Tuesday, August 14, 2012

Personal Computer Security

Being in the IT industry, especially in security, you get asked for help cleaning infected computers.  This is rather problematic as there are many different variants of all the many malware out there. On top of that, once you clean it, they usually get it infected again. If the malware was difficult to remove, this becomes rather demoralizing. It's this vicious cycle that really needs to be addressed to improve on home computer security.

The traditional method is to use an anti-virus scanner from one of the big vendors (Norton, McAfee, TrendMicro, Kaspersky, etc). With a subscription to one of these solutions and regularly scheduled scans, you can protect yourself fairly well. However, in my experience, these solutions are not configured for scheduled scans or updates, or the subscription is expired. We need to start coupling the traditional scanner with better safety education. We don't just give someone a seat belt and say "now drive" do we?

The first thing I would like to impress on everyone is to keep your software up-to-date. Start with the operating system (OS) like Windows, Mac, Linux. Microsoft has long used the second Tuesday of each month as its designated update day. Many software vendors have adopted the same or similar schedules.  Just plan on seeing update notifications during the second week of every month. Adobe will release updates for Flash and Reader, Sun/Oracle will release Java updates, and even Apple has joined the fray releasing some of their updates. These updates will fix vulnerabilities that have been discovered by researchers and hackers alike. Many worms spread by exploiting vulnerabilities that have already been fixed by an update, but not everyone updates on time.  Any software you use should have an auto-update feature. Use it, it's worth it.

Second item to address is proper use of anti-virus scanners. Pretty much every major scanner uses signature detection. This means that the vendor has to find a piece of code or a behavior in each malware program that is always identifiable regardless of the malware version.  Your computer then has to get these signatures as they come out or you aren't protected from as many threats as you could be. All scanner vendors will have an auto-update feature. Use it. Now that you are getting the latest signatures as soon as they come out, you need to use them. Set up automatic scanning on a schedule that works for you. Remember that the computer has to be on to be able to scan. I you are using a paid version of your scanner, make sure you keep the subscription/license updated so you continue to receive signature updates.  Also, supplement your scheduled scanner with an on-demand scanner from another vendor. These on-demand scanners are often times the free versions of major scanners. The on-demand scanner will often catch the malware your regular scanner misses. No malware scanner is 100% accurate so the more the merrier- with one caveat. Competing anti-virus scanners don't always play well with others so you have to find a combination that gets along ( good reason to use a free one as the supplemental scanner).

Now comes the difficult to teach stuff.  Everyone gets infected in different ways. For some it's email attachments.  A zip archive with an executable file inside is common.  The malware authors will try to trick you with innocuous names like invoice.doc.exe . Remember it's the stuff after the last "." that matters.  Invoice.doc.exe is an executable and probably bad. Invoice.exe.doc is just a stupid file name. You have probably heard the advice " don't open email from someone you don't know." but this is actually a little misleading. Most malware that spreads via email attachments will actually come from someone you know because it harvests the address book of whoever it has infected. You have to learn to approach email from your friends and family, with caution. Were you expecting the attachment? does it look like it was emailed to their entire address book? Is it out of character for that person? If anything rings false about it, you may want to verify with the sender that it is legitimate.

Spam is another avenue of infection. If you get a spam message, mark it as spam and delete it. never ever click on an "unsubscribe" link unless you specifically remember signing up for it (which would make it not spam by definition). These unsubscribe links often lead to malicious websites or at least confirm to the author that a person is reading email at your address (which usually leads to more spam).

Infected web pages is another avenue for infection. Malware authors will hack websites and inject "drive-by" malware that infects any computer that accesses the webpage. A recent one even detects the OS being used and downloads the appropriate payload (http://arstechnica.com/security/2012/07/cross-platform-web-exploit/)  as opposed to just a Windows infecting payload.  You can come across infected websites almost anywhere. Anytime you have a relatively popular subject matter and either webmasters that don't care or don't know.  Examples of this would be "free" pornographic sites, software "crack" sites where people try to download key generators to steal licensed software, and coupon sites. I just recently discovered the problems with coupon sites. They are unique because it's common for a coupon site to force you to download and install a coupon "printer". These programs are used to keep people from abusing the coupons, basically only allowing a certain number of a particular coupon to be printed. Since users expect a download, it's easy to put up a site claiming to have great coupons for everything under the sun, but forcing a download and install before allowing access. The download is, in this case, a piece of malware. Avoiding such a site can be difficult because many of the legitimate coupon sites are home-grown and the download isn't expected to be signed.  Besides looking to see if the download is signed, you can also run it in a sandbox.  Avast Anti-virus has a sandbox included.

One last recommendation.  Since many malware authors are infecting systems through infected websites, it's important to choose your browser wisely.  I won't go into the specifics here, but I would recommend Firefox and Chrome over Internet Explorer and Safari.  There are other browsers, but those are the most used.  Firefox and Chrome have a better security track record and there are multitudes of security plugins coded for both that can extend your browser security. Internet Explorer has made good strides in its most recent releases but Safari continues to be troublesome.  As with any other software, keep your browser updated.

For those Apple fans that think they don't need Anti-virus, watch for a post in the future regarding the naivety of that stance.

No comments: