Security Overview Part I: Firewalls

Nobody is immune from catching a computer virus, becoming victim to a phishing scam, or being the target of a clever piece of spyware unless one practices technology or computing abstinence. To completely avoid computers, the Internet, and, to an increasing degree, gadgets such as cell phones, PDA’s, and mp3 players is not an option in today’s high-tech world. You can, however, significantly lower your risk by taking some precautions. This is a compilation across various newsletter issues containing detailed information about several common methods for significantly reducing your risk and includes firewalls, spyware, anti-virus, anti-fishing, root kit removal, Active X controls, and Anti-spam.

Lets start with firewalls:

According to Microsoft, a firewall helps to keep your computer more secure. It restricts information that comes to your computer from other computers, giving you more control over the data on your computer and providing a line of defense against people or programs (including viruses and worms) that try to connect to your computer without invitation. You can think of a firewall as a barrier that checks information (often called traffic) coming from the Internet or a network and then either turns it away or allows it to pass through to your computer, depending on your firewall settings. Your school network probably has an excellent firewall (and other filtering) precautions running and so you don’t need to worry about this. For your home computer, however, this is a must, especially if you have a broadband (i.e., high speed) connection (although most broadband service providers now usually have a firewall running to block out unwanted intrusions before they can get to your computer).

If you use Windows XP and have updated to the latest version (Service Pack 2, better known as SP2), you already have a firewall installed. To make sure that it’s turned on (the default setting), click on Start, Control Panel, Security Center, then click on Windows Firewall. Confirm that the “On” setting is active. In my opinion, it doesn’t hurt to have a second firewall running at the same time. Fore several years, I ran Norton Personal Firewall which I found to be an excellent product. It will cost you about $30-$40 per year to continue accessing the company’s update engine, and you do need to keep it updated. Recently, I’ve moved to a free firewall which seems to do just as good a job – ZoneAlarm from Zonelabs. Another free firewall program that has received very good reviews is Sygate Personal Firewall. Also know that if you purchased a wireless router (the device that allows you to access the internet wirelessly with wireless capable devices), it may also have a built in firewall.

I should also warn you that firewall programs can be quite annoying for the first couple or three weeks of use. Any program on your computer that tries to access the Internet will be stopped by the firewall until you either approve it or disapprove it. Most programs today will at one time or another access the Web to look for updates for itself. After a bit of time, these interruptions do not occur nearly as often. As a tip, if you are warned that a program is trying to access the Web and you are not sure what the program is, you can Google the name of the file that is in question. Chances are very good that there is a website out there that will tell you what it is and if it can be considered safe.

By the way, the free version of ZoneAlarm also does a few other things that are quite helpful. First, you can set it up to warn you if you might be submitting your password to a fake eeeeBahy (spelled incorrectly on purpose so as not to trip you spam control) site. Second, ZoneAlarm has a lock that can block Internet traffic while your computer is unattended or while you're not using the Internet, and it can be activated automatically with your computer's screen saver or after a set period of inactivity. To learn more, you can download the ZoneAlarm manual here.

Once you are set up, you can test your firewall capability with a free service called ShieldsUP! which is an internet vulnerability analysis program. When I clicked the All Service Ports button, and the remote server performed a comprehensive scan of all the ports at my IP address. The scan took just over a minute and revealed that all of my ports--with one exception--had been stealthed. That is, my firewall had rendered them invisible, so that any computer trying to open ports on my machine's IP address would get no reply. Port 113 on my system was marked as closed, meaning a remote machine would know a live system is out there, but it would be unable to gain entry.

Security Overview Part 2: Spyware

According to the Wikipedia, spyware is a broad category of malicious software intended to intercept or take partial control of a computer's operation without the user's informed consent. While the term taken literally suggests software that surreptitiously monitors the user, it has come to refer more broadly to software that subverts the computer's operation for the benefit of a third party. That is, spyware will monitor your activity on the Internet and transmit that information in the background to someone else. Spyware is potentially dangerous because it can record your keystrokes, history, passwords, and other confidential and private information. Some software that you use may act like spyware although is actually (and innocently) communicating with its developer to do things as check for program updates or provide the developer with error information (for future development).

Spyware applications are typically bundled as a hidden component of freeware or shareware programs that can be downloaded from the Internet; however, it should be noted that the majority of shareware and freeware applications do not come with spyware. So, spyware is similar to a Trojan horse in that users unwittingly install the product when they install something else (Webopedia, 2005).

Although there is no guarantee that you’ll always be free from spyware, there are some things you can do to seriously lower your risk. First and foremost, you need to use an anti-spyware program that detects and prevents spyware from installing itself on your computer (and removes it). Anti-spyware software can also periodically scan your computer for spyware that may get through and remove it. Following are several of the most popular free anti-spyware programs:

Spyware Blaster

Ad-Aware SE Personal Edition

Microsoft Windows AntiSpyware

Spybot Search & Destroy

Personally, I use two of the above programs (Ad-Aware and Microsoft AntiSpyware) because no one anti-spyware program is known to catch 100% of all spyware. The two together seem to do a fantastic job of keeping me spyware free. Remember, your anti-spyware software needs to stay updated, on a daily basis, to stay effective at catching all the newly developed spyware. And, your anti-spyware program should automatically run system scans on your computer at least once per day. Ad-Aware SE Personal Edition does not do either of these automatically (you have to do it manually) although Ad-Aware SE Professional edition does (this will cost you about $40). Microsoft’s AntiSpyware software does scan and update itself automatically.

Also, here are some other steps to consider to reduce your risk of being infected by spyware :

1. If you use Windows XP, one way to help prevent spyware and other unwanted software is to make sure all your software is updated. Visit Microsoft Update to confirm that you have Automatic Updates turned on and that you've downloaded all the latest critical and security updates.

2. While most spyware and other unwanted software come bundled with other programs or originate from unscrupulous Web sites, a small amount of spyware can actually be placed on your computer remotely by hackers. Installing a firewall or using the firewall that's built into Windows XP provides a helpful defense against these hackers.

3. Don’t click on links in e-mail spam that claim to offer anti-spyware software. Some software offered in spam actually installs spyware.

4. Surf and download more safely. The best defense against spyware and other unwanted software is not to download it in the first place. Here are a few helpful tips that can protect you from downloading software you don't want:

a. Only download programs from Web sites you trust. If you're not sure whether to trust a program you are considering downloading, ask a knowledgeable friend or enter the name of the program into your favorite search engine to see if anyone else has reported that it contains spyware.

b. Read all security warnings, license agreements, and privacy statements associated with any software you download.

c. Never click "agree" or "OK" to close a window. Instead, click the red "x" in the corner of the window or press the Alt + F4 buttons on your keyboard to close a window.

d. Be wary of popular "free" music and movie file-sharing programs, and be sure you clearly understand all of the software packaged with those programs. (Source: Microsoft Corporation)

To learn more, visit these website:

Signs of spyware from Microsoft Corporation

Learn What Spyware Is, How To Stop It from HowStuffWorks.com

FTC Alert about Spyware

Security Overview Part 3: Viruses

Viruses

According to the Webopedia, a virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your wishes. All computer viruses are created by people and most can replicate themselves. A simple virus that can make a copy of itself over and over again is relatively easy to produce. Even such a simple virus is dangerous because it will quickly use all available memory and bring your system to a halt. An even more dangerous type of virus is one capable of transmitting itself across networks and bypassing security systems. To protect yourself from viruses on the Internet, don’t download files from sources that may not be safe. Viruses are usually

hidden in programs and activated when the programs run. They also can be attached to certain other types of executable files, such as special-action Web files and video files. Generally, when you’re about to download a type of file that could contain a virus, your browser will display a warning and ask whether you want to open the file or save it to disk. If you’re confident that the file comes from a trustworthy source, you may want to save it. If you’re not sure, you may want to cancel your download. However, rather than practicing “download abstinence”, you might continue and have a protected transaction by using an antivirus program which automatically scans all incoming (and usually outgoing) files for known viruses. Most schools and other organizations typically work very hard to make certain that you have anti-virus software running on your computer. The reason for this is that any one person in an organization can put the entire group’s network, and computers attached to that network, at risk with just one virus.

If you don’t have antivirus software loaded on your computer either at work or at home, you should get it right away. You might check out and use one of the following as starters:

• Norton AntiVirus http://www.symantec.com

• McAfee AntiVirus http://www.mcafee.com

• PC-cillin http://www.trendmicro.com

• AVG AntiVirus http://www.grisoft.com (Free)

Similar to adware or spyware, installing antivirus software alone is not enough. You need to make sure that the software updates itself at least once per day if not more. Without the latest virus definitions, you could be infected by a new virus not yet recognized by your antivirus software. At work, I use McAfee which is provided by my employer. At home, I use AVG antivirus since it works well and is free of charge. Both of these program (as do the others I mention above) have automatic update features.

Macro Viruses

According to Whatis.com, a macro virus is a computer virus that "infects" a Microsoft Word™ or similar application and causes a sequence of actions to be performed automatically when the application is started or something else triggers it. Macro viruses tend to be surprising but relatively harmless. A typical effect is the undesired insertion of some comic text at certain points when writing a line. A macro virus is often spread as an e-mail virus. A well-known example in March, 1999 was the Melissa virus. Current versions of Microsoft Word™ and Excel warn you about embedded macros as you first open a file. If you are sure that an embedded macro is benevolent, enable them. If not, click “disable macros.”

Trojan Horses

(By the way ... I know, I know, there is a difference among a virus, worm, and a trojan horse .... although, why complicate things, they are all our virtual enemies).

A Trojan Horse program, like the legendary wooden creature after which it is named, offers you some apparent benefit (such as a pretty screen saver), encouraging you to install it and run it. After it gains your trust, it then has access to your machine to do whatever else it likes in the background. As an example, in December, 1997, two students wrote a software product that allowed users to customize their Internet software. It appeared to work as advertised, but also secretly e-mailed the user’s password to the students. This action went undetected until March of 1998, when the students themselves revealed it to the press to demonstrate the security risks faced by Internet users. Trojan horses are another good reason to invest in an effective antivirus program.

Unfortunately, antivirus programs alone are insufficient for reducing your risk of becoming victim to a trojan horse program. One SchoolCounselor.com eNewsletter reader, Erik Dial, M.S. a counselor from Milwaukee, Wisconsin, turned me on to a program that protects against trojans and more called Ewido Security Suite. I now run it along with my other security software, seems to work very well (Click here to read an extensive review of this program). This setup of contains the free as well as the plus-version ($29.95) of the ewido security suite. After the installation, a free 14-day test version containing all the extensions of the plus-version will be activated. At the end of the test phase, the extensions of the plus version are deactivated and the freeware version can be used unlimited times. The purchased license code of the plus version can be entered at any time. The free version does not provide the realtime protection or automatic updates although you can certainly update manually and conduct periodic scans with the remaining free version.

Cookies

A cookie is a small amount of information stored on your computer by a Web site that you have visited. The cookie typically includes information that your Web browser sends back to the site whenever you visit it again such as your password for the site or a customized view of the site that you have chosen. The reason that cookies are designed and planted on your computer is so that your browsing experience is more personal and simplified. For instance, cookies will help you bypass a site’s password logon procedures because your password is simply entered from within your cookie. Then, you might receive a hearty and personalized welcome message. More intricate cookies keep track of the type of links you follow within a site, how much time you spend there, and what you do there (e.g., download a file) so that the site owners may begin to develop a profile for you that allows them to target new information that your profile indicates would probably be of interest to you.

Some less-than-reputable sites use cookies to determine your originating e-mail address which they will use to send you unsolicited e-mails in the form of advertisements. Such online behavior is usually experienced as a violation and is an example of the dark side of cookie use. Consequently, cookies are the focus of debate among those who view them as a service or “the cost of doing business” and those who passionately protect their privacy and civil liberties.

In general though, cookies are common and usually harmless. They can’t be used to take information about you or your computer that you have not provided (again, another reason to be very careful what you kind of information you give up at a site). But they can be used by certain services to create a profile of your interests based on the sites you visit. Then information on participating sites can be customized for you which can certainly be a time-saver.

Browsers such as Firefox or Internet Explorer (IE) can help you better control cookies by alerting you whenever a server tries to give you a cookie. In Internet Explorer:

1. Choose Tools, then

2. Internet Options.

3. Click the Privacy tab,

4. Default setting is medium. Move the slider to determine which setting you prefer.

5. You can also click on Advanced for specialized cookie treatment.

If you use Firefox, click here to learn more about the cookie manager. To delete cookies from your system, simply find them on your computer, usually in a folder called “Cookies” and delete them. Or, in IE, click on [Tools], then [Internet Options], then [Delete Cookies]. At least a couple of drawbacks exist to denying or deleting cookies, however. One problem is that cookies are so prevalent that you may be constantly dealing with cookie alerts which will seriously inhibit you from timely and enjoyable web surfing. Also, a site may not allow you to download valuable and free utilities and updates without first accepting their cookie. For instance, if you want to download some utilities from Microsoft, and you have set up your browser to not accept cookies, the company’s site will detect this and stop you from continuing. A message will appear on your screen that alerts you to this situation and instructs you to turn cookies back on if you still want to pursue your download.

ActiveX

Even if you do not intentionally download software from a Web site, elements of a site may download, run on your computer, and pose a potential security risk such as by unleashing a virus onto your system. For example, ActiveX technologies allow software to be distributed over the Internet. You’ll encounter ActiveX in the form of controls, usually graphic items such as scrolling marquees, on Web sites. Think of them as small programs within the site that run on your computer. An ActiveX control is like a plug-in, but worse. It doesn’t require any installation (so users will use them without thinking twice), leaves no trace afterwards, and gives the illusion of extra security. A famous example of a malicious ActiveX control occurred in early 1997 when a group of computer experts demonstrated to the German press how to use the personal financial software product Quicken to transfer money from your bank account to theirs while innocently browsing their Web site. Similar to ActiveX are VB or Visual Basic files (ending in .vb).

You should not allow ActiveX objects to run in IE when you are browsing the web. The default settings for Internet Explorer are set up to prompt or alert you when an ActiveX script is trying to install itself. You can double check this by clicking on the 'Tools' menu, click 'Internet Options', and select the 'Security' tab. Select 'Internet' zone and click the 'Custom Level' button. Disable every ActiveX-related setting (unless you have a good reason to leave one enabled). 'OK' your changes.

Other Things You Can Do to Reduce Your Risk ...

1. Don't fall victim to virus hoaxes. These hoaxes spread needless alarm and may even tell you to delete perfectly legitimate files. Visit the Hoax Encyclopedia before forwarding on those dire sounding emails warning of non-existent viruses. To get the true scoop on other falsehoods traveling via e-mail, make Urban Legends and Folklore a regular Internet pit stop.

2. E-mail attachments. Don’t open any e-mail attachments that you are not sure about, even if it looks like it came from a friend. Your friend could have a virus that sends e-mail from her account to everyone in her address book. If you have any doubts about the attachment, delete the e-mail and check with your friend. Also, take a very close look at the name of the attached file, especially the last three characters (known as the file extension). If the file extension is one of the following, it usually means that clicking on the file will run a program file, which is what viruses are:

.exe
.bat
.pif
.vbs
.scr
.com

Another interesting clue is to see if there are two file extensions, such as this example of a Microsoft Word™ File that has been changed into a virus file (note the two periods and two file extensions): AnnualReport.doc.pif

3. Watch out for IM viruses. Like e-mail viruses, instant message viruses are malicious or annoying programs that are designed to travel through IM. In most cases these viruses are spread when a person opens an infected file that was sent in an instant message that appeared to come from a friend. Click here to learn more.

4. Update your Windows software. Visit Microsoft Update to scan your computer and install any high-priority updates that are offered to you. If you have Automatic Updates enabled, the updates are delivered to you when they are released, but you have to make sure you install them. For more information, visit the Protect Your PC site.

5. Check out RoadRunner’s security page for lots more, and download this free checklist.

Security Overview Part 4: Phishing

Sources:

Help prevent identity theft from phishing scams: What is a phishing scam? Published: February 10, 2005.

Antiphishing Work Group

Federal Trade Commission: How Not to Get Hooked by a ‘ Phishing’ Scam

Phishing is a type of deception designed to steal your identity. In phishing scams, scam artists try to get you to disclose valuable personal data—like credit card numbers, passwords, account data, or other information—by convincing you to provide it under false pretenses. Phishing schemes can be carried out in person or over the phone, and are delivered online through spam e-mail or pop-up windows. A phishing scam sent by e-mail may start with con artists who send millions of e-mail messages that appear to come from popular Web sites or sites that you trust, like your bank or credit card company. The e-mail messages, pop-up windows, and the Web sites they link to appear official enough that they deceive many people into believing that they are legitimate. Unsuspecting people too often respond to these requests for their credit card numbers, passwords, account information, or other personal data.

What does a phishing scam look like? As scam artists become more sophisticated, so do their phishing e-mail messages and pop-up windows. They often include official-looking logos from real organizations and other identifying information taken directly from legitimate Web sites. To make these phishing e-mail messages look even more legitimate, the scam artists may place a link in them that appears to go to the legitimate Web site, but it actually (1), takes you to a phony scam site or (2) possibly a pop-up window that looks exactly like the official site. These copycat sites are also called "spoofed" Web sites. Once you're at one of these spoofed sites, you might unwittingly send personal information to the con artists. They then often use your information to purchase goods, apply for a new credit card, or otherwise steal your identity.

Just as in the physical world, con artists will continue to develop new and more sophisticated ways to trick you online. The following are just a few phrases to watch for if you think an e-mail message is a phishing scam. Don't forget to trust your instincts. If an e-mail message looks suspicious, that probably means that it is.

• "Verify your account." Businesses should not ask you to send passwords, login names, Social Security numbers, or other personal information through e-mail. Be suspicious of a message that asks for personal information even if the request looks legitimate.

• "If you don't respond within 48 hours, your account will be closed." Phishing e-mail may be polite and accommodating in tone, but these messages often convey a sense of urgency so that you'll respond immediately without thinking. Phishing e-mail may threaten to close or suspend your account or may even say your response is required because your account may have been compromised.

• "Dear Valued Customer." Phishing e-mail messages are usually sent out in bulk and do not contain your first or last name. Although, it is possible that con artists have this information. Most legitimate companies (but not all) should address you by first and last name.

• "Click the link below to gain access to your account." HTML-formatted messages can contain links or forms that you can fill out just as you'd fill out a form on a Web site. The links that you are urged to click may contain all or part of a real company's name and are usually "masked," meaning that the link you see does not take you to that address but somewhere different, usually a phony Web site. Notice in the following example that resting the mouse pointer on the link reveals the real Web address, as shown in the box with the yellow background. The string of cryptic numbers looks nothing like the company's Web address, which is a suspicious sign.

Another common technique that con artists use is a Uniform Resource Locator (URL or website address) that at first glance appears to be the name of a well-known company but is slightly altered by intentionally adding, omitting, or transposing letters. For example, the URL "www.microsoft.com" could appear instead as:

www.micosoft.com

www.mircosoft.com

www.verify-microsoft.com

How to Reduce Your Risk

Here are some practical tips:

• Be wary of clicking on links in e-mail messages. Links in phishing e-mail messages often take you directly to phony sites where you could unwittingly transmit personal or financial information to con artists. Avoid clicking on a link in an e-mail message unless you are sure of the destination. Even if the address bar displays the correct Web address, don't risk being fooled.

• Instead of clicking on a link inside an e-mail address, type addresses directly into your browser or use your personal bookmarks. If you need to update your account information or change your password, visit the Web site by using your personal bookmark or by typing the URL directly into your browser.

• Check the security certificate when you are entering personal or financial information into a Web site. Before you enter personal or financial information into a Web site, make sure the site is secure. In Internet Explorer, you can do this by checking the yellow lock icon on the status bar (bottom right). In Firefox, you will see this same lock at the end of the address. The closed lock icon signifies that the Web site uses encryption to help protect any sensitive, personal information that you enter, such as your credit card number, Social Security number, or payment details. It's important to note that this symbol doesn't need to appear on every page of a site, only on those pages that request personal information. Unfortunately, even the lock symbol can be faked. To help increase your safety, double-click the lock icon to display the security certificate for the site. The name following “Issued to” should match the name of the site. If the name differs, you may be on a fake site, also called a "spoofed" site. If you're not sure whether a certificate is legitimate, don't enter any personal information. Play it safe and leave.

• Don't enter personal or financial information into pop-up windows. One common phishing technique is to launch a fake pop-up window when someone clicks on a link in a phishing e-mail message. To make the pop-up window look more convincing, it may be displayed over a window you trust. Even if the pop-up window looks official or claims to be secure, you should avoid entering sensitive information, because there is no way to check the security certificate. Close pop-up windows by clicking on the red X in the top right corner (a "cancel" button may not work as you'd expect).

• Do update your computer software. Software developers continue to make improvements to their software to help protect your computer.

• Check out EarthLink ScamBlocker which is part of a free browser toolbar that alerts you before you visit a page that's on Earthlink's list of known fraudulent phisher Web sites. Its free to all Internet users - download at http://www.earthlink.net/software/nmfree/

Views: 76

Comment

You need to be a member of Vanguard Online Community to add comments!

Join Vanguard Online Community

Forum Categories

© 2019   Created by Vanguard Media Ltd.   Powered by

Badges  |  Report an Issue  |  Terms of Service