Security Online

Friday, June 8th, 2012

Staying safe online is a major concern for everyone, and not just for the casual Internet surfers out there. My friends often ask for advice on how to keep their personal details secure, how to keep their kids safe and other stuff, and I probably ramble on about stuff that they just nod their head to, and forget about as soon as I stop talking. So I’ve compiled a bit of a list which is by no means definitive, but should be of some use as a guide in what to look out for.

Perhaps the most important place to start, although not entirely guaranteed to secure your PC and data, is to install a firewall on your home PC. This can be seen as the first line of defence in preventing hackers from accessing personal and financial data from the hard drive. They literally act as a wall between you and the rest of the Internet, and filter out potentially dangerous traffic. However firewalls are also vulnerable to hacking methods such as inserting a malicious  Layered Service Provider and although firewalls are not 100% guaranteed to protect a PC, an unprotected PC would easily become infected with malicious software in a very short space of time, and should therefore be considered as an essential defensive measure.

Alongside a firewall it is also important to have some form of virus protection on your PC to enable you to detect and remove all kinds of malware including worms, Trojan horses, spyware, and viruses.  There are many alternatives to choose from including free and paid for versions, so have a shop around before choosing one and ask other people about their experiences. However antivirus software is not without problems as it can drastically reduce the performance of a computer. It can also be used to trick users into downloading malware by advising users that viruses have been detected on their PC, and that they need to click on a link in order to remove them. This is similar to phishing but it is usually seen as a ‘pop up’ rather than in an email.

Antivirus software is also not 100% effective, and the following list shows detection rates for Trojans, bots, worms, Windows viruses, other malware, and script and macro viruses by leading antivirus products. The list was taken from a recent report (March 2012) by AV Comparatives (http://www.av-comparatives.org/)

Total detection rates;

1. G DATA                               99.7%

2. AVIRA                                 99.4%

3. Kaspersky                            99.3%

4. Sophos                                98.7%

5. F-Secure, Panda,  Bitdefender

BullGuard, McAfee                     98.6%

6. Fortinet, eScan                      98.5%

7. Webroot                              98.2%

8. Avast,                                 98.0%

9. ESET                                   97.6%

10. PC Tools                            97.2%

11. GFI                                   97.0%

12. AVG                                  96.4%

13. Trend Micro                        95.6%

14. AhnLab                              94.0%

15. Microsoft                            93.1%

Although antivirus software is not 100% effective, it is surely better to have at least 93.1% (the lowest in the list) rather than no protection at all. Also it is important for the antivirus software to be kept up to date as new viruses are constantly being released.

A firewall and up to date virus protection are essential if you use file sharing (peer to peer networks) or file swapping programs as they can be used to download file sharing worms, viruses and spyware to your PC, in addition to it being illegal to download copyrighted material. The worms can then be used to download other malware to your PC, which you can then in turn spread to other computers as the worm can then copy itself to files which you share with other unsuspecting users. The malware can be disguised as graphics such as emoticons, icons, screensavers, wallpapers, mp3s, videos etc. and possibly the best advice is to avoid file sharing at all costs as the chances of downloading some form of malware is very high.

Passwords are also important in helping to protect your data and personal details, and you should ideally choose a different passwords for each application you use. Hackers use password cracking software that is good at guessing common passwords such as names, places, or in fact any word in the English language. Therefore passwords should be made from a combination of numbers and letters, and a mixture of upper and lower case, and should be as long as you can reasonably make them. Including punctuation marks and special characters also decreases the chances of it being cracked.

It is generally recommended that passwords are changed frequently, although it can be argued that this does not help, as users are less likely to create difficult passwords on a regular basis and that frequently changing passwords decreases their quality. You can even use an online password generator to generate very secure passwords but you may need to copy and store them somewhere as they will be almost impossible to remember due to their complexity.

It is also highly recommended to set a secure password for a new router as soon as possible, as people often leave them set at the default value (admin). Automated router configuration software can then be used by botnet malware to manipulate DNS server addresses so that the user is redirected to spoof websites.

Secure passwords are helpful when shopping online, but there are also other guidelines that should be followed to help protect you from becoming a victim of fraud when shopping online. In general you should choose larger companies when shopping online, such as Amazon, as they have a reputation to uphold and are more likely to keep your data safe, as any breaches in security would be damaging to that reputation. They will also probably have better network security systems in place than a smaller company. However this may be a bit unfair on smaller companies that may sometimes have a better deal on offer, and so when buying from smaller companies it is always advisable to check them out. This may include phoning them or checking online for more information about them.

Too many people spend money they haven’t earned, to buy things they don’t want, to impress people they don’t like.
— Will Rogers

It is also a good idea to check the URL when shopping online (you know, the box at the top with the address in it). Ideally you should check for the URL to change to ‘https’ and the closed padlock icon should also appear when you go to the sites checkout page, although this only guarantees that the connection is secure and does not mean that you are not on a spoofed web page, so that’s why it’s a good idea to look at the URL (address). Unfortunately URLs can also be spoofed and difficult to detect as they use SSL (Secure Socket Layer) making users think that the site is secure, and some financial institutions themselves often use domain names that are unusual, such as “myBank.bankName.com”, similar to something that a hacker might use.

Also, with regard to online shopping, you should always pay for items bought online with your credit card as you have more protection should you become a victim of fraud. Debit cards take the money straight out of your account and it can be a long winded and difficult process to get the funds back in your account. However there is some protection when using a credit card and you are usually only liable for the first £50 providing that you have not been grossly negligent.

Avoiding shared computers is also a good idea, such as those found at Internet cafes, computer labs, or other public areas, as it is possible that keylogging devices can be used to capture information such as your credit card details or other personal details before it has been encrypted.

You may wonder if the private browser feature included on all the major browser these days adds anything to your safety while surfing. The answer is NO. Although it hides your trail from anyone else who might use your PC, it doesn’t make you more safe from attack. Sites you visit will still be able to make a record of your IP address and any other information you may enter while surfing.

Users should also exercise caution when they are using social networking sites as well as when they are shopping online. Individually users of sites such as Facebook should be conscious not to publish personal details such as date of birth, or their address.

With regard to emails and phishing, there is one important way for you to keep your data safe. For the individual user the best way to avoid becoming a victim of phishing attack is by never clicking on any link included in the email. Emails from companies that are known to you should contain some form of acknowledgement of your identity, such as addressing you by name or reference to a product you have with them, and are probably safe, but be careful. Due to widespread publicity about phishing and recent action by ISPs, the number of victims of these types of attacks have apparently dropped over the last few years.

Finally when the time comes for you to update your PC you should be very careful about deleting any data stored on the hard drive of your old PC. Hard drives can contain all kinds of data and personal information, and therefore it is strongly recommended to delete everything on the hard drive using disk ‘wipe utility’ software. If this is not possible then it may be advisable to actually destroy the hard drive rather than pass it on as you should not rely on simply deleting files as this does not destroy the data but merely removes the reference to it.

Tags: , , , ,