This post is the second in my series of personal information security posts. Continued from part 1.
To sum up from part 1. Now, notice that from here on I'll use the word risk instead of enemy.
Viruses (malware) that connects your computer to a botnet
Viruses (malware) designed to steal your money from bank accounts, poker sites etc
Viruses (malware) designed to modify your computer and force unwanted decisions i.e buy something
Viruses (malware) designed to destroy or modify content on your computer
Behavior and habits when managing your confidential or vital personal information, anywhere
A little on the words we are using here:
A threat is when someone (hacker) utilize an attack vector (exploiting something) which could be a vulnerability or weakness (a bug or "hole" in your webbrowser). To launch an attack (doing all this) the hacker needs to plant exploit code (add the virus to a website you frequently visit) so that your webbrowser get exposed and execute the exploit code (runs the virus). Usually the virus is just a downloader with trojan capabilities (it downloads more viruses to your computer from the "secret hole" in your webbrowser). When your computer is infected, it may lead to your bank account details being transfered to the hacker. (Note: "Hacker" is an often used term, but a bit misused. "Hacking" basically means "modifying", and the word itself does not imply any underlying evil purpose.). Please also note that the process of how to get your computer infected by viral code (malware, virus) can be very complex and may vary a lot. It is not my intention to give a deeper technical explanation in this post.
The hacker and the virus is a threat
Visiting the website without knowing if the hacker have "hacked" it, is a risk
Lets say you do, and the risk gets realised
Five minutes later your bank account is empty, and thats a consequence
..There are even more fancy words in the security business, and theres even some disagreement when to use the words and what the words mean.
Summary of risks
Lets split it up in two sub topics, behavioral and technical. Loosely connected to the list of enemies in part 1, we will first make a list of threats before applying any countermeasures.
||1||Vulnerable operating system (Example: bug or flaw in Windows)
||Malware can take advantage of vulnerability
||Computer is insecure
|Technical||2||Vulnerable application (Example: bug or flaw in Flash, Internet Explorer etc)||Malware can take advantage of vulnerability||Computer infected||Computer is insecure|
|Technical||3||Unknown vulnerability in application or operating system
||Malware can take advantage of vulnerability||Computer infected||Computer is insecure|
|Technical||4||Lack of virus detection capabilities (weak or not updated antivirus, or no antivirus at all
||Malware exposed to your computer may not be detected or stopped
||Computer infected||Computer is insecure or not reliable
|Technical||5||Lack of network protection
||Worm like malware or manual intrusion attempts may affect your computer
||Computer infected, intrusion.
||Computer might be insecure. Eavesdropping taking place in your computer or home network
||6||Weak encryption in wireless network, or no encryption at all
||Eavesdropping. Home network may accept untrusted computers.
||Eavesdropping. Untrusted computers in home network may interact with your computer if your computers firewall allows it.
||Exposure of sensitive information. Introducing further technical risks.
|7||Information carried around on USB stick||Loss of USB sticks.
Unhealthy computers that your USB is connected to.
|Information can be revealed to unauthorized persons if USB is stolen or lost.
Information can be lost forever if a USB stick with unique information (no backups) get lost or stolen.
Information can unintentionally be revealed to unauthorized persons if viewed in public/other/work computer via USB stick.
USB stick attached to unsecure computer might get infected by viral code.
|Someone get access to confidential information, like passwords and online banking credentials.
You might loose vital information that cannot be reproduced.
Your USB stick might infect your home computer.
|8||Harddrives dont live forever. Laptops can easily get stolen. Hardware is easily damaged if exposed to fire or water.||Poor quality in hardware. Burglars. Fires. Water leaks.||You might loose your computer/harddrive or other hardware carrying information.||Vital information like banking credentials, CV's, letters, photos, movies etc, are lost forever and cannot be reproduced.|
Get the picture?
Yes. Your information is the key part here. Honestly, any destroyed or lost hardware can be replaced. But replacing your information is not always that easy. And if your information is revealed to unauthorized persons, you might suffer from consequences far outside the IT area. You probably don't want anyone else login to your bank account, and you probably don't want anyone to obtain your collection of digital photos of your children and spread them on the dark side of the Internet.
The key elements of information security
Confidentiality – Sensitive information must have enough protection. What is enough? That depends of how bad you want to keep it secret..
Integrity – Information must be reliable. You must, depending on the information, be assured that no one have altered or falsified the information.
Accessibility – When you need to access the information, it must be there for you. Do you need to read it now, or can you wait a couple of weeks?
(Traceability. I often exclude this one, since a combination of integrity and accessibility takes care of this.)
What we need to do
- Keep your computer free from viruses
- Keep the bad guys out of your computer and your home network
- Make sure that your information travels safely, no matter how
- Make sure that no matter what happens, you always get to keep important files and information
Keep your computer free from viruses
This one is tricky. The sad part is that organized crime with it's resources and efficiency have the upper hand. The antivirus vendors can no longer keep up with this threat. Forget about all the rumours of antivirus companles creating viruses to justify there existence – they work 24/7/365 and now even work with stuff like mapping botnets and criminal organisations. At the best, any decent antivirus application can detect around 30-40% of all viral code that moves on the Internet.
A good way to protect yourself from viruses can be split in two parts:
1. Avoid getting exposed
2. Withstand the threat if you get exposed
Avoiding the exposure can be done in several ways. The ultimate way is to disconnect from the Internet and never add any software or removable media, but that alternative tends to make your computer rather useless. So, since most viral code is spread on the Internet it's a good start with looking to your surfing habits. Stay away from unknown sites or sites that does'nt "feel" right. This does'nt give any guarantees however, since the bad guys often focus on infecting websites that have a lot of visitors and websites that usually are considered harmless. This way, they can infect corporate computers as well, if the website comply with the company policy and is not filtered.
Product tip: When shopping for antivirus, look for a solution that includes scanning of HTTP traffic and monitors website activity. This should include some sort of web reputation protection, which means that the antivirus blocks the web address before you get exposed to any malicious content.
It is not easy to withstand the threat once you are exposed. But some applications do it better than others. One aspect that is often overlooked is how easy it is to configure and interact with the antivirus application. If you don't understand your antivirus application, you probably don't get maximum protection. No matter how sharp it is in tests etc. Any antivirus should be easily configured to recieve signature updates when you want it to. Updates should take place at least twice a day, to ensure that the antivirus is up-to-date on virus signatures. By the way, "signatures" are the description of virus code that the antivirus rely on when to look for suspicious stuff. If a threat is detected, you should get a notofication and that notification should be fairly easy to understand. Basically, you want to now what happened, when it happened, and how bad it went.
The antivirus application should be able to detect all known virus types. It's beyond the scope of this article to dig deeper here, but to mention one specific type, it should be able to detect rootkits. The rootkit has it's own special history. Nowadays the rootkit may come shipped along with other viral code, or the viral code itself has "rootkit abilities". Which often just mean one thing – hide yourself and other virus code from the operating system and the antivirus. All and all we can be sure of one thing, a successfully attached rootkit may not be detected by any antivirus. So, rootkit detection capabilities can be just the ability to catch the rootkit in it's installation process.
Product tip: Look for rootkit detection capability in your future antivirus application.
Web tip: If you suspect a specific file to be viral, you may find the online service virustotal.com of great use. Just upload the file, and find out what approximately 40 different antivirus applications say about it.
Any antivirus application have a decent ability to automatically detect viruses on removable media such as USB sticks or harddrives the moment you attach it to your computer. As an addition, some antivirus applications have the capability of restricting system access to only the removable media you define. So, you can give a "green light" to your own USB stick and block any other USB stick. Too bad, this is often based on the hardcoded vendor ID in the removable hardware, so if you grant access to your "Vendor XYZ" stick you may also allow any other "Vendor XYZ" stick to attach to your system. But nevertheless, it adds som security.
Product tip: Look for an antivirus application that have removable media restriction capabilities, if you have a lot of USB stick going in and out of your computer.
Antivirus products usually come in two shapes;
As a antivirus application only, giving the ability to schedule scans and scan your computer on demand. It usually also includes some "resident" protection, meaning that virus can be detected at the moment you get exposed.
The other "shape" is the antivirus suite. This includes the antivirus application itself, but may also include plugins to scan incoming email in your preferred email client, plugin to manage removable media, and some extra features to manage Internet security i.e blocking access to malicious websites etc. This later setup is often called "Internet suite" by antivirus vendors. As a last note, if you choose only the antivirus application itself (usually cheaper) you can most often be assured that the virus detection capabilities are not any less than the "Internet suite".
Antivirus product recommendations
Before digging in to what products that are available, I will give you a short information of what my tips and recommendations are based on and what the results may be. The following list is numbered, and I follow it from top to bottom:
- I don't recommend any product that is overpriced, not doing it's job as promised, or have known flaws or bugs.
- I only recommend products that have proven to be good in VirusBulletin tests or tests by known and reliable magazines or websites.
- I push a little extra for products that I have personally tested with good result, either at home or in the line of duty.
- In this article, I prefer to look for total value for the average user rather than complex solutions that require some computer engineering skills.
- Some of the links to software vendors are affiliate links, and I may get provision if you buy products via these links. If you wish, you may avoid this by typing the vendor website address manually or google for their website address.
As always, I do not personally guarantee the performance of any products. Vendors and others are welcome to post comments if any information in the table below is not correct. But first consider these main reasons for not appearing in the table:
- Product is overpriced
- Product is totally unknown to me as being suited for personal use (yes, I have knowledge of complex corporate solutions too)
- Product suffers from bugs, high resource consumption, or instability
- I don't have enough information or knowledge about the product, and I'm not comfortable in recommending it
- And of course, "hoax" antivirus (rouge antivirus) are not welcome here. They're the ones we want to protect ourselfs from..
* VB100 is a test performed regularly by VirusBulletin, and is considered to be a fair and solid quality and performance test. Only windows/home user setups are counted.
Thats all for now. Next, we will take a closer look on how to protect you in your home network. It will include router firewall setup, WiFi security, and local computer firewalls.