The Green Geek: Digital Hygiene, or how not to get a computer virus

This month the Green Geek got an emergency call from a nurseryman whose computer was fully sick, and not in a good way. Yes, the poor machine had been infected with virus and was misbehaving.  The diagnosis looked grim, but with some hard work, the machine was recovered. The entire episode was cautionary warning and so this month’s column is dedicated to digital hygiene.

 

 

Digital hygiene are practices to help ensure that your computers remain free from malicious software, such as viruses, trojans, worms, keyloggers, rootkits, spyware and all manner of other nasties.  

 

These threats – generally called malware - are no longer just inconveniences that may cause you to lose data. They are now in the hands of very smart and highly organised global crime syndicates who are using them in creative and costly ways.   For example, you may have heard that some spyware can steal your bank details... this is true.  But did you realize that bank details are not enough for these gangs?  Sure they could empty out your account... but then what?  No, things are much more sinister. What these gangs really want is your identity. If they can collection enough information about you, then they can impersonate you and then, for example, open additional bank accounts in your name and get lines of credit.  Big lines of credit. And stealing a company’s identity is simply gold!   No-less dangerous is these gangs’ ability to secretly take over your computer and use it for illicit purposes, such as publishing illegal content online. There have already been cases where innocent people have been charged for the most horrible of crimes, simply because their computers were being used by gangs in this manner.

 

Put simply, you need to take digital hygiene seriously.

 

 

Every computer you have, whether or not connected to the Internet, should have up-to-date anti-malware software installed.  The good news is, there are quite a few free solutions available for download. Unfortunately, not all of these free solutions look for all types of malware. For example, some only look for viruses and trojans, but do not check for spyware. Some scan your email, but do not provide scanning of external media, such as USB sticks or floppy disks. The alternative is to purchase a commercial ‘all-in-one’ solution, which offers multiple forms of protections. 

 

Whatever you choose, make sure that your anti-malware solution can be automatically updated. Having an out-of-date anti-malware solution is about as useful as having an expired condom... it’s full of holes! 

Personally, I use two different anti-malware solutions on my office network. Half the computers are running the commercial McAfee Internet Security suite, while the other half run the free AVG Ant-Virus solution. The reason why I run two different solutions is that if one solution does not catch some incoming malware, the other is likely to do so. It’s a bit like having a second opinion.

 

 

By default, Windows XP and Vista computers will have a firewall turned on. But check it anyway! A firewall is a special application that monitors internet activity and alerts you if an unknown program is attempting to access the outside world.  This helps to stop the spread of malware and also limits hackers’ ability to take over your computer. 

 

 

No matter what operating system you run – Windows XP, Vista, Apple Mac, Linux – it is vital that you keep it updated with the latest patches.  Likewise, it’s important to keep your applications updated. This is because some of the most dangerous malware take advantage of known “bugs” in operating systems and other applications.  Worse, because these bugs are in legitimate software, they do not get picked up by anti-malware products. For example, the 9 Dec 2008 panic to update Microsoft Internet Explorer was because hackers were using a bug in that product to get control of peoples’ computers and install keyloggers and other malware. Just the month before that, it was revealed that Adobe Reader had similar bugs.

 

For horticulturalists, keeping computers updated can be a problem. Many modern updates – especially those for Microsoft –  range from 20 to 100MB in size. That’s a huge chunk of bandwidth for those of us with regional internet connections.  Even so, it’s worth the cost and time. Malware is generally very small in size, which means it can get in even in low bandwidth environments, so don’t think that just because your regional Internet is dodgy, the malware will have a hard time getting in. It won’t.

 

 

This is perhaps the hardest, yet most important, part of digital hygiene. Trojans –which can open your computer to all manner of malware attacks – are often able to be installed on a computer because someone clicked on something they should not have.  A common example is to click on an email attachment which appears to be something innocent, like a greeting card.  Once you’ve clicked on the attachment, you may get to see a greeting card, but quietly in the background a trojan is installing itself on your computer.  

 

Since many of us are now familiar with the old email attachment trick, hackers have gotten even sneakier. Now they are embedding malware in web pages, so if you visit a web page and get a pop-up, or a message asking if you should install something, think very, very carefully before doing so: do you know and trust the owner of the web site? Your default decision should be not to click. Keep in mind that hackers are also using ‘social hacking’ to get people to agree to click on messages. A classic example of this was a web site that brought up a window that looked very similar to that of a virus scanning tool, warned that spyware had been detected and prompted the user to click to remove the supposed spyware. Guess what?  By clicking on the message, the user in fact granted permission for the installation of spyware.  Oh the irony!

 

 

It’s a sad, sad fact that a lot of, ahhh, less-than-office-safe web sites are platforms for malware infection.  Most of the recent infections due to the Microsoft security breach were delivered when users browsed overseas adult sites.  Be safe. Don’t visit dodgy websites. Likewise, avoid downloading files from peer-to-peer networks.

 

 

Phishing is a cool term invented by linguistically playful nerds to describe the cunning ways in which criminals attempt to fool people into providing important information, such as account login details. Put simply, the bad guys are “fishing” for people who are foolish enough to take their bait. The most common method of phishing is to send out fake emails that look as if they are from a bank, government body or some other valuable service. These emails request that you click on a link and adjust your account details. When you do click on the click, the web page you are taken to looks identical to the legitimate site, but it is in fact a devious trap to get you to enter in your account details.  I personally receive hundreds of these a year and even though I know what to look for  (I’m geek enough to be able to interpret the raw text of the links and see their devious traps!) there have still been times when I’ve nearly been caught out.

 

If you do receive an email from your bank, Internet Service Provider or some other agency, DO NOT CLICK ON THE LINK IN THE EMAIL!  Instead, open up your web browser and manually type in the main address  of the site in question.  For example, you are asked to check your ANZ bank details in an email (which they would never do), you should not click on the link in the email, but should instead start a browser and manually type in www.anz.com.au. 

 

 

Social networking sites like FaceBook, MySpace and LinkedIn are awesome tools. However, people have a tendency to put way too much personal information on them. For example, one of the questions banks often ask to confirm your identity when you’ve lost your Phone-Banking PIN is your mother’s maiden name. Sometimes financial institutions and government departments like to check your date of birth, or your spouse’s name in order to verify you are who you say you are. As you can imagine, putting this sort of information on a public web site is just inviting trouble. We already know that criminal gangs are harvesting this information for use in identity theft. 

 

Think twice before writing anything about yourself on a social networking site that could be used to uniquely identify you.