Security

  • Print
Details
Hits: 9233

Viruses - SpyWare - Phishing - Firewalls

There are two types of threats to computer Security - major (criminal) and minor (nuisance).

Criminal threats

Methods include e-mails, picked up by a site visit or direct IP address attacks (attacks on your computer without any action on your part).

Nuisance Threats

  • Spam - stealing your time and computer capacity with unwanted e-mails.
  • Email harvesting - stealing your address and selling it to spammers
  • Hoaxes - e-mails warning of a non-existent problem. Wastes time and internet resources.
  • Adware - advertising attached to a program. If it's malicious, it's a virus or spyware.

Virus Threats

What is a Virus?

It's a small computer program that a malicious person (criminal) has written that will damage your computer and either make it inoperative and/or cause it to send e-mails to others to propagate itself. You can "catch" it like a biological virus from e-mails, removable media (USB drives, floppies) or web sites. It can also be put on your computer by a direct IP attack although this is uncommon - criminals usually use that approach to steal your identity or personal information.

Fighting Virus Infections

The process to follow is:

  1. Make sure your computer is free of Viruses - use a free on-line scanner
  2. Use a safer browser less prone to infection - eg. Firefox or Chrome
  3. Install an Anti Virus Program
  4. Install a hardware Firewall - use a hardware firewall, even if you don't have a network
  5. Be aware of fraudulent e-mails - delete upon receipt
  6. But don't overdo it - the Internet is meant to be fun and useful. See email security settings.

1. On-line Scanner

Free scanners are available from:

  • Symantec - Note that the first screen talks about a Security Check but when you get there you get a choice of a Security Check or a Virus Scan. The only catches with the Virus Scan are that it only works with Internet Explorer and it does not fix any problems found. Note that it will take perhaps an hour or more to run since it does a full Virus scan of your computer. You must also be connected for the time it takes. To remove an infection, go to Symantec and find the virus (by name) in their data-base then follow their instructions on how to remove it.
  • Panda Active Scan - Internet Explorer only - not compatible with Avast
  • Trend Micro's House Call - works on Firefox and is compatible with all other anti-virus programs.

2. Safer browser

The most popular browser is Internet Explorer - that is one reason it is the most prone to the risk of attack. The other reason is that it alone allows operation of Active-X controls. These are downloadable programs that will run on your computer. Useful if they are invited - really bad if not. Safer browsers are Firefox and Google's Chrome although you need to keep Internet Explorer available for the odd occasion when you DO need to run an Active-X control (such as to run some of the scans in the previous section). More on the subject here.

3. Anti-Virus programs

  • ESET's NOD32 - Anti Virus and Anti-Spyware - fastest available - highly rated - my recommendation.
  • Kaspersky - Anti Virus and Anti-Spyware - often described as best available - a close second to ESET.
  • Vipre - Anti Virus and Anti-Spyware - new, fast and has good reviews. I had update problems with Counterspy - the product it was based on.
  • Bit Defender - highly rated
  • Norton Anti-Virus (made by Symantec) It has been bloated, inefficient and slow. It also has a hard time working properly with home networks. But it is very effective and recent versions are faster. However, Norton likes to take control of your life so I will never buy their product again.
  • McAfee - lowest rated of the "big names". Popular with Enterprise clients. This is now the default anti-virus offered by Bell.
  • Trend Micro weaker on Spyware - not recommended
  • F-Secure - weaker on Spyware
  • Panda
  • AVG Anti-Virus - Free Version - many feel is the best free version. Does not stop spyware.
  • Avast Free Edition  Does not stop spyware. My choice when it must be free.
  • Avira - Free - increasingly popular

Note that any free anti-virus program is not as effective or comprehensive as one you pay for - no surprises here. But free programs are often good enough - especially for home users.

More comments on program speed (or lack of it) here.

4. Firewalls

A firewall is software or hardware that prevents your computer from receiving or sending (to an outside person) anything that you have not requested. These criminal programs are often spyware intended to steal your identity but other types are possible. Some software is one-way only - that is, only manages incoming requests such as occur via hackers scanning the internet for vulnerable computers (direct IP attack). The illustration on the right applies to these one-way firewalls.

Two way firewalls also block outgoing requests not obviously related to incoming requests as might occur with a program planted on your computer via a Trojan. This is a program that comes in to your computer looking benign but which conceals a program that sends data back to its originator.

The best Firewall by a large margin is a hardware firewall. These are very simple devices that go between your modem and computer and handle internet traffic. If the traffic is valid, it will relay it to your computer. Most routers come with a firewall so add a router to your system even if you don't have a network! Unfortunately this does not apply to dial-up users.

More on routers below.

Another solution is to use a Security package such as that offered by Eset. This adds a firewall to their Anti-Virus package. Similar packages are available from McAfee and other Anti-Virus vendors. If you have Vista or Windows 7, you can activate the built-in Firewall for outgoing traffic but it's not recommended because it's too complicated. [I would ask, if you have effective incoming control, why is outgoing protection needed?] There are also stand-alone Firewall vendors such as Zone-Alarm - any would be better than none.

Spy Ware

SpyDefinition of Spyware

Spyware is a malicious program that is installed unknowingly into your computer with the capability of capturing stored information and Internet usage and sends it back to its (the spyware's) originator.

Spyware has been known to collect confidential information such as credit card details. Spyware is at the root of cyber-identity theft. Also, some spyware turns your computer into a zombie owned by the hacker and they make it send spam to people.

There are a two types of Spy Ware:

Cookies

These are harmless. They are placed on your computer by web sites that you visit. Their intent is usually to allow a site to know when you re-visit them. You may want this since they can remember your login information, shopping preferences etc. On the other hand, you may not want someone knowing that you visited certain sites. You can stop all cookies by adjusting your browser. For example in Internet Explorer, go to Tools>Internet Options>Privacy and adjust the settings. Controlling Cookies on Firefox is much easier (more).

Tracking Spy-Ware

The most common is the type that is often included with programs that you have willingly installed. The installation program for the software not only installs the program you want, but also installs additional tracking software without your knowledge.

Some is relatively benign and simply wants to target their advertising better. But another more malicious type installs a program that monitors key strokes (e.g. bank account passwords) and sends them “home”. This spyware is a type of virus and most current virus programs will stop these.

Stop Spyware

  • Don’t install free programs unless you know they are spyware free. (Those on this site were spyware free when posted). Especially don’t install programs that install “neat toolbars”. Google is clean, anything from Yahoo or Microsoft is clean but otherwise make sure you are certain no one has found a problem. A good way to find out is to do a web search for the name of the toolbar and if you find lots of responses saying "how to remove Search Miracle" (or the toolbar you're checking), then others have had a problem.
  • For best protection use an Anti-Virus Program which includes good Spyware detection. Most do now but not all - make sure the program you use explicitly includes an anti-spyware feature.
  • If you are concerned about managing cookies, use the cookie management feature in both Firefox and Internet Explorer from IE8 up. For stopping initial installation of spyware, Firefox does not allow the most common source ActiveX Controls. If you use it see our discussion on scripts.
  • Microsoft also includes a program to look for Spyware in Vista and Windows 7 called Windows Defender and it works quite well. You can also add it to XP if it's not already there - Download it here. Updates are provided with regular Windows updates.

If you would like to get yet more information on Spyware detectors, the Spyware Warrior has a large amount of data and conducts regular tests.

No PhishingPhishing

Is the process of "phishing" for people who are trusting enough to give their personal banking passwords etc to an unknown person on the Internet. Of course they think they do know the company asking for info but that's the scam.

The way it works, a spoofed website is typically made to look like a well known, branded site (like ebay.com or bmo.com) with a slightly different or confusing URL. The attacker then tries to trick people into going to the spoofed site by sending out fake email messages or posting links in public places - hoping that some percentage of users won't notice the incorrect URL and give away important information. The URL displayed on the link is different from the one you end up at.

The only sure defence is to know that banks and financial institutions don't do this sort of thing. So ignore it - delete the e-mail. If you are really concerned, phone the bank you believe has sent the message and ask them!

Other ways that are suggested, such as using the latest version of Firefox (14+) or Internet Explorer (8+) are not good enough. And refusing to do banking or Financial transactions on the Internet does not solve the problem - you can still get an e-mail from "your bank" asking for (e.g.) your Account number and ATM PIN number. The ONLY answer is to know that Financial institutions never send you an email asking for confidential info - if you get an email that appears to break this rule - delete it.

Many Anti-Virus/Anti-Spam programs will treat these emails as a virus and delete them but some get through.

Since Phishing is a form of an Internet Hoax, if you have not done so already, see our discussion of Hoaxes.

Routers & Networks

If you have a high speed connection, as discussed above, a reliable way to get excellent protection from direct IP address attacks is to install a hardware firewall. Do this by installing a Router between the computer and the high speed modem which then provides Network Address Translation. This means that anyone trying to hack your computer only gets into the dumb (as in really dumb) router. Linksys has good models at around $90. A router also provides for connecting multiple Computers to each other with Wireless or Cat-5 cable as well as to the high speed modem. If you have a hardware firewall, a software firewall provides very little extra protection but why not leave it on - two "walls" to get through must be more protection than one! One software firewall and one hardware firewall are compatible with each other and will work OK on the same system. Multiple software firewalls on one computer will probably have a problem.

Ad Ware

Adware programs display advertising content on your computer without your consent or direct knowledge. Often times this in the form of popup windows that just drive you crazy. Pure Adware is not a risk and just an annoyance. But sometimes it also includes spyware. In either case, it uses up bandwidth and memory and can slow your computer to a crawl.

In general, there are two kinds of Ad Ware:

  1. Software that includes ads – generally harmless – this is the price you often have to pay to get free software.
  2. Ads that come uninvited. The most common are pop-ups. Block pop-ups by using pop-up blockers in Firefox or Internet Explorer 8+. Other ads arrive in the middle of programs that you installed and maybe you read the fine print which said it was there or maybe they forgot to tell you. Examples include: Kazaa, Grokster, Limewire, CometCursor, BonziBuddy and others. If a program is free and seems worthwhile, it could easily include ads. In some cases that can be lived with and in other cases it cannot. These sometimes continue after you've left the site or uninstalled the program. Several of these have now been declared illegal enterprises in the U.S. - surprise!

If you run any spyware detector, you will generally catch these as well. Be sure to also download and use Microsoft's Defender program.

The most common way that the worst AdWare is delivered is using the ActiveX controls in Internet Explorer. A good preventative measure is to disable ActiveX in Internet Explorer (details here) or to use Firefox, Chrome or any browser other than Internet Explorer.