26 July, 2006

Recap PC World's -- 10 Biggest Security Risks

PC World’s August 2006 issue has a great article on “The 10 Biggest Security Risks You Don’t Know About,” http://www.pcworld.com/reviews/article/0,aid,126083,00.asp. This is a comprehensive article that should scare you enough to ensure your PC is up-to-date with fixes and you have all the necessary protections.

The article begins with describing zombie PC attacks. These are unknowing PCs taken over and being used for various crimes, including simply logging your keystrokes to learn your usernames and passwords. They offer the usual tips to avoid this threat: avoid unknown sites and email, be suspicious of email attachments, and use any browser except Internet Explorer.

The second risk discussed is having your own sensitive, stolen data available for free on the web. This is really a result of the first issue, with the hackers not securing what they have stolen. Why should they? Additional ways to avoid the original problem includes having a personal firewall such as Zone Alarm – a product I have been using and pushing for years, and the product PC World recommends. With Zone Alarm, you can prevent outgoing connections to the Internet without your approval. For example, if a hacker gets a keylogger installed on your machine, Zone Alarm should prevent it from sending the captured data from your machine to the hacker.

The third risk discussed in phishing – the process of fooling you to use a site different than what you think it is. For example, you receive an email that appears to be from your bank, you click on a link and login as normal. Unfortunately, the email’s URL actually takes you to a hackers website designed to look like your bank’s website – and when you login, they get your username and password. This is getting more and more difficult to detect – recommendations include installing a phishing toolbar to warn you.

The next risk discussed is the human factor, and the article discusses more phishing-like traps. I can add another that I have heard – someone leave a few flash memory sticks lying around with various virus and/or malware programs installed on them. When “lucky” people find them, they plug them into their computers to use. Upon plugging them into their computers, the malware transfers to the person’s computer, infecting it. The particular example I had recently heard was about how these were dropped in a bank parking lot and the employees tried them in their business PCs. Fortunately this was a test to illustrate to the employees after the fact how they were no security conscious enough when it came to their computers.

The fifth example again is related to phishing. This particular exploit takes advantage of the company DNS server which looks up URLs in your browser and points them to the appropriate website. This vulnerability is up to your company IT organization or ISP to protect you against.

The sixth security issue discussed in the PC World article is that of root kits. These are software programs that run on your PC without your PC knowing. We never heard about root kits until recently when it was discovered that Sony was installing root kits through music CDs to learn more about their customers. This may be the most troubling problem, because security vendors are having difficulty developing software to detect root kits. PC World is not able to offer too much help – they recommend a few companies that are leading the industry in detecting root kits.

The first six issues were primarily directed toward windows users and definitely computer users. The seventh risk talks about a security issue with your cell phone – viruses on your cell phone. I have not heard of anyone myself who has had a cell phone virus, but I am sure it is just a matter of time. Recommendations include turning off Bluetooth when you are not using it and monitoring your bill for any unusual charges.

So how about your passport? The government is testing passports with RFID tags, with the intent of using them soon. So far, research has proved that RFID tags can be crashed; and it is expected that before too long we will find the first privacy violation.

The ninth security risk is about holding your data for ransom. A hacker gets access to your machine and instead of using it as a zombie; he encrypts your data and will not unencrypt it unless you pay him off. Of course PC World suggests not paying and go to the police. I would recommend you start with the same protections as mentioned for zombies, including not using Internet Explorer.

And the tenth security risk mentioned is the cross-platform virus or malware. As the adoption of popularity of the Mac and Linux OSs rise, we are seeing more vulnerabilities that occur on those platforms or that can be spread through those platforms. If you are using one of those OSs, it is recommended you also protect it with appropriate virus protection, personal firewall, and spyware applications.

That concludes my recap of the PC World article. An interesting read to say the least. If you are not protected today, it may be to late, a criminal could already hold your data. Whether it is or not, it is not too late to start now and prevent any further issues. If you are unsure of how to verify you have done all the appropriate prevenetative measures,ask someone.

No comments: