Tag Archives: dangers

The Tech Savvy Generation Myth Hurts All Of Us

imageTime to beat that dead horse again. Out of habit mainly, since statistically, it’s a total waste of time for me (and others, of course) to continue to advance the position that “education” should offer significant benefits in the fight against cybercrime. Users, it seems, remain unconvinced.

Unfortunately, there’s a huge imbalance in the fight against cybercrime. On the one side we have highly motivated, and technically astute, albeit despicable human beings – intent on causing harm. On the other side – you, me, and the rest – many of whom can be classed as stupidly arrogant in assessing their own technical capabilities. Tough talk? Not nearly tough enough from where I sit.

The Ponemon Institute and PC Tools, in a recent study/survey, marked this real gap between perceptions users have in their own abilities to stay safe on the Net, versus the reality. In a few words (my words, not theirs), too many computer users are dead stupid in assessing their own capabilities.

Hardly news though, is it? We’ve discussed this issue here, over and over. Which is why, I had a bit of a chuckle when I read Richard Clooke’s  (Richard is a highly competent online security expert at PC Tools, whom I’ve corresponded with occasionally) comment imbedded in the report –

“The longer term concern is that while many of us think that we are too savvy for online scams, the research demonstrates otherwise,” said Richard Clooke, online security expert at PC Tools. “Unless consumer behavior is addressed through education, the incidence of cyber criminals seeking to cash in on consumer trust and naivety online is likely to increase exponentially.”

Sadly, I’ll take issue with Richard’s last statement – good luck with the education thing. I have yet to see any improvement in “Internet Street Smarts” where education played a role – nor do I expect to. Why would there be, when the harmful myth of the “Tech Savvy Generation” continues to be taken at face value by so many.

Some time back, I wrote an article on this issue which has proven to be very popular with educational institutions, when used as a resource. If you missed this article, you’ll find it below:

Part Of The Tech Savvy Generation? How Tech Savvy Are You Really?

You’re part of a computer literate and technically competent generation – you know, the “tech savvy generation” we hear so much about.

So, when it comes to wandering through the risky Internet neighborhood that’s arguably full of predators, you tend not to worry.

You’re convinced, that since you’re a member of this tech savvy generation, when you surf the Internet, you can handle the dangers and pitfalls that wait for the typical unsuspecting user, (the user who’s not part of your tech savvy generation).

This unsophisticated non-tech savvy group are much more likely than you, to be pounced on by the multitude of scam artists, schemers and cyber crooks lurking in the shadows, just waiting for victims. Right?

It’s entirely possible of course, that you are computer literate, and technically competent. On the other hand, simply because you are a member of that generation who have grown up with computers, does not make you tech savvy. I hate to burst your bubble, but the concept of a “tech savvy generation” is a myth.

I understand why you may have bought into this myth. People love myths. It seems that we will buy into any myth provided it agrees with, or reinforces, our already held misconceptions.

Myths of course, get their status precisely because they do reinforce our beliefs, properly held or not. This myth (masterfully propagated by the media), continues to pose serious security risks for those who believe it.

Since I’m involved in Internet and system security, I have many opportunities to deal with the “tech savvy generation”, and overall, I find them no more competent than average/typical computer users.

Unfortunately, I find that not only does the tech savvy generation not know “what they don’t know”, they don’t want to hear about it because developing knowledge is hard, and it requires time and effort. Better to just hang on to the myth.

I’ll admit, that anecdotal evidence, while interesting, does not always tell the tale. On the other hand, gather enough anecdotal evidence and one may have enough data to propose a theory, that can withstand probing and prodding.

As a tech/geek/writer, I am in touch with loads of other techs/geeks/writers from around the world, on a fairly consistent basis. One undisputed reality that we all agree on is, the lack of knowledge exhibited by typical computer users, and that members of the tech savvy generation, are no more than typical computer users.

So, if you’re a member of the so called tech savvy generation, you need to consider these realities:

Cyber criminals count on your believing the myth. It makes their job just that much easier.

There’s a major lack of knowledge and skill relating to computers/connected devices, and security, in the tech savvy generation. You really are, just an average computer user.

Common sense tips:

Stop believing the myth.

Start being proactive when it comes to your computer and connected device’s security; part of that is making sure you have adequate software based protection to reduce the chances you will fall victim to cyber crime.

Recommended reading: Principles of Security: Keeping it Simple – by guest writer Mark Schneider, and – An Anti-malware Test – Common Sense Wins.

Comments Off on The Tech Savvy Generation Myth Hurts All Of Us

Filed under Bill's Rants, Cyber Crime, Cyber Criminals, Opinion, PC Tools, Safe Surfing

Scareware Is Everywhere – As Mac Users Just Found Out

The success cyber criminals have had with the recent Mac scareware attack (MacDefender, which has already morphed into a new variant – MacGuard), emphasizes the following point – given the opportunity, Mac users may be just as likely as Windows users to say “Yes” to an invitation to download a rogue security application.

Considering Apple’s marketing style, which reinforces the myth that Macs are inherently more resistant to malware infections than Windows PCs (bolstered by the cachet that Mac users are somehow smarter than PC users), I suspect that Mac users are in for a rough ride in the coming months. Undoubtedly, Mac users will learn that cyber criminals use of social engineering is not platform specific.

Hopefully, this reality check will put a stop to nonsensical forum comments like the following.

“Well this is why I’m glad to have a Mac just saying”

“If Windows didn’t exist these things wouldn’t happen to people”

Since myths tend to die a slow and painful death however, I somehow doubt it.

Early last year, I posted an article – Say “Yes” on the Internet and Malware’s Gotcha! – which pointed out the potential consequences to those Internet users who instinctively, and unthinkingly, click on “Yes” or “OK”. Given the unprecedented rise in the number of malicious scareware applications in the interim (often, but not exclusively, promoted through poisoned Google search results), that article is worth reposting.

The following is an edited version of that earlier article.

It's not my fault Virtually every computer user, at both the home user level (my friends), and at the corporate level, whom I come into contact with, tends to downplay personal responsibility for a malware infection.

I hear a lot of – “I don’t know what happened”; “it must have been one of the kids”; “all I did was download a free app that told me I was infected”; “no, I never visit porn sites” or, Bart Simpson’s famous line “it wasn’t me”. Sort of like “the dog ate my homework”, response. But we old timers, (sorry, seasoned pros), know the reality is somewhat different, and here’s why.

Cybercriminals overwhelmingly rely on social engineering to create an opportunity designed to drop malicious code, including rootkits, password stealers, Trojan horses, and spam bots, on Internet connected computers.

In other words, cybercriminals rely on the user/potential victim saying – “YES”.

Yes to:

Downloading that security app that told you your machine was infected. Thereby, infecting your computer with a rogue security application.

Opening that email attachment despite the fact it has a .exe .vbs, or .lnk.extension, virtually guaranteeing an infection.

Downloading that media player codec to play a  porno clip, which still won’t play, but your computer is now infected.

Clicking on links in instant messaging (IM) that have no context, or are composed of only general text, which will result in your computer becoming part of a botnet.

Downloading executable software from web sites without ensuring that the site is reputable. Software that may contain a Browser Hijacker as part of the payload.

Opening email attachments from people you don’t know. At a minimum, you will now get inundated with Spam mail which will increase the changes of a malware infection.

There are many more opportunities for you to say “yes”, while connected to the Internet, but those listed above are some of the the most common.

The Internet is full of traps for the unwary – that’s a sad fact, and that’s not going to change any time soon. Cyber criminals are winning this game, and unless you learn to say “NO”, it’s only a matter of time until you have to deal with a malware infected machine.

Here’s an example of a rogue security application getting ready to pounce. A progressively more common occurrence on the Internet.

image

image

I can’t say this often enough. Ensure you have adequate knowledge to protect yourself and stay ahead of the cybercrime curve. Make a commitment to acquire the knowledge necessary to ensure your personal safety on the Internet. In a word, become  “educated”.

If you lack this knowledge the answer is simple – you can get it. The Internet is loaded with sites (including this one), dedicated to educating computer users on computer security – including providing application reviews, and links to appropriate security software solutions.

It’s important to be aware however, that security applications alone, will not ensure your safety on the Internet. You really do need to become proactive to your Internet safety and security. And that does mean becoming educated.

Internet users who are aware of significant changes in the Internet security landscape, will react accordingly. Unfortunately, experience has taught me that you can’t fix stupid.

Before you say “yes”

Stop – consider where you’re action might lead

Think – consider the consequences to your security

Click – only after making an educated decision to proceed

Consider this from Robert Brault:

“The ultimate folly is to think that something crucial to your welfare is being taken care of for you”.

I’ll put it more bluntly – If you get a malware infection; it’s virtually certain it’s your fault. You might think – here’s this smug, cynical guy, sitting in his office, pointing undeserved critical fingers. Don’t believe it.

If users followed advice posted here, and advice from other security pros, and high level users, the Internet could be a vastly different experience for many. At the very least, we might have half a chance of dealing more effectively with the cybercriminal element. To this point, we’re losing rather magnificently.

Computer users would be vastly better off if they considered Internet security advice, as a form of inoculation. It’s a relatively painless way to develop immunization. While inoculations can be mildly painful, the alternative can be a very painful experience.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

10 Comments

Filed under Cyber Crime, Cyber Criminals, cybercrime, Don't Get Scammed, Don't Get Hacked, Internet Safety, internet scams, Mac, Malware Alert, Online Safety, Rogue Software, Safe Surfing, scareware, Windows Tips and Tools

Depending On Your Antimalware Applications For Internet Security? An Infection Is On The Way!

Let me begin this article by defining the word “responsibility”, a concept which appears to me, to be losing its place in modern culture.

Definition – a duty or obligation to satisfactorily perform or complete a task (assigned by someone, or created by one’s own promise or circumstances) that one must fulfill, and which has a consequent penalty for failure.

Virtually every computer user, at both the home user level and at the corporate level, whom I come into contact with, fails to take personal responsibility for their security on the Internet.

After all, the reasoning seems to be, I’ve got ABC anti-virus and ABC anti-spyware. Or, my employer takes care of that. But, as the above definition makes crystal clear, there is a penalty for failure to personally assume the burden of responsibility.

Look, the indisputable facts are:

As an Internet user you are engaged in a battle, yes a battle, against highly sophisticated and highly organized cyber-criminals who are relentless in their pursuit of your money and make no mistake – it’s all about the money; your money.

In the worst case scenario, your identity and your financial security can be severely compromised by these cyber-criminals.

It’s no accident that cyber crime is now a 100+ BILLION dollar industry. Make no mistake, this IS an industry. An industry which incorporates all of the strategic planning, and best practices, required to maximize profit.

Today’s cyber-crooks are smart; very smart. They are not, as many people believe, teenage hackers sitting at their computers playing at hacking.

Looking at recent estimates provided by a large number of Internet security providers, the consensus seems to be that there are over 20,000,000 malware programs currently circulating on the Internet. This is not the work of teenage hackers.

Many Internet security companies report having to deal with up to 20,000 new versions of malware – every single day! Here’s the math; one new malware program every four seconds!

Being involved in computer security, I am amazed, and frustrated, at the lack of personal responsibly exhibited by most typical computer users, and most importantly, the lack of commitment to acquiring the knowledge necessary to ensure personal safety on the Internet. In a word, becoming “educated”.

Users need to stop depending on their security applications alone to ensure their safety. They need to become proactive, which means becoming educated and personally responsible, rather than continuing to be reactive to threats to their safety.

Depending on security applications to provide the ultimate in protection, is an absolute “non-starter”. Security applications do not, and never have had the ability to this, despite the commonly held belief to the contrary.

If you’re struggling with the reality of this statement, take a look at “Testing of antiviruses for the treatment of active infections” from Anti-malware Test Lab. I guarantee you, you’ll be unpleasantly surprised.

Enhance your security on the Internet by:

Choosing to become educated on the realities of cyber crime.

Taking personal responsibility for your own security.

A major step you can take to in prevent yourself from becoming a victim of cyber-criminals is to overcome the instinctive response to just “click” while surfing the Internet.

That instinctive response poses one of the biggest risks to your online safety and security.

Stop – consider where you’re action might lead.

Think – consider the consequences to your security.

Click – only after making an educated decision to proceed.

Consider this from Robert Brault:

“The ultimate folly is to think that something crucial to your welfare is being taken care of for you”.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

23 Comments

Filed under cybercrime, Don't Get Scammed, Don't Get Hacked, Interconnectivity, Internet Safety, Personal Perspective, Spyware - Adware Protection, Windows Tips and Tools

Part Of The Tech Savvy Generation? How Tech Savvy Are You Really?

You’re part of a computer literate and technically competent generation – you know, the “tech savvy generation” we hear so much about.

So, when it comes to wandering through the risky Internet neighborhood that’s arguably full of predators, you tend not to worry.

You’re convinced, that since you’re a member of this tech savvy generation, when you surf the Internet, you can handle the dangers and pitfalls that wait for the typical unsuspecting user, (the user who’s not part of your tech savvy generation).

This unsophisticated non-tech savvy group are much more likely than you, to be pounced on by the multitude of scam artists, schemers and cyber crooks lurking in the shadows, just waiting for victims. Right?

It’s entirely possible of course, that you are computer literate, and technically competent. On the other hand, simply because you are a member of that generation who have grown up with computers, does not make you tech savvy. I hate to burst your bubble, but the concept of a “tech savvy generation” is a myth.

I understand why you may have bought into this myth. People love myths. It seems that we will buy into any myth provided it agrees with, or reinforces, our already held misconceptions.

Myths of course, get their status precisely because they do reinforce our beliefs, properly held or not. This myth (masterfully propagated by the media), continues to pose serious security risks for those who believe it.

Since I’m involved in Internet and system security, I have many opportunities to deal with the “tech savvy generation”, and overall, I find them no more competent than average/typical computer users.

Unfortunately, I find that not only does the tech savvy generation not know “what they don’t know”, they don’t want to hear about it because developing knowledge is hard, and it requires time and effort. Better to just hang on to the myth.

I’ll admit, that anecdotal evidence, while interesting, does not always tell the tale. On the other hand, gather enough anecdotal evidence and one may have enough data to propose a theory, that can withstand probing and prodding.

As a tech/geek/writer, I am in touch with loads of other techs/geeks/writers from around the world, on a fairly consistent basis. One undisputed reality that we all agree on is, the lack of knowledge exhibited by typical computer users, and that members of the tech savvy generation, are no more than typical computer users.

So, if you’re a member of the so called tech savvy generation, you need to consider these realities:

Cyber criminals count on your believing the myth. It makes their job just that much easier.

There’s a major lack of knowledge and skill relating to computers/connected devices, and security, in the tech savvy generation. You really are, just an average computer user.

Common sense tips:

Stop believing the myth.

Start being proactive when it comes to your computer and connected device’s security; part of that is making sure you have adequate software based protection to reduce the chances you will fall victim to cyber crime.

Recommended reading: Principles of Security: Keeping it Simple – by guest writer Mark Schneider, and – An Anti-malware Test – Common Sense Wins.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

22 Comments

Filed under Bill's Rants, cybercrime, Don't Get Scammed, Don't Get Hacked, downloads, Free Anti-malware Software, Freeware, Guest Writers, Personal Perspective, Software, Windows Tips and Tools

Do We Need to “Fix” the Internet?

Each time that you connect to the Internet you are unfortunately, wandering through a raucous neighborhood which has a reputation for being jam-packed with predators.

These predators are intent on stealing your money and personal information, installing damaging programs on your computer, or misleading you with an online scam.

Cyber-crooks are relentless in their pursuit of your money, and it’s all about the money. In the worst case scenario, your identity and your financial security can be severely compromised.

Recently, Symantec reported that 51% of all the viruses, Trojans and other forms of malware it has ever seen were logged during 2009, and Symantec has been in the security business since before the Internet was launched.

Each day, when I boot up my home machine, Immunet Protect, advises me that it is protecting me against 12 Million threats. Today for example (May 16, 2010, the number is 12,866,263. That number is truly mind blowing.

Note: Later in the day, following a re-boot, I noticed that the protection level had risen to 12,876,095 – 10,000 additional threats had been identified.

Various Internet security companies report having to deal with up to as many as 40,000 new versions of malware daily. Here’s the math; one new malware program every four seconds!

Anti malware developer Comodo, looks at these numbers in a way that we can more easily relate to, in its instructive video – Did you Know? Dangers on the Web.

“Did you know that the amount of new malware discovered daily approximates the number of words a person speaks daily?

Or, the amount of money lost by US Consumers due to malware over the past 2 years would have paid the tuition of over one million US College Students?”

Seen in this way, cybercrime takes on a whole new dimension.

Since additional sophisticated threats are constantly being developed, or are currently being deployed, some observers are of the opinion that the Internet is essentially broken.

If you think this is an exaggeration, check this out and then you decide.

Tainted search engine results: Internet security gurus have known for some time that we cannot rely on Internet search engine output to be untainted, and free of potential harmful exposure to malware.

Cyber-crooks continue to be unrelenting in their chase to infect web search results, seeding malicious websites among the top results returned by these engines.

When a potential victim visits one of these sites, the chances of downloading malicious code onto the computer by exploiting existing vulnerabilities, is extremely high.

Infected legitimate websites: According to security solution provider  Kaspersky, the rate of infected legitimate web sites, in 2006, was one in every 20,000. In 2009, one in every 150 legitimate was infected by malware, according to Kaspersky.

Drive-by downloads: Drive-by downloads are not new; they’ve been lurking around for years it seems, but they’ve become much more common and craftier recently.

If you’re unfamiliar with the term, drive-by download, they are essentially programs that automatically download and install on your computer without your knowledge.

This action can occur while visiting an infected web site, opening an infected HTML email, or by clicking on a deceptive popup window. Often, more than one program is downloaded; for example, file sharing with tracking spyware is very common. It’s important to remember that this can take place without warning, or your approval.

Rogue software: A rogue security application (scareware), is an application usually found on free download and adult websites, or it can be installed from rogue security software websites, using Trojans or, manipulating Internet browser security holes.

After the installation of rogue security software the program launches fake or false malware detection warnings. Rogue security applications, and there seems to be an epidemic of them on the Internet currently, are developed to mislead uninformed computer users’ into downloading and paying for the “full” version of this bogus software, based on the false malware positives generated by the application.

Even if the full program fee is paid, rogue software continues to run as a background process incessantly reporting those fake or false malware detection warnings. Over time, this type of software will essentially destroy the victim’s computer operating system, making the machine unusable.

Email scams: Email scams work because the Cyber-crooks responsible use social engineering as the hook; in other words they exploit our curiosity. The fact is, we are all pretty curious creatures and let’s face it, who doesn’t like surprise emails? I think it’s safe to say, we all love to receive good news emails.

It seems that more and more these days, I get phishing emails in my inboxes all designed to trick me into revealing financial information that can be used to steal my money.

If you’re unfamiliar with phishing, it is defined as the act of tricking unsuspecting Internet users into revealing sensitive or private information. In a phishing attack, the attacker creates a set of circumstances where the potential victims are convinced that they are dealing with an authorized party. It relies for its success on the principle that asking a large number of people for this information, will always deceive at least some of those people.

A personal example of how this works is as follows. According to a recent email (similar in form and content to 20+ I receive each month), my online banking privileges with Bank of America had been blocked due to security concerns. This looked like an official email and the enclosed link made it simple to get this problem solved with just a mouse click. What could be easier than that?

Clicking on the link would have redirected me to a spoof page, comparable to the original site, and I would then have begun the process whereby the scammers would have stripped me of all the confidential information I was willing to provide.

My financial and personal details, had I entered them, would then have been harvested by the cyber-crooks behind this fraudulent scheme who would then have used this information to commit identity and financial theft.

These types of attacks against financial institutions, and consumers, are occurring with such frequency that the IC³ (Internet Crime Complaint Center), has called the situation “alarming”, so you need to be extremely vigilant.

This is by no means an exhaustive list of the dangers we are exposed to on the Internet. There are many more technical reasons why the Internet is becoming progressively more dangerous which are outside the scope of this article.

So what do you think? Is the Internet broken – do we need to fix it, and if so, how can we do that?

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

20 Comments

Filed under Comodo, cybercrime, Don't Get Scammed, Don't Get Hacked, Internet Safety, internet scams, Internet Security Alerts, Malware Advisories, Online Safety, Phishing, Rogue Software, spam, Symantec, trojans, Viruses, Windows Tips and Tools, worms

Say “Yes” on the Internet and Malware’s Gotcha!

It's not my fault Virtually every computer user, at both the home user level (my friends), and at the corporate level, whom I come into contact with, tends to downplay personal responsibility for a malware infection.

I hear a lot of – “I don’t know what happened”; “it must have been one of the kids”; “all I did was download a free app that told me I was infected”; “no, I never visit porn sites” or, Bart Simpson’s famous line “it wasn’t me”. Sort of like “the dog ate my homework”, response. But we old timers, (sorry, seasoned pros), know the reality is somewhat different, and here’s why.

Cybercriminals overwhelmingly rely on social engineering to create an opportunity designed to drop malicious code, including rootkits, password stealers, Trojan horses, and spam bots, on Internet connected computers.

In other words, cybercriminals rely on the user/potential victim saying – “YES”.

Yes to:

Downloading that security app that told you your machine was infected. Thereby, infecting your computer with a rogue security application.

Opening that email attachment despite the fact it has a .exe .vbs, or .lnk.extension, virtually guaranteeing an infection.

Downloading that media player codec to play a  porno clip, which still won’t play, but your computer is now infected.

Clicking on links in instant messaging (IM) that have no context, or are composed of only general text, which will result in your computer becoming part of a botnet.

Downloading executable software from web sites without ensuring that the site is reputable. Software that may contain a Browser Hijacker as part of the payload.

Opening email attachments from people you don’t know. At a minimum, you will now get inundated with Spam mail which will increase the changes of a malware infection.

There are many more opportunities for you to say “yes”, while connected to the Internet, but those listed above are some of the the most common.

The Internet is full of traps for the unwary – that’s a sad fact, and that’s not going to change any time soon. Cyber criminals are winning this game, and unless you learn to say “NO”, it’s only a matter of time until you have to deal with a malware infected machine.

Here’s an example of a rogue security application getting ready to pounce. A progressively more common occurrence on the Internet.

image

image

I can’t say this often enough. Ensure you have adequate knowledge to protect yourself and stay ahead of the cybercrime curve. Make a commitment to acquire the knowledge necessary to ensure your personal safety on the Internet. In a word, become  “educated”.

If you lack this knowledge the answer is simple – you can get it. The Internet is full of sites (including this one), dedicated to educating computer users on computer security, including providing application reviews, and links to appropriate security software solutions.

It’s important to be aware however, that security applications alone, will not ensure your safety on the Internet. You really do need to become proactive to your Internet safety and security. And that does mean becoming educated.

Here’s a perfect example why there’s a critical need for you to take personal responsibility for your Internet security. Just this morning (May 11, 2010), I posted the following link to an article from ZDNet’s, Adrian Kingsley-HughesUPDATE – New attack bypasses EVERY Windows security product.

Those Internet users who become aware of this highly significant change in the Internet security landscape, will react accordingly. Unfortunately, experience has taught me that the majority of users will not hear of this. So, we’ll be faced with a new crop of cybercriminal victims.

As we have pointed out many times on this site, the instinctive human response to say “yes”, poses one of the biggest risks to online safety and security.

Before you say “yes”

Stop – consider where you’re action might lead

Think – consider the consequences to your security

Click – only after making an educated decision to proceed

Just a quick little aside here:

Earlier this year, I spent some time at my local hospital, and while I was there, I couldn’t help but notice Nurses logging on to Facebook. I was astonished to see, that this was happening on the the same system on which my personal medical records were stored.

Just as if it was ordained, the entire system suffered a virus infection while I was there. A little investigating showed that this was not the only malware attack, on that system, in the recent past. A dictionary definition of negligence, in my view.

Arguably, we’re facing a systemic problem – primarily a problem of computer users (both corporate and home users), lacking the necessary skills to protect against cybercrime.

But back to the topic at hand.

Consider this from Robert Brault:

“The ultimate folly is to think that something crucial to your welfare is being taken care of for you”.

I’ll put it more bluntly – If you get a malware infection; it’s virtually certain it’s your fault. You might think – here’s this smug, cynical guy, sitting in his office, pointing undeserved critical fingers. Don’t believe it.

If users followed advice posted here, and advice from other security pros, and high level users, the Internet could be a vastly different experience for many. At the very least, we might have half a chance of dealing more effectively with the cybercriminal element. To this point, we’re losing rather magnificently.

Computer users would be vastly better off if they considered Internet security advice, as a form of inoculation. It’s a relatively painless way to develop immunization. While inoculations can be mildly painful, the alternative can be a very painful experience.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

24 Comments

Filed under cybercrime, Don't Get Scammed, Don't Get Hacked, Interconnectivity, Internet Security Alerts, Windows Tips and Tools

Just Say “No” to Computer Malware

imageIn the years I’ve been involved with computer security, I have rarely heard an infected computer user take responsibility for a malware infection.

Virtually every computer user, at both the home user level, and at the corporate level, whom I come into contact with, tends to downplay personal responsibility for a malware infection.

I hear a lot of – “I don’t know what happened”; “it must have been one of the kids”; “all I did was download a free app that told me I was infected”; “no, I never visit porn sites” or, Bart Simpson’s famous line “it wasn’t me”. Sort of like “the dog ate my homework”, response.

But we old timers know the reality is somewhat different, and here’s why. Cybercriminals overwhelmingly rely on social engineering to create an opportunity designed to drop malicious code, including rootkits, password stealers, Trojan horses, and spam bots, on Internet connected computers. In other words, cybercriminals rely on the user saying – “YES”.

Yes to:

Downloading that security app that told you your machine was infected. Thereby, infecting your computer with a rogue security application.

Opening that email attachment despite the fact it has a .exe .vbs, or .lnk.extension, virtually guaranteeing an infection.

Downloading that media player codec to play a  porno clip, which still won’t play, but your computer is now infected.

Clicking on links in instant messaging (IM) that have no context, or are composed of only general text, which will result in your computer becoming part of a botnet.

Downloading executable software from web sites without ensuring that the site is reputable. Software that may contain a Browser Hijacker as part of the payload.

Opening email attachments from people you don’t know. At a minimum, you will now get inundated with Spam mail which will increase the changes of a malware infection.

There are many more opportunities for you to say “yes”, while connected to the Internet, but those listed above are some of the the most common.

The Internet is full of traps for the unwary – that’s a fact, and that’s not going to change any time soon. Cyber criminals are winning this game, and unless you learn to say “NO”, it’s only a matter of time until you have to deal with a malware infected machine.

An example of a rogue security application getting ready to pounce.

image

image

Don’t play the “yes” game. Ensure you have adequate knowledge to protect yourself and stay ahead of the curve. Make a commitment to acquire the knowledge necessary to ensure your personal safety on the Internet. In a word, become  “educated”.

If you lack this knowledge the answer is simple – you can get it. The Internet is full of sites (including this one), dedicated to educating computer users on computer security, including providing application reviews, and links to appropriate security software solutions.

It’s important to be aware however, that security applications alone, will not ensure your safety on the Internet. You really do need to become proactive to your Internet safety and security. And that does mean becoming educated, and taking personal responsibility for your Internet security.

As we have pointed out many times on this site, the instinctive human response to say “yes”, poses one of the biggest risks to online safety and security.

Before you say “yes” –

Stop – consider where you’re action might lead

Think – consider the consequences to your security

Click – only after making an educated decision to proceed

Consider this from Robert Brault:

“The ultimate folly is to think that something crucial to your welfare is being taken care of for you”.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

10 Comments

Filed under Don't Get Scammed, Don't Get Hacked, Email, email scams, Interconnectivity, Internet Safety, Malware Advisories, Online Safety, System Security, Windows Tips and Tools