Computer and internet security


Cybercrime is on the rise (not that it ever stopped)... 

And the consequences for you range from small inconveniences, to a court case where YOU have to prove that your identity was stolen to make a purchase or a bank withdrawal.

Your internet security being breached is not far fetched. And your computer is not safe unless you are taking steps to secure it.
Antivirus company Symantec has this shocking statistic, that 9 out of 10 of the world’s emails are fraudulent.

In South Africa, some experts estimate that cybercrime is running into the billions of Rands. Other experts are comparing cybercrime to the historic gold rush were the guys selling the spades (hacking tools) are making most of the money.

So what exactly are all these threats that you need to be aware of on your computer and the internet?

Firstly, be aware that the information below is not comprehensive. The subject of security is a maze rigged with land mines and booby traps. Think Indiana Jones in the Raiders of the Lost Ark and you are closer to the truth.

As soon as someone says “Hey look we are 100% secure”, an invisible felon picks up the challenge and proudly whispers to his buddies “Look, I can break in!”

Here is a list of computer and internet threats you should be aware of (in no particular order):

  • Software weaknesses
  • Privacy – the internet has a memory
  • Information theft
  • Hacking
  • Social engineering
  • Malicious software

Software weaknesses:  If software companies waited until their software was perfect they would go bankrupt. It's that simple. So what usually happens is that once the software is “good enough” , they sell it to you. As weaknesses are exposed by users, they then scramble to develop a patch or an update to fix weaknesses. So updates and upgrades indicate not only new nice to have widgets, but most likely, security weaknesses in the old version. 

Privacy – the internet has a memory: Have you ever gone back to a web site and at the top it happily displays “Hello Julius, Welcome back!”? You don’t even have to fill in your username and password. The site has remembered you! If you have, then that site is using something called cookies. Cookies are allowed by your browser by default. You need to manage cookies because third parties can develop a complete browsing history of your computer. Combined with personal information such as name, address, and phone number that you enter for some sites, then suddenly they have a detailed profile on you!

Information Theft: Your computer may be stolen and some geeky person may recover your Windows password and access your computer. Your Windows password is NOT secure and there are many good reasons why it is not, and password recovery required of IT admin staff is one of those reasons. In fact even a deleted file in Windows (yes even from the recycle bin) can be recovered by a technical person.

Hacking: We all battle with coming up with a secure password. Having a weak password is no good because your “secure location” can be subjected to password hacking of varying levels of sophistication using free tools on the internet. The weaker your password is, the easier it is for the hacker. And yes, using one password for everything does not do you any favours either.

Social Engineering: If criminals applied their understanding of human behaviour to good causes the world would be a better place. But they don’t. They would rather send you an authentic looking email (logos included), with a link that sends you to an authentic looking website of a fear inspiring authority (like the South African Revenue Services), and have you enter your details including user name and password. With this information they either get you to pay into the wrong account (their temporary bank account which will close in a few days) or they  just access your bank account themselves.

Malicious Software: The spectrum of malicious software goes from software designed to annoy you (just because) to software that will damage your computer (designed by obscure and dark underground movements whose existence cannot be understood. The less evil ones are activists, aptly named Hacktivists). Keep in mind that there are technically gifted people out there who passionately despise corporations and governments that they deem evil. The movie Die Hard 4.0 with Bruce Willis should give you some idea of the problem.

Note: It is useful for anyone using a computer and the internet to keep in mind that exploiting security holes is BIG business. There is real money that is being made in the billions from selling information to marketers or reporters (leaked email/video etc), and sensitive information to government secret agencies and corporate product developers. Information is Money. Specifically, information about YOU is money. There are plenty interested in how you spend your day.

So what can YOU do about it. The best is to start doing things securely. Don’t leave it up to your IT guy to protect you because he/she is probably busy trying to plug security holes in your organisations network. It’s probably not even a good idea to wholly trust your human natured IT guy anyway.
So this is about you, and what you can do to start protecting yourself!

Below is a short summary of threats and preventions. Again, this is not comprehensive, it is as they say, “To get your feet wet and ease you in gently”.

Threats
Prevention
Malicious software Use antivirus
Social Engineering & Phishing Education – stay informed
Hacking Use different complex passwords for each login.
Information theft Encrypt all sensitive information.
Don’t delete sensitive information, shred it.
Computer Hijacking Use PC firewall & secure system settings.
Software weakness Always use newest software version.
Privacy – the internet has a memory Manage your browsing profile and cookies.

So the question now is, “Darn it, how do I do all this stuff? It’s too much!”
Here are the suggested tools you can use:
  1. Antivirus software
  2. Privacy cleanup software
  3. Encryption software
  4. File shredding software
  5. Password management software (to help you manage all those complex passwords)

Alas! It does not end here. There are some settings on your computer that are on by default that don’t do you any favours.
  • Almost all websites use cookies. Cookies are both good and bad. For websites that you trust, use them. For all other casual browsing use the privacy mode option of your browser. Look for it in your browser’s options or settings. Internet Explorer calls this InPrivate browsing; Firefox calls it Private Browsing; Google Chrome calls it Incognito; and some people jokingly call it “Porn Mode”. Look for it in your browser settings and start using it for websites you are unfamiliar with or for general browsing.  
  • Your computer has a built in firewall. Make sure that it is on and working. If you don’t trust it for whatever reason, check out Comodo Personal Firewall
  • Now for Windows computers there is something called Remote Assistance which allows technicians to connect to your computer remotely for support purposes. It is on by default. Look for it in system properties. Turn it off unless you have a very good reason to keep it on. 
  • Is the software you are using old? Most people I know don’t even upgrade their Internet Browser. Are you still using an old version of Internet Explorer? Upgrade it now because that is your first line of defence. 
  • If you can’t afford to buy new up to date software check out this list of free software you can use. 
  • Start reading those security alerts. Most banks have security alerts on their websites and just when you log in. Stop skipping them, read them. 
  • Don’t use internet caf├ęs to log into important accounts like your bank account. It’s just too easy for someone to use key stroke logging software to record everything you type on a public computer.
Now, just in case you are still having thoughts of slacking off on this security stuff, here is a little exercise for you. The challenge is for you to spot what’s wrong with the bank below:

Phishing.Example

The giveaway that this email is fake is actually very subtle so you probably missed it. As it turns out, most criminals are lousy at spelling. The words “recieved” and “discrepency” are both misspellings. Yep, a little more time in school goes a long way.

But the obvious giveaway is that a good bank should not be sending you an email like this. However, the major lesson here is that as criminals get more sophisticated you will have to pay more attention to the detail. Detail such as:
  • Am I on the correct website?
  • Is this URL or web address spelt correctly?
  • Is the site secure, that is, does it begin with https instead of http?
I hope this helps and will make you think carefully about your computer and internet security.

Related posts: Security and Encryption