Computer Security for 2007

I thought I might write an article about computers for a change.

The first observation is that the nature of computer security has changed. 

I do very little work in the area of computer virus and spyware remediation any more.  I believe the reasons are these:

  • Most people are using a good Internet Security Suite type of product, are keeping up with their updates, and allowing these programs to run periodic scans.  The anti-virus vendors have done a great job of putting together a bundle of solutions that just simply work.  This is the good news.
  • The bad news is that the malicious code writing that I see now is not a simple nuisance virus.  Malicious software, (that’s right, software,) is being written by professional software writers who are working the dark side of the force, they are working on behalf of organized criminal gangs, many of which are operating in countries where the legal system does not work or is for sale.  They are working for profit.  They are working, specifically, to pick your pocket, clone your credit card, or empty your bank account.

The major danger comes in the form of an e-mail designed to persuade you to purchase fake or bootlegged products, or worse yet, to lead you, through an embedded hyperlink, to a realistic looking facsimile web site of a well known brand, like eBay, PayPal, or your bank.  Once there, you will be encouraged to fill in a web form with your personal and financial information.  Clicking on the submit button transmits this information to their web servers, with the usual goal of running up your credit card or draining your bank account.

The best things you can do for yourself is to upgrade to Internet Explorer version 7, and use Outlook 2003 for e-mail.  Both of these products have advance security features built into them which can make your Internet travels safer.

Outlook 2003 has a nice Bayesian spam filter which will automatically remove most junk mail from your Inbox.  It is good practice to avoid clicking through links in your e-mails, but one thing that I do is to simply hover my mouse pointer over the link, and wait for the tip box to open and display the real hyperlink destination address.  If it looks strange in any way, simply delete the e-mail, it is not from someone you can trust.

IE7 will display the web address in a red background if the web site you are on is known to be a fraudulent web site.

Another good quality to develop is a high degree of suspicion and paranoia when reading your e-mails.  I do not generally open e-greeting cards, because many of them contain malicious programs that install while the greeting card is playing.  I do not click through links in either eBay or PayPal e-mails, unless I am actively selling or bidding, or have recently completed a transaction of some sort, and even then, I use the hover trick to sniff out the real destination address.

And the emails from long lost relatives in Africa who have fortunes to share with me – yeah, right.  I can’t borrow five bucks from my spouse, so why would someone I’ve never met want to make me a millionaire?  Delete immediately and add to my blocked sender list.   I’ve won a lottery I didn’t enter in Luxemburg – uh huh!  Delete and block.

Use a little common sense, mixed with a healthy dose of skepticism, and you should be able to avoid these perils.  Happy surfing!

 

0

About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com

Add a Comment


This site uses Akismet to reduce spam. Learn how your comment data is processed.