What are the real, everyday security risks for the average user, and what can you do about them?
There’s often refereed a lot of hyperbole surrounding the coverage of PC security, hacking and cybercrime, not helped by over-the-top movies that paint a totally different picture to real life and real world news that tends towards sensationalising the topic. Such coverage ultimately leads to unwarranted fears and a general misunderstanding of the real threats. People can easily become too worried to even use the Internet, or at least venture away from their daily, already known websites.
However, as much as it may be misunderstood, PC security really isn’t the big bad beast it’s often built up to be. Yes, there are risks, and yes, you need to be careful, but the truth is, you’re much safer than some members of the media would have you believe, you just need to know how to conduct yourself online, and how to protect your PC. This is what we’re going to look at here, beginning with the basics.
Viral Marketing
The first thing most PC users concern themselves with in terms of security is antivirus. Viruses are still the most common, and easily understood threat for the average PC user, especially those who browse the Internet daily and use a lot of downloaded software. Viruses are made up of malicious code that can have a wide range of effects on PCs, Some viruses cause instability, others can corrupt data, and there are some that can prevent you using your PC or specific programs.
Many viruses are simply annoying or inconvenient. They may prevent the use of your PC, but beyond that, there’s little more to worry about. However, other viruses are much more threatening. There are infections that can steal data, including bank details and other personal info, whilst other viral infections can even turn your PC into a zombie. Your PC won’t start chasing you around the room shouting “braiiins!” or anything, so don’t panic. Instead, your PC could be turned into a system remotely used by hackers to attack other targets without you knowing. Often this is how DDOS attacks are instigated, but we’ll cover this later.
Luckily, viruses are constantly monitored by security companies and the PC using community. New viruses are discovered and quickly neutralised by antivirus applications. These programs are updated constantly with new definitions are loaded into desktop applications, allowing them to detect and eliminate the new threat. This is why it’s very important to have an up to date antivirus application installed onto your PC at all times. Most virus infections are relatively benign, but there are more serious ones out there – and, no matter how rare the instances of serious infection on home PCs may be, why risk it? An antivirus app, even free ones such as Avast or AVG could save you a lot of trouble.
This being the case, with protection so readily available, viruses in the home PC environment are usually a minimal threat, mainly consisting of inconvenient attacks, rather than dangerous ones. The real issue with viruses is their infectious nature. Most major virus threats are aimed at larger targets, such as large companies or government agencies. It’s from here that they tend to spread to the rest of the world, including home PCs. Rarely will specific consumer PCs be targeted, and major problems are usually the result of secondary infection. This could be part of the instigator’s plan, or just ‘collateral damage’, if you will.
This means that a lot of the major infections are often contained quickly as the company’s IT department will locate and tackle the problem before it spreads. This isn’t always the case, of course, and some viruses do leak out into the world, but those major attacks you hear about in the news are usually prevented from spreading. However, there are some basic steps you can take to further protect yourself alongside your current antivirus app.
The first, and most important defence is vigilance and common sense. Many viruses, particularly those that do target the home user are spread via email attachments or via downloaded programs. Other avenues include pirated software, key generator tools and other ‘cracking’ software, and even scripts that run on some websites. Viruses won’t announce their presence, and rely on delivery methods to get them into place.
Email Etiquette
Email is used by almost every computer user on a daily basis, and due to its social saturation, it’s become a major target of those wishing to spread viruses. Unsolicited mail, mail bombs, and even threats not containing viruses like email scams, they’re all problems, but can be avoided. Avoiding email attachment threats is easy enough, simply don’t open anything you’re not sure of. Unless you know the person sending you an attachment, or you’re expecting it, don’t open it.
Even if you do know the person, however, they could unwittingly be passing on an infection, so always check what the attachment is if you’re not sure, and use your antivirus program’s email scanning function. Be especially wary of application attachments such as .exe files, and always scan archived attachments, such as .zip or .rar.
A common form of email threat is the self-replicating worm. This is when an email virus replicates itself by stealing addresses from a target’s address book. It then uses these emails and sends itself on. This causes exponential growth, and the virus spreads. You can avoid this by keeping your antivirus up to date and ensuring you have a decent email scanner, as well as just being careful.
As with email attachments, if you’re not expecting a mail, or don’t know the sender, don’t open it. You’ll likely know what kinds of mail your friends and family will send, and should be able to spot a suspect message. If in doubt, check with the source. Remember, the sender may not even be aware the message has been sent.
Email scams are another kettle of fish. These are many and varied, and attempt to trick people into divulging sensitive information, or to even part with money. We’re all familiar with the endless Nigerian scams that promise millions of pounds in exchange for bank details, but there are many more, including fake bank emails that request your details, lottery wins, and other tempting offers.
The simple truth here? If it’s too good to be true, it usually is. It’s cliché, yes, but it really is the truth. If you’ve never heard of a lottery, or never bought a ticket, you’re not going to be given millions out of the blue. Giving your bank details to a total stranger in another country, whether they’re an ex-prince or not, won’t net you a fortune. It’ll do the exact opposite. Banks will also never request your detail via email.
Some email scams are very convincing, though, and they can be a danger. The only way to avoid these is to double check. For example, if you get an email that’s supposedly from your bank, never use links or contact details in the email if you suspect something is not right. Instead, contact your bank using information on the official website, or go into your local branch. Remember, it’s very easy to acquire bank logos and fonts, so don’t think an email is real just because it looks the part.
Danger Download
When it comes to downloaded applications, it’s hard to be sure if a program is safe or not, as antivirus scanners can’t always accurately tell if a compressed file contains a threat, so you need to be extra careful. If possible, try to obtain software from official websites rather than download libraries. If you can’t download from an official site, stick with the larger, better known download sites, as many of these tend to take more steps to ensure their downloads are clean and safe. Even then, use caution, and read reviews and user feedback on the download.
A great way to test downloaded applications and other potential problem software is to use a sandbox. This creates a segregated run space that has no access to the rest of your system. If you run anything that contains a virus, the infection will be unable to spread. A good option for this is the free tool, Sandboxie (www.sandboxie.com). This is easy to use, and will give you a great level of protection against threats.
Alternatively, using a virtual PC is another good way to ensure your protection is as solid as possible – even better than sandboxing. There are free options here, with a very popular option being VirtualBox (www.virtualbox.org). This requires another license for your OS of choice, as well as plenty of system resources, as your PC is essentially running another, second system. If you can do this, however, it’s arguably the best security measure to take, and applies not only to downloaded programs, but almost anything else.
Peer-to-peer Beware
One of the most popular methods of downloading large files over the internet is by using Bittorrent. It’s also, by far, been the most prominent method of downloading pirated content for quite some time. As such, has also been known to act as a delivery method for viruses and other threats.
Due to the nature of torrent files, being peer-to-peer rather than centralised, it’s hard to track the source of content, and to detect threats. If you decide to use this download method, you need to be careful you don’t unwittingly download anything harmful. For that reason, it always pays to take a little extra time to thoroughly read any user comments connected with the torrent file you’re about to download. If you can’t find any, try to locate the file you need elsewhere.
While there are plenty of above-board uses for bittorent, which pose no more (or less) risk that other download methods, the truth of the matter is if you choose to download pirated, illegal content, the risks are amplified. Such content is much more likely to harbour threats than files downloaded from legitimate sources. If you do this, and pick up a nasty along the way, official support will be out of the question, due to the nature of your download. You’ll be on your own, so once again, you do so at your own risk. Of course, we don’t condone this.
Home Hacking
The term hacker has become pervasive in media, especially in recent times thanks to high profile attacks on companies such as Sony and Microsoft. In simple terms, hacking is a method of bypassing security and accessing otherwise impenetrable systems. Hackers can crack passwords, bypass firewalls, access databases, and more, often resulting in the theft of information.
Usually, in instances like this, companies affected will inform their customers, warning them of any possible intrusions. If this happens, and you may be affected, immediately consider changing passwords, and if the intrusion may involve financial information, always keep a close eye on your bank accounts and credit cards. Just in case.
You’ve probably heard of DDOS (Distributed Denial Of Service) attacks, namely the previously mentioned Sony and Microsoft attacks. These were widely reported as hacks, but in truth, they weren’t actually intrusions. Rather, they were an attack that overloaded servers by flooding them with false requests. This high level of fake traffic brought servers down, thus causing problems. There was no data theft here, and so nothing to worry about other than a temporary loss of service. However, the DDOS attack uses a network of zombie PCs, and this is where the home user could possibly be involved.
DDOS attacks are launched using an army of unwitting systems to flood a target with traffic, and in order to turn a PC into a zombie, a Trojan virus is usually needed. Again, the best way to try and stay clear is to keep your antivirus active and up to date. You should also ensure your firewall is up to date, as this can prevent unwanted inbound and outbound communication.
In fact, firewalls are often overlooked by users, likely as Windows now contains its own, many don’t worry about installing one. Firewalls control incoming and outgoing access to the PC, and are essential in preventing all sots of intrusion. While it’s fair to say that Windows’ built-in firewall is fine for most threats and simple security, it’s far from the best option you’ll come across. If you’re concerned, always go for a dedicated firewall option, such as one included with your security suite, or other options like ZoneAlarm (www.zonealarm.com).
Social Safety
Social media is one of the biggest uses of home PCs in today’s ever-connected world, and services like Facebook, Twitter, Instagram, and Snapchat are unstoppable juggernauts with millions upon millions of registered users. That’s a whole lot of personal information, and so these are also high profile, and attractive targets for hackers.
Using social media is something we don’t usually worry about and do every day, but there are potential concerns. In terms of security basics, just think about what social media is. It’s an ongoing news feed of your life, and your user account will likely contain a lot of personal information. This is information many would like to have.
For this reason, always keep your account secure, and don’t give out your password to anyone else. If you’re ever alerted to possible security breaches, change your password immediately, and ensure it’s different. Don’t simply increment it, as this is far too easy for a potential snooper to guess. Keep a close eye on your feed too, just in case there are posts that appear to be from you that you didn’t create.
You don’t just need to be careful in times of a known attack, but also in every day use. Security with social media is more than just passwords and PC-using common sense, it also has real world ramifications. Watch what you post, and who can see it. A lot of people can view social networking, so it’s wise to moderate the information you share.
This, we should highlight, applies to photos too. Above and beyond knowing what types of image to share, and what you shouldn’t, keep in mind that a lot of digital photography devices hide metadata within a photo images, including time, date, and – if you have location functions on your device – even the place the photo was taken. This kind of information could be a problem in some situations. So, be aware of this, and consider what you’re actually uploading.
With these tips, hopefully you’ll be more aware of the real, day-to-day threats of using a PC or smart device, and won’t panic as much as popular media would like you too. With vigilance, and a careful approach, there’s rarely any reason to worry, and you can be perfectly safe online.
Perplexing Passwords
Passwords are often the first line of defence against intrusion into user accounts and services, and as such, they’re also arguably the most important. A good password can be the difference between data theft and data safety, and although passwords can be cracked, stronger entries take a substantial amount of extra work to crack, and serve as a better deterrent. Hackers with lesser skills will be kept at bay at the very least.
Try to use strong passwords, and use different passwords for various accounts. Repeating the same password multiple times may be more convenient, giving you less to remember, but if someone guesses one password and you use it for other services, they’ll have access to those services too. Keep things different to increase your security.
Try to make passwords as complex as you can without making them impossible to remember. This doesn’t mean you need to use passwords that look like ‘1eWgHI4xtZ34’, that’s just silly. Whilst very complex and hard to guess or crack, it’s also going to be a nightmare to remember.
Passwords can be simple enough to remember, but still complex. The best way would be to use a password that incorporates at least one capital and one number. ‘Postbox8’, for example, is a fairly simple password, but the addition of a capital and number makes it much harder to guess. It’s not the strongest example, but better than a simple word.
When it comes to picking a password, try not to pick a word that’s easily guessed or related to you. Never use your name, children’s names, or anything associated with you. Instead, use words that are random, and don’t really mean anything. At least, nothing people would guess.
It goes without saying that you shouldn’t store your password in written form where they can be found. If you wish to do this, at least hide them, or use a code or hint system only you understand. A good tip for remembering PIN numbers, for example, would be to write the number down, and bookend it with other numbers, forming a phone number, or something similar. Others would simply see a random number, but you’d know it was a reminder for your PIN. That said, even this is a risk, and writing PIN numbers down is rarely a good idea.
If you have to store passwords as you can’t remember them all, which is understandable given how many we need to recall, use a secure method such as an encrypted password manager. This is far safer, and the encryption gives you ample protection. Needless to say, never simply type passwords into a text file.
Cryptolocker
One of the most nefarious viruses of recent times is Cryptolocker, what’s called a ‘ransomware Trojan’. This nasty infection is truly insidious, and it’s a virus that has little in the way of happy outcomes for anyone but the attacker. The virus, once it infects a PC, encrypts your data with heavy encryption. This is irreversible unless you have the key to undo it. The only way to get this is to pay a ransom. If you don’t, your data will remain encrypted, the only key to recover it will be deleted, and your data will be totally unrecoverable.
According to reports online, this encryption is unbreakable, with even police departments paying the ransom to recover the data. Luckily, the Trojan was isolated in 2014, and the database used to create the encryption keys was seized. Methods to remove the virus and decrypt the data without paying the ransom were released online. Still, it’s estimated that the creators of the Trojan made over three million dollars in ransom money.
Since then, numerous clones of Cryptolocker have surfaced, so it remains an issue to be aware of. The initial virus was spread via email attachments, and then spread to files shared by USB drives and within fake product activations. Avoiding it requires a lot of the same methods you should employ to avoid other threats. Of course, now it’s a known virus breed, many antivirus apps can detect and deal with it, so stay up to date.
Dummy Address
One way to avoid unwanted emails, which can often contain scams and viruses is to use a dummy email, or emails when registering for various services and online sites. Like it or not, advertising is a major concern for many, and just as agencies can purchase the rights to use public electoral roll information for mail shots and other advertising uses, so to can companies acquire email addresses. Registering for one service or program could advertise your address to other parties, resulting in spam.
Aside from never registering for anything, or providing email addresses, which isn’t really realistic if you use the Internet, a great tactic is to use disposable, or otherwise unimportant email addresses, keeping you actual, main address private. For example, your real address may be a Gmail account, but to register for software you could use a Yahoo account. This wouldn’t be used to real, personal communication, but only for registrations, meaning any spam won’t cause you problems.
You could even use multiple accounts, with one dedicated extra mail address for legitimate service use like Facebook, Amazon, and so on, and another for registrations for downloaded software. This would give you extra filter layers.