Computer Security - The Basics

Some weeks ago, government law enforcement seized control of an operation designed to infect computers, steal financial identities and lock out access to users’ computers. Police took control of the ‘BotNet’ operation and servers, disrupting the whole thing but then issued a two week deadline for computers to preare themselves for an imminent attack. Why?

As it turns out, this is kind of a guesstimate as to how long they think it will take the criminals to regain control of the system and continue their master plan. It could be more, it could be less! Either way, the general advice being given should be heeded and protection for your machine be sought as soon as possible. This may have come across as a major scare tactic, but this course of action should hopefully have the intended effect of making people think that bit more about their computer security and a realisation that their financial data may be at risk, but a window of opportunity has been given to seek advice or implement measures.

Are the free options enough?

I am regularly asked this question and, in the past I would have been inclined to say yes, but these applications still provide a basic level of protection, and have not changed much over the years. My advice is now to seek an alternative. You get what you pay for, and in that respect is your data safety worth £30-40 per year? If you ever have to get your machine repaired after any kind of infection you will pay at least this amount and would have also put your data at risk in the process.

What are the risks if I don’t do anything?

This should be fairly obvious, but in real terms what could possibly happen is you may receive an innocuous email containing either a link or an attachment which, if clicked, could download a virus to your machine intent on seeking out your financial information (GameoverZeus / GOZ) whilst also installed a data encryption ransomware application (CryptoLocker) which has the ability to encrypt and completely lock you out of your files and documents, then present you with a new wallpaper (fig.1) and warning message (fig.2) asking you to pay for your files to be released. If you find yourself presented with this, please stop and seek professional advice.

 (figure 1)                                                       (figure 2)

What about my Smartphone or Tablet?

Because tablets and smartphones use completely different types of operating systems, which have inherent security measures built in, the likelihood of getting a virus or malware app installed on it is much less than your laptop or PC. Regardless of this, nothing is immune. There were instances in the past of android-specific viruses and rumours of Apple-related viruses, and a number of anti-virus apps are available to download free. To better protect from any unknown vulnerabilities, always ensure your device software is updated. If this concerns you somewhat, best be cautious and get an app for that, some of which come with additional features such as theft or privacy protection.

What should I do?

• Be wary of any email with links, asking for personal information, or has attachments, if in doubt – delete!
• Check links. If you are sent a link from what you think may be a legitimate source, verify it before clicking it (Use: http://global.sitesafety.trendmicro.com to check)
• Backup! Make copies of your important files, photos, documents etc. Do this to external drive, DVD, Pen Drive, Cloud Storage etc.
• Update Regularly. Program updates, or operating system updates, make sure you update them as the updates are designed to fix flaws and potential vulnerabilities for attack.
• Install a security solution. Ditch your free anti-virus and get a proper, highly rated security solution which covers everything. (Links below)
• Review your policies (For organisation systems admins) Ensure that restrictive policies are imposed where needed eg. Attachment blocking for executables. Possibly limit the user capability to install software on workstations etc.
• Don’t panic! These risks are ever-present, use this as a reminder to take precautions and prevent any kind of disaster. If you use your computer for financial transactions, just make sure you have some kind of reasonable protection and you should be fine! The internet will not come to a standstill in two weeks!

Computer Security Terminology Explained:

Virus:  Usually a self-replicating piece of code attached to legitimate software intended to disrupt or destroy programs and spread to other machines.

Malware: Malicious Software which is designed to infiltrate the user’s computer without consent with various intents, the following are some of the various types of Malware

Worms: The Contagious Threat.
Similar to viruses in that they self-replicate, but can be standalone programs themselves, usually targeting vulnerabilities in software or operating systems ultimately destroying applications or spreading to other machines.

Trojans / Rootkits: The Masked Threat.
They both seek to conceal their attacks from the user hiding malignant pieces of software pretending to be benign applications. Rootkits are a masking technique for Trojans and increase the difficulty in removing.

Spyware / Keyloggers / Ransomware: The Financial Threat.
These are used primarily for identity theft, phishing and social engineering (Tricking) Becoming more commonplace and the one which worries most. Ransomware, as warned to be the weapon of choice of the latest GameOver Zeus attack, these will encrypt and lock your files and system, until you make contact and try to pay a fraudster. This will ultimately lead to your identity theft.

Phishing: The Email Threat
Pronounced 'fishing', this is the email targeting method to get the user to click on an infected link, leading to one of the above

Adware: The Annoyance
Regular pop-ups, website redirection and a slow machine would be signs of unwanted software on your computer. They do not control or steal information, but can lead you to sites that will.

Anti-Virus: At a very basic level, this will protect against the effects of common viruses. This usually refers to the Free software (AVG, Avast, Avira and others) whereby you get some basic protection, but limited only to viruses. These can prove weak at prevention of new or prolific viruses and provide no cover against common malware.

Anti-Malware: A standalone application which you can run manually to detect and remove any malware present on your machine. They provide no real-time protection, but can be quite good at removal of existing problems. Free applications available include(Malwarebytes, Ad-Aware, SuperAntiSpyware)

Firewall: This is the first line of defence for any internet connection, provided either by a router hardware device, open source software, or Windows Firewall. This is used to control the ports used by applications entering or leaving your machine or organisation (over 65,000). This is basic prevention of unwanted traffic and should not replace any virus/malware protection.

Endpoint Security / Smart Security Solutions etc: Encompasses all of the above. Provides real-time protection against all known viruses, malware or any other malicious code. Usually includes everything needed to keep your machine secure from any threat and have the ability to remove any common threats found. If used in an enterprise these will be centrally managed.

Further information on viruses and malware: 

http://www.cisco.com/web/about/security/intelligence/virus-worm-diffs.html

http://www.microsoft.com/security/portal/mmpc/shared/ransomware.aspx

http://about-threats.trendmicro.com/us/webattack/3136/GOZ%20and%20CryptoLocker%20Malware%20Affecting%20Users%20Globally

Security Solution Software:

http://www.eset.co.uk

http://www.trendmicro.co.uk/home/index.html

http://www.sophos.com/en-us/products/enduser-protection-suites.aspx