As highly regarded security guru Bruce Schneier says, “If you think technology can solve your security problems, then you don’t understand the problems and you don’t understand the technology”
Unfortunately, the average user continues to rely only on technology for protection. Recently, I setup a new computer system for a friend; an average user, and as I was tinkering with her system, one though kept bouncing around in my head. “What do I need to do to keep her protected on the Internet?”
I started with the usual things of course, including installing the following security applications.
– PC Tools Firewall is definitely worth considering as a new Firewall installation, or as a replacement for a current Firewall that is not meeting expectations.
– Easy to set up and run, particularly for new users. The interface is positively simple offering Quick Scan, Full Scan, or Custom Scan. Provides full real time protection against viruses, spyware, and other malicious software.
– Offers on demand scans for viruses, Trojans, backdoor programs, hoaxes, worms, dialers and other malicious programs. As well you can repair, delete, block, rename and quarantine programs, or files.
– I then installed the most effective security add-ons, including NoScript, KeyScrambler, Adblock Plus and BetterPrivacy.
– Web of Trust, a browser add-on which offers Internet users active preventive protection against Web-based attacks, online scams, identify theft, and unreliable shopping sites.
– This program uses a simple yet effective method of fighting all kinds of malicious programs.
– An isolator which dynamically isolates Internet applications including Web Browsers, Chat Clients, Email Clients, and so on.
– A simple, intuitive, and easy to use interface, makes Malwarebytes’ Anti-Malware straightforward to setup, customize and run, for both less experienced and expert users alike. This application was installed as a secondary on demand scanner.
– SUPERAntiSpyware is also straightforward to setup, customize and run, for both less experienced and expert users alike. This application was installed as an additional secondary on demand scanner. This should not be considered overkill – there is no one single anti-malware application that is likely to catch everything. Better safe than sorry, and all that.
ThreatFire blocks mal-ware, including zero-day threats, by analyzing program behavior and it does a stellar job. Again, this is one of the security applications that forms part of my own front line defenses.
So what could go wrong with this kind of armor against the pack of jackal-like cyber-criminals who prowl the Internet? The short answer is – plenty.
Malware evolves so rapidly today, that staying ahead of the curve has proven to be all but impossible for security software developers, despite their best efforts.
While it may be true that reputable Anti-malware software is often capable of detecting harmful and malicious attempts to compromise a computer, this is not always the case. Anti-malware programs that rely on a definition database (most anti-malware programs), can often be behind the curve in recognizing the newest threats.
You might be wondering just how many new malware threats circulate on the Internet – and here’s one answer. Over the last three months alone, PandaLabs has recorded five million new strains of malware.
On the face of it, it may appear that this huge number of new malware strains presents an insurmountable problem. But malware itself is only part of the problem.
The method used to deliver the malware – social engineering – that’s the most significant problem currently, for an average user. Social engineering, which relies on, and exploits our natural curiosity, is a sure winner for the bad guys.
Cyber-criminals are increasingly relying on this aspect of social engineering to create an opportunity designed to drop malicious code, including rootkits, password stealers, Trojan horses, and spam bots on our computers.
So the problem I found myself having to deal with was “If all these security applications I installed won’t offer her absolute protection against cyber-criminals, what, or who will?” The only plausible answer was – she must take on this responsibility herself. The inescapable fact is – she must become her own best protection. In my experience it’s the only strategy that works.
My friend, (just like most average users), had a need to believe, and desperately wanted to be able to trust, that the installed security applications would totally protect her on the Internet.
She, like the rest of us, needed to become convinced that a mild case of paranoia when using the Internet, was in her own best interest. Being suspicious, and untrusting while surfing the web, might not make her invulnerable to malware infections or worse, but it will certainly reduce her odds enormously.
It took considerable effort to finally convince her that mild paranoia would play an important role in preventing her from becoming a victim of cyber criminals.
Particularly, overcoming the instinctive human response (and we all have it), to just “click” while surfing the Internet. That instinctive response, would pose one of the biggest risks to her online safety and security.
Security experts argue (including me), that a significant number of malware infections could be avoided if users stopped “just clicking haphazardly” or opening the types of files that are clearly dangerous.
At the end of the day, I finally managed to get her agreement that she would not engage in any of the following unsafe surfing practices.
Downloading files and software through file-sharing applications such as BitTorrent, eDonkey, KaZaA and other such programs.
Clicking links in instant messaging (IM) that have no context or are composed of only general text.
Downloading executable software from web sites without ensuring that the site is reputable.
Using an unsecured USB stick on public computers, or other computers that are used by more than one person.
Opening email attachments from unknown people.
Opening email attachments without first scanning them for viruses.
Opening email attachments that end in a file extension of .exe, .vbs, or .lnk.
Regular readers of this site are very familiar with the following recommended security strategy to protect their computer system, their money and their identity:
Don’t open unknown email attachments
Don’t run programs of unknown origin
Disable hidden filename extensions
Keep all applications (including your operating system) patched
Turn off your computer or disconnect from the network when not in use
Disable scripting features in email programs
Make regular backups of critical data
Make a boot disk in case your computer is damaged or compromised
Turn off file and printer sharing on the computer
Install a personal firewall on the computer
Install anti-virus and anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet
Ensure the anti-virus software scans all e-mail attachments
Be proactive when it comes to your computer’s security; make sure you have adequate software based protection to reduce the chances that your machine will become infected. Most of all, understand that you are your own best protection.
Well known software developer Comodo Group, have developed a new Internet video series, Really Simple Security, published on a dedicated YouTube channel, that makes it easier than ever for an average user to become much more proactive in their own protection. This is a site that should be in everyone’s bookmarks.
If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.