Thursday, April 11, 2013

Some Thoughts on Malicious Software Prevention and Protection

Today I got a message from a business associate of mine apologizing for a delay in the work, because he'd been hit by malicious software (malware). As it turned out, I replied, computer security is what passes for a day job for me. So I came up with some instructions for him to help improve his security. These should be fairly easy for a non-technical person to use, though a moderately technical person may need to set things up.

Leave feedback in the comments if you agree, disagree or have any additions. Here's the list, in order of what I'm calling Return on PITA (ROP) - or, most benefit for the least pain wins.

Preventing malware infection

  1. Make your account a "Limited User" instead of "Administrator". This prevents the malware from running on your system without you first entering your password.
  2. If you are running Windows, make sure you are on 7 or higher. Windows 7 provides lots more security controls that balance protection with usability. One key feature is AppLocker which prevents unknown software from running without entering your password. The downloadable tool EMET enhances protections and Windows Defender is excellent, free anti-virus software.
  3. Keep all your software updated. Windows does a nice job of updating itself, but other software isn't always as good. I don't generally like to recommend specific software, but in this case it's hard to find if I don't: Secunia PSI is free for personal use and keeps you updated about...well updates.
  4. Be skeptical before opening email attachments or links. This takes some practice, but it's as easy as stopping and asking whether something makes sense or not. Many of the email scams today look real, unless you apply some skepticism. Why would a) this person/company be b) sending me this information c) through email and d) how can I see if it's legit?

Reducing fallout from malware

  1. Work with your financial institution to increase account security. Many people erroneously assume that banks reimburse for financial loss from malware, but that's only for personal accounts. Banks differ in what they offer and can help you figure out what works best for you. 
  2. Use online backup storage. You can store your documents on the Internet securely, so if something happens to your computer you can still get your documents back. Several companies offer a small amount of storage for personal use for free. Also store software licenses so you can rebuild.
  3. Use password safe technology. This is software that will track your passwords and store them protected on your computer and the Internet, as well as generate strong passwords. This means you can have a strong, unique password for each website which reduces the likelihood of having multiple accounts compromised at once.

Cleaning up after malware infection

  1. Notify financial institutions immediately. They will put more scrutiny on your transactions and can work with you to add security measures to your account.
  2. Even the best cleaning may leave malware behind. It's best to wipe everything and start over. Download applications from their legitimate website. Stored copies and third-party sites could have malware embedded in the legitimate software.
  3. Change passwords from a known-clean system. Start first with the websites that could cause the most damage, such as financial institutions or where you could have fraudulent charges against accounts (for example, iTunes and Skype).

Busting some common misconceptions about malware

Anti-virus and a firewall are NOT very effective. 
Your firewall is designed prevent random computers on the Internet from starting to talk to yours. But most malware is spread through the web and email, which means you start to talk with the computer with the malware. That means your firewall is largely useless.

Anti-virus software works by trying to know all of the malware out there and blocking it. The problem is that malware is generated faster than anti-virus can keep up, using techniques that ensure anti-virus companies don't see the exact malware you've downloaded. Anti-virus fails more often than it succeeds at blocking malware in real-world testing.

Malicious software is NOT just spread through sketchy sites.
Most malware today is actually spread through legitimate websites. Malicious attackers break into and store their malware legitimate sites, infecting visitors. It's also common for ads to contain malware  so even large and well-protected websites present some risk.

One web browser is NOT inherently more secure than another.
This was true at one time, but it's not anymore. Some malware still spreads by attacking the web browser, but much more will attack supporting applications like Adobe Reader or Sun Java - two technologies that are independent of your web browser.