglected either. Regular backups stored in a location away from your principal computer and uninterruptable power supplies are good ideas to protect the integrity of your hardware and data stored thereon.

Perhaps the only way that comes close to completely eliminating every possible risk to your computer is to never turn it on and store it in a locked vault! However, even that may not work one hundred percent of the time. Nevertheless, it is possible to minimize your risk to an acceptable level by following common sense and adopting some of the simple rules discussed above.

These simple tips will help you stay virus and spyware free, even if you’re connected to the internet 24 hours a day.

1. Protect yourself

Good protection on the Internet these days consists of 3 components: anti-virus software, anti-spyware software and a firewall.

Good virus protection doesn’t need to cost you a fortune. You can get excellent free anti-virus software at www.grisoft.com. Even the professional version of their software is very affordable.

For spyware protection, go to www.lavasoft.de and download Ad-Aware SE Personal, also free. This will zap the most common spyware and adware found on the Internet.

As for a firewall, Windows XP ships with a decent enough firewall. Just make sure it is always enabled. Alternatively you can visit a site like www.download.com and search for Zone Alarm, which has an excellent free version.

The most important thing to keep in mind is that you need to keep your anti-virus software up to date. An anti-virus program that uses definitions that are months old is just about useless.

Update your anti-virus and anti-spyware software at least once a week.

2. Stop opening every attachment you receive.

Most of the devastating worms and viruses of recent times were distributed via email. These viruses feed on the curiosity and also the ignorance of a huge number of email users. People will get an email from fakename@weirdsuspiciousdomain and they’ll just open whatever file is attached to it.

If you don’t know the sender, don’t open the attachment – just delete it. It doesn’t matter if the subject promises you’ll see Britney Spears dancing nude on the kitchen table, just delete it.

If the email is from someone you know, always scan any attachments first before downloading or opening them.

If every email user in the world followed these simple guidelines the distribution of viruses via email will grind to a halt.

3. Stay clear of pornographic and illegal software sites

If you want to pick up viruses and spyware quickly, visit some pornographic web sites. One wrong click on a subtle little pop-up or security warning window (which you’ll run into often on these type of sites) and you’ll have infested yourself with trojan horses, spyware, dialers and other unfavorable software that could leave your computer wide open to further attacks.

The same goes for web sites distributing software, serial codes and cracks illegally (warez).

Simply put – keep out of the dark side of the web and the odds of keeping your computer clean shifts decidedly in your favor.

4. Watch out what you download

Spyware is embedded in a lot of software on the Internet – especially those related to ripping, converting and playing music and videos. That free MP3 player or DVD Ripper you just downloaded may have installed a bunch of harmful spyware without you even knowing about it.

5. Keep yourself informed

Major anti-virus software developers like Symantec and Grisoft updates their sites regularly with the latest virus alerts. Visit these sites frequently to keep yourself aware of what threats are doing the rounds and how to avoid them.

Using these simple and software I have kept my computer virus-free for the past 3 years. It’s not rocket science. Just stay alert, use some common sense and you too can stay bug free while still enjoying your Internet experience.

Somewhere out there in cyberspace are malicious vandals hard at work dreaming up new computer viruses. Eugene Kaspersky, (of Kaspersky Lab Virus Research), in a November 23, 2005 article posted in Security News, said, “The number of new viruses and Trojans is now increasing every day by a few hundred. (Our) virus lab receives between 200 and 300 new samples a day.” That is Not a misprint. He said 200-300 per DAY!

The worst ones we hear about. The large majority are quiet and anonymous like termites, often doing much damage before they are detected. Like human viruses, their effects run the spectrum from mostly benign to potentially fatal to their unwilling and unwitting hosts. Also as in human viruses, there are two different approaches to dealing with them: Prevention and Cure.

Preventing virus infection begins with guarding the portals of contact. Do not open suspicious e-mails or attachments without scanning them first. Most anti-virus programs have a right-click option to scan a selected file for viruses, which makes scanning easy. Similarly, when you download software, eBooks or whatever, always save to a file, then scan the file before opening. If you bring in data or software by floppy disk, CD or other portable media, the same rule applies; scan it first!

A good firewall can help somewhat in keeping viruses at bay, but there are too many ways to hide them in regular data or software transfers for a firewall to catch them all. A firewall (like chicken soup for human flu) can help, but don’t rely on that alone.

As Benjamin Franklin said, “An ounce of prevention is worth a pound of cure.” However, sooner or later, some viruses are going to get through your defenses somehow, and you will need to turn to cures.

If you should get hit by a really bad virus, you could lose most of your files before you know that there is a problem! The first step to enable cures is to prepare well in advance, positioning and backing up your files for easy recovery. Set up your computer with a small hard drive (4-10giga) for your C: drive and a much larger hard drive for all your data. Use your C: drive for programs only. Keep copies of your software purchase receipts, registration and activation codes and setup info in a file on your data drive. You can always download them again, if you can give the seller your purchase info to show that you already bought.

Almost all virus infections will be in the program section of the C: drive, so scan it daily. This won’t take much time since you have arranged for it to be relatively small. Then scan your (larger)data drive once or twice a month.

You should still back up your data files frequently. If you cannot backup everything, at least backup the crucial information that would be difficult or impossible to replace. CD and DVD burners are a good way to do this backup, as are removable hard drives.

Finally, you will need good anti-virus programs to go after the viruses and either quarantine or (preferably) destroy them. There are many anti-virus solutions being touted and hyped out there. Some are good, most are not. Here is how to find the good ones:

1. Look for programs that offer both active and passive protection. Active protection means that part of the program remains memory-resident, actively watching for potential incoming viruses. When they detect a virus they can sound an alarm and give you a series of options for dealing with it. Passive or on-demand protection will let you ask for a scan of specified areas when you want it, but it waits for you to ask.

2. Select your anti-virus software based on the recommendations of independent testing agencies. Checkmark (by westcoastlabs.org), AV-test.org and PC World magazine are among the most respected independent testers of anti-virus software. For ratings of anti-trojan software, check with Anti-trojan – Forum. Use more than one anti-virus and anti-trojan program. Very few detect all problems, but what one program misses, another may find and defeat.

3. Keep your anti-virus programs up to date. There is a running gun battle going on between virus writer-disseminators and virus catch-and-destroy experts. New viruses are found; new anti-virus program patches to find and destroy them are usually ready within hours or days. Until your software is updated, you are still vulnerable to the new viruses.

In addition to using anti-virus software on your personal computer, consider using an Internet Service Provider or e-mail service that includes server-side anti-virus and spam e-mail filtering as a third layer of protection.

In summary, be careful, get good software, run it often and update it frequently… and stay alert to new developments! This struggle between new viruses and better anti-virus software is ongoing, and developing rapidly.