Nov 17 2009


Defending your home computer, part 2: Know who’s knocking before you open the door

Filed under best practices,security

Locking the doors and windows does little good if you allow the open the door without knowing who is coming in.

To continue a bit with the home security metaphor from yesterday, the best locks in the world cannot protect your belongings if you invite the thief into your home. For that reason, most of us have peepholes or windows that we can look out before we open the doors.  If it is someone we don’t know, someone that looks suspicious, we may not open the door.  We certainly would not invite them in. We would want to know who they are and what their intentions were before we would trust them in that way.

In the area of computer security, however, we often allow access to our computers to unknown intruders all of the time.  These intruders can take the form of viruses, Trojans, worms, spyware, adware, bots and other forms of malware.  And while these intruders can sometimes make their way in despite all of our defenses, all too often we allow them in through the front door by our own actions.

So what are the actions we take to invite these unwanted guests into our computers?  And how do we change our habits to deny them access?

Think before you click

Some of the most common vectors for malware infection include a user opening an infected e-mail attachment; clicking on a link in an e-mail or web page that launches an infected site; downloading an ActiveX control or javascript applet from an infected web site; or downloading software from a web site or peer-to-peer network (such as Kazaa or BitTorrent) that has been loaded with malware.  What do all of these sources of infection have in common?  They each require the user to take some affirmative action to allow the malware to be executed. In most cases, the default settings on your Windows PC will display some sort of confirmation dialog box before it will allow the program to execute.  So we will often get two opportunities to avoid the infection.  So why do these methods still work so well?

In my opinion, it is a combination of two major factors.  The first is the sheer number of warnings we receive from security software.  We kind of become numb to all of the alerts we receive for doing even common tasks.  Microsoft Vista’s User Account Control (UAC) exacerbated this issue, IMHO.  After being asked for the 20th time if we REALLY want to run Word, I think we tend to just start clicking “OK” every time these dialog boxes appear. Second is just general inattentiveness by the user.  We all get so busy that we often don’t slow down to really read these warnings and think about the potential consequences.

So how can we change this? Well, let’s look at each method of infection mentioned and see what steps we can take.

E-mail attachments:

The general rule is to never open any attachments from anyone you don’t know well.  However, that is not good enough.  Many e-mail worms propogate by going into an infected computer’s e-mail address book and then sending itself to everyone in the address book with the infected user listed as the sender! So even though you think you know who the file came from, all may not be as it appears.  If you have any questions about an e-mail attachment, contact the sender before opening to confirm that they sent it.  If you can’t confirm, delete it unopened. 

You should also insure that your AV product scans incoming e-mail.  That should help prevent most such attachments from ever reaching you. Most commercial retail AV products have this feature, and several of the free versions (such as AVG Free) also include this.

Embedded links in e-mails or questionable web pages:

One of the simplest ways to get someone to visit an infected site is to send them an e-mail with a link that appears to go to a legitimate site, but really redirects you to a site loaded with malware. One way to detect this is to check the URL that is behind the link. The easiest way to do that is to hover your mouse over the link.  In Outlook, the true URL will be displayed near the mouse cursor.  In a web mail message, such as Yahoo or Hotmail, the true URL will be displayed in the status bar at the bottom of the browser.

BE SURE YOU LOOK AT THE ENTIRE URL. Some malware senders will create domain names that look similar to the real domain names. If the URL does not match what you know to be right, don’t click on it.  If you really want to visit the site, Google the site name and type in the correct URL by hand.

Infected ActiveX or JavaScript applets:

A lot of people like to visit sites like YouTube to see the latest viral videos.  YouTube’s popularity has resulted in lots of similar sites.  Some of these sites have been set up to trap the unwary.  You may go to a site to view the latest funny video.  When you try to run the video, you get a popup saying that you need to install the latest Microsoft ActiveX codec or Flash plugin in order to see the video. In reality, when you try to install the plugin, you are actually installing the malware payload.  The only sure way to avoid this is to know the reputation of the site, and to only allow sites that you trust to install codecs and plugins.

You should make sure that your browsers are configured to always request permission before downloading or installing plugins, javascripts or ActiveX controls. 

  • In Internet Explorer, if you go to Tool – Internet Options – Security and set the security level for the Internet Zone for Medium-High, it should provide adequate protection from most threats of this type.
  • In Firefox, go to Tools – Options – Security and make sure “Warn me when sites try to install add-ons” and “Block reported attack sites” are both checked.
  • If you need help with Chrome, Opera or Safari, add a comment and I will get the directions for you.

Software downloaded from web sites or peer-to-peer networks:

Okay, let me rant a little bit first.  The vast majority of software downloaded from peer-to-peer networks such as Kazaa, LimeWire and BitTorrent are illegal copies of copyrighted applications or illegal copies of pictures, music and video.  The vast majority of these files are also infected with various forms of malware.  So, in one sense, if you are downloading illegal software, you kind of deserve anything that happens. The same goes if you are trying to download pirated copies of software or media off web sites. [/rant off]

There are a number of legitimate sites where you can download free software, shareware and trial versions of commercial software.  There are also sites that offer the same software that has been infected with malware.  The first step to take is to do some research on the site.  Some browsers and browser add-ons will provide a safety rating for various web sites.  For example, McAfee offers a  free product called SiteAdvisor.  There is also a free product called SafeSurf that integrates into Internet Explorer.

Another step to take is to save any software downloaded from the web into a separate folder (never run the program from the download prompt) and then scan it with your antivirus program before running it. (You DO have antivirus installed, right?) Make sure you update your virus definitions before scanning the file.

Tomorrow: One size does not fit all!

No responses yet




Trackback URI | Comments RSS

Leave a Reply