OFFICIAL SECURITY BLOG
June 10, 2013 | BY Joshua Cannell
Whether you’re lost on a road trip, going deaf at a rock concert, or getting your sun tan on, odds are PC security isn’t the first thing on your mind as you enter this summer season.
A fellow researcher at Malwarebytes put it best, by pointing out that you can keep their PC safe this summer by unplugging it and going to the beach. There’s probably some truth to that.
Nonetheless, in the interest of looking out for our readers, I did some research and came up with seven great tips to keep everyone surfing the web safely all summer long. Here’s what I found.
Using Anti-Virus (AV) protection may seem obvious to most of us, but according to a recent Microsoft Security Intelligence Report (SIR), nearly 25 percent of Internet-connected PCs are not running an AV product. That’s pretty good news if you’re in the business of engineering computer malware, but not for the poor unprotected consumer.
What’s more, the same report said that figure also includes computers running outdated protection. Having updated AV protection is important because new threats emerge daily that may go undetected, and even the old threats are being modified to go under the wire.
While most AV programs update automatically, you should definitely go into your AV program settings to see if automatic updates are being applied. Here at Malwarebytes, our anti-malware protection offers automatic updates that can easily be enabled. Our researchers work tirelessly to update our definitions multiple times daily, so you can rest easy knowing you’re protected from the latest threats.
Although you may have ample AV protection, you should also consider another layer of defense—anti-malware protection. A staggering number of threats get past traditional AV products every day, as much as 50 percent, so cover all corners when defending your network PCs. If you need help understanding the difference between the two, check out this video.
Finally, if you’re not running an AV already, take some time this summer and install an AV program; both free and paid options are available. This is really protection you can’t afford to be without.
Recently I wrote an article about passwords and how vital it was to protect them. The fact is passwords are the most commonly used form of authentication in our digital life, but they’re also the weakest and easiest to compromise.
We all know the effects of losing our passwords can be devastating. Furthermore, many websites are now introducing password complexity requirements, so it becomes more difficult to remember our passwords as they become longer and require special characters. Moreover, people continue to have an increasing number of online accounts today, which makes the situation even harder to manage whenever you try to have a unique password for every account.
My advice: try using a password manager this summer. This handy tool will help you securely organize the heap of online accounts you’ve amassed over the years into something you can easily handle. The manager offers advanced features that take your passwords and store them in an encrypted format, decrypting only when a “master password” is entered. Most managers available today will also easily integrate into your web browser and offer mobile versions if you’re on-the-go.
It’s important to keep your AV updated, but it’s equally important for the rest of your software on your PC. A vast percentage of software today contains vulnerabilities that have the potential to be exploited. Once the security of a program has been bypassed, malware can be installed on the host system using increased privileges.
Software exploitation is a big business today, where lots of money is to be made. Exploits are bought and sold to the highest bidder in blackhat communities, and then the same exploits are packaged into kits used and sold by cyber-criminals (to learn more about these kits, see this blog). This furthers the earning potential, as the exploit kit may be the foot in the door a cyber-criminal needs to install malware that could be used to steal money from its victims.
In most cases, the software exploited is a web browser or popular program on your computer. The two leading browsers most commonly exploited are Microsoft Internet Explorer and Mozilla Firefox. On the other hand, the two leading programs most targeted by web exploits are Oracle Java and Adobe Reader. In addition, the operating system (i.e., Windows, Linux, etc.) can become exploited, although these exploits are rarely packed into kits and are harder to come by. For this reason though, it is vitally important that you schedule your PC to regularly receive updates as they become available.
Ensuring that your software is secure and up-to-date is one of the most important aspects of PC protection. This summer, if you use software that is prone to bugs and exploits, you may want to find an alternative or avoid using the program altogether, although some of the risks can be mitigated by safe web-browsing habits.
Just like you don’t answer a telemarketer’s phone call (unless you’re Jerome Segura and write a blog about the experience), don’t open an e-mail attachment if you don’t know who sent it, no matter how tempting any presumed offer may be. You won a new car, a dream getaway vacation, or perhaps free food for life: the list of tricks spammers will use to deceive you is endless.
Getting you to open the attachment can take some work, but spammers are working hard to find new ways. For example, since the summer is here you might have just received your hotel confirmation e-mail for that big vacation you’ve been planning. However, when you open the e-mail you notice the wrong hotel is listed for your reservation. If you had already booked a hotel room using a travel agency, you might think there was an error, and open the attachment to see what the reservations were.
This sort of scenario happens all the time, but you don’t have to be the victim. The bottom line: don’t fall into these traps this summer (or ever). While it may be tempting at times, train yourself not to open any attachment (any e-mail really) from an unknown sender. You may get more than you bargained for.
It goes without saying that, as we integrate Facebook and other social media into our daily life, we also make ourselves more vulnerable to malware. Social media truly is a two-edged sword: while it allows our friends and family to connect to our inner circle, there’s also the risk of those less than savory getting in and creating a mess.
Just last month, in fact, I did a blog about a Facebook Trojan that surfaced in Brazil, raising security and privacy concerns worldwide. The Trojan was capable of controlling your profile and posting on your behalf, as well as sending malicious links via chat. But Facebook isn’t the only social media player you should worry about, as Twitter recently released two-factor authentication to its users after a myriad of account hacks including both the Associated Press (AP) and the infamous, spoof news source, The Onion.
This is of course notwithstanding any personal security concerns that can be created with social media. After spending a great deal of time on Facebook myself over the past few years, I’ve seen a lot of posts that give details on where you’re posting from, and where you will be in the future.
At first glance, there may seem to be nothing wrong with announcing to the world your location. However, in reality it may not be in your best interest to reveal to everyone this information. Most people can infer from these posts that A) you’re not going to be home and B) you probably aren’t hurting for money if you’re at the mall or on a vacation. Do you think a criminal might take advantage of that? Just some food for thought this summer.
Backing up your files is one of those things I hear a lot of people talk about, but few people actually do. For the majority of people I meet, their hard drive dies after a few years, and they wonder why this horrible account of data loss had to happen to them. The truth is it could’ve been prevented.
There are plenty of choices nowadays to back up your files, with some like Windows Backup being part of the OS itself. Of course, you want to take a smart approach and make sure your backup choice suits your needs. For example, you may not want to back up your primary hard drive to your secondary hard drive, since there is a chance the secondary one could fail as well.
A lot of third-party backup solutions are online and cloud-based. If you’re going to store your files on the cloud, Malwarebytes offers a solution: Malwarebytes Secure Backup. With Malwarebytes Secure Backup, not only can you back up your important files, but every file submitted to the cloud is first scanned with the Malwarebytes Anti-Malware scanning engine before being stored. This ensures that you’re not backing up any unwanted virus during the process, a solution not offered by most competitors.
Regardless of the route you go with, backing up those critical files should be a priority for every professional; make time for this over the summer before you lose important files that are gone for good.
The last tip I have for our readers concerns the use of public computers and public networks. While most people don’t use public computers as much anymore, public networks using Wi-Fi technology have rapidly grown in recent years. Now you go to your favorite coffee shop or even grocery store and connect to the Internet with your laptop or other mobile device.
Regrettably, a lot of people still use public computers at libraries or apartment offices to pay their bills, manage their business, or shop. The problem is that you have virtually no control over the administration of that computer or the network it’s on, so it’s anyone’s guess as to what software is installed and who’s watching. For all you know, the computer could be loaded with a keylogger that siphons your data to a remote server operated by a criminal, or with other types of malware intended to do you harm.
Don’t get me wrong: it’s not a bad thing to use a public computer or log in to a public network, but you need to exercise caution and demonstrate good discretion when visiting websites. Public computers can be very useful whenever you want to check the weather, read the news, or do other simple web browsing.
Even still, for your overall safety over the summer and beyond, NEVER enter any sensitive information on a public computer. This includes login credentials to websites like your bank, online stores, e-mail, etc. Doing so will ensure that anyone monitoring your activity on the computer and/or network won’t capture anything useful. As an extra security measure, you may also want to clear your browsing history after using a public computer, just to be extra safe.
Joshua Cannell is a Malware Intelligence Analyst at Malwarebytes where he performs research and in-depth analysis on current malware threats. He has over 5 years of experience working with US defense intelligence agencies where he analyzed malware and developed defense strategies through reverse engineering techniques. His articles on the Unpacked blog feature the latest news in malware as well as full-length technical analysis. Follow him on Twitter @joshcannell