Tag Archives: responsibility

Scareware Is Everywhere – As Mac Users Just Found Out

The success cyber criminals have had with the recent Mac scareware attack (MacDefender, which has already morphed into a new variant – MacGuard), emphasizes the following point – given the opportunity, Mac users may be just as likely as Windows users to say “Yes” to an invitation to download a rogue security application.

Considering Apple’s marketing style, which reinforces the myth that Macs are inherently more resistant to malware infections than Windows PCs (bolstered by the cachet that Mac users are somehow smarter than PC users), I suspect that Mac users are in for a rough ride in the coming months. Undoubtedly, Mac users will learn that cyber criminals use of social engineering is not platform specific.

Hopefully, this reality check will put a stop to nonsensical forum comments like the following.

“Well this is why I’m glad to have a Mac just saying”

“If Windows didn’t exist these things wouldn’t happen to people”

Since myths tend to die a slow and painful death however, I somehow doubt it.

Early last year, I posted an article – Say “Yes” on the Internet and Malware’s Gotcha! – which pointed out the potential consequences to those Internet users who instinctively, and unthinkingly, click on “Yes” or “OK”. Given the unprecedented rise in the number of malicious scareware applications in the interim (often, but not exclusively, promoted through poisoned Google search results), that article is worth reposting.

The following is an edited version of that earlier article.

It's not my fault Virtually every computer user, at both the home user level (my friends), and at the corporate level, whom I come into contact with, tends to downplay personal responsibility for a malware infection.

I hear a lot of – “I don’t know what happened”; “it must have been one of the kids”; “all I did was download a free app that told me I was infected”; “no, I never visit porn sites” or, Bart Simpson’s famous line “it wasn’t me”. Sort of like “the dog ate my homework”, response. But we old timers, (sorry, seasoned pros), know the reality is somewhat different, and here’s why.

Cybercriminals overwhelmingly rely on social engineering to create an opportunity designed to drop malicious code, including rootkits, password stealers, Trojan horses, and spam bots, on Internet connected computers.

In other words, cybercriminals rely on the user/potential victim saying – “YES”.

Yes to:

Downloading that security app that told you your machine was infected. Thereby, infecting your computer with a rogue security application.

Opening that email attachment despite the fact it has a .exe .vbs, or .lnk.extension, virtually guaranteeing an infection.

Downloading that media player codec to play a  porno clip, which still won’t play, but your computer is now infected.

Clicking on links in instant messaging (IM) that have no context, or are composed of only general text, which will result in your computer becoming part of a botnet.

Downloading executable software from web sites without ensuring that the site is reputable. Software that may contain a Browser Hijacker as part of the payload.

Opening email attachments from people you don’t know. At a minimum, you will now get inundated with Spam mail which will increase the changes of a malware infection.

There are many more opportunities for you to say “yes”, while connected to the Internet, but those listed above are some of the the most common.

The Internet is full of traps for the unwary – that’s a sad fact, and that’s not going to change any time soon. Cyber criminals are winning this game, and unless you learn to say “NO”, it’s only a matter of time until you have to deal with a malware infected machine.

Here’s an example of a rogue security application getting ready to pounce. A progressively more common occurrence on the Internet.

image

image

I can’t say this often enough. Ensure you have adequate knowledge to protect yourself and stay ahead of the cybercrime curve. Make a commitment to acquire the knowledge necessary to ensure your personal safety on the Internet. In a word, become  “educated”.

If you lack this knowledge the answer is simple – you can get it. The Internet is loaded with sites (including this one), dedicated to educating computer users on computer security – including providing application reviews, and links to appropriate security software solutions.

It’s important to be aware however, that security applications alone, will not ensure your safety on the Internet. You really do need to become proactive to your Internet safety and security. And that does mean becoming educated.

Internet users who are aware of significant changes in the Internet security landscape, will react accordingly. Unfortunately, experience has taught me that you can’t fix stupid.

Before you say “yes”

Stop – consider where you’re action might lead

Think – consider the consequences to your security

Click – only after making an educated decision to proceed

Consider this from Robert Brault:

“The ultimate folly is to think that something crucial to your welfare is being taken care of for you”.

I’ll put it more bluntly – If you get a malware infection; it’s virtually certain it’s your fault. You might think – here’s this smug, cynical guy, sitting in his office, pointing undeserved critical fingers. Don’t believe it.

If users followed advice posted here, and advice from other security pros, and high level users, the Internet could be a vastly different experience for many. At the very least, we might have half a chance of dealing more effectively with the cybercriminal element. To this point, we’re losing rather magnificently.

Computer users would be vastly better off if they considered Internet security advice, as a form of inoculation. It’s a relatively painless way to develop immunization. While inoculations can be mildly painful, the alternative can be a very painful experience.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

10 Comments

Filed under Cyber Crime, Cyber Criminals, cybercrime, Don't Get Scammed, Don't Get Hacked, Internet Safety, internet scams, Mac, Malware Alert, Online Safety, Rogue Software, Safe Surfing, scareware, Windows Tips and Tools

Depending On Your Antimalware Applications For Internet Security? An Infection Is On The Way!

Let me begin this article by defining the word “responsibility”, a concept which appears to me, to be losing its place in modern culture.

Definition – a duty or obligation to satisfactorily perform or complete a task (assigned by someone, or created by one’s own promise or circumstances) that one must fulfill, and which has a consequent penalty for failure.

Virtually every computer user, at both the home user level and at the corporate level, whom I come into contact with, fails to take personal responsibility for their security on the Internet.

After all, the reasoning seems to be, I’ve got ABC anti-virus and ABC anti-spyware. Or, my employer takes care of that. But, as the above definition makes crystal clear, there is a penalty for failure to personally assume the burden of responsibility.

Look, the indisputable facts are:

As an Internet user you are engaged in a battle, yes a battle, against highly sophisticated and highly organized cyber-criminals who are relentless in their pursuit of your money and make no mistake – it’s all about the money; your money.

In the worst case scenario, your identity and your financial security can be severely compromised by these cyber-criminals.

It’s no accident that cyber crime is now a 100+ BILLION dollar industry. Make no mistake, this IS an industry. An industry which incorporates all of the strategic planning, and best practices, required to maximize profit.

Today’s cyber-crooks are smart; very smart. They are not, as many people believe, teenage hackers sitting at their computers playing at hacking.

Looking at recent estimates provided by a large number of Internet security providers, the consensus seems to be that there are over 20,000,000 malware programs currently circulating on the Internet. This is not the work of teenage hackers.

Many Internet security companies report having to deal with up to 20,000 new versions of malware – every single day! Here’s the math; one new malware program every four seconds!

Being involved in computer security, I am amazed, and frustrated, at the lack of personal responsibly exhibited by most typical computer users, and most importantly, the lack of commitment to acquiring the knowledge necessary to ensure personal safety on the Internet. In a word, becoming “educated”.

Users need to stop depending on their security applications alone to ensure their safety. They need to become proactive, which means becoming educated and personally responsible, rather than continuing to be reactive to threats to their safety.

Depending on security applications to provide the ultimate in protection, is an absolute “non-starter”. Security applications do not, and never have had the ability to this, despite the commonly held belief to the contrary.

If you’re struggling with the reality of this statement, take a look at “Testing of antiviruses for the treatment of active infections” from Anti-malware Test Lab. I guarantee you, you’ll be unpleasantly surprised.

Enhance your security on the Internet by:

Choosing to become educated on the realities of cyber crime.

Taking personal responsibility for your own security.

A major step you can take to in prevent yourself from becoming a victim of cyber-criminals is to overcome the instinctive response to just “click” while surfing the Internet.

That instinctive response poses one of the biggest risks to your online safety and security.

Stop – consider where you’re action might lead.

Think – consider the consequences to your security.

Click – only after making an educated decision to proceed.

Consider this from Robert Brault:

“The ultimate folly is to think that something crucial to your welfare is being taken care of for you”.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

23 Comments

Filed under cybercrime, Don't Get Scammed, Don't Get Hacked, Interconnectivity, Internet Safety, Personal Perspective, Spyware - Adware Protection, Windows Tips and Tools

Say “Yes” on the Internet and Malware’s Gotcha!

It's not my fault Virtually every computer user, at both the home user level (my friends), and at the corporate level, whom I come into contact with, tends to downplay personal responsibility for a malware infection.

I hear a lot of – “I don’t know what happened”; “it must have been one of the kids”; “all I did was download a free app that told me I was infected”; “no, I never visit porn sites” or, Bart Simpson’s famous line “it wasn’t me”. Sort of like “the dog ate my homework”, response. But we old timers, (sorry, seasoned pros), know the reality is somewhat different, and here’s why.

Cybercriminals overwhelmingly rely on social engineering to create an opportunity designed to drop malicious code, including rootkits, password stealers, Trojan horses, and spam bots, on Internet connected computers.

In other words, cybercriminals rely on the user/potential victim saying – “YES”.

Yes to:

Downloading that security app that told you your machine was infected. Thereby, infecting your computer with a rogue security application.

Opening that email attachment despite the fact it has a .exe .vbs, or .lnk.extension, virtually guaranteeing an infection.

Downloading that media player codec to play a  porno clip, which still won’t play, but your computer is now infected.

Clicking on links in instant messaging (IM) that have no context, or are composed of only general text, which will result in your computer becoming part of a botnet.

Downloading executable software from web sites without ensuring that the site is reputable. Software that may contain a Browser Hijacker as part of the payload.

Opening email attachments from people you don’t know. At a minimum, you will now get inundated with Spam mail which will increase the changes of a malware infection.

There are many more opportunities for you to say “yes”, while connected to the Internet, but those listed above are some of the the most common.

The Internet is full of traps for the unwary – that’s a sad fact, and that’s not going to change any time soon. Cyber criminals are winning this game, and unless you learn to say “NO”, it’s only a matter of time until you have to deal with a malware infected machine.

Here’s an example of a rogue security application getting ready to pounce. A progressively more common occurrence on the Internet.

image

image

I can’t say this often enough. Ensure you have adequate knowledge to protect yourself and stay ahead of the cybercrime curve. Make a commitment to acquire the knowledge necessary to ensure your personal safety on the Internet. In a word, become  “educated”.

If you lack this knowledge the answer is simple – you can get it. The Internet is full of sites (including this one), dedicated to educating computer users on computer security, including providing application reviews, and links to appropriate security software solutions.

It’s important to be aware however, that security applications alone, will not ensure your safety on the Internet. You really do need to become proactive to your Internet safety and security. And that does mean becoming educated.

Here’s a perfect example why there’s a critical need for you to take personal responsibility for your Internet security. Just this morning (May 11, 2010), I posted the following link to an article from ZDNet’s, Adrian Kingsley-HughesUPDATE – New attack bypasses EVERY Windows security product.

Those Internet users who become aware of this highly significant change in the Internet security landscape, will react accordingly. Unfortunately, experience has taught me that the majority of users will not hear of this. So, we’ll be faced with a new crop of cybercriminal victims.

As we have pointed out many times on this site, the instinctive human response to say “yes”, poses one of the biggest risks to online safety and security.

Before you say “yes”

Stop – consider where you’re action might lead

Think – consider the consequences to your security

Click – only after making an educated decision to proceed

Just a quick little aside here:

Earlier this year, I spent some time at my local hospital, and while I was there, I couldn’t help but notice Nurses logging on to Facebook. I was astonished to see, that this was happening on the the same system on which my personal medical records were stored.

Just as if it was ordained, the entire system suffered a virus infection while I was there. A little investigating showed that this was not the only malware attack, on that system, in the recent past. A dictionary definition of negligence, in my view.

Arguably, we’re facing a systemic problem – primarily a problem of computer users (both corporate and home users), lacking the necessary skills to protect against cybercrime.

But back to the topic at hand.

Consider this from Robert Brault:

“The ultimate folly is to think that something crucial to your welfare is being taken care of for you”.

I’ll put it more bluntly – If you get a malware infection; it’s virtually certain it’s your fault. You might think – here’s this smug, cynical guy, sitting in his office, pointing undeserved critical fingers. Don’t believe it.

If users followed advice posted here, and advice from other security pros, and high level users, the Internet could be a vastly different experience for many. At the very least, we might have half a chance of dealing more effectively with the cybercriminal element. To this point, we’re losing rather magnificently.

Computer users would be vastly better off if they considered Internet security advice, as a form of inoculation. It’s a relatively painless way to develop immunization. While inoculations can be mildly painful, the alternative can be a very painful experience.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

24 Comments

Filed under cybercrime, Don't Get Scammed, Don't Get Hacked, Interconnectivity, Internet Security Alerts, Windows Tips and Tools

Just Say “No” to Computer Malware

imageIn the years I’ve been involved with computer security, I have rarely heard an infected computer user take responsibility for a malware infection.

Virtually every computer user, at both the home user level, and at the corporate level, whom I come into contact with, tends to downplay personal responsibility for a malware infection.

I hear a lot of – “I don’t know what happened”; “it must have been one of the kids”; “all I did was download a free app that told me I was infected”; “no, I never visit porn sites” or, Bart Simpson’s famous line “it wasn’t me”. Sort of like “the dog ate my homework”, response.

But we old timers know the reality is somewhat different, and here’s why. Cybercriminals overwhelmingly rely on social engineering to create an opportunity designed to drop malicious code, including rootkits, password stealers, Trojan horses, and spam bots, on Internet connected computers. In other words, cybercriminals rely on the user saying – “YES”.

Yes to:

Downloading that security app that told you your machine was infected. Thereby, infecting your computer with a rogue security application.

Opening that email attachment despite the fact it has a .exe .vbs, or .lnk.extension, virtually guaranteeing an infection.

Downloading that media player codec to play a  porno clip, which still won’t play, but your computer is now infected.

Clicking on links in instant messaging (IM) that have no context, or are composed of only general text, which will result in your computer becoming part of a botnet.

Downloading executable software from web sites without ensuring that the site is reputable. Software that may contain a Browser Hijacker as part of the payload.

Opening email attachments from people you don’t know. At a minimum, you will now get inundated with Spam mail which will increase the changes of a malware infection.

There are many more opportunities for you to say “yes”, while connected to the Internet, but those listed above are some of the the most common.

The Internet is full of traps for the unwary – that’s a fact, and that’s not going to change any time soon. Cyber criminals are winning this game, and unless you learn to say “NO”, it’s only a matter of time until you have to deal with a malware infected machine.

An example of a rogue security application getting ready to pounce.

image

image

Don’t play the “yes” game. Ensure you have adequate knowledge to protect yourself and stay ahead of the curve. Make a commitment to acquire the knowledge necessary to ensure your personal safety on the Internet. In a word, become  “educated”.

If you lack this knowledge the answer is simple – you can get it. The Internet is full of sites (including this one), dedicated to educating computer users on computer security, including providing application reviews, and links to appropriate security software solutions.

It’s important to be aware however, that security applications alone, will not ensure your safety on the Internet. You really do need to become proactive to your Internet safety and security. And that does mean becoming educated, and taking personal responsibility for your Internet security.

As we have pointed out many times on this site, the instinctive human response to say “yes”, poses one of the biggest risks to online safety and security.

Before you say “yes” –

Stop – consider where you’re action might lead

Think – consider the consequences to your security

Click – only after making an educated decision to proceed

Consider this from Robert Brault:

“The ultimate folly is to think that something crucial to your welfare is being taken care of for you”.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

10 Comments

Filed under Don't Get Scammed, Don't Get Hacked, Email, email scams, Interconnectivity, Internet Safety, Malware Advisories, Online Safety, System Security, Windows Tips and Tools

Follow the 3 Magic Steps to Internet Security – Stop – Think – Click

Let me begin this article by defining the word “responsibility”, a concept which appears to me, to be losing its place in modern culture.

Definition – a duty or obligation to satisfactorily perform or complete a task (assigned by someone, or created by one’s own promise or circumstances) that one must fulfill, and which has a consequent penalty for failure.

image Virtually every computer user, at both the home user level and at the corporate level, whom I come into contact with, fails to take personal responsibility for their security on the Internet.

After all, the reasoning seems to be, I’ve got ABC anti-virus and ABC anti-spyware. Or, my employer takes care of that. But, as the above definition makes crystal clear, there is a penalty for failure to personally assume the burden of responsibility.

Look, the indisputable facts are:

As an Internet user you are engaged in a battle, yes a battle, against highly sophisticated and highly organized cyber-criminals who are relentless in their pursuit of your money and make no mistake – it’s all about the money; your money.

In the worst case scenario, your identity and your financial security can be severely compromised by these cyber-criminals.

It’s no accident that cyber crime is now a 100+ BILLION dollar industry. Make no mistake, this IS an industry. An industry which incorporates all of the strategic planning, and best practices, required to maximize profit.

Today’s cyber-crooks are smart; very smart. They are not, as many people believe, teenage hackers sitting at their computers playing at hacking.

Looking at recent estimates provided by a large number of Internet security providers, the consensus seems to be that there are over 11,000,000 malware programs currently circulating on the Internet. This is not the work of teenage hackers.

Many Internet security companies report having to deal with up to 20,000 new versions of malware – every single day! Here’s the math; one new malware program every four seconds!

Until a year or so ago, I agreed with the consensus that typical/average Internet users were simply unaware of the potential dangers all of us are forced to deal with while attached to the Internet? I’ve now revised my views.

Being involved in computer security, I am amazed and frankly frustrated, at the lack of personal responsibly exhibited by most typical computer users, and most importantly, the lack of commitment to acquiring the knowledge necessary to ensure personal safety on the Internet. In a word, becoming “educated”.

Users need to stop depending on their security applications alone to ensure their safety. They need to become proactive, which means becoming educated and personally responsible, rather than continuing to be reactive to threats to their safety.

Depending on security applications to provide the ultimate in protection, is an absolute “non-starter”. Security applications do not, and never have had the ability to this, despite the commonly help belief to the contrary. If you’re struggling with the reality of this statement, take a look at “Anti-Malware Solutions Test Results” from Anti-malware Test Lab. You might be in for a very unpleasant surprise.

Enhance your security on the Internet by:

Choosing to become educated on the realities of cyber crime

Taking personal responsibility for your own security

A major step you can take to in prevent yourself from becoming a victim of cyber-criminals is to overcome the instinctive response to just “click” while surfing the Internet.

That instinctive response poses one of the biggest risks to your online safety and security.

Stop – consider where you’re action might lead

Think – consider the consequences to your security

Click – only after making an educated decision to proceed

Consider this from Robert Brault:

“The ultimate folly is to think that something crucial to your welfare is being taken care of for you”.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

11 Comments

Filed under Application Vulnerabilities, Don't Get Scammed, Don't Get Hacked, Interconnectivity, Internet Safety, Online Safety, Personal Perspective, Spyware - Adware Protection, Windows Tips and Tools

Cyber Crime – Do We Need Another Study to Reinforce the Reality?

Are you the type of person who is convinced that surveys accurately depict the reality behind the analyzes of the information gathered, or are you like me, thoroughly fed up with the type of pseudo surveys that we seem to be exposed to more and more, and that simply confirm the obvious.

For example, in the past week alone we have been exposed to surveys that purportedly prove that alcohol can:

Reduce the effects of dementia in the elderly

Decrease the incidence of heart disease

Increase the incidence of breast cancer in women

The value of these types of surveys, in my view, is questionable, since they simple repackage information that we have had access to, in some cases, for years.

Now we have another questionable survey; one from the National Cyber Security Alliance (NCSA), which states “U.S. consumers don’t understand botnets; networks of compromised computers that have become one of the major methods for attacking computer systems”.

Ron Teixeira, executive director of the NCSA, said in a statement. “Consumers’ unsecured computers play a major role in helping cyber criminals conduct cyber crimes not only on the victim’s computer, but also against others connected to the Internet.” Teixeira went on to say that it is “alarming” that people don’t know how to keep their computers secure.

I think that one would have to have been on an extended vacation on Mars, not to have an understanding that the Internet is now the playground of cyber criminals and has been for a considerable time. This survey discloses no new information of any consequence, but instead rehashes information we have been aware of for years. In fact the statements in this survey can be applied to worldwide Internet users’ and are not restricted to those in the U.S.

Trying to determine why average computer/Internet users have little knowledge of computer/Internet security, does not require one to be a profound thinker to arrive at a number of hard and undeniable conclusions.

A reader of this Blog, commenting on a previous article on this Blog “The Unsecured Internet Super Highway – Are You Licensed to Drive?“, an article which deals with these surveyed issues, summed it up particularly well when he stated, “most people still see the computer as a kind of entertainment device… Computers are for playing, chatting, and watching short clips; listening to tunes…. people don’t take internet security seriously because they don’t think of the computer as a serious device”.

He went on to write – “Some of this is related to our cultural laziness around safety and prevention. People are routinely reckless with automobiles, decline to clean out the lint catch, and mishandle loaded guns. My frustration is with government, health and educational institutions that push people to use the internet as though it were as secure and straight forward as a hard-line telephone”. A factual and precise comment, I think.

And so we arrive at the crux of this matter: No one wants to take responsibly for the abysmal state of Internet safety and security. Not governments; not software developers; and least of all Internet users’. While there may be some level of comfort, for some, in continuing to do surveys on Internet and computer safety issues; we need to stop just talking about it, stop being part of the fear campaign, and develop solutions.

All Internet users’ need to come to the realization that we all have a shared responsibility to offer mutual protection to each other, by ensuring our individual machines are not part of the problem but instead are part of the solution.

There are some obvious solutions; some draconian, some less so, but those are issues for a future article.

The following tutorials are offered free of charge on CNET, one of the most widely respected sites on the Internet. If you are unfamiliar with basic computer security issues, I highly recommend that you visit this site.

Eliminate Spyware for Free on your Windows PC

Online Courses

PC Protection 101

Combat Spam and Phishing

Combating Spyware and Adware

Quick Tips

How not to get hacked

How to use Ad-Aware

Wi-Fi security on the road

Protect your home network with your old PC

Free security software

Spyware Doctor: Speed up your start-up

Share this post :

3 Comments

Filed under Interconnectivity, Internet Safety, internet scams, Living Life, Online Safety, Personal Perspective, Safe Surfing, Windows Tips and Tools