Internet Security
Wednesday, November 18th 2009 @ 10:31 PM (not yet rated)
Internet Security is a big issue for most of us.
It it reassuring to know there are many steps we can take to ensure we’re as safe as possible online.
In our one hour chat with Charly Leetham we looked at what internet security means, we spoke about the terms that are used, and Charly described how it is possible for some of these problems to get into our computer.
And very importantly Charly let us know of what we can do to protect ourselves.
Below are the key points from the transcript of our chat. If you would like the full transcript, members can send an email to me at: info@thewebonwheels.com.au Just put Internet Security transcript in the subject line, and I’ll send you the copy.
KEY POINTS:
Overview of what internet security is about and what some of the terms mean.
Internet security to me is a bit like making sure that your house is secure and that the undesirables can't get into your house unless you give them permission to enter. And really it's such a wide topic and there are lots and lots in the news and I am sure people get really scared when they hear the news reports about the "new greatest worm" or the "new greatest Trojan" that's going to attack their computer and take all their data and send their data out to everyone. And whilst the possibility exists as long as you've got the right things in place you will be protected 90%-95% of the time.
So really it's a matter of making sure you've got the right things in place and you understand the basics of what's going on so that you can protect yourself. So that's what really internet security is like for me; it's like making sure that undesireables don't enter unless I give them permission. You might think that's a bit funny saying, "Why would you give an undesirable permission to enter?" I'm a tech; sometimes I want to see what it does. And sometimes the odd one slips through and once that odd one slips through what do you do and how do you handle it?
So let's have a look at some of the jargon that you've probably heard in the scheme of things. The first one you have is "a virus" and that's a general term that means anything that can infect your computer. Now we used pretty strong language here; it's pretty scary language. It's like, you know, you've got a flu and it's spreading through your body or your computer. And that's literally why it's called a virus because it does actually get into your computer through various means and it can propagate itself; it can replicate itself; duplicate itself on your computer and it will eventually cause you're computer to run slowly; it might just keep shutting down or it may just chew up lots and lots of internet bandwidth as it sends out stuff to the internet without you knowing about it.
So that's your first term - virus. And I use that more as an over arching term. Your viruses can also come in a number of different variations. The first one's a Trojan and anyone who knows the story of Helen of Troy will know about a Trojan horse. And that's why it's called a Trojan because it normally comes into your computer or onto your computer in a legitimate manner. You normally open the door and let it in and it can be attached to a file; it can be attached to a download.
Normally these things have to be attached to something so they have to come in on a file of some form and normally it's a file that has to run onto your computer. So if you open a word processing document that runs that word processing document on your computer and if there is a virus in there it will let it out. It may infect your computer. If it's an executable file so something that you double click on to run generally; if it's got a virus in it will infect your computer. But it's got to be something you physically open on your computer for your computer to be infected.
So they're viruses in Trojans and the Trojan basically comes in in a legitimate manner and it will set on your computer and it will generally gather data and then transmit that data back to a central point across the internet. And this is why people say "be careful that you don't have password stealers on your computer". A Trojan is typically your password stealer. A very innocuous Trojan is one that sits there and sends back all the sites that you look to a central point. Now it's innocuous in that it doesn't do anything bad but it’s invasive; it's an invasion of privacy and it also uses your internet bandwidth and it can just go away.
The final piece of jargon that people may have heard and it's not used so much now because I think it's been de-sensitised is the word "worm". I'm sure you've all heard of the "Melissa Worm" I think it was where the guy whose girlfriend dumped him sent this thing out into the internet and infected thousands and thousands and thousands of computers. The scary thing about a worm is it doesn't have to be attached to anything; it will actually propagate itself and what it does, I'm not entirely sure how it does it, but literally what it does it comes and it looks at all of the internet connections on the internet and it will have a look to see which ones have got "hot doors" open. And it will come through those little doors and attach itself to your computer and then it uses your computer to bounce off to the next point; to the next point; to the next point.
Worms are the most dangerous things around because they actually act on their own; they're almost a form of artificial intelligence if you like. Don't get too scared yet because there are ways around it; to stop these things coming in.
So that's the jargon when we're looking at - infections that can get on your computer and cause problems for you.
The only other thing we should really mention is the term "phishing" and that's phishing with a "ph"; so phishing. Now it's called phishing literally because it phishes for your personal information. And out of all the threats on the internet phishing is the hardest one to protect against literally because phishing attaches to us; it attacks us in a social manner. Anyone whose heard of social engineering - I'm sure you've seen it Vivienne. Sales people kind of do social engineering quite well where they'll ring the receptionist and say, "Oh could I have the name of your manager please?" And then they'll ring back later and say, "Oh is Jane there please?”
Now that's social engineering - and phishing is very similar in that manner. I am sure you've all seen the emails that have come in that say "You're banking access is about to be de-activated. Click here and fill in all of your personal details." Well generally you're not going to be taken to the bank when you "click here" You're going to be taken to somewhere that harvests all of your personal information and once they've got your personal information they will then go and, say you've got one in from Westpac Bank and you've clicked on that and filled in all of your personal information. They'll then go to Westpac Banking online and try and access your account using the personal information you've given.
And the reason I say it's the hardest to protect against is because it requires us as human beings to be able to filter it and say, "No I am not going to do that. That doesn't look right to me". So I've got a few tips around that one too.
So let's have a talk about how some of these viruses can get in. The first one is the simplest one and that can come in on an email. It's generally, this a been a threat from time everlasting is that someone will email you an attachment to an email and you go, "Oh look so-and-so has sent me a picture of their latest holiday" and you double click it. And, before you know it, you've been infected with a virus. Now as Vivienne said earlier unless you know who's sending you the attachment you probably best off not opening it.
There are a couple of things to check when you're opening an email from anyone. Let me just go back to the email client. Vivienne I don't know how you set your client's up but you know when you've got the preview panel?
I turn those off because when you have the preview panel it actually executes any code in the email without you even opening the email. So if there is malicious code in there; anything that will load a virus, it will load then and there. Even in the preview mode. Because the preview mode is actually opening the email to give you the preview.
Okay so the types of documents that you probably will receive in general are .docs, Microsoft Word documents if you're editing something. You might get a pdf document and I've got to say that a pdf document is probably the safest kind of document to have. So if you're thinking of sharing information with people; like sharing a document with people try to get it pdf'd. And Viv there are a couple of great services online that will take a .doc file and make it a pdf. So you might want to share some of those resources as well.
And .bmp files, because they come from Windows Draw. So they're the types of image files that you might receive. So when I receive in an email I automatically have a look at the document type that has been attached to it. So if it's a .doc I know it's a Microsoft Word document and I'll be a little careful of it but it's a Microsoft Word document I should be alright with it.
And the way that we then identify which document it is, you actually have to look at the name of the attachment. Look for the attachment, and look at the very end of the file name. There will be the dot ( .) and then whatever it is that will tell us what type of file it is.
Look at those filenames. If it's a .doc; a .xls; a .pdf; or one of those image files like .jpg, .png or .bmp, then I can be reasonably confident that it won't be a bad thing. The other thing you might end up with is a .zip file and will contain multiple files in one file. Now you do need to be careful with .zip files. They tend to become compromised - infected a little easier than the other documents. And some smart cookies out there use those to send infections through the email. But they'd be the next most safe attachment that I'd open.
The final ones that you'll probably get through that you really need to take care of is a .scr.
Now you might get an attachment through that says .scr.zip. If it has the .scr in there at all - do not open that message, do not open that attachment at all. A .scr file on a Windows machine is used as a screen saver file. So you know when you just add screensavers to your computers? Well the screensavers have a .scr extension. So do viruses. So please use it and then delete the email. Don't even open it.
Now if you receive an email from a friend with a .scr attachment delete the email and contact your friend straight away because their computer is infected. Just contact them and let them know that they've sent you an email with a .scr file.
If you are on hotmail or Gmail you might want to report the email as spam. If you've got a "report spam" button, use that. Certainly use that facility because that will end up getting that particular email address banned. It's a drop in the ocean but it's another drop in the ocean.
So that's one way that viruses can get onto your computer – through emails, and it's the most common way.
What I've been seeing more recently and more scarily is you can also pick up a virus by browsing a website.
Oh yeah and it's also a bit rude. And what happens is now I'll use the term malicious code and I'll say it’s malicious because the intent is to cause damage right? So some malicious code ends up being embedded in the code of the website and when you go and load the webpage you are essentially executing the code that is on the website on your computer so that you can get the picture up; the website up. As you do that it also triggers the little darling virus to be downloaded to your computer. And then the next website you go and browse that little darling virus will try to upload itself to that website and infect that website.
And this of course with the advent of the internet and the growth of websites. I use the term "cloud computing" where you've got everything situated on the internet. A lot of people’s emails are on the internet – like hotmail and Gmail. Most of my documents are on the internet; I don't use them locally. It's becoming more of an issue that we do need to watch out for. And really the only way to protect against that is to make sure that you've got a good quality anti-virus product because a good quality anti-virus product will actually look at the data being downloaded from the website and clean it for you.
Have you ever been to a website where there’s a message saying this site is not available – it has been compromised? That's Google that does that. Google's got a really, really, really strong security arm and it goes out and as it indexes sites, it's also scanning sites for malicious code. And if it detects malicious code it will actually put it into a directory, a registry somewhere, that the browsers go and check before they go to a website. It's pretty amazing stuff.
And if you go to a site that has been compromised don't think badly about the website owner they probably don't know. They've probably been done in just the same way as you can get done in that someone's browsed over the site that's got the code on it; it's downloaded to the computer and they've gone and browsed your site or the website owner's site and the malicious code is uploaded to their site as well. So don't think poorly of the poor website owner. They're probably more of a victim than anyone else.
Let’s move on to protecting yourself.
We've said all the bad things but let's reassure people there are certainly steps we can take to minimise all of these risks.
First of all take into consideration all the things I've said about the attachments that you open and just exercise caution regardless of any internet security software that you're running on your computer about what you're opening. But the best thing you can do is run a piece of internet security software. My statement is "no internet security software no browsing net, no connecting to networks even" and I've got a lot of computers in this house and they're all connected via a Network and if 1 computer doesn't have anti-virus software on it it gets turned off until the software gets put on it.
I've used the term very loosely "anti-virus". There are different parts to internet security software. There is the anti-virus part which will look for the viruses and the Trojans that get downloaded through attachments. So what that anti-virus software does is it sits in the background. When your computer loads it automatically starts up and it sits in the background and whenever you load a document, if you can imagine, it's like putting it through the old-fashioned washing machine wringers.
The documents literally are put through there and it's filtered. And the anti-virus software looks at digital codes that would indicate that a virus is in that document. If it finds a virus in the document it will tell you and depending on how you have the software set up it may try to automatically clean the document and let you open it; it may tell you that, "You've got a virus and what do you want to do?" And it may just simply quarantine the document and say, "No you can't open it because it's got a virus in it".
So my recommendation for everyone is that you should have it set to automatically clean and notify. So you want to know that you've had a virus; you want to know that something's come down and been infected but you also want it to be automatically cleaned.
And it does that for everything that you open on your computer. The other thing that anti-virus software or internet security software will do is it will scan your computer on a regular basis as long as you've configured it to do that. And makes sure that nothing snuck through while it blinked its eye or something. And you should be scanning your computer at least once a day.
I probably wouldn't do it more than once a day because a good scan can take an hour or so. And I generally don't do those quick scans that they say, "oh just do a quick scan". I do a full scan and I scan the whole hard drive.
I like to be doubly, doubly certain and my business revolves around this so I can't afford to have an infection at all. Mine gets scanned at 3am in the morning.
And you can also set it to scan on "start up". So you might want to make that just part of your daily routine. When you start your computer up you know the anti-virus scan is going to be running. So you start your computer up and go and make yourself your cup of coffee; have your breakfast do something and then come back.
The other thing is when your computer is being scanned it will affect the performance of the computer. So it might run slowly for the time the scan is running; it's worthwhile knowing that and going to do something else because it just frustrates me no end.
Another issue is JavaScript. This is another term, meaning that someone made something look really good on a website. Now I know some people are going to say, "Oh you should turn JavaScript off on your computers". But the problem with that is there are lots of really cool functions that use JavaScript and they are really, really helpful functions. And you're going to find that there are more and more websites out there that support JavaScript and use JavaScript. And turning JavaScript off on your browser is just going to cause you more grief than not.
Make sure you've got a good quality virus scanner and you're running your updates and all the rest of it. And see how you go and if you do happen to get infected by 1 site you can always report that 1 site". Touch wood.
Now we come to Firewall. I’ve left it till now because there are two types of Firewall and to me a Firewall is absolutely imperative. You should not connect to the internet unless you have a Firewall running. Now you can have a Firewall that runs on your computer and it generally comes as part of the internet security suite. I'm trying to think of how to describe it. It comes from the term do you know in the car when you've got the wall between the engine and your feet?
That's called a Firewall and the reason it's called a Firewall is that it is relatively thick; it's treated with special chemicals so if the engine does catch fire the fire doesn't spread through the cabin of the car quickly. It gives you time to get out. So it literally separates the engine base from the cabin of the car. A firewall sits between your computer and the internet and will generally allow data out but it won't allow data in unless you ask it to come in. Now you can ask it to come in in 2 ways. When you send a request out to a website and say, "Send me data" you're requesting that data so it's going to come back in through that firewall; the firewall knows that you've requested that information it will let the data through.
You can also configure your firewall to let particular types of data into your network. The example I give generally is I used to be able to connect to my retail stores from home and take control of their computers to have a look at what my files were doing and what my staff were doing - if they were having trouble with a sale they'd call me and I'd connect into the computer they were on and I would walk them through the sale. Now I had to configure my firewall to allow a connection from my computer sitting out in internet land into the store otherwise it would have just said, "No you can't get through".
And I did some pretty special things about how it would only allow a connection from my computer and not everyone else's computer to do that. So yeah that's why a firewall is so important because remember I spoke about those little wormy things that sort of sit out there and they come in and they look for open doors? A Firewall closes the door.
And really what comes out of that is, and the tests actually prove that, is when pretty certainly with the Melissa virus or Melissa worm, when it hit computers that were running a firewall were not affected. Now I said there are 2 types of firewall - there's 1 that runs on your computer that comes with your internet security software; if you're running just 1 computer that connects directly to the internet you need it running on your computer. If however you've got what I've got and you've got a couple of computers that you've managed to connect up and they connect up to through the one point to the internet you really should be running what I call a "hardware firewall". And that's a box, physically a box that sits between your internet and your local area network and it does exactly the same thing as a software firewall but it does it for the whole network. Then I don't run the firewalls on my local computers.
And you've turned it off because you're working in an environment where you're already firewall protected.
So really if you've got to that point your risk of infection is very, very, very low. Now there is one last thing we should cover off in terms of internet security software and making sure that your protection remains current. Well there's two parts to it. One is that the software generally comes with an annual subscription and you pay annually for your software and people think, "Well what do I have to pay that for?" I don't know what the statistics are but I know there is at least 1 new virus created every day at least and released into the wild.
Now the idea of this annual subscription is that you can while you have a valid subscription download all the new updates to the computer for your internet security software. And those updates will protect you from the new viruses that are released. Now you should be doing those updates at least daily.
I know that about 12 months ago people were saying, "Oh you only need to update your anti-virus, people call them "signatures"; if you hear the term anti-virus signatures that's what we're talking about. It's a little file that comes down and gives you the new virus protections. But people were saying, "Oh you only need to do them every couple of days". Do them daily please.
So if you've got all of that in place and you are exercising caution as to what files you're opening, making sure you've got your scans being done daily and that you're updates are being done daily you will have, touch wood, generally a clean environment. It’s highly unlikely that you will become infected.
There is, however, that 1% chance that you may become infected and the reason that might happen let's say that your update is scheduled at 11.55am of today. But at midnight last night someone released a new virus and for whatever set of consequences has happened you've managed to find where that virus as propagated to. Your update hasn't gone through yet and you visit the site and you get infected with this brand new virus. It happens. I mean it's an incredibly convoluted set of circumstances that that's going to happen but it does happen.
Now if you do find that once you've done your update and you do your scan or you've operated for the day and someone rings you and says, "Oh did you know you've been sending out mails that are really funny?" Don't panic, make sure you've done your update, run your virus scan, run a full system virus scan and you should be cleaned.
Well all those security things have come a long way in the last few years and while there are sneaky clever people out there, there are also very clever people on the protection side of things. So yeah they do have things in place. Like you said, if you are unlucky to get it then it's great to know that most likely when you tell your internet security software to go and have a look what you're computer is like next time, it will find it and it will fix it.
Newspapers and TV beat things up. if they do come out and say, "Look there's another virus heading in and they reckon it's going to be bad" what I tend to do then is go and force an update, because the anti-virus providers have known about it because they've told people which is how the media got it. So I'll go and force an update and make sure I've got the latest update then and there. And you can make your software do a manual update every now and again.
And as for that other 1% we just have to be on our toes, have our wits about us and if something doesn't look hunky dory then just leave it. If it's something important that person will contact you again and just know that a bank or a financial institution or any reputable company will never, ever, EVER, send you an email asking you to give them your personal details. They'll never ever ask for it.
Here's a couple of things that I really want people to take on board when they do receive these emails because I did say I would give you some practical steps around that.
The first thing I will do is I will log in manually to my internet banking portal and I will see if there are any messages there for me. So I won't click on the link that's in the email message. I'll have a look at it and think, "Oh it might be legitimate", I generally think, "No it's not" but if I feel it might be legitimate I'll go and open my web browser and I will manually log in to my web portal. They'll always have messages on there if they need you to do something they're always have messages on there.
If it's really important they'll send you a letter in the mail. The banks are still great at snail mail.
And the other thing I tend to look at and it might be a little difficult for people to visualise so you might want to do some screen shots for them Viv, is when you get these emails in if you mouse over some of the links, it will actually give you the URL it's going to link to.
Viv: Oh yes I have done a video of this but our newer members won't have seen this so I'll send that out to everybody to show you exactly how easy it is to do that and what you'll actually see. Thanks for reminding me, I'd forgotten about that. Link: http://tinyurl.com/nxyyqj
And the final one is if you are not certain, ring your bank. Ring their security line or ring their free number or whatever and ask them. Now places like eBay and PayPal if you were to send an email to spoof@ebay.com or paypal.com and just forward that message through they'll love you for it. I am sure they don't really but they ask you to do it because it allows them to track people who are phishing and there actually have been cases were people have been charged with fraud for doing it. So they have got their act in gear in that respect.
And most of the banks will have an email address and I'm not sure if the email address is security@ or spoof@ but they will have an email address you can forward those emails too as well. They've got some pretty smart IT security guys working for them that will try to track that down as well and they will bring criminal charges against them too. At the very least it will get them taken off that particular connection.
One other little tip I have too - if you still really want to check out this website and you still think it's right and there's something still nagging you; if you really want to, I agree you should physically type in the website address yourself - don't go via the link - just type it into Internet Explorer or whatever your using. But if you are at the website and you're still not sure, type in your username - that's fine - and then just type in a false password - type in x y z. If that's a legitimate website they'll say "incorrect password" and if it's a false website they'll say, "Oh thanks very much we've got your password" but of course it's wrong. So if they've accepted a password that you know is wrong you know it's a phony website.
Yes and I think you shouldn't underestimate what our security and law enforcement are doing around and these sorts of things as well. They're taking it very seriously.
So make sure you have a high quality anti-virus software or internet security software installed on your computer. Now you can download free versions of most of the internet security software. Just be a little careful. Those free versions aren't full function versions. They will be missing a key component. One version I know of for a long time didn't scan incoming websites. So when you surfed on the internet it wasn't scanning the data coming in. And I found that out because one of my clients got infected and they said, "But I am running the free version of this". And I said "Look, it’s not scanning the websites you visit, so that's why you've got done".
Another version will let you scan your computer and tell you that you've got an infection but you can't clean it until you've paid for the licence. I mean it will stop them coming in, but once you're infected you can't do anything until you've paid for your licence. So I always say to people "For under a $100 a year and generally you're talking between $30 and $50 a year per computer, it's the best investment you will make in your peace of mind. And just do it. Just pay for it."
People say, "Why can't I just use the free version?" You can, absolutely. But just be aware that it's probably not fully functional.
SUMMARY
- make sure you've got your high quality internet security software installed and
- it’s configured on your computer.
- you're running your system scan, a full system scan once a day and
- you're updating the software daily as well so that you get all the new information about the new viruses that they have created solutions for.
- when you receive an email and you get an attachment in it - make sure you know what that attachment is; that it's the right kind of file that when you open it you're comfortable that it's that kind of document.
- if you get an attachment that has an .scr or an .scr.zip attachment don't open it at all. That's guaranteed to be a virus.
- If you get in an attachment from someone that you don't really know, you're probably better off not opening it and just seeing if they come back to you and ask you about it or respond to you. It is not unusual for someone to send an attachment that is an infected to someone they don't know to see how effective that process really is.
- make sure you've got the firewall for your internet security software configured.
- and if you're not going to run one on your PC because you've got multiples, make sure you've got a firewall on the network between the internet and your computers and that it is configured properly. That's going to save you lots and lots and lots of heartache.
- if you are running one firewall on your network and you take your computer elsewhere - make sure you turn your firewall on. And protect yourself when you're outside of your environment.
- and social engineering or phishing. If you've received something asking you to confirm your details, do so manually if you feel that you have to.
- contact the person who has said to have sent you or the organisation that is said to have sent you the verification. Ask them if it’s legitimate. Treat any request like that in a suspicious manner because it's not standard process.
Thanks Charly!
END OF TRANSCRIPT