Thursday, April 22, 2010
Phishing counter measures
Do not forget to turn on the phishing facility that comes with the IE 7.0 browser. Most of the users turn off this facility thinking this is reducing the performance. But this is actually protecting you from getting hooked on to malicious websites. Security comes with a small cost to pay but it is worth paying that .
Tuesday, April 20, 2010
Protecting yourself from Malicious Website-Based malware
Users when surfing the Internet bring malware into the home based networks. Email links are sent to the user to perform a client-side exploit and when clicked loads various types of malware on their systems. Install the latest security updates on a daily basis for all applications you use and keep your system free of any exploits.
Use antimalware tools from security vendors to defend yourself from these malwares. However, thse tools are only as good as the system they are protecting. A vulnerable or infected system will bring down the antimalware tool and prevent it from protecting the operating system from further infection. Upgrade your browser if you have not yet done so because today's browsers (Google chrome, Firefox,...)do warn you if the site you are visiting is a suspected malicious site.
Use antimalware tools from security vendors to defend yourself from these malwares. However, thse tools are only as good as the system they are protecting. A vulnerable or infected system will bring down the antimalware tool and prevent it from protecting the operating system from further infection. Upgrade your browser if you have not yet done so because today's browsers (Google chrome, Firefox,...)do warn you if the site you are visiting is a suspected malicious site.
Filter your HTTP traffic
Today 1 in 20 websites are malicious. You visit them and you are bound to download trojan or malicious software than can give control of your system and resources to bad guys. When choosing an antivirus verify if it supports filtering HTTP traffic to malicious sites. Also your keep your browsers which ever you use upto date with patches as the exploits in these browsers are most commonly used as an attack platform to gain control on the systems.
Spear phishing
The most deadly form of email exploits today are known as spear phishing or rock phishing. This is where the malware distributor or writer sends out a skillfully crafted email from either a forged address, which the user in the organization trusts, and/or from an organization known to the user.
Combat Email threats to protect your information
When checking mails in your inbox understanding them is the most important step towards protecting you from malware infections. You should enable view file extensions to check if these belong to any of the well known malware categories and are able to take control of your system. Ofcourse google is always there for searching if you suspect the files attached in your mails are malware.
Never open an executable file type from anyone unless you have requested that file, espeically since malware will typically come from someone you know. Anytime you would like to receive an exe or zip file, then request your friends or colleagues to rename the extension of the file and send it to you. Delete key is your best friend for suspicious attachments and mails. Don't think when you need to use it.
Always patch your systems and check for updates. Preferable would be to use systems that provide push updates rather than clients looking for updates. Windows update does look for updates when a machine is restarted or may be even logged in. Updates must be checked at least once in a day. I hardly know any softwares that provide push updates. Hope the major antimalware companies would shift to push updates rather than pull options.
Never open an executable file type from anyone unless you have requested that file, espeically since malware will typically come from someone you know. Anytime you would like to receive an exe or zip file, then request your friends or colleagues to rename the extension of the file and send it to you. Delete key is your best friend for suspicious attachments and mails. Don't think when you need to use it.
Always patch your systems and check for updates. Preferable would be to use systems that provide push updates rather than clients looking for updates. Windows update does look for updates when a machine is restarted or may be even logged in. Updates must be checked at least once in a day. I hardly know any softwares that provide push updates. Hope the major antimalware companies would shift to push updates rather than pull options.
Monday, April 19, 2010
Emails or Attachments
Don’t open emails or attachments from even trusted sources without truly vetting them by the trusted sender. Today you are the last line of defense.
Thursday, March 25, 2010
Malware file types you should be aware of
Malware authors want money, and the easiest way to get it is to steal it from you.
They lure you into clicking on different types of files infected by malware. You must not click on files which you do not trust is from a good source like executable, Microsoft office documents, Adobe pdfs or compressed zip files. These files could be delivered through no.of channels like social engineering through Instant messengers, peer to peer networks, enterprise network file sharing, USB devices.
Malwares are also delivered in the form of downloadable flash games, simple graphic design animations, powerpoint slides. If you don't execute these files your system will not be infected by malware.
Some familiar files that are being used as malware on windows platform are:
.exe, .pdf, .flv, .doc, .ppt, .xls, .bat
They lure you into clicking on different types of files infected by malware. You must not click on files which you do not trust is from a good source like executable, Microsoft office documents, Adobe pdfs or compressed zip files. These files could be delivered through no.of channels like social engineering through Instant messengers, peer to peer networks, enterprise network file sharing, USB devices.
Malwares are also delivered in the form of downloadable flash games, simple graphic design animations, powerpoint slides. If you don't execute these files your system will not be infected by malware.
Some familiar files that are being used as malware on windows platform are:
.exe, .pdf, .flv, .doc, .ppt, .xls, .bat
Subscribe to:
Posts (Atom)