Apr 212009
 

We are getting more connected online and business continue to move to internet. Threats of online exploits and Indentity thefts is increasing. It is important to be aware of different types of security threats.

Antivirus and the Protection Methods used

Anti-virus software is a computer program that works to keep computer free from virus and other malicious programs. There are multiple approaches, antivirus software use to identify viruses.

  1. Dictionary method –In this method Anti virus program continue to match programs with the pre-identified virus definitions and then take appropriate option (quarantine or delete the infected file). New viruses are included in the dictionary as identified. Success of this method is based on how quickly new threats are identified and included in the dictionary.
  2. Suspicious behavior – Suspicious behavior method monitors behavior of all program and raises warning flag if the behavior looks suspicious such as modifying an executable file. The user can then act on the warning by allowing or blocking the program. The method can identify unknown viruses but generates lot of false warnings which is annoying for the user. The success is also dependent on user’s ability to correctly identify the virus from false warning.
  3. Whitelisting – Whitelisting is another method that blocks all executable programs except the trustworthy programs already identified by system admin. The success of the method depends on the ability of the system administrator to correctly identify trustworthy programs.
  4. Heuristic Analysis – Antivirus software tries to emulate running of new executable before transferring control to the program. If it finds suspicious behavior, it can alert the user.
  5. Sandbox method – Sandbox method imitates Operating system and run the executable in the simulation. After the simulation run, antivirus program analyzes the run and look for changes indicating viruses. This can be a system hog and is only run on demand.

The most common method remains Dictionary method. That’s why it is very important to keep virus definitions current by running frequent updates.

How Viruses fool Antivirus Software

Computer Viruses are programs which can copy it and infect the computer and other programs. Virus authors and antivirus software try to defeat each other. Here are some of the ways viruses use to defeat antivirus software

  1. Stealth – Viruses can intercept the request by antivirus program to read files and then return uninfected clean file thereby fooling an antivirus program.
  2. Self-modification – Antivirus software use know virus definitions to look for virus signatures (digitally identifiable virus information). However, some viruses can modify itself each time they copy therefore have a different variant, which can not be easily identified using virus signatures.
  3. Encryption – Viruses can have varying encrypted module with a small decrypting module. That would make it difficult to identify viruses using known virus signatures.
  4. Polymorphic technique – Polymorphic virus is similar to Encrypted virus. The difference is that in this case decrypted module also changes with every copy therefore make it even more difficult to identify virus using signatures.
  5. Metamorphic technique – These viruses can write themselves completely making it extremely difficult to study the pattern.
  6. Avoiding Bait files – Antivirus software sometimes creates bait files to invite viruses to infect these files. As viruses learn about such files they avoid infecting such files and other files that might be easily caught by anti-viruses.

Good antivirus software continue to research new threats and ways to combat them but there are times when virus authors can use a new and advanced technique before anti virus technology catches up. It is always advisable to use caution.

Computer worm vs Computer Virus

Computer worm is a program that replicates itself on the network and can be a real system hog. Worm can penetrate the network by using security vulnerability in the operating system or by opening a malicious attachment or link in an email message or chat session.

  • Worm is different than Virus. Virus need to attach itself to an existing program which is not the case with Worm. Worms are independent program.
  • Worm tends to harm the network by copying itself to multiple locations and using bandwidth and network resources whereas Virus harms computer by corrupting and modifying files.
  • Worms spread much faster than virus.

Spyware – Hidden spy on computer

Spyware is software that gets installed on computer without users consent. Spyware can cause harm by taking partial control of computer and by compromising privacy. Spyware can collect personal information such as browsing habits (primarily for marketing purposes) and sensitive information such as credit card number. Spyware can also take control of computer and install additional software, redirect to malicious website and install virus.

Spyware vs Virus/Worms
Spyware do not self-replicate themselves like Virus/Worms. Spywares are primarily used to trigger other actions such as taking control of computer, stealing personal information and installing other malicious software e.g. virus.

How does Spyware enter system?
Spyware typically pretends to be useful software (Trojan) or comes bundled with useful software. Spyware can also get inserted into computer by using security vulnerability.

Adware vs Spyware
Adware is any software program used to display advertisement. Adwares are generally spyware too because these programs have to spy on user’s browsing activities for displaying relevant ads. Adware are not necessarily surreptitious and malicious though, as advertising revenue might be used to provide free or reduced price software and users might consent to receiving advertisement for cost saving. But caution is required to prevent any malicious software entering the system.

Beware of Trojan Horse

Trojan horse is program that tries to fool user by appearing to be a useful program while actually doing damage to the computer. Unlike Virus, Trojan does not replicate itself. It can perform destructive activities such as allowing backdoor entries to other malwares, monitoring and sending activities to third parties, infecting files, and even allowing complete remote access to someone else.

Trojan can get installed by running a program with intent to installing Trojan on computer. So, be cautious while downloading file, installing unknown software and opening email attachments.

Beware of Phishing Email

Phishing is a criminal fraud in which Phisher attempts to steal personal information such as user name, password, bank account number, pin, credit card number etc by pretending to be a trustworthy website. It typically involves sending an email or IM link that appears to be from a trustworthy source such as Bank, Credit Card Company, Paypal, ebay etc and then redirects user to a fake website where user enters personal information.

These Spoof websites and emails mimic the appearance of the legitimate businesses by using copyrighted images. Phishers generally use fear technique to force users to take actions such as ‘Please, verify your user name/passwords. Otherwise, you account will be closed.’ or something similar. This information is then used for identity theft.

Phishing attacks may be avoided by changing a few browsing habits. Avoid following a link from email and directly enter website name in the web browser. Avoid replying and sending personal information in email. Keep your browsers anti-phishing settings on and pay attention to warnings.

Phishing email (or Spoof email or Hoax email) attempts to fake appearance of popular website and businesses for stealing personal information.

Ways to identify Phishing Email

Here are ways to identify Phishing email.

  • Generic Greeting - Phishing email typically starts with generic greeting such as “Dear User” or Dear Customer”.
  • Fake Links – Most phishing emails use valid looking links. Mouse over the link or right click and see link properties to see actual hyperlink before clicking on the link.
  • Sense of urgency – Phishing emails generally use scare tactics. These emails try to force customers in taking action by stating that account is about to be closed if account information is not verified. Always suspect email that seems to generate a sense of urgency.
  • Legitimate looking Sender’s Email id - Do not trust ‘From email id’. Sender’s email address can be easily altered.
  • Attachments – Sometimes phishing emails send attachment in the email to install virus or spyware on the computer. Suspect email with attachment.
  • Deceptive website URL – Secure websites start with https. Always confirm if website URL is correct. It is always good idea to type the website url directly in the browser and avoid following link from email.

As phishers learn, they tend to use more advance methods. So, always be suspicious of sending information in email and following email links asking for personal information.

Beware of Vishing

Vishing is a criminal fraud method of acquiring personal information over the phone by pretending to be a legitimate business such as Bank or Credit Card Company.

Visher typically calls and leave an automated message with a call back number asking customer to verify their credit card number, bank account number, passwords, PIN, expiration date, date of birth etc. This information is then used to access the accounts and steal identity for financial gain.

If you get a suspicious call, always call the number on back of your card or actual customer service number and not the number left by visher.

Beware of Pretexting Call

Pretexting is a criminal method of acquiring private information by pretending to be a legitimate authority and is primarily done over the phone. Pretexter can then sell this information or use this for identity theft.

In typical cases, Pretexter uses already accessible information like pubic records or stolen records such as bank statements to build authority and uses a series of question to collect personal information. The technique is also used to collect consumer information from businesses such as banks and credit card companies.

Be careful when a stranger calls asking for personal information even if the call appear to be from legitimate source. These people are good at appearing to be legitimate.

Should you disable Java Script?

What is JavaScript? Java script is Object Oriented scripting language that can add dynamic functionality in html pages. Scripting languages are high level programming languages that are interpreted at run time as compare to system programming languages (Such as C or Java) that are already compiled.

For example, all the Google ads that you see on websites are JavaScript code. Dynamic nature of the code produces ever changing targeted ads on WebPages.

Webmasters choose to implement Java Script code because

  • JavaScript is very fast because it runs on client side (browser side),
  • Easy to learn and implement.

If you keep JavaScript off, Many Webpages will not work correctly.  But if you keep Java Script on, Security can be an issue because JavaScript run on your computer.

A Word about Internet Cookies

A Cookie (Also called Internet Cookie, Web Cookie, Website Cookie, Web browser Cookie or Cookie preceded with other internet related term) is a small text file that website can store on user’s computer to store personal information such as Name, user id, preferences, user actions etc. The primary purpose of cookies is to use this information to enhance user experience on repeat visits.

Examples

  • A website can store your name, user id, and password. So you don’t have to enter logon information on next visit.
  • An online shop can use cookie to remember the items, you added to shopping cart. So you don’t have to add items again.
  • A weather information site can store your zip code. Next time when you visit the website, you will see weather forecast for your zip code.

Are Cookies harmful to my computer?
Simple answer is no. Cookies are text file, not programming code (Even though many sources wrongly refer to cookies as programming code).

What about privacy?
Privacy can be a concern. Every time you reveal your personal information, chances are it might be misused. Always, be careful with what information you share and with whom.

Can I free up space if I delete Cookies?
Not much. Cookies are very small text files. So, you will hardly save any space by deleting cookies. Consider, deleting Browser cache if you are looking to free up space. Browser cache stores temporary internet files for faster viewing of recently visited sites. These files include copies of WebPages, images, videos etc that you visited.

A Word about Zero Day Exploit

Zero day exploit is taking advantage of security vulnerability before it is known and fixed. Hackers are becoming faster at exploiting vulnerabilities and takes advantage of time needed to know vulnerability, fix it and distribute the fix. Attackers can use this time to spread malwares such as viruses, worms etc.

The only ways, to reduce chances of being attacked by Zero day exploits, are to follow security best practices, keep Security software and OS updated, and use caution while opening attachment, downloading files and installing software.

Benefits of using Personal Firewall

Firewall is a software application that controls incoming and outgoing network traffic for computer. Personal firewall is targeted for End users and typically protects one computer.

Here are key benefits of using a personal firewall

  • Monitor and controls all incoming and outgoing traffic.
  • Prevent unsolicited traffic by hiding the computer from automated scans.
  • Prevent unwanted traffic from local applications.
  • Warn the user about outgoing connection attempts and then allows users to choose which programs can access internet/network.
  • Provide information about the application and server trying to communicate with computer.

Firewall is one of the key components of PC security as it constantly filters and monitors network traffic.

HTTP vs. HTTPS

HTTPS (Hypertext Transfer Protocol over Secure Socket Layer) is a secured communication protocol between web browser and web server. You can say it is secured HTTP (think of ‘S’ in HTTPS as secured) protocol.

It encrypts any communication that a user sends to a web server and decrypts at server side. Similarly, it encrypts any communication that a web server sends to a web browser and decrypts at browser side. That way HTTPS protocol provides a secured sub layer under HTTP.

As we know https is more secured, why do websites use http anyway? One reason is that https cost more. Another reason is it slows down the website since it encrypts and decrypts every communication a web user sends or receives.

You can place all websites in three categories

  1. Least Security – These websites use http throughout. Most internet forums will probably fall into this category. Because these are open discussion forums, secured access is generally not required
  2. Medium Security – These websites use https, when you sign in (when you enter your id and password) and use http once you are logged in. Google and Yahoo are example of such sites. MSN (or Hotmail) provides you with an option to use http or https protocol. You can choose ‘Use enhanced security’ option for https or ‘Use standard security’ option for http.
  3. Highest security – These websites use https throughout. Most financial institutions fall into this category. Try logging to your bank or credit card company’s website, you will see https protocol being used throughout.

Security Tip: It is good idea to keep different password for least secured website. So, just in case it is stolen, your secured website will still be safe.

Best Practices and Tips

  • Install and maintain security software that protects PC from Malwares (Virus, Spyware, Worm, Trojan etc).
  • Run frequent updates and keep virus and spyware definitions current.
  • Scan your computer often for malwares.
  • Use Personal firewall and only allow communication to programs, you trust.
  • Use administrator account only when required. For day to day activities use limited access account. This will help protect the computer if you accidentally open a bad email attachment, click a bad hyperlink, or browse a malicious website.
  • Keep automatic updates ON for Operating System. These updates include security features update too and will help fix any security vulnerability before it is exploited by hackers.
  • Use strong passwords that are not easy to hack and not easy to guess.
  • Avoid clicking random links and visiting random website.
  • Avoid opening email attachment from unknown sources.
  • Do not download unknown software on your computer.
  • Perform frequent back up of your data. So, your PC can be recovered if something bad happens to your computer.
  • Remove data securely from computer. If you are going to sell your PC or hard drive, make sure you wipe the data and not just delete the data.
 April 21, 2009  , , ,  Add comments

  One Response to “Complete Guide to Security Best Practices for PC”

  1. spyware removal software review…

    Not everyone knows about this. Thanks for sharing….

Leave a Reply