Online Safety Tips For 2006
By Doug Edelman (01/06/06)
As my readers know, when not playing political pundit, my mild mannered alter-ego is a professional IT Specialist Techie Nerd. In fact, I have a name plaque at my desk with a military insignia of a gold oak leaf, and the name "Major Geek" β an epithet I've carried since 1996.
Recently the online world has become a much more threatening place β with all sorts of scumware floating around. This has prompted this article as a public service to my readers.
Last week it became public knowledge that a flaw in Windows involving the handling of graphics files which can make the simple act of viewing an image β in an email or on a website β to be all that is required to allow malicious code to be loaded onto your machine. Microsoft has issued an advisory, and a patch is due to be released on January 10th, assuming it passes Microsoft's testing. Meantime SANS has released an unofficial patch which appears to be safe and effective.
There are a number of new malware threats which cloak themselves well, and some of which actually disable your protective software. They'll cripple antivirus, antispyware and even firewall software β making detection and removal much more difficult.
Our friends at SONY BMG slipped us a mickie in 2005 with their "copy protection" scheme which stealthily installed low level "rootkit" software on your PC if you tried to play their music CDs on your PC. This is code that is not detected by antivirus/antispy β but can be exploited to give a malicious invader full administrative control of your PC. Several variations of malicious code exploiting this vulnerability have surfaced in the short time the rootkit was being put on Sony BMG's CDs before they pulled the offending code due to the overwhelming outcry over security issues.
No one should be online today without a complete complement of protective software. A current antivirus with a subscription to updated antivirus signatures and automatic update features is essential. Do not think for a moment that the antivirus that came with your computer is continuing to protect you once the signature update subscription expires if you don't renew it! It only recognizes threats as new as the last update. Any newer threats are completely unrecognized.
Antivirus alone is inadequate. Trojans, adware and spyware are a different animal than viruses and need a different immunization. (There are only a few really effective and reputable antispyware programs out there. There are also many ROGUE programs, with soundalike names but which are themselves malware. www.spywarewarrior.com has an excellent listing of rogue programs, but when in doubt β DON'T. Never accept a download of anything that purports to fix your computer which advertises to you via a popup screen! You're asking for trouble.) Microsoft has a free download of their Antispyware β it's good but won't run on Windows versions prior to Win2000. E-Trust's Pest Patrol is my personal favoriteβ¦ it's not free but not expensive, and in my experience finds pests that the freebies won't find. It has one of the most extensive libraries of malware signatures in the industry. Spybot Search & Destroy is also a freebie download β and is also not bad.
The third leg for a stable stool is a firewall. Windows Firewall in enabled by default in Windows XP SP2, but is either not enabled or absent in the various older Windows Operating Systems. ZoneAlarm is an excellent free firewall (they have an enhanced paid version as well), which adds the functionality of processing OUTGOING traffic as well as incoming β which Windows firewall does not.
Finally, there is an excellent online scanner which will find unwanted code on your PC which cloaks itself from INSTALLED Antivirus/Antispy software. It is found at http://housecall65.trendmicro.com/. Feel free to visit my personal blog at http://edeldoug.blogs.com where I have links to some of my favorite protective tools and useful utilities.
Nowadays, one must be vigilant or be prepared for the potential consequences of laxity. I hope I've been helpful in raising your awareness.
Copyright Β© 2006 by Doug Edelman
(Printer friendly version) Email: Doug Edelman
