|
|
 |
Here are some useful tips about keeping your computer safe and protected:
- Keep your operating system up-to-date
If you have your computer running on Windows, then you should
know that Microsoft releases updates and fixes for it every second
Tuesday of the month (referred to as Patch Tuesday). Make sure you
download and install these updates as soon as they are released.
Please note that Microsoft sometimes released out-of-cycle updates
as well. This is when a recently discovered vulnerability is being
actively exploited in the wild by people with malicious intent.
- Keep your software up-to-date
Most of the software updates I see are meant to address the issues
of stability and security. Make sure to keep the software
applications you use on a day-to-day basis up-to-date. Most programs
will update automatically. Become familiar with your programs that
should be updated regularly.
- Get Antivirus Software
Windows comes with a built-in firewall, but it does not come with a
built-in antivirus application. Get a security software application
and install it on your system. Make sure you get a trustworthy,
legitimate application, not a rogue. The keep it up-to-date rule
applies to security software as well .
Most internet service providers will provide a antivirus program at
no charge.
- Beware of unsolicited email messages
If you get an unsolicited email messages that invites you to
download an attachment or click link, do not download the attachment
and do not click the link. The attachment is most times malware and
the link leads to malware spreading sites. If in doubt, check it
out. Contact the sender to see if it was sent intentionally.
If the email seems to originate from one of your friends and the
attachment is a .exe file, it would be better to contact that friend
and ask him/her what that file is. You never know if he had his
system or email account compromised.
- Be careful online
Modern web browsers like Firefox provide phishing protection and
known malicious web sites protection – this means you will be warned
that you are navigating to a known malicious webpage. You could
still be tricked into downloading malware onto your computer, like a
rogue security software application for example. Do not download
software unless you do it from a trustworthy location.
- Log on as a restricted USER
The
number one way to protect yourself from viruses is to logon to your
computer as a basic user and not a user with administrative
privileges. Once your software and configurations are set, you do
not need to be an admin. Most viruses exploit the fact that you have
administrative privileges to install and make network and system
modifications.
- Do not install tool bars bundled with free
programs
Avoid all toolbars that are not from known trusted software
vendors. When installing legitimate toolbars, pay careful attention
to added features that may be bundled with it. Choose not to install
these.
- Change Passwords
Use a unique
password for all your important accounts. Do not use the same
password on all accounts. Use a password with a mix of upper and
lower case letters, numbers, and symbols
Create a password that's hard for others to guess. Keep passwords in
a secret place that isn't easily visible.
- Back up your computer files often
The average user doesn't think of backing up until a disaster
happens. Backing your computer up is a key precaution that could
save you from a future headache.
Why an Anti-Virus Can’t Protect You from All Viruses
Very frequently we get asked, “Why didn’t my antivirus stop the virus from
infecting my computer?”
Well, the simple answer is, it was created to bypass it.
People writing exploits know that they must get their virus past Anti-Virus.
They also know that most Anti-Virus and intrusion detection programs base
protection on signature matching. So they obfuscate their code to bypass it.
At first, hackers found that adding random text strings to the beginning of
old, already detected viruses allowed them to bypass scanners. They would
actually cut and paste readme.txt files to the beginning of the exploit.
Anti-virus makers have figured this out and adjusted their scanning tactics.
Now, most hackers will use an encoding program to modify the exploit code.
Several exist, but one of the best I have seen is Shikata_ga_nai. The name
comes from a Japanese phrase that literally means “Nothing can be done about
it.”
These take the exploit code and modify it so it looks completely different
to an anti-virus scanner or an intrusion detection system. Sometimes once
through the decoder is not enough to trick a strong scanner, so the programs
allow for multiple encoding passes.
I have never seen any anti-virus detect an exploit code that has been passed
through Shikata_ga_nai more than twice.
When encoding malware, it is common for a hacker to upload the encoded
exploit file to a site like VirusTotal to check it against multiple
anti-virus signature bases to see if it would be detected. If the website
scanners do not detect the virus, they know they have a pretty good chance
of sneaking it past the real thing.
In actuality, many “state of the art” botnets are simply recreations of
older ones that have been updated and encoded. Many large corporations have
given up depending on anti-virus and intrusion detection systems to stop
these threats and instead believe that Network Security Monitoring (NSM) is
the answer.
NSM is basically recording all traffic, and looking for suspicious patterns.
If you want to learn more, Richard Bejtlich talks about this subject
in-depth in his book “The Tao of Network Security Monitoring”. Bejtlich is a
security expert, author, presenter and the head of GE’s IT security response
team.
Many of the modern advanced threats easily bypass anti-virus and then
download other viruses onto your machine. Usually Spammer type viruses. The
modern threat creators sometimes actually get paid by spammers to download
these additional threats to your system.
This is why you usually don’t get a single virus, but multiple infections
when you get a newer virus. And this is why cleaning up viruses in a machine
with multiple infections may be a waste of time. Your anti-virus cleaner may
not even see the root cause, but the other malware it downloaded.
So when the other ones are cleaned off, the advanced threat checks, sees
them missing and simply downloads them again. You could spend hours trying
to get these off, and you may never get the root cause.
Most corporate policy nowadays is if your machine gets infected and a single
pass of anti-virus cleanup doesn’t get it off, they will just wipe the
machine and restore from backup. Some will not even bother with cleanup,
seeing that it got past the anti-virus in the first place, and they just
wipe and re-install.
Unfortunately, malware has become big business for hackers, Anti-Virus alone
cannot protect corporate networks and additional steps must be taken.
|
 |
 |
