Network News

X My Profile
View More Activity

October is Cyber Security (Un)Awareness Month

October is Cyber Security Awareness Month, and it seems many people are in need of some serious awareness-raising on this front. A recent survey indicates that while more than 80 percent of computer users thought they had firewall software installed, follow-up inspections found that only half of those users actually had the software installed or running on their PCs.

The data comes from a poll of 3,000 Americans conducted by Zogby International, with security vendor Symantec conducting follow-up manual computer scans on computers belonging to 400 of those surveyed. While the study suggests that Americans seem to be well aware of whether they have up-to-date anti-spyware and anti-virus software installed, only 52 percent had anti-spam filters set up, even though 75 percent thought they did, Symantec found.

Fifty-one percent of those surveyed said they had been targeted by a phishing attack, a scam that uses spoofed e-mail to lure recipients into entering personal or financial data at fake bank, e-commerce or social networking Web sites. In about 65 percent of those cases, recipients said the phishing e-mail looked legitimate.

More than half (54 percent) reported having their computer infected by a virus, and just 21 percent said they felt their computers were "very safe" from hacker attacks.

There are plenty of free security products available, but since there are also plenty of malicious software titles now masquerading as legitimate (see my recent scareware post for more on this), I thought it best to name a few here.

Tips and tools after the jump.

If you suspect you're security awareness-challenged, AOL's Active Security Monitor can scan your computer and tell you whether you have a firewall installed and active, and whether your system is protected by up-to-date anti-spyware, anti-virus software.

Some of the more established free anti-virus software titles include AVAST!, AVG Free and Avira's Anti-Vir.

Free anti-spyware applications include AdAware 2008 Free, Microsoft's Windows Defender and Spybot Search & Destroy.

Windows 2000, XP and Vista computers ship with a firewall built in. For users searching for firewalls that are more configurable and more consistent in flagging suspicious Internet activity, ZoneAlarm is a good choice. Comodo Firewall Pro is another excellent option, but it can sometimes toss up a ton of warnings when you're trying to install software.

There are literally dozens of free programs available to help block junk e-mail from ever reaching your inbox. About.com had a nice roundup of their favorite free anti-spam programs.

Trend Micro's HijackThis! is a simple yet powerful tool that can help you regain control over which programs are allowed to start when Windows boots up. This software is indispensable in cleaning up machines infested with spyware, as well as for regular system tuneups.

Site Advisor is a useful service that tries to give warnings about the safety of sites returned in search engine results. The Site Advisor browser plug-in works for both Internet Explorer and Firefox.

I encourage people to browse the Web with Firefox over IE for two major reasons. First, my own investigation has shown that Mozilla fixes security flaws found in Firefox far faster than Microsoft plugs IE holes. Secondly, there are a crazy number of free plug-ins for Firefox that aren't available for IE, add-ons that make the browser more fun and secure. In my opinion, the single most powerful security plug-in for Firefox is Noscript, which blocks malicious Web sites that try to use javascript to conduct their drive-by downloads. Noscript takes a bit of patience because it blocks javascript on all sites unless you carve out one-time or permanent exceptions for those sites. It's not a perfect tool, but it has saved my bacon on a number of occasions.

Finally, it's important to note that staying safe online isn't a set-it-and-forget-it exercise that can be completely taken care of with software. Avoid clicking on links or attachments that arrive in e-mail you weren't expecting, even if they appear to come from someone you know. Also, take care with the software that you agree to install, and remember Security Fix's rule of thumb: "If you didn't go looking for it, don't install it."

It's also vital to stay up to date with the latest patches for your operating system, and for any third-party software you may have installed. Reading this blog is a good way to stay abreast of those updates, as I try to write about updates for the most widely used software, such as Adobe Reader, Flash, iTunes, QuickTime, Winamp and Winzip, to name a few.

Finally, I'll insert the obligatory reminder that one of the best ways to protect your system from malicious software and online attacks is to run your computer under a limited user account for everyday use. Instructions on how to do that are here. If you find that certain software no longer works or plays nice with the limited user account, you can always dial it back a bit and use a program like DropMyRights instead. DropMyRights lets you set programs you choose to run under a limited user mode, so that those programs do not have rights to modify key system settings or install software.

By Brian Krebs  |  October 2, 2008; 9:30 AM ET
Categories:  From the Bunker , Latest Warnings , Safety Tips , U.S. Government  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: New Federal Law Targets ID Theft, Cybercrime
Next: House.gov Still Plagued by E-mail Deluge

Comments

Another tip to add, the freebie online "self-test" for third-party apps that may be installed, from Secunia:

- http://secunia.com/vulnerability_scanning/online/

.

Posted by: J. Warren | October 2, 2008 10:31 AM | Report abuse

In keeping with the theme of Cyber Security Awareness Month, The Business Software Alliance just release a report documenting the trends in Internet-Based Software Piracy. The report, entitled Online Software Scams: A Threat to Your Personal Security, describes the growing scope of the Internet piracy problem, the links to identity theft and other forms of cyber crime, and the steps that are needed to reduce Internet-based piracy.
T

http://www.bsa.org/country/News%20and%20Events/News%20Archives/en/2008/en-10022008-internetpiracy-report.aspx

Posted by: Business Software Alliance | October 2, 2008 11:39 AM | Report abuse

Brian - Hijack this is a great tool, but people need to be told to not post hijack this results on internet help forums. Hijack this results are TMI to be posting on the internet and can give attackers lots of info.

Posted by: RJ | October 2, 2008 12:42 PM | Report abuse

+1 on No Script. Powerful tool (a bit annoying to deal with at first, as you set up the allowable domains for scripts as you experience them), but a great way to control the experience and protect against tracking scripts and other nonsense.

Posted by: Chip | October 2, 2008 2:50 PM | Report abuse

Excellent article, Brian ! But in my opinion the major operative paragraph was the following :

Fifty-one percent of those surveyed said they had been targeted by a phishing attack, a scam that uses spoofed e-mail to lure recipients into entering personal or financial data at fake bank, e-commerce or social networking Web sites. In about 65 percent of those cases, recipients said the phishing e-mail looked legitimate.

Even with an effective firewall and anti-virus programme installed, in the event a user lets him or herself be fooled by letters from Nigeria offering millions for the «loan» of one's bank account or by another letter purporting to be from his or her bank informing them that an attempt has been made to hijack their account and that therefore the account information must be re-entered and updated «for security reasons», he or she is going to be victimised. Firewalls and anti-virus programmes are absolutely necessary, in particular for Windows users, but a good dollop of common sense is also de rigeur - it is extremely unlikely that perfect strangers are going to choose to make one a gift of several millions of dollars, and equally unlikely that one's bank is going to ask one to enter account information in response to an email....

Henri

Posted by: M Henri Day | October 2, 2008 3:11 PM | Report abuse

@Bk:

- Windows 2000 does NOT come with a firewall built-in.
- Windows 2000 does not support Internet Explorer 7

Posted by: David | October 2, 2008 3:40 PM | Report abuse

Cyber Security Awareness Month is a great campaign to help raise awareness with consumers about online security and safety from threats such as phishing, spyware and identity theft. While the three core components of firewall, AV and anti-spyware provide a solid foundation for securing systems, web filtering and web security software complements these 3 technologies very well to provide an additional layer of defense from malicious websites or the accidental browsing of a link in an email by a child.

Enterprises and organizations have been utilizing web filtering software from vendors like Websense and Surfcontrol for years, but this technology hasn’t readily been available for the home. Livia Web Protection ( http://www.liviaweb.com ) is a new web filtering solution for the home that is powered by Websense technology - this type of software, working in conjunction with AV, firewalls, and anti-spyware, can help safeguards families from online security threats while helping parents manage how their children use the Internet.

Posted by: Donald | October 2, 2008 3:58 PM | Report abuse

SpywareBlaster is a good tool. Also, read in plain text and block remote code, block third party cookies and be careful where you surf on the web. Finally, check out the us-cert.gov website about current vulnerabilities affecting software.

Posted by: Dan | October 3, 2008 3:13 AM | Report abuse

Brian - HijackThis is a tool for nerds. I am a nerd myself and I know a nerd tool when I see one. I started with HijackThis ten years ago till the guys at AnswersThatWork.com came up with their Ultimate Troubleshooter tool.

The world has moved on - you should not be recommending a tool like HijackThis which used to be fantastic but is now seriously old school and totally un-user-friendly when compared to the best of today's more modern tools.

AnswersThatWork's Ultimate Troubleshooter is Safe, Simple, Plain English explanation, 100% accuracy, effective, and instant results (no need to wait for other users to analyze the HijackThis report for you). You simply cannot beat it for getting rid of background programs or tuning the services and startups that you need vs the ones you don't need.

Brian - you should check it because once you've seen it I don't believe you'll ever recommend HijackThis to day-to-day users.

Ilka

Posted by: Ilka | October 4, 2008 11:40 AM | Report abuse

I couldn't agree more with Donald. The point of spam is to get you infected and the real money is stealing identities. The FTC reported over 9 million reports of identity theft and there are bound to many more unreported incidents. To effectively steal your identity, the phisher needs to get you to open or download and install an application. The primary mode of infection today are "Bots." Software the phisher or spammer can remotely control over the internet. As Donald describes, this is accomplished primarily through links in email getting you to a bad website.

While no tool is 100% effective in detecting and removing Bots, internet users can go a long way in protecting themselves through prevention. Along with a good AV and Firewall, using safe search tools and browser filtering is key to alerting you to risky sites. Tools such as Microsoft's IE pishing filter, McAfee's Site Advisor, and in some cases, good parental control software can be used to prevent visits to bad web sites.

Posted by: Jay | October 5, 2008 10:45 AM | Report abuse

The trouble with Microsoft's firewall is that it's inbound-only. It doesn't block outbound, so if you *do* get infected, you've got nothing stopping it from phoning home.

Posted by: Mackenzie | October 5, 2008 9:45 PM | Report abuse

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company