An Ounce Of Prevention

It seems malware is everywhere these days. If your machine hasn’t been affected, you probably know someone’s who has. It’s in the news, it’s on blogs, it’s discussed around the water cooler. More than likely if your computer at work was infected, you have some computer support types who will come and fix it for you. (If not, give us a call.) The question you should be asking yourself though is how to prevent infections in the first place.

It isn’t impossible. It might seem like it though. After all, you go about using your computer like you do every day and then one day, perhaps not even while surfing, you get a pop-up claiming your PC is infected and if you’ll only enter your credit card number, the nice pop-up will download software to fix the problem. Of course, it’s a scam and the software is probably busily embedding itself and other nasties in the guts of your machine, not to mention altering your files so as to seem as though your machine is more damaged than it really is. So how do you guard against it?

The first line of defense against infection of malware on your computer is you. You wouldn’t dream of letting someone with no experience piloting an aircraft attempt to fly your nice big passenger airliner would you? And you wouldn’t at all be surprised if the attempt turned into disaster. Likewise if someone decided to go diving without training. Except for the possibility of physical danger, computer use is no different. Actually, that’s not quite true. The difference is it takes much less training and know how to defend against infection. Simple changes in behavior can matter a great deal. Understanding your computer makes a big difference.

Firstly, understand that without some sort of connection between your PC and the bad guys, you cannot be infected. What sorts of connections? Usually something to do with the internet but it might be a USB stick. Or a CD or DVD. Maybe a floppy disk if you’re feeling old school. Basically any opportunity to get your PC to read new data is an opportunity for the bad guys to infect it. Thinking of inserting that USB stick/CD/DVD/floppy into your PC? Where did it come from? Do you trust the person who gave it to you? If it was found somewhere, it might have been put there with malevolent intent. Many PCs are configured to attempt to automatically launch certain files when these items are attached to the PC. There are ways to disable this feature, but unless you do, inserting these items becomes a potential risk.

So suppose you’re careful about what you insert into your PC. What next? The next way your PC might connect to the bad guys (and easily the most typical) is via the internet. This includes email, surfing the web, IM programs, file sharing apps, pretty much anything that allows your PC to interact with, upload to or download from another computer somewhere else in the world. Does that mean you shouldn’t use any of that? No, but it means you should be very careful when you do. Once again, it comes down to trust. Does that email have an attachment? Do you trust the person who sent it to you? That’s a trick question actually. Your closest friend might have been infected and the malware on their PC might have found you in their address book and sent you the same payload, hoping you would trust your friend. The answer? Don’t trust your friend’s emails. Note that I don’t say you shouldn’t trust your friend, just their emails. Instead, verify that they intended to send you that attachment. IM them, text them, call them, maybe even just email them (though I don’t recommend simply replying or even worse, forwarding the email and attachment back to them; it could cause more problems for them if they really were infected). Will it take more effort and more annoyance? Yes. But consider how much annoyance you’re saving yourself by not being infected with whatever your poor friend was infected by.

What about IM programs (Google Talk, Yahoo, AIM and MSN chats, etc)? Anyone can send you attachments via a chat. They might put a link into a chat session and ask you to click on it. Again, do you trust this person? Are they aware they sent you that download or that link? Always verify it before you click to download or follow.

File sharing apps? You’re asking to download something from someone on the net who you don’t know. I know there are some very useful applications for such file sharing apps. All I can say is be extremely careful here. The motto of “know who you can trust” is pretty much moot here since with P2P you pretty much can’t trust anyone. If you absolutely have to use a P2P app to get something you need, then be extremely wary of what you find.

And what about surfing the web? This is where a lot of infections come through. I’ll say it again, “know who you can trust”. For the most part, sticking with reputable sites is usually going to be your safest bet. And by reputable, I simply mean known and established for the content you’re searching for. You might be searching for something of ill repute, but so long as where you find it is “known” to be safe, you decrease your odds of running into a malware vector. How do you know what’s safe? That’s a tough call in some cases. If you know others who have already been there, you can ask around. Perhaps you’ll find references to the site in question elsewhere on the web, indicators that the site is legitimate.

But the web is big and who knows where you may find yourself heading. Maybe a friend sends you a link they just found and you want to check it out. Maybe you’re delving off into some topic you’ve never looked into before and have no one else to lean on to find out what’s safe and what’s not. Or maybe one of the safe sites has been hacked, isn’t aware of it, and the intruder left a nasty malware attack on it for anyone who visits the site. How do you defend yourself against the unknowns?

There are still some common sense things to remember. One is to watch for unexpected behavior on your PC. Your browser, for example, should not be set to automatically open downloads, so if you see a window pop up about how your download is complete and would you like to open it, and yet you didn’t click on a download link, you probably want to shut your browser down entirely and perhaps even start a scan with whatever you have on hand. Did you get a sudden message about how your machine is badly infected and oh look, we’re counting all of the infections right now and if you just click here it can all be fixed? Well… first off, know your PC. Does this look like your antivirus software that you use on your PC? Are there any typos? Poor grammar? If you’re sure the antivirus or antimalware software you use is purchased or doesn’t require a license, then is this software asking for you to purchase an upgrade or to enter your payment information? It comes down to knowing what to expect of your PC and knowing when you are seeing something unexpected.

To be fair I have to mention that even if you do everything right, take all the right precautions, it is still technically possible to suffer malware infection. You might be visiting your own website, on a domain you pay for personally and on which you host family photos and a blog of your own. But you might not be aware that your web server was hacked due to a security lapse by your web host. And you visited your site, expecting to trust it, with a fully patched and up to date browser but the malware on the site takes advantage of a newly found security hole in the browser that still allows malware to get through undetected. What then?

There are still some precautions that you can take even against this sort of scenario. Once again, if you are in a business setting presumably your company has a technical support team available. Additionally they have likely mandated a software package for prevention and detection of malware infections. In this case, follow the requirements of your company in order to allow the software to do its job. In smaller company settings there may be no such requirements in place or perhaps their computer techs are only called in to fix problems and are not allowed to mandate best software practices. Typically in such scenarios higher privileges are given to local users (you, in this case). If that is so, you have the option to install prevention/removal software yourself. Read up, contact experts if you’d like, but definitely make sure your computer is protected. This goes without saying for your own home PCs.

What else can small businesses do though? Your best option would be to consult with a firm who specializes in supporting small to mid sized businesses for just such purposes. If you wish to go it alone though, there are some suggestions you could consider. You’ll want a firewall at your place of business, something to prevent network intrusions. We’ve seen otherwise obscure small business clients of ours become targeted for a time by outside intruders. It’s as though someone looks around for a business to bust in on, tries for awhile and if they can’t get through, gives up and moves on to the next target. Keep your machines updated. You might not like automated application of updates but at least consider routinely going through and making sure security updates are applied as they become available. This is especially true for your operating system, your browser, your email client and any anti-malware software you are using. Consider externally hosted email if you aren’t already using it. Most large scale email hosts provide not only anti-malware scanning built right in at the server level, but they also implement spam rejection and black hole lists. Whether you agree or disagree with black hole lists, they can help significantly reduce the amount of attacks you receive via email. If you choose to host email yourself, consider using some sort of software or other accessory to scan for malware attachments and spam and such. This could be software such as GFI Mail Essentials or hardware like an Ironport. There are other things that can be done but what you should consider depends greatly on the needs of your business.

I’ve presented a number of preventative measures here. Most can be put into place with some knowledge and forethought and common sense. Some you would need to work within company IT policies. In any event, your best bet is still going to be at least to discuss matters with someone qualified to assist you with computer maintenance.

Share