The Tech Savvy Generation Myth Hurts All Of Us

Time to beat that dead horse again. Out of habit mainly, since statistically, it’s a total waste of time for me (and others, of course) to continue to advance the position that “education” should offer significant benefits in the fight against cybercrime. Users, it seems, remain unconvinced.

Unfortunately, there’s a huge imbalance in the fight against cybercrime. On the one side we have highly motivated, and technically astute, albeit despicable human beings – intent on causing harm. On the other side – you, me, and the rest – many of whom can be classed as stupidly arrogant in assessing their own technical capabilities. Tough talk? Not nearly tough enough from where I sit.

The Ponemon Institute and PC Tools, in a recent study/survey, marked this real gap between perceptions users have in their own abilities to stay safe on the Net, versus the reality. In a few words (my words, not theirs), too many computer users are dead stupid in assessing their own capabilities.

Hardly news though, is it? We’ve discussed this issue here, over and over. Which is why, I had a bit of a chuckle when I read Richard Clooke’s  (Richard is a highly competent online security expert at PC Tools, whom I’ve corresponded with occasionally) comment imbedded in the report –

“The longer term concern is that while many of us think that we are too savvy for online scams, the research demonstrates otherwise,” said Richard Clooke, online security expert at PC Tools. “Unless consumer behavior is addressed through education, the incidence of cyber criminals seeking to cash in on consumer trust and naivety online is likely to increase exponentially.”

Sadly, I’ll take issue with Richard’s last statement – good luck with the education thing. I have yet to see any improvement in “Internet Street Smarts” where education played a role – nor do I expect to. Why would there be, when the harmful myth of the “Tech Savvy Generation” continues to be taken at face value by so many.

Some time back, I wrote an article on this issue which has proven to be very popular with educational institutions, when used as a resource. If you missed this article, you’ll find it below:

Part Of The Tech Savvy Generation? How Tech Savvy Are You Really?

You’re part of a computer literate and technically competent generation – you know, the “tech savvy generation” we hear so much about.

So, when it comes to wandering through the risky Internet neighborhood that’s arguably full of predators, you tend not to worry.

You’re convinced, that since you’re a member of this tech savvy generation, when you surf the Internet, you can handle the dangers and pitfalls that wait for the typical unsuspecting user, (the user who’s not part of your tech savvy generation).

This unsophisticated non-tech savvy group are much more likely than you, to be pounced on by the multitude of scam artists, schemers and cyber crooks lurking in the shadows, just waiting for victims. Right?

It’s entirely possible of course, that you are computer literate, and technically competent. On the other hand, simply because you are a member of that generation who have grown up with computers, does not make you tech savvy. I hate to burst your bubble, but the concept of a “tech savvy generation” is a myth.

I understand why you may have bought into this myth. People love myths. It seems that we will buy into any myth provided it agrees with, or reinforces, our already held misconceptions.

Myths of course, get their status precisely because they do reinforce our beliefs, properly held or not. This myth (masterfully propagated by the media), continues to pose serious security risks for those who believe it.

Since I’m involved in Internet and system security, I have many opportunities to deal with the “tech savvy generation”, and overall, I find them no more competent than average/typical computer users.

Unfortunately, I find that not only does the tech savvy generation not know “what they don’t know”, they don’t want to hear about it because developing knowledge is hard, and it requires time and effort. Better to just hang on to the myth.

I’ll admit, that anecdotal evidence, while interesting, does not always tell the tale. On the other hand, gather enough anecdotal evidence and one may have enough data to propose a theory, that can withstand probing and prodding.

As a tech/geek/writer, I am in touch with loads of other techs/geeks/writers from around the world, on a fairly consistent basis. One undisputed reality that we all agree on is, the lack of knowledge exhibited by typical computer users, and that members of the tech savvy generation, are no more than typical computer users.

So, if you’re a member of the so called tech savvy generation, you need to consider these realities:

Cyber criminals count on your believing the myth. It makes their job just that much easier.

There’s a major lack of knowledge and skill relating to computers/connected devices, and security, in the tech savvy generation. You really are, just an average computer user.

Common sense tips:

Stop believing the myth.

Start being proactive when it comes to your computer and connected device’s security; part of that is making sure you have adequate software based protection to reduce the chances you will fall victim to cyber crime.

Recommended reading: Principles of Security: Keeping it Simple – by guest writer Mark Schneider, and – An Anti-malware Test – Common Sense Wins.

Scareware Is Everywhere – As Mac Users Just Found Out

The success cyber criminals have had with the recent Mac scareware attack (MacDefender, which has already morphed into a new variant – MacGuard), emphasizes the following point – given the opportunity, Mac users may be just as likely as Windows users to say “Yes” to an invitation to download a rogue security application.

Considering Apple’s marketing style, which reinforces the myth that Macs are inherently more resistant to malware infections than Windows PCs (bolstered by the cachet that Mac users are somehow smarter than PC users), I suspect that Mac users are in for a rough ride in the coming months. Undoubtedly, Mac users will learn that cyber criminals use of social engineering is not platform specific.

Hopefully, this reality check will put a stop to nonsensical forum comments like the following.

“Well this is why I’m glad to have a Mac just saying”

“If Windows didn’t exist these things wouldn’t happen to people”

Since myths tend to die a slow and painful death however, I somehow doubt it.

Early last year, I posted an article – Say “Yes” on the Internet and Malware’s Gotcha! – which pointed out the potential consequences to those Internet users who instinctively, and unthinkingly, click on “Yes” or “OK”. Given the unprecedented rise in the number of malicious scareware applications in the interim (often, but not exclusively, promoted through poisoned Google search results), that article is worth reposting.

The following is an edited version of that earlier article.

Virtually every computer user, at both the home user level (my friends), and at the corporate level, whom I come into contact with, tends to downplay personal responsibility for a malware infection.

I hear a lot of – “I don’t know what happened”; “it must have been one of the kids”; “all I did was download a free app that told me I was infected”; “no, I never visit porn sites” or, Bart Simpson’s famous line “it wasn’t me”. Sort of like “the dog ate my homework”, response. But we old timers, (sorry, seasoned pros), know the reality is somewhat different, and here’s why.

Cybercriminals overwhelmingly rely on social engineering to create an opportunity designed to drop malicious code, including rootkits, password stealers, Trojan horses, and spam bots, on Internet connected computers.

In other words, cybercriminals rely on the user/potential victim saying – “YES”.

Yes to:

Downloading that security app that told you your machine was infected. Thereby, infecting your computer with a rogue security application.

Opening that email attachment despite the fact it has a .exe .vbs, or .lnk.extension, virtually guaranteeing an infection.

Downloading that media player codec to play a  porno clip, which still won’t play, but your computer is now infected.

Clicking on links in instant messaging (IM) that have no context, or are composed of only general text, which will result in your computer becoming part of a botnet.

Downloading executable software from web sites without ensuring that the site is reputable. Software that may contain a Browser Hijacker as part of the payload.

Opening email attachments from people you don’t know. At a minimum, you will now get inundated with Spam mail which will increase the changes of a malware infection.

There are many more opportunities for you to say “yes”, while connected to the Internet, but those listed above are some of the the most common.

The Internet is full of traps for the unwary – that’s a sad fact, and that’s not going to change any time soon. Cyber criminals are winning this game, and unless you learn to say “NO”, it’s only a matter of time until you have to deal with a malware infected machine.

Here’s an example of a rogue security application getting ready to pounce. A progressively more common occurrence on the Internet.

I can’t say this often enough. Ensure you have adequate knowledge to protect yourself and stay ahead of the cybercrime curve. Make a commitment to acquire the knowledge necessary to ensure your personal safety on the Internet. In a word, become  “educated”.

If you lack this knowledge the answer is simple – you can get it. The Internet is loaded with sites (including this one), dedicated to educating computer users on computer security – including providing application reviews, and links to appropriate security software solutions.

It’s important to be aware however, that security applications alone, will not ensure your safety on the Internet. You really do need to become proactive to your Internet safety and security. And that does mean becoming educated.

Internet users who are aware of significant changes in the Internet security landscape, will react accordingly. Unfortunately, experience has taught me that you can’t fix stupid.

Before you say “yes”

Stop – consider where you’re action might lead

Think – consider the consequences to your security

Click – only after making an educated decision to proceed

Consider this from Robert Brault:

“The ultimate folly is to think that something crucial to your welfare is being taken care of for you”.

I’ll put it more bluntly – If you get a malware infection; it’s virtually certain it’s your fault. You might think – here’s this smug, cynical guy, sitting in his office, pointing undeserved critical fingers. Don’t believe it.

If users followed advice posted here, and advice from other security pros, and high level users, the Internet could be a vastly different experience for many. At the very least, we might have half a chance of dealing more effectively with the cybercriminal element. To this point, we’re losing rather magnificently.

Computer users would be vastly better off if they considered Internet security advice, as a form of inoculation. It’s a relatively painless way to develop immunization. While inoculations can be mildly painful, the alternative can be a very painful experience.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Depending On Your Antimalware Applications For Internet Security? An Infection Is On The Way!

Let me begin this article by defining the word “responsibility”, a concept which appears to me, to be losing its place in modern culture.

Definition – a duty or obligation to satisfactorily perform or complete a task (assigned by someone, or created by one’s own promise or circumstances) that one must fulfill, and which has a consequent penalty for failure.

Virtually every computer user, at both the home user level and at the corporate level, whom I come into contact with, fails to take personal responsibility for their security on the Internet.

After all, the reasoning seems to be, I’ve got ABC anti-virus and ABC anti-spyware. Or, my employer takes care of that. But, as the above definition makes crystal clear, there is a penalty for failure to personally assume the burden of responsibility.

Look, the indisputable facts are:

As an Internet user you are engaged in a battle, yes a battle, against highly sophisticated and highly organized cyber-criminals who are relentless in their pursuit of your money and make no mistake – it’s all about the money; your money.

In the worst case scenario, your identity and your financial security can be severely compromised by these cyber-criminals.

It’s no accident that cyber crime is now a 100+ BILLION dollar industry. Make no mistake, this IS an industry. An industry which incorporates all of the strategic planning, and best practices, required to maximize profit.

Today’s cyber-crooks are smart; very smart. They are not, as many people believe, teenage hackers sitting at their computers playing at hacking.

Looking at recent estimates provided by a large number of Internet security providers, the consensus seems to be that there are over 20,000,000 malware programs currently circulating on the Internet. This is not the work of teenage hackers.

Many Internet security companies report having to deal with up to 20,000 new versions of malware – every single day! Here’s the math; one new malware program every four seconds!

Being involved in computer security, I am amazed, and frustrated, at the lack of personal responsibly exhibited by most typical computer users, and most importantly, the lack of commitment to acquiring the knowledge necessary to ensure personal safety on the Internet. In a word, becoming “educated”.

Users need to stop depending on their security applications alone to ensure their safety. They need to become proactive, which means becoming educated and personally responsible, rather than continuing to be reactive to threats to their safety.

Depending on security applications to provide the ultimate in protection, is an absolute “non-starter”. Security applications do not, and never have had the ability to this, despite the commonly held belief to the contrary.

If you’re struggling with the reality of this statement, take a look at “Testing of antiviruses for the treatment of active infections” from Anti-malware Test Lab. I guarantee you, you’ll be unpleasantly surprised.

Enhance your security on the Internet by:

Choosing to become educated on the realities of cyber crime.

Taking personal responsibility for your own security.

A major step you can take to in prevent yourself from becoming a victim of cyber-criminals is to overcome the instinctive response to just “click” while surfing the Internet.

That instinctive response poses one of the biggest risks to your online safety and security.

Stop – consider where you’re action might lead.

Think – consider the consequences to your security.

Click – only after making an educated decision to proceed.

Consider this from Robert Brault:

“The ultimate folly is to think that something crucial to your welfare is being taken care of for you”.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Part Of The Tech Savvy Generation? How Tech Savvy Are You Really?

You’re part of a computer literate and technically competent generation – you know, the “tech savvy generation” we hear so much about.

So, when it comes to wandering through the risky Internet neighborhood that’s arguably full of predators, you tend not to worry.

You’re convinced, that since you’re a member of this tech savvy generation, when you surf the Internet, you can handle the dangers and pitfalls that wait for the typical unsuspecting user, (the user who’s not part of your tech savvy generation).

This unsophisticated non-tech savvy group are much more likely than you, to be pounced on by the multitude of scam artists, schemers and cyber crooks lurking in the shadows, just waiting for victims. Right?

It’s entirely possible of course, that you are computer literate, and technically competent. On the other hand, simply because you are a member of that generation who have grown up with computers, does not make you tech savvy. I hate to burst your bubble, but the concept of a “tech savvy generation” is a myth.

I understand why you may have bought into this myth. People love myths. It seems that we will buy into any myth provided it agrees with, or reinforces, our already held misconceptions.

Myths of course, get their status precisely because they do reinforce our beliefs, properly held or not. This myth (masterfully propagated by the media), continues to pose serious security risks for those who believe it.

Since I’m involved in Internet and system security, I have many opportunities to deal with the “tech savvy generation”, and overall, I find them no more competent than average/typical computer users.

Unfortunately, I find that not only does the tech savvy generation not know “what they don’t know”, they don’t want to hear about it because developing knowledge is hard, and it requires time and effort. Better to just hang on to the myth.

I’ll admit, that anecdotal evidence, while interesting, does not always tell the tale. On the other hand, gather enough anecdotal evidence and one may have enough data to propose a theory, that can withstand probing and prodding.

As a tech/geek/writer, I am in touch with loads of other techs/geeks/writers from around the world, on a fairly consistent basis. One undisputed reality that we all agree on is, the lack of knowledge exhibited by typical computer users, and that members of the tech savvy generation, are no more than typical computer users.

So, if you’re a member of the so called tech savvy generation, you need to consider these realities:

Cyber criminals count on your believing the myth. It makes their job just that much easier.

There’s a major lack of knowledge and skill relating to computers/connected devices, and security, in the tech savvy generation. You really are, just an average computer user.

Common sense tips:

Stop believing the myth.

Start being proactive when it comes to your computer and connected device’s security; part of that is making sure you have adequate software based protection to reduce the chances you will fall victim to cyber crime.

Recommended reading: Principles of Security: Keeping it Simple – by guest writer Mark Schneider, and – An Anti-malware Test – Common Sense Wins.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Do We Need to “Fix” the Internet?

Each time that you connect to the Internet you are unfortunately, wandering through a raucous neighborhood which has a reputation for being jam-packed with predators.

These predators are intent on stealing your money and personal information, installing damaging programs on your computer, or misleading you with an online scam.

Cyber-crooks are relentless in their pursuit of your money, and it’s all about the money. In the worst case scenario, your identity and your financial security can be severely compromised.

Recently, Symantec reported that 51% of all the viruses, Trojans and other forms of malware it has ever seen were logged during 2009, and Symantec has been in the security business since before the Internet was launched.

Each day, when I boot up my home machine, Immunet Protect, advises me that it is protecting me against 12 Million threats. Today for example (May 16, 2010, the number is 12,866,263. That number is truly mind blowing.

Note: Later in the day, following a re-boot, I noticed that the protection level had risen to 12,876,095 – 10,000 additional threats had been identified.

Various Internet security companies report having to deal with up to as many as 40,000 new versions of malware daily. Here’s the math; one new malware program every four seconds!

Anti malware developer Comodo, looks at these numbers in a way that we can more easily relate to, in its instructive video – Did you Know? Dangers on the Web.

“Did you know that the amount of new malware discovered daily approximates the number of words a person speaks daily?

Or, the amount of money lost by US Consumers due to malware over the past 2 years would have paid the tuition of over one million US College Students?”

Seen in this way, cybercrime takes on a whole new dimension.

Since additional sophisticated threats are constantly being developed, or are currently being deployed, some observers are of the opinion that the Internet is essentially broken.

If you think this is an exaggeration, check this out and then you decide.

Tainted search engine results: Internet security gurus have known for some time that we cannot rely on Internet search engine output to be untainted, and free of potential harmful exposure to malware.

Cyber-crooks continue to be unrelenting in their chase to infect web search results, seeding malicious websites among the top results returned by these engines.

When a potential victim visits one of these sites, the chances of downloading malicious code onto the computer by exploiting existing vulnerabilities, is extremely high.

Infected legitimate websites: According to security solution provider  Kaspersky, the rate of infected legitimate web sites, in 2006, was one in every 20,000. In 2009, one in every 150 legitimate was infected by malware, according to Kaspersky.

Drive-by downloads: Drive-by downloads are not new; they’ve been lurking around for years it seems, but they’ve become much more common and craftier recently.

If you’re unfamiliar with the term, drive-by download, they are essentially programs that automatically download and install on your computer without your knowledge.

This action can occur while visiting an infected web site, opening an infected HTML email, or by clicking on a deceptive popup window. Often, more than one program is downloaded; for example, file sharing with tracking spyware is very common. It’s important to remember that this can take place without warning, or your approval.

Rogue software: A rogue security application (scareware), is an application usually found on free download and adult websites, or it can be installed from rogue security software websites, using Trojans or, manipulating Internet browser security holes.

After the installation of rogue security software the program launches fake or false malware detection warnings. Rogue security applications, and there seems to be an epidemic of them on the Internet currently, are developed to mislead uninformed computer users’ into downloading and paying for the “full” version of this bogus software, based on the false malware positives generated by the application.

Even if the full program fee is paid, rogue software continues to run as a background process incessantly reporting those fake or false malware detection warnings. Over time, this type of software will essentially destroy the victim’s computer operating system, making the machine unusable.

Email scams: Email scams work because the Cyber-crooks responsible use social engineering as the hook; in other words they exploit our curiosity. The fact is, we are all pretty curious creatures and let’s face it, who doesn’t like surprise emails? I think it’s safe to say, we all love to receive good news emails.

It seems that more and more these days, I get phishing emails in my inboxes all designed to trick me into revealing financial information that can be used to steal my money.

If you’re unfamiliar with phishing, it is defined as the act of tricking unsuspecting Internet users into revealing sensitive or private information. In a phishing attack, the attacker creates a set of circumstances where the potential victims are convinced that they are dealing with an authorized party. It relies for its success on the principle that asking a large number of people for this information, will always deceive at least some of those people.

A personal example of how this works is as follows. According to a recent email (similar in form and content to 20+ I receive each month), my online banking privileges with Bank of America had been blocked due to security concerns. This looked like an official email and the enclosed link made it simple to get this problem solved with just a mouse click. What could be easier than that?

Clicking on the link would have redirected me to a spoof page, comparable to the original site, and I would then have begun the process whereby the scammers would have stripped me of all the confidential information I was willing to provide.

My financial and personal details, had I entered them, would then have been harvested by the cyber-crooks behind this fraudulent scheme who would then have used this information to commit identity and financial theft.

These types of attacks against financial institutions, and consumers, are occurring with such frequency that the IC³ (Internet Crime Complaint Center), has called the situation “alarming”, so you need to be extremely vigilant.

This is by no means an exhaustive list of the dangers we are exposed to on the Internet. There are many more technical reasons why the Internet is becoming progressively more dangerous which are outside the scope of this article.

So what do you think? Is the Internet broken – do we need to fix it, and if so, how can we do that?

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Say “Yes” on the Internet and Malware’s Gotcha!

Virtually every computer user, at both the home user level (my friends), and at the corporate level, whom I come into contact with, tends to downplay personal responsibility for a malware infection.

I hear a lot of – “I don’t know what happened”; “it must have been one of the kids”; “all I did was download a free app that told me I was infected”; “no, I never visit porn sites” or, Bart Simpson’s famous line “it wasn’t me”. Sort of like “the dog ate my homework”, response. But we old timers, (sorry, seasoned pros), know the reality is somewhat different, and here’s why.

Cybercriminals overwhelmingly rely on social engineering to create an opportunity designed to drop malicious code, including rootkits, password stealers, Trojan horses, and spam bots, on Internet connected computers.

In other words, cybercriminals rely on the user/potential victim saying – “YES”.

Yes to:

Downloading that security app that told you your machine was infected. Thereby, infecting your computer with a rogue security application.

Opening that email attachment despite the fact it has a .exe .vbs, or .lnk.extension, virtually guaranteeing an infection.

Downloading that media player codec to play a  porno clip, which still won’t play, but your computer is now infected.

Clicking on links in instant messaging (IM) that have no context, or are composed of only general text, which will result in your computer becoming part of a botnet.

Downloading executable software from web sites without ensuring that the site is reputable. Software that may contain a Browser Hijacker as part of the payload.

Opening email attachments from people you don’t know. At a minimum, you will now get inundated with Spam mail which will increase the changes of a malware infection.

There are many more opportunities for you to say “yes”, while connected to the Internet, but those listed above are some of the the most common.

The Internet is full of traps for the unwary – that’s a sad fact, and that’s not going to change any time soon. Cyber criminals are winning this game, and unless you learn to say “NO”, it’s only a matter of time until you have to deal with a malware infected machine.

Here’s an example of a rogue security application getting ready to pounce. A progressively more common occurrence on the Internet.

I can’t say this often enough. Ensure you have adequate knowledge to protect yourself and stay ahead of the cybercrime curve. Make a commitment to acquire the knowledge necessary to ensure your personal safety on the Internet. In a word, become  “educated”.

If you lack this knowledge the answer is simple – you can get it. The Internet is full of sites (including this one), dedicated to educating computer users on computer security, including providing application reviews, and links to appropriate security software solutions.

It’s important to be aware however, that security applications alone, will not ensure your safety on the Internet. You really do need to become proactive to your Internet safety and security. And that does mean becoming educated.

Here’s a perfect example why there’s a critical need for you to take personal responsibility for your Internet security. Just this morning (May 11, 2010), I posted the following link to an article from ZDNet’s, Adrian Kingsley-Hughes – UPDATE – New attack bypasses EVERY Windows security product.

Those Internet users who become aware of this highly significant change in the Internet security landscape, will react accordingly. Unfortunately, experience has taught me that the majority of users will not hear of this. So, we’ll be faced with a new crop of cybercriminal victims.

As we have pointed out many times on this site, the instinctive human response to say “yes”, poses one of the biggest risks to online safety and security.

Before you say “yes”

Stop – consider where you’re action might lead

Think – consider the consequences to your security

Click – only after making an educated decision to proceed

Just a quick little aside here:

Earlier this year, I spent some time at my local hospital, and while I was there, I couldn’t help but notice Nurses logging on to Facebook. I was astonished to see, that this was happening on the the same system on which my personal medical records were stored.

Just as if it was ordained, the entire system suffered a virus infection while I was there. A little investigating showed that this was not the only malware attack, on that system, in the recent past. A dictionary definition of negligence, in my view.

Arguably, we’re facing a systemic problem – primarily a problem of computer users (both corporate and home users), lacking the necessary skills to protect against cybercrime.

But back to the topic at hand.

Consider this from Robert Brault:

“The ultimate folly is to think that something crucial to your welfare is being taken care of for you”.

I’ll put it more bluntly – If you get a malware infection; it’s virtually certain it’s your fault. You might think – here’s this smug, cynical guy, sitting in his office, pointing undeserved critical fingers. Don’t believe it.

If users followed advice posted here, and advice from other security pros, and high level users, the Internet could be a vastly different experience for many. At the very least, we might have half a chance of dealing more effectively with the cybercriminal element. To this point, we’re losing rather magnificently.

Computer users would be vastly better off if they considered Internet security advice, as a form of inoculation. It’s a relatively painless way to develop immunization. While inoculations can be mildly painful, the alternative can be a very painful experience.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Just Say “No” to Computer Malware

In the years I’ve been involved with computer security, I have rarely heard an infected computer user take responsibility for a malware infection.

Virtually every computer user, at both the home user level, and at the corporate level, whom I come into contact with, tends to downplay personal responsibility for a malware infection.

I hear a lot of – “I don’t know what happened”; “it must have been one of the kids”; “all I did was download a free app that told me I was infected”; “no, I never visit porn sites” or, Bart Simpson’s famous line “it wasn’t me”. Sort of like “the dog ate my homework”, response.

But we old timers know the reality is somewhat different, and here’s why. Cybercriminals overwhelmingly rely on social engineering to create an opportunity designed to drop malicious code, including rootkits, password stealers, Trojan horses, and spam bots, on Internet connected computers. In other words, cybercriminals rely on the user saying – “YES”.

Yes to:

Downloading that security app that told you your machine was infected. Thereby, infecting your computer with a rogue security application.

Opening that email attachment despite the fact it has a .exe .vbs, or .lnk.extension, virtually guaranteeing an infection.

Downloading that media player codec to play a  porno clip, which still won’t play, but your computer is now infected.

Clicking on links in instant messaging (IM) that have no context, or are composed of only general text, which will result in your computer becoming part of a botnet.

Downloading executable software from web sites without ensuring that the site is reputable. Software that may contain a Browser Hijacker as part of the payload.

Opening email attachments from people you don’t know. At a minimum, you will now get inundated with Spam mail which will increase the changes of a malware infection.

There are many more opportunities for you to say “yes”, while connected to the Internet, but those listed above are some of the the most common.

The Internet is full of traps for the unwary – that’s a fact, and that’s not going to change any time soon. Cyber criminals are winning this game, and unless you learn to say “NO”, it’s only a matter of time until you have to deal with a malware infected machine.

An example of a rogue security application getting ready to pounce.

Don’t play the “yes” game. Ensure you have adequate knowledge to protect yourself and stay ahead of the curve. Make a commitment to acquire the knowledge necessary to ensure your personal safety on the Internet. In a word, become  “educated”.

If you lack this knowledge the answer is simple – you can get it. The Internet is full of sites (including this one), dedicated to educating computer users on computer security, including providing application reviews, and links to appropriate security software solutions.

It’s important to be aware however, that security applications alone, will not ensure your safety on the Internet. You really do need to become proactive to your Internet safety and security. And that does mean becoming educated, and taking personal responsibility for your Internet security.

As we have pointed out many times on this site, the instinctive human response to say “yes”, poses one of the biggest risks to online safety and security.

Before you say “yes” –

Stop – consider where you’re action might lead

Think – consider the consequences to your security

Click – only after making an educated decision to proceed

Consider this from Robert Brault:

“The ultimate folly is to think that something crucial to your welfare is being taken care of for you”.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Internet Dangers – Real Life Stories

Many of my friends think that I lean towards a “scare them to death” philosophy, when it comes to the Internet. I often get badgered with “friendly” questions such as – “Don’t you ever see anything good about the Internet?” Or, “Don’t you get tired of scaring people with all your talk of the dangers on the Internet?”

Frankly, I find it enormously depressing writing on malware, scareware, Browser exploits, and all the other exploits that continue to threaten our enjoyment of the Internet. Testing and recommending new software, is much more appealing.

But, when all is said and done, I’m left with this question – if I don’t educate my friends, and by extension, my readers, who will?

Just to be clear – there is no doubt that the Internet can provide a rich educational and cultural experience, at a minimum, but at the same time, it is virtually impossible for users not to be exposed to the underbelly of the Internet.

The sad reality is, the majority of computer users are undereducated when it comes to recognizing the dangers, and threats, that the Internet poses to their computers and to their personal privacy. This is a case where, what you don’t know can hurt you – big time!

For this article, rather than me get up on my “the Internet can be a dangerous place” soapbox, one more time, let me offer you two edited comments from readers following recent articles.

The question that arises from both these comments might be – if a technically sophisticated computer user finds navigating the Internet hazardous then, is an average user now essentially at the mercy of cybercriminals?

The first comment is from Mark Schneider, a high level “super user”, who occasionally guest writes on this Blog.

I agree with you about personal responsibility being paramount; even the careful user can get into trouble. My daughter borrowed my old ThinkPad recently – she needed it for doing research for the colleges she’s applying to. Everything seemed fine when I used the machine again.

I did a routine scan and MalwareBytes found 15 Trojans and at least one rootkit. I was not amused, and when I checked the browsing history, virtually every site (she visited), had been an .edu site. I looked into it and found out many .gov and .edu sites have been compromised.

I’ve gone to using “No-scripts” extension with Firefox as well as the usual tools. And frankly, outside an enterprise firewall I’m beginning to question running XP at all anymore. Many applications don’t work well when running as a limited user so, you end up running as admin.

With the number zero day exploits these days, and the state of the Internet, (with the use of JavaScript everywhere), it’s getting tough to stay safe even when following decent security protocols.

I’ve begun test running Open Solaris, in a virtual machine, to do online banking and going to my eBay account. I don’t want to sound paranoid but, Windows users are at risk every time they go online. I think Vista and Windows 7 are more secure than XP if you turn the (much hated) User Account Control to maximum protection, but then people complain about convenience.

Unfortunately convenience and security are two diametrically opposite realities – it’s very difficult to have both while running Windows online in 2009.

Sorry about the rant but I guess I’m a little frustrated as well.

The second comment is from reader RHH who occasionally comments here.

As a recent victim of an infected link on Goggle, and having previously installed the new Panda Cloud anti-malware service, I wonder why Panda could not stop the auto loader malware as the malware certainly was in circulation longer than the 6 minutes Panda touts as their ability to mark a malware and neutralize it. I would add that not even the WOT had marked the infected link as unsafe.

Also, I hope Firefox can give us a way to selectively stop the browser from restoring a session and restarting an infected web site after having shut down a computer.

I also wonder why Goggle cannot get the links in their system screened to prevent, or at least minimize, malware from being passed forward to the users. If Cyveillance Blog can screen and find 250,000+ problem sites, cannot Google do the same and counter attack somehow?

It honestly seems like major players like Google, and others, also have a stake and responsibility to work at getting the malware out of their links before we run into them – no matter how hard we work at avoiding problems.

So what do you think? Has the Internet now reached a critical mass in terms of cybercrime?

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Follow the 3 Magic Steps to Internet Security – Stop – Think – Click

Let me begin this article by defining the word “responsibility”, a concept which appears to me, to be losing its place in modern culture.

Definition – a duty or obligation to satisfactorily perform or complete a task (assigned by someone, or created by one’s own promise or circumstances) that one must fulfill, and which has a consequent penalty for failure.

Virtually every computer user, at both the home user level and at the corporate level, whom I come into contact with, fails to take personal responsibility for their security on the Internet.

After all, the reasoning seems to be, I’ve got ABC anti-virus and ABC anti-spyware. Or, my employer takes care of that. But, as the above definition makes crystal clear, there is a penalty for failure to personally assume the burden of responsibility.

Look, the indisputable facts are:

As an Internet user you are engaged in a battle, yes a battle, against highly sophisticated and highly organized cyber-criminals who are relentless in their pursuit of your money and make no mistake – it’s all about the money; your money.

In the worst case scenario, your identity and your financial security can be severely compromised by these cyber-criminals.

It’s no accident that cyber crime is now a 100+ BILLION dollar industry. Make no mistake, this IS an industry. An industry which incorporates all of the strategic planning, and best practices, required to maximize profit.

Today’s cyber-crooks are smart; very smart. They are not, as many people believe, teenage hackers sitting at their computers playing at hacking.

Looking at recent estimates provided by a large number of Internet security providers, the consensus seems to be that there are over 11,000,000 malware programs currently circulating on the Internet. This is not the work of teenage hackers.

Many Internet security companies report having to deal with up to 20,000 new versions of malware – every single day! Here’s the math; one new malware program every four seconds!

Until a year or so ago, I agreed with the consensus that typical/average Internet users were simply unaware of the potential dangers all of us are forced to deal with while attached to the Internet? I’ve now revised my views.

Being involved in computer security, I am amazed and frankly frustrated, at the lack of personal responsibly exhibited by most typical computer users, and most importantly, the lack of commitment to acquiring the knowledge necessary to ensure personal safety on the Internet. In a word, becoming “educated”.

Users need to stop depending on their security applications alone to ensure their safety. They need to become proactive, which means becoming educated and personally responsible, rather than continuing to be reactive to threats to their safety.

Depending on security applications to provide the ultimate in protection, is an absolute “non-starter”. Security applications do not, and never have had the ability to this, despite the commonly help belief to the contrary. If you’re struggling with the reality of this statement, take a look at “Anti-Malware Solutions Test Results” from Anti-malware Test Lab. You might be in for a very unpleasant surprise.

Enhance your security on the Internet by:

Choosing to become educated on the realities of cyber crime

Taking personal responsibility for your own security

A major step you can take to in prevent yourself from becoming a victim of cyber-criminals is to overcome the instinctive response to just “click” while surfing the Internet.

That instinctive response poses one of the biggest risks to your online safety and security.

Stop – consider where you’re action might lead

Think – consider the consequences to your security

Click – only after making an educated decision to proceed

Consider this from Robert Brault:

“The ultimate folly is to think that something crucial to your welfare is being taken care of for you”.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Should You Need a License to Surf the Internet? – You Decide

Car drivers must be educated, practiced, and licensed in order to drive a car. This legal requirement of course, does not stop drunk drivers from getting into a car and killing innocent victims.

And it certainly does not eliminate our exposure to the speeders, tailgaters, and the road ragers that seem to plague our highways. Licensing then, doesn’t seem to eliminate the risks we face on the road.

So would requiring a license to use the Internet make it a safer place for all of us? Would requiring a license from the “Department of Computer Literacy”, protect us from the ever increasing exposure we all face to Trojans, Spyware, Virus’, Phishing Scams, Identity Theft, ….. the list goes on.

You may think that I’m being facetious; but I’m not. The fact is the dangers on the Internet are not, in a sense, unlike the dangers and risks we face while driving on our streets and highways.

Unlike the need to be educated and practiced, in order to qualify for a driver’s license; to access the Internet all that is required is a modem attached to a computer. There’s no need to prove qualifications. There’s no need to prove an awareness of the very real dangers that the Internet presents.

Being involved in computer security, I am amazed at the lack of knowledge exhibited by typical computer users, and most importantly, the lack of knowledge concerning the need to secure their machines against the ever increasing risks on the Internet.

I’m not talking about unintelligent people here. I am talking about people who are intelligent in every other aspect of life, but who view computers like cavemen who saw fire for the first time.

The problem, it seems, is multifaceted. Part of the problem is simply fear. People do not understand computers, so they are afraid of them in a sense. Secondly, people generally, are simply not interested in learning about computers sufficiently to make the fear go away. The question is, of course, should they need to know anything other than how to turn on a computer? Well maybe not.

Many computer experts agree that it is primarily flawed computer software, and not just inadequate user knowledge, that is the biggest contributor to the proliferation of unsecured computer systems and cyber-crime, on the Internet.

It seems to me then, what is needed as a good first step, are machines that are designed with simple, but internally sophisticated operating systems, secure and easy to use for the majority of users; where no user interaction is required to maintain the security of the system.

We now live in the age of the “Interconnectedness of All Things” in which we are beginning to see the development and availability of large numbers of Internet connected devices. There is no doubt that this will lend new strength to computer-aided crime and perhaps even terrorists.

Unless we develop a rational approach to the underlying security issues surrounding the Internet, and insist software companies’ stop rushing out new products with little regard for security, hackers will continue to flourish and successful attacks on computers over the internet will continue to proliferate.

There are steps you can take to decrease the likelihood you will be the victim of a successful attack on your computer.

The following is a brief guide to the basic security issues you should be aware of on the Internet, followed by a guide to some of the steps you can take to secure your computer for Internet usage.

Security risks on the Internet you need to be aware of:

Trojan horse programs

Back door and remote administration programs

Denial of service

Being an intermediary for another attack

Unprotected Windows shares

Mobile code (Java, JavaScript, and ActiveX)

Cross-site scripting

Email spoofing

Email-borne viruses

Hidden file extensions

Chat clients

Packet sniffing

Security Checklist: Actions you can take to protect your computer system:

Install WOT (Web of Trust), a free Internet Browser add-on. WOT tests web sites you are visiting for spyware, spam, viruses, browser exploits, unreliable online shops, phishing, and online scams, helping you avoid unsafe sites.

Don’t open unknown email attachments

Don’t run programs of unknown origin

Disable hidden filename extensions

Keep all applications (including your operating system) patched

Turn off your computer or disconnect from the network when not in use

Disable Java, JavaScript, and ActiveX if possible

Disable scripting features in email programs

Make regular backups of critical data

Make a boot disk in case your computer is damaged or compromised

Turn off file and printer sharing on the computer

Install a personal firewall on the computer

Install anti-virus and anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet

Ensure the anti-virus software scans all e-mail attachments