Protecting Your Computer from Viruses, Phishing & The Million Other Threats Out There In Cyberspace
If you are anything like me you spend a significant amount of time on line. Some may be just for entertainment, some maybe more serious; maybe a little online banking. Many of you may use your computer for your business also. Offline it might be your "photo album"; no more prints and what a disaster if you lose the files. We are all depending more and more on our computers and on the marvelous resources and information stores available online. Unfortunately as the internet culture grows and evolves so to do the malicious and parasitic elements that generate viruses, spam and the like. So without being paranoid how can we make the online experience relatively safe without making it a pain in the proverbial behind at the same time?
It sounds simple and obvious and yet many users do not have anti-virus software installed. I have seen this in my own family. Even when there is pre-installed software on their computer it was never configured. Perhaps you are going through a tough time and cannot afford it; there are several very good free anti-virus providers. Having said that there is an old saying "if you pay peanuts you get monkeys"; a fully up to date paid anti-virus suite which is configured to update definition files automatically is without a doubt the way to go. A quick Google search will provide a multitude of options. My personal recommendation is McAfee; it has protected me for many years and been very effective at doing so. However Norton, Kapersky and AVG among others come to mind. One other option which many may not know about is Sophos. Sophos is one of the biggest players in the corporate world and they do not sell to home users. However as a benefit to corporations that employ Sophos software on their systems Sophos makes a home version of their software available to employees of the company at no charge so maybe it would be worth checking with your IT department to see what antivirus they use. Do your research and make your decision but be assured whatever anti-virus software you choose is infinitely better than none.
Why would it be off? Many times it is and I cannot figure it out. If a hacker or other malicious individual cannot get into a system he cannot do harm to it. Nothing is foolproof but for sure you are more protected with a firewall. Windows has one, many antivirus programs have one. Make sure one is turned on. Often if I ask why a firewall is off the answer is that it was preventing a valid and wanted application from communicating on the internet. Of course that is no reason to turn off the firewall. All firewalls have configuration settings where exceptions can be made for known and trusted applications.
The vast majority of viruses, malware, adware etc require YOU to do something in order to get onto your computer. It might be a link in an email, maybe a pop up in your browser. Perhaps you are told you need Flash. You have Flash right? Nevertheless the box pops up and says you need Flash to look at that video you just have to see right now so you click the link and boy did you wish you had not! If it looks too good to be true it probably is. In that case the best case scenario is that you are looking at a scam and it goes downhill fast from there.
Links In Emails
If you have any doubt about a link in an email DO NOT follow it. Links are not always what they seem. The following simple link to Google seems inoffensive enough right http://www.google.com? It actually points to http://www.yahoo.com. In this case not too damaging but who knows where someone could send you. Banking scams for example - is Bank of America.com really Bank of America.com. Trust your gut - if it looks suspicious it probably is. If you are curious or you think maybe it is a genuine email with a genuine link then go to the website in question by typing in your browser address bar or using your own favorites - if you bank online for example as I do. Phishing scams are most effective when they actually apply to you. If I don't bank with Chase then I am not likely to follow a "your account has been compromised and you need to update your information" email supposedly from Chase. But what if I do my banking online and I get an email that looks like it came from my bank - I kick up my browser and go to the bank's site using the valid URL I have bookmarked and login there.
One of the nasty little side effects of some viruses is that they propagate email without the "senders" knowledge. There was an old adage that said "never open an attachment from someone you don't know" I say never open an attachment from anyone without checking on it first. If I get an email from Bill who I know really well and the email has an attachment I email Bill and ask if he sent it to me and wait for his confirmation BEFORE opening the email. Sounds like overkill and a little paranoid; perhaps but as I have suggested before you will wish you had the first time you get virused.
So you followed a link or you searched in Google or you otherwise ended up on a website and now it is asking you for personal information; maybe you are trying to purchase something and you are being asked for credit card info. Check the URL - it should begin with https and not http. Most browsers will also display a padlock icon in the status bar. The image shows what I see in IE8 on Windows 7. Combinations of OS and Browser will be different but there will be an equivalent whatever the combination. Any business worth dealing with is using https [SSL] for sensitive data. If a site is asking for such data and they are not interested enough in you and your privacy/security to provide a secure method of transmitting the data I say move on and deal with a company that is.
Don't Click The “No" & Don't Click The "X"
If a box pops up in your browser saying you have a virus or you need a program or anything else that is at all suspicious [and by that I mean anything you did not expect or can not definitely identify as benign] you should immediately close it BUT do not head straight for the "No" button or the "X" at the top right of the box. Up to now you are still safe but the malicious coder is a clever little SOB. The "No" button and the "X" and every other pixel of the box is really the "Yes" give me the virus or Trojan or whatever else you malicious payload is - you cannot click anywhere in the offending box. Instead open your Task Manager [right click the Task Bar or ctrl-alt-del] and kill the process iexplore.exe [for IE, for other browsers kill the appropriate process]. This will remove the box and its attempt to hijack your machine without you having to interact with the box at all.
Don't Download That Software From The Link
You just heard of the latest and greatest viral video. You have to see it. You have to see it now! What - I need the latest version of Flash. Thought I had that but oh well; I have to see the video. Click - they gotcha. If you get a prompt telling you you need to upgrade Flash or you need a Java update or you are missing something else you need to access whatever content you are going after DO NOT click the link in the pop up. Many times they are valid; most big websites will have code that alerts when users access content for which they do not have the correct software installed. But - the malicious elements out there know this so they make such sites and the pop ups they generate do not take you to get a Flash upgrade. So what should you do? Simple - go to the appropriate software provider’s webpage directly in another browser or tab [for example the Adobe website for Flash]; if you do not know where to go or who the software vendor is just Google it. Download the software from there and you will be fine. Return to the site that generated the request for you to upgrade in the first place. If it was a safe request there will be no pop up this time. If you still get a pop up [the bad elements didn't check or care what you had installed - they pop the box to everyone] then feel good about yourself - you browsed smart and avoided a big problem.
Plan For The Best Prepare For The Worst
No matter how careful you are it is still possible something could sneak up on you and there are a few steps you can take to help make things easier if you have to deal with an infection.
- Make sure you have at least one other user account [with Admin rights] set up on your computer. Thankfully some of the stuff out there [many of the recent spate of fake Anti Virus malware for example] was coded by people smart enough to figure out how to infect your computer but dumb enough to attach the infection to a single user account. Thus logging in as another user allowed the problem to be dealt with quickly and easily.
- Keep a copy of SuperAntiSpyware and Malwarebytes Anti Malware. Many times the solution for an infection is one or other of these but hey - I cannot get logged onto my computer and I cannot get to the internet so how can I download them. Keep a copy [updated every so often] on a usb drive. They are cheap and having the software available without needing to be able to get to a website to download them can be a lifesaver.
- And finally; for the worst case scenario - make sure you have good backups so that if the infection is as bad as it gets and you have to format and start over that is not the disaster it can be if you have no good back up strategy in place.
Simon Robson 061611