There are plenty of ways to destroy your network, incur thousands in repair costs and compromise critical company data via web browsing. Let’s take a look at the top 10 ways to get infected and what (if anything) you can do about it.
Let’s get this one out of the way first, if you do a lot of poking around looking at security issues you will run into the every popular ‘disable javascript’ recommendation. In theory this is a super idea, in practice this will effectively break most web sites. Web developers are supposed to write their sites to support javascript AND browsers NOT running javascript but they don’t. So if you want to disable javascript – rock and roll but be prepared for lots and lots of stuff to stop working.
So, on with the top 8 ways to get a network virus…
Not updating critical security patches for ALL applications
Most companies to a pretty good job of keeping their Windows desktop and server operating systems patched with the latest security patches (you do this right??). This will tamp down the vast majority of vulnerabilities out there. Increasingly, hackers are taking advantage of weaknesses in applications such as Adobe Flash, Acrobat Reader, Apple Quicktime, Sun Java, etc.
There is no easy way to keep up with this stuff. Most applications have an ‘automatic update’ feature which checks for updates and applies them – In my experience this can cause problems but the minor inconveniences this causes are well worth the added security.
Not using Anti-virus software, or assuming it is 100% effective
Most (infected) users are under the impression that they can completely avoid malware by just ‘being smart’. They figure that they only go to well known sites and don’t ‘goof around’ on the Internet. Even with good browing habits, you can easily get infected because well known sites can be compromised and carry malicious code.
Anti-virus software that is configured properly and updated automatically is a must have – no questions about this one!
Even if you do have anti-virus software installed and updating it is a dangerous proposition to assume that that is all you need. With ‘0-day’ attacks prevalent we often see first run or new viruses sneak out into the wide and spread faster than you can keep up.
So while anti-virus is a part of the equation, please don’t think that it is the end-all-be-all.
Not using a REAL firewall on you network
This one bothers me A TON. This is the first line of defense and just simply must be there. Many companies make the mistake of thinking that a router or nat device offers protection – it does not! Also, avoid the cheap firewalls – it just is not worth the risk.
Get a decent firewall, like a Cisco ASA, and be sure it installed and configures by someone with security experience so your network is properly protected (both inbound AND outbound)!
Clicking on popups that claim your computer is infected
The latest thing is ‘scareware’ which attempts to scare the user into clicking on a popup window which appears to be a real Windows operating system dialog box. These threats normally lead the user to believe that they are ALREADY infected and that they need the help of some magical software to fix the problem – when in fact this ‘software’ is the actual malware iteself the the user willingly installs it on their machine!
Avoiding this problem is each – immediately close all popups. If you seem to get popups all the time then you are already infected with malware
Clicking unsolicited links in email or IM
Here is a quick rule – NEVER, EVER click on a link in an email or IM that you are not expecting! EVEN IF the link says something is an ‘unsubscribe link’! Simple as that!
Falling for phishing scams
Just as the Internet makes is easier for legitimate communications, it also makes it infinitely easier for scammers and con artists. Exercising common sense on this one! Obviously the reason these folks send this stuff out if because it WORKS – don’t let it work on you!
These are the worst, print out this list of top phishing scans and put it on your monitor!
- Email from your bank asking you to confirm information
- Online Greeting Cards
- UPS/FedEx delivery confirmations
- Anything from Nigeria
- Confidential information about a stock
- Lottery winnings of any type
- Getting paid to work at home or send emails
Logging in to an account from a link received in email, IM, or social networking
Never login to an account after being directed there via a link! If you need to log into an account, close the browser and open a new browser and use a known good bookmark.
The scammers are getting better and better at making ‘fake’ pages that appear EXACTLY like the real thing, ex: your banks web site, to fool the unexpected.
Downloading and installing ‘FREE’ software
Free software AIN’T – how do you reckon these folks support themselves? They sell your information or sell access to the installed base of their application to advertisers (many of whom border on outright scammers!) This list include WeatherBug, WebShots, etc.
Especially frustrating are those ‘free’ application which claim to help or fix problems, ex: registry cleaners, spyware removers, etc.
Do yourself a huge favor and just avoid this stuff all together!!
