Most people know that your electronic link to the outside world can be very hazardous to your computer's health and can spiral into nasty personal consequences if your personal and confidential information is stolen.  Without a doubt, there is nothing as destructive as malware getting onto your system.  In fact, instances of system downtime resulting from malware infection far exceed downtime resulting from hardware failure. 

The current status of online threats can be summarized as simply as this:  they are dangerous, rapidly-evolving and widespread.  But, many people don't know how a computer becomes compromised, and what to do to minimize the risks.

The information provided below applies predominantly to Microsoft Windows systems.  Apple Macs and Linux-based systems (such as Ubuntu) are more secure at the moment, since they are less-targeted (there are fewer of them) and their architecture is different. 

I.  Types of Threats and Terminology:  The most common threats to us currently are:

• Malware (broad classification):  Viruses, worms, trojans, rootkits, bots, scareware, meanware, hidden proxies, and keyloggers.
• Scareware:  A special sub-class of malware which uses fake anti-virus pop-ups to inform you that your system is infected when it really isn't.
• Hidden proxies:  Silently redirects all of your internet communications through a third party which watches your web browsing.
• Keyloggers:  A special sub-class of malware that records your keystrokes and sends them to the criminals.
• Bots:  Hidden malware which runs undetected in the background, usually hijacking your email address book and sending out spam without your knowledge.
• Phishing:  Anything that tries to trick you into doing something that will cause you to reveal personal or confidential information.
• Scams:   Anything that tries to get you to pay for or send money for something that doesn't exist, is phony, or disreputable.
• Spam:  Useless or unwanted information, in the form of emails, blog or forum posts, pop-ups, or text messages that tries to get you to perform an action that results in any of the above, or for the purpose of spreading website URLs for search engine ratings increases, or just to bother people.

II.  Anti-virus systems can't keep up:  Today, most malware is written and deployed by organized crime.  This software is smart and is getting smarter.  Old-school malware had static "profiles" or "signatures" and could be easily detected by anti-virus suites.  Now, new malware constantly changes its internals so that it is not detected by traditional "signature-based" anti-virus software.  This is frightening.

To attempt to keep up with such insidious, shape-shifting threats, state-of-the art anti-virus software utilize what is known as "heuristics" to detect and halt suspicious activity.  Some advanced anti-virus software, in addition to signatures and heuristics, send unrecognized executable files and known executables that have been altered to the "cloud" for multiple scans.  However, be aware that these do make mistakes and "false positives" result, and malware still slips though undetected.

III.  Methods of Infection:  The primary "attack vector" today is the Internet.  The old-school infection method used to be to get the computer user to open an infected email attachment.  While this still happens, it is no longer the preferred attack vector.  The Internet is a far more efficient means of infection.

Today, to become infected with malware, all you have to do is visit an infected ("compromised") website.  You don't even have to click on anything in the site.  It is that simple.
 
So, how do the bad guys utilize the web for their nefarious activities?  The most common methods are:

• They understand and use human nature against us.  They target popular but weak websites, hack into them, insert their malicious code, and wait for people to visit them.  They place infected ads, or just set up their own infected websites and drive traffic to them.  They know what application and operating system vulnerabilities exist and write their malware to exploit them.  Popular website categories that are high-risk are: current hot news, social networking, celebrity, cooking, music lyrics, adult sites, work-from-home schemes, avatar generators, free stuff – anything that draws large numbers of visitors.  Anything "free", such as free anti-virus, screensavers, toolbars, desktop themes, video player codecs/plugins, picture viewers, utility programs, drivers, etc., are extremely risky if they come from untrusted sources.
• They cause search engines like Google and Bing to list their infected websites near the top of searches by manipulating search scores so that you'll click on their links.
• They prey on the human errors:  at some point in time you will misspell a URL or use ".com" instead of ".org" or ".gov".  There are malicious websites set up under these common errors just for these opportune moments.
• They utilize "social engineering" to get you to visit bad websites.  They send you emails and messages that look legitimate or official, but have a link that will take you to a malicious website.  Users of social networking sites like Facebook, Linkedin and Twitter are at particular risk.  "Official" email links are usually clicked out of uncertainty or fear (i.e., the email appears to be from your bank, the IRS or Census Bureau).
• They "poison" the web infrastructure's "DNS" servers, your "DNS" cache, or hosts file so that when you try to go one site you actually go to another.

Another common attack vector is exploiting insecure application programs that run on your computer.  These applications are often insecure because the automatic updating mechanisms are either broken, turned off, or the user is ignoring update requests either out of neglect or fear that the updates themselves may be malicious:

• Unpatched Adobe Reader, or Adobe Reader with JavaScript enabled is a prime target.  If you click on a web link that opens an infected PDF file, or you open one in an email attachment, and you have a vulnerability it can exploit, your system will be infected. 
• Unpatched Adobe Flash and Shockwave players, plug-ins, and and active-X components.
• Java's run-time environment and its components are another prime culprit.  Sometimes old, insecure versions continue to run alongside newer versions.

Many firewalls are ineffective because they are weak, faulty, or configured improperly:

• Such firewalls allow unsolicited and malicious traffic into your system.
• The firewall either generates or allows replies to Internet "pings" from malicious sources, revealing to them that your system "exists".  They will now try to attack your system with even more zeal.
• The firewall allows malicious processes already on your machine to communicate with their criminal "command and control centers", sending out personal or confidential information, or flooding the world with spam.

IV.  Safer Practices:  How in the world can anybody be safe today?  The short answer is that you cannot be completely safe.  There are just too many attacks on too many fronts for you to be successful in fending off all of them.  But, short of disconnecting yourself, there are specific things you can do to reduce your risk:

• Windows updates:  First and foremost, keep your system updated.  Apply critical updates immediately and reboot when instructed to do so.
• Backups:  Make sure you have an excellent computer backup system and methodology.  You need to use a backup system that automatically and regularly creates image backups of your hard drives to a USB or network drive.
• High-risk website categories:  If at all possible, stay away from them.  If you must browse risky sites, do so while logged on to a "limited" or "standard" Windows user account as opposed to an "administrator" account.  This will limit the amount of damage that malware can do if it does get on your system.
• Links:  Do not click any links in emails, instant messages, or in other communications unless you are certain of the authenticity of the message and trust the destination of the link.  Never click any link in an unsolicited message.  This is the primary attack vector for social networking sites, and phony messages from "friends" can appear to be quite real, so be very suspicious of any links in them.  Do not click on ads or external links on high-risk websites.
• Suspicious emails:  Immediately delete strange emails from unknown senders without opening them.
• Anti-virus Systems:  Select and use a top-rated anti-virus program or suite.  There are quite a few that cluster around the top but all of these have strong and weak points.  Remember that some free anti-virus programs are quite good, while some you have to pay for are sub-standard.  Visit www.av-comparatives.org for unbiased ratings and reviews.
• Secondary Anti-Virus Systems:  Run several manual/"on-demand" anti-virus programs in addition to your main suite for a "second opinion".  No single anti-virus suite or program is good at finding every type of malware.  We recommend that you consider Malwarebytes (www.malwarebytes.org) and HitMan Pro (www.surfright.nl).  Run them often, but be aware of false positives.  Any malware found should be quarantined if possible, not deleted, to allow recovery of a file or files in the event of a false positive.
• Hardware Firewall:  Use a quality appliance, one that performs "stateful packet inspection" and employs NAT (network address translation).  You must keep your firewall's firmware updated.
• Software Firewall:  These are usually included with higher-rated anti-virus suites.  Carefully read any messages presented to you by them, and research processes that are requesting access before you allow it.  Generally, hardware firewalls and software firewalls do not conflict with each other.
• Applications:  Keep your non-Microsoft applications, such as Adobe Reader and Java, updated.  Bear in mind that Windows Updates do not update such applications, and many of their update mechanisms are broken.  The best way to keep them secure is to use a fantastic piece of software called Secunia Personal Software Inspector (PSI).  It identifies apps on your machine that are insecure and suggests how to fix them.  This program is free to non-commercial users and can be downloaded at:  http://secunia.com/vulnerability_scanning/personal
• Internet Browser:  Use a more secure browser.  Mozilla Firefox is regarded as being more secure than Microsoft's Internet Explorer, and is faster, too.  Creating a virtual environment in which to run a browser is almost guaranteed to prevent infection to your larger system, but setting one up can be a nightmare if you've never done it before.  Alternatively, some anti-virus software (such as Avast's Internet Security's paid version) can provide an isolated, virtual environment in which to run browsers which may reduce your chance of becoming infected.
• Browser add-ons:  For Mozilla Firefox, we recommend "Web of Trust" and "Better Privacy".  Web of Trust is one of best security tools around as it identifies malicious links in web searches such as Google and Bing.
• Scan your downloads:  Send any files you have download to Virus Total (www.virustotal.com) for analysis before you open, execute, or install them.  20MB is the current upload limit size.
• JavaScript:  Disable JavaScript in your Adobe Reader.
• Email Preview Pane:  If you can live without it, turn it off.
• Online banking:  If at all possible, avoid it.  You can always use a bank's automated telephone service for many of the tasks you perform online.  There is a new class of malware in the wild called "banker trojans" that are truly scary.  The usual method of operation is like this:  It sits on your computer, disguised and undetected, and waits for you to visit a banking site.  When you do, it redirects you to a phony, look-alike site where you "log in".  This is where your credentials are stolen.  It then sends you to your bank's real site and logs you in.  From your perspective, everything appears to be normal.  The malware then quietly deletes itself.  Funds are then transferred out of your bank account, usually in small amounts over a period of days or weeks so as not to trigger bank alerts. 

You may end up getting infected at some point despite your best efforts.  The malware may be able to be removed and the damage repaired.  If not, your system will have to be restored from an uninfected image backup from an earlier date.  If no image backups are available, your system will have to be wiped clean and the operating system reinstalled. 

The burden of remaining secure is high, but the costs of not doing so are much higher.  We cannot reduce our risks to zero, but we can certainly fight back.

MyOffice Tech is experienced in computer security and computer health issues.  We would be happy to answer any questions you may have regarding these subjects and to assist you with implementation of enhanced security measures.