As many of you know, I have taught a Community Education Class about computer security issues since 2002. Over the course of time, the nature of computer security threats have changed, and the exploits have become much more sophisticated. Instead of pimple faced script kiddies writing mass mailing worms in their mom’s basement, we now have sophisticated software exploits that are underwritten and managed by organized criminal gangs. What they are infecting your computer with cannot really be called a virus. This is software written by highly educated computer professionals. Much of it installs without alerting the computer owner, as a result of clicking on a link in an email or visiting a legitimate website that has been attacked, cracked, compromised, and set up as a software distribution site. It can be hard to remove. Much of it reinstalls itself if it is removed. Scary, scary stuff.
How can we protect ourselves from these attacks? Here is the list.
- Do not run computers that use pirated versions of the Windows operating system. Microsoft does not supply critical security updates to computers that are running illicit copies of Windows, and enforces that with the Windows Genuine Advantage validation tool that it sends out via Windows Update about once a month.
- Keep your shields up. Turn on your Windows Firewall or use the firewall that comes with your Internet security suite. I find people turning off their firewalls to solve file and printer sharing problems, but this is a dangerous practice. There are other ways to solve that issue. Also, many wireless access points also provide a pretty decent hardware firewall at the point your network connects to the cable or DSL modem. If you have one, make sure this feature is enabled, and if you don’t, it may be wise to get one now.
- Run your updates. Windows Update is scheduled to run automatically by default, but if yours is set to ask your permission, you should make sure to grant it regularly. Letting other updaters run, like Adobe, flash, and Firefox, is also a good idea. Legitimate software developers send out updates to fix known security issues, but you have to let the installers run and apply the fixes.
- Keep your Internet security suite up to date. Renew your subscription when it comes due, and upgrade to the most recent version of your preferred security vendor. I use and recommend AVG in part because upgrades to the latest version are automatic and included in your subscription. The security vendors are improving their products continuously to thwart the efforts of the bad guys, but you have to do your part to stay secure.
- Keep your anti-spyware product updated. Usually this is a component of your Internet security suite, but if you are running separate products, or an additional anti-spyware package, do not neglect this either. My personal favorites in this category are Malwarebytes Anti-Malware and PC Tools Spyware Doctor.
If you have any questions about the state of your own computer security, I can provide an analysis and make recommendations. Or your can run a free tool from Microsoft, the Microsoft Baseline Security Analyzer. There is a comprehensive article on the Microsoft website that may also be helpful, and can be found here.
Have a happy and safe New Year.
DEC
About the Author:
I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com