 |
|
 |
| Saturday, February 04, 2012
|
| Register Login |
 |
|
|
|
|
Users currently online
|
 |
|
|
|
 |
Membership: |
 |
Latest:
kevin |
 |
New Today:
0 |
 |
New Yesterday:
0 |
 |
Overall:
56 |
 |
People Online: |
 |
Visitors:
7 |
 |
Members:
0 |
 |
Total:
7 |
Online Now:
|
|
|
|
|
|
|
|
|
|
Welcome to the Viruswarning forums. All your original content has been ported to the new forums as well as new content and additional opportunities to interact with the authors of Viruswarn.com. You can always access old content at www.leedrake.com/forum . You may find some formatting was lost in the conversion and the older versions of the posts to be more readable....
But at least it's all here.
Enjoy!
|
|
|
|
|
|
Viruswarn Forums
|
|
|
|
|
| You are not authorized to post a reply.
|
|
| Author |
Messages |
|
Lee Drake
Posts:238
 |
| 12/30/2004 11:10 AM |
|
| Each year we take a breather at the end of the year to sum up the security situation for the last year, update our "best practices" recommendations, and try to peer into the future for next year. Before we start all that though, I'd like to thank you all for being Viruswarning members, and for the many words of thanks and praise that you've sent everyone here at Aztek, P6C and Periwinkle. Since this is an all volunteer effort your notes are the best reward possible!
<advertising warning>
Remember to refer your PC related security, programming and infrastructure business to Aztek Computer Solutions (www.azcomputer.net), P6C Consulting (www.p6c.com) or Periwinkle Communications (www.toto.com).
</advertising warning>
So how was 2004 from a security point of view? I'd call 2004 the "year of the spybot" or maybe "the year of the phish". Viruses and worms are slowly fading from view as important threat sources (though certainly not disappearing), while spybot trojans and "phishing" schemes have achieved center stage as the greatest threats.
Spybot programs take advantage of either user inexperience or browser deficiencies to install actual running programs on your machine. They were originally used for pop-up software but as time has gone on their use has become more sinister, including installing keyboard logging software to capture credit card numbers and logins, spy software to help crooks download critical files, smtp forwarding programs so spammers can use your machine to forward junk mail, and other, frequently criminal, activities. In many, many cases these programs are actually permitted onto a users machine. At Aztek we've seen a steep increase in the number of machines that are so thoroughly infected with spybots that they just can't function under the weight of all those programs running. We predict that in 2005 we'll see an increase in the attention to and removal of spybot programs by the major software vendors including Norton, McAfee, and CA. In the meantime we recommend use of BOTH of the following products: adaware (www.lavasoft.com) and Spybot search and destroy (www.safer-networking.org). Both are donation-ware programs and the combination of the two of them will remove many many spybot and cookies from your system. Spybot S&D will also "immunize" your system against a number of browser threats. If you stay away from sites where things are offered free you're also more likely to avoid the sites where such spybot programs lurk (especially free stuff from the "seamier" side of the internet including gambling, porn, and other quasi-legal or quasi-moral sites). Ironically many of the "free pop-up stoppers" that people download are actually pop-up creators, or other types of spyware. We can definitely recommend the products mentioned above at this point as being "guaranteed" free of spyware.
Phishing on the other hand is a direct attempt to get you to enter your critical account information into a crook's web site, where it will be recorded and either used or resold. They are a combination of "social engineering" - trying to get you to believe the note is real - and using limitations of the browser (faking the link to look like it's a real link to the original website but in fact redirecting you to the "phisher's" look-alike site instead. Phishing has become a major source of income for overseas organized crime, and for terrorist organizations. In general, the easiest way to avoid Phishing attacks is - if you get a note you believe is real - to just go to the website of your vendor by logging in the normal way and see if there is in fact some information you need to update. The variety of social engineering methods phishers use are as varied as their ability to make up stories. The original phishers were the famous "nigerian money scam" ones but these have quickly been followed by attacks at clients of banks, "you won the lottery", ebay and paypal scams. Your best bet here is a healthy dose of scepticism and remembering the term TANSTAFL (There ain't no such thing as a free lunch).
So, what are our "top 10" recommendations for protecting your Windows PC from future threats:
Run an active antivirus solution from a major provider - Norton, McAfee, Sophos, Trend Micro, CA, etc. Be sure that your subscription does not expire and that updates are scheduled daily (hourly in a corporate environment). We recommend that you buy the software, run it for a year, renew just the antivirus subscription portion one year, and upgrade to the newest version the next year. Usually the cost differential between upgrading and renewing is only 10 or 20 dollars US. So if you have 2003 Antivirus - we recommend an upgrade to 2005 rather than just renewing another year. If you're in a corporate environment get software such as NAV CE or McAfee Enterprise to protect all the systems (including servers) on your network and provide a centralized control point.
Have an active hardware firewall - unless you're using dialup a hardware firewall really isn't an option any more - you should have the firewall there and in place before you even hook your computer up to the internet. The average infection time for an unprotected workstation on the internet is 15 minutes - that's right, before you can even download the security updates your machine is probably already infected. "Zero day" worms that exploit a vulnerability as soon as it's released to the public are becoming more and more common. Your firewall doesn't have to be fancy or expensive - Netgear, Dlink and Linksys all make inexpensive home firewalls that are suitable for protecting home systems. If you're in an office environment we recommend the more robust and feature capable products from companies such as Cisco, Sonicwall or Symantec. If you have a wireless system either configure it yourself to be secure, or have someone help you do so - open wireless systems allow people behind your firewall to use your connection - not a good thing in todays world unless you want to become the next source for the spammer in the van parked across the street. A commercial enterprise should never, ever have an open wireless link.
Have a software firewall on your system. At a minimum enable the Windows XP SP2 built in software firewall (you have updated to SP2 haven't you?). Other options include the Zone Alarm Firewall (www.zonealarm.com), Black Ice, Norton Internet Security, or McAfee system security. Authorize programs to access the internet only if you recognize the program and know what it is for.
Update your system frequently, if you don't have the discipline to do this yourself - you can actually have Windows XP do it for you (option not available on older PCs) - set it up for autoupdate, give it an installation time to install and reboot your PC automatically and you'll have all the critical updates as they arrive at Microsoft. Even if you do this you should periodically check to be sure you have the latest hardware drivers and optional updates which will not be automatically downloaded (http://windowsupdate.microsoft.com). Be sure to update microsoft office (http://officeupdate.microsoft.com) manually - as that is not automatically updated by windowsupdate.
If you haven't already upgraded to an XP system this is the time to do it - those older Windows 9x and ME machines are getting pretty long in the tooth - software support is fading and the prices have never been better on new systems. Repairing and recovering from one security breach could cost you more than an entirely new machine. NT machines should be replaced ASAP and 2000 machines should be targeted for replacement in the next 1-2 years.
View all email with skepticism, especially if they're asking for you to go to a site and enter any information you consider confidential.
View all instant messages the same way - IM has become a popular spreader of viruses and trojans.
Do not install file sharing software on your system, including music sharing software such as Kazaa or Bearshare (or other variants). Disable file sharing if you don't need it in programs such as ICQ, etc. These programs have become ripe vectors for viruses and other software to infiltrate otherwise secure systems. Be highly skeptical of "Free" software or web components - what are you REALLY installing and what is the real price? If Windows XP's firewall warns you about installing - that means you should be thinking seriously about whether this program should be installed. Pop-up blocking is now built into the Windows XP version of IE.
Backup important files frequently! If you have important files on CD and it's necessary to re-format and re-install your system the entire process will be easier and more painless. If you have very large file stores, consider an attachable Firewire, network or USB2 hard drive device for backing up your system. The rule of thumb is "backup and fail in that order" because the alternative is frequently painful or costly. If the data is REALLY important - back it up in more than one format for safety.
Have a disaster recovery plan and kit - what will you do if your hard drive dies or gets a serious infection? Do you have all the disks at hand and ready that you'll need to rebuild your system? Have you burned all the programs you downloaded and installed off to CD? Do you know who to call to get a replacement and what the warranty information is for your machine? Have you made a spreadsheet or database of all the key codes for the software installed on your machines and stored it in a separate place?
What about alternative browsers? Firefox has come a long way in the last year - it's gaining some momentum and traction in the industry and has had some success in fighting it's way into the IE monopoly. I personally can't say at this point that I recommend Firefox (or Mozilla or Opera) over IE - but I have both Firefox and IE on my machine anyway just to have some alternatives. There are some things about Firefox I love - and others I hate. But it can't hurt to have both on your system as long as you keep them both updated (mine still defaults to IE). Firefox is by no means immune to security issues - just like IE a number of security issues have been found in Firefox, that affect both spybot vulnerabilities and Phishing vulnerabilities (as well as new vulnerabilities related to tabbed browsing). If you install firefox, you'll need to think about updating it just like any other piece of internet software to keep it secure. I think Firefox is great in that it keeps Microsoft from stagnating the feature set of IE, and it provides an alternative. Having Firefox on your system (even if it's the default browser) is not adequate protection that you'd be able to not update IE. You need to do both since many programs use IE's activeX control to provide browsing capabilities inside their program.
The Viruswarning newsletter has come a long way in the last year, and we're looking forward to more improvements in the future. In store for 2005 include enhancing the XML Feed capabilities (current notifications are available using our new RSS XML Feed link at: http://www.leedrake.com/viruswarning/viruswarning.xml. If you have an RSS reader you can subscribe to this feed and get the viruswarning newsletter information fed directly into your normal news feed along with the NY Times, ZD Net or any other newsfeed you might see. The feed lists the "What it is" section of each bulletin and you can click the link to drill down to the specific link in our archive at: http://www.leedrake.com/forum/forum.asp?FORUM_ID=2 where all the past articles are stored. In 2005 I'm also planning to create a new, Microsoft Sharepoint Driven, portal for viruswarning that will integrate the archive, and virus and security information from a variety of sources onto a single page. When it's ready I'll send out a notification to everyone.
Here is wishing everyone a safe and happy New Year.
Cheers,
Lee Drake
Aztek Computer Solutions, Inc.
274 N. Goodman St. Ste B269
Rochester, NY 14607
the human side of computing
Email: ldrake@azcomputer.net
Web: www.azcomputer.net Office Phone: 585-242-2060
Fax number: 585-242-9441
Cell number: 585-509-0284
|
|
|
|
|
|
| You are not authorized to post a reply. |
|
|
|
ActiveForums 3.6
|
|
|
|
|
|
|
|