The Internet has empowered us to shift our personal lives online; banking, gaming, even dating and socialising. Unfortunately, this reliance on the electronic world has introduced an element of potential exploitation. From applications that change a computer’s home page to sophisticated programs that infect nuclear power machines (stuxnet is the “largest and costliest development effort in malware history”), there are many threats to a person’s privacy and security. Recently, this threat has become extremely dangerous to all; the Cryptolocker virus holds all files on a computer (and a server, potentially) to ransom unless a fee is paid to the virus maker.
The Windows operating system is undoubtedly the most targeted operating system by malware – 89% of all computers run a version of Windows. Targeting Windows gives virus makers the best chance of exploiting a good number of computer users. To combat this, the following can strengthen your machine.
1. Install a reputable virus checker. Some virus checkers are better than others; typically, avoid ones that are packaged as part of other services (broadband companies can offer their own security software on their installation disk). There are even viruses that masquerade as virus checkers! AV Comparatives (http://av-comparatives.org) benchmark 20+ popular virus checkers every month. Other suitable products include Eset, Sophos and Symantec. Once installed, be sure to check your anti-virus program regularly to make sure it is up-to-date and working properly.
2. Encrypt your files. One of the most worrying issues for anyone is when files go missing. The most common loss is through USB sticks and stolen laptops. Encryption “scrambles” the data saved on a computer or storage device so that, without the correct password, the files are meaningless and unreadable. Windows has its own encryption product called BitLocker. A guide to enabling BitLocker can be found on Microsoft’s website: http://windows.microsoft.com/en-gb/windows/protect-files-bitlocker-drive-encryption#1TC=windows-8Other third-party encryption products are offered by Checkpoint, McAfee, and TrueCrypt (although free, TrueCrypt is now end-of-life. Go to http://truecrypt.ch for current development information). There are also pre-encrypted devices available, such as Kingston’s DataTraveler Vault Privacy (which has its own built-in virus checker) and the Imation Defender F200 (that has a fingerprint reader built into the stick itself!).
3. Update your software. Pwn2own (pwn2own.com) is an annual event where hackers break into Windows, Macs and Linux systems using unknown “zero day” exploits and vulnerabilities. A large number of successful breaks involve exploiting Java, Adobe Flash, and most web browsers, including Firefox and Safari. In order to reduce this risk, always make sure that your operating system and applications are up-to-date. Check that Windows Update is turned on, and that you apply any updates immediately on being notified of them.
4. Choose a good password. The best passwords are not the most complicated but the longest. Each additional letter in a password increases its strength a hundred-fold, therefore make sure that your computer has a long password! This webcomic from XKCD explains it better: http://xkcd.com/936/
5. Backup your files. Having a good up-to-date backup is absolutely essential. Most of us won’t see the importance of backups until they are needed, and by then it is too late. A simple backup procedure can be performed by using an external USB hard drive to copy all your files to. Software from Symantec or Acronis will do full disk backups that can be used to completely restore your computer in the event of the hard disk failing. However, ensure that your backup device is not permanently connected to your machine; if a virus attacks your files, it could target the backup drive too. If you are concerned about physical security, keep the backup drive in a small safe or lockable drawer.
6. Avoid pirated software. Most illegally-obtained software comes with password crackers or hacks to make the application work. However, these programs can also contain viruses and exploits. It is advisable to check the source of any software obtained from the Internet, and to avoid any “cracked” programs. If your virus checker doesn’t allow a piece of software to install, there is usually a good reason for it!
7. Be aware of social engineering. A popular way of obtaining sensitive information is simply to ask for it. Social engineering involves fooling a victim into giving away personal information or passwords, usually by pretending to be from a bank or well-known software company. If contacted by a company asking for information, say no and hang up. If in doubt, contact the company separately about the supposed issue.
8. Email. Similar to social engineering, emails can contain links to malicious software that try to infect a computer or steal passwords. Always be wary of emails from banks, delivery companies and other companies, especially ones that have a file attachment on it. Unless you are certain that the email is valid, never click on a link within an email that asks you to login; rather, open up your browser and go to the website manually or through a reputable search engine.
9. Mobile Devices. Mobile phones and tablets are not as vulnerable as Windows desktops to viruses, but can still be exploited if some basic security practises are not followed. Always PIN-code your phone, only install genuine software, use encryption if available, and update the software on a regular basis. Also, do not “root” or “jailbreak” your device; this allows unverified software to install. In fact, the first iPhone virus could only infect jailbroken iPhones (this virus changed the wallpaper to a picture of Rick Astley).
So, to surmise:
- Install anti-virus software,
- Encrypt your storage devices,
- Keep software up-to-date,
- Use long passwords,
- Backup your files,
- Avoid illegal software,
- Be wary of social engineering techniques,
- Be mindful of suspicious emails and attachments,
- Protect your mobile devices.