Internet attacks: Reducing the risks

Sadly the war against computer infections is not showing any sign of an end – if anything attacks are increasing in both volume and complexity. Malicious software, more commonly termed Malware, comes in many guises and is no longer simply a ‘virus’ which most people term the infection on their computers. Trojans, worms, bots and various other names describe more accurately how the infection gets into the computer and what it then does once it has made itself comfortable. The latest ‘breed’ of infections tends to be a mix of several elements to maximise their effectiveness to spread, do damage to systems, and elude detection & removal.

Most people who use computers for work and pleasure don’t care what they are called, how they work and just want rid of them. The two big questions I get asked ask are ‘Why do they do it?’ and ‘How do we stop them infecting my computer?’

The answer to the first question is money. In the past it could be said that it was down to kids competing to hack into a company for ‘bragging rights’ or to find free stuff (checkout Hollywood films ‘Hackers’ and ‘War Games’). Now it is generally criminal enterprises and, if the media is to be believed, state sponsored.

The second question is more difficult to answer. In the past an anti-virus program with a monthly update was enough but now full-blown internet security suites with, in some cases, hourly updates are recommended. Certainly I recommend you ensure you have an internet security suite, preferably a paid-for rather than free edition, and it should include anti-virus, firewall, anti-spyware and hopefully features to block spam and phishing attacks.

Some of the newer techniques do reduce your risks of getting your computer infected and do minimise the number of ‘pop-up’ screens asking for your advice about what to do about a file attempting to access the internet which has a cryptic name and no further information to help you decide. But that’s the problem it’s asking for your help and if the kids are driving the computer then they just click yes to anything because they know it reduces the risk of things getting blocked that they are trying to download, install or run.

So, what else can you do?

  1. Make sure your internet security suite features are running and up-to-date.
    (some products now give a traffic light style status with green as good)
  2. Make sure your operating system, is up-to-date, the auto-update system is running and is updating without errors.
  3. Apply updates to any programs you have installed such as MS Office, Adobe Acrobat Reader, Adobe Flash Player and Java.
    (Many people ignore the messages indicating there are java updates or adobe updates. If they come from an icon in the bottom right of your taskbar (MS windows) then they can generally be trusted. If you receive an email suggestion there are updates and to click a link then steer clear. Applying updates to Java and Adobe products is particularly important at the moment as many attacks are now exploiting ‘vulnerabilities’ or security weaknesses in these products to launch an attack on your system.)
  4. Don’t open emails from unknown senders. If you have to then try to determine if any links look safe –they could be phishing attacks. Hovering over a link in the email that promises to take you to your bank login site will typically display the real ‘URL’ for that link which will have no association with your banks normal website. The other thing to remember is that most banks never send you a link that will ask you to click it to update your details. If they suggest you have to check your details then go directly to the normal login site with your browser instead.
  5. Use caution when using social websites like Facebook and MySpace. Numerous attacks are now exploiting these sites to publish false links on your friend’s wall, page, etc. It may claim to be from a friend with the promise of a funny photo or video clip when you click it. Suspect it if your security software starts alarming you, suspect it if it takes longer than expected before anything happens and immediately run a security scan if it claims to need to download a new program or codec to be able to display or play the file.

If you are an Apple Mac or Linux user then sadly the time when you could say you weren’t a PC so they couldn’t infect you is coming to an end. The security firms are increasing the chatter related to attacks that can affect these systems too.

SmartPhone users – watch out for the ‘dodgy dialers’ that plagued computer users in the bad old days of dial-up internet. Some SmartPhone operating systems have been hacked allowing the attacker to make the phone dial premium rate numbers. 

The important thing is not to panic though. Make sure you have done all you can but if your system does get infected then take action to have it cleaned as soon as possible and quarantine any emailing, memory sticks, external hard drives, etc. until you have the green light.