following articles were received from Norton Internet Security by Andy Tribe
as a subscriber to Norton Internet Security.
The New Breed of Online Security Threats
By Courtney Macavinta
Beth Morrissey, a freelance writer from Williamsburg, Va., works and practically lives on the Internet. She blogs, has a website and is hooked into all the popular social networks. The downside to her life online? Like all Internet users she’s constantly exposed to security threats and has suffered the consequences of being spammed, having her Gmail account hacked and catching a few nasty computer viruses.
“I've been hit with email viruses, picked up a virus while downloading an online PDF,” she says, “been informed that my online banking accounts had attempted to be hacked, and received phishing emails from fake PayPal sites.”
The worst episode was the day a giant black and white swirl appeared on the screen of Morrissey's laptop and turned out to be a computer virus. “I watched it as it ate every one of my desktop icons and then took over the screen so that I couldn't navigate anything.” The outcome: Three-quarters of her hard drive was deleted and she lost a week’s worth of wages as she waited for her laptop to be repaired. She’s not alone: In 2008, viruses and spyware cost U.S. household $6.5 billion in damages, according to Consumer Reports.
“I still consider the week of waiting for repairs and all of the related hassle to have been one of the worst weeks of my life,” she says.
Still, Morrissey is actually one of the lucky ones because she frequently backed up her data and has since upped her security plan. And yet even with her precautions in place Morrissey has been hit by almost every top Internet security threat, according to experts, and there are new threats on the horizon.
Here are the new threats (and long-standing ones that won’t go away) that you need to shield yourself against with the help of tools and savvy personal practices:
1. Threat: Smarter Malware
Malware is everything you don’t want to hit you and your computer: Viruses, spyware, adware, “keylogging” programs that swipe passwords, and other malicious programs that aim to exploit your personal information for financial gain or to simply wreak havoc. You can get hit with malware through email, pop-up ads, screen savers, downloads or tainted websites. Though malware is nothing new, it is now getting smarter experts say to keep duping online users.
“It used to be in the old days if you were getting a bunch of pop-ups or being re-directed to a new homepage that it meant you were infected,” says Michael Kaiser, executive director of the non-profit National Cyber Security Alliance (NCSA), which runs the consumer education site StaySafeOnline.
“The fact is that the malware is more malicious and it's less likely to be seen in your computer's behavior,” Kaiser says. “Consumers may also see rogue anti-malware programs, such as pop-ups that look like a security message and direct you to buy a program to clean out your system. Some of those sites may actually be malware sites or extremely low-quality antivirus spyware programs.”
2. Threat: Evolved Botnets
If your computer gets snared by hackers into a botnet, it means that unbeknownst to you criminals have added your computer with a virtual network that attacks websites with floods of traffic to crash them. Being caught in a botnet could also mean hackers are stealing your personal information. You often get swept into a botnet via malware -- they work hand-in-hand together. The way that hackers structure botnets is becoming more sophisticated and harder to detect.
3. Threat: Vulnerable Web 2.0 and Social Network Sites
Web 2.0 services make many web tools more compelling and helpful -- such as those YouTube videos you see everywhere online. However, experts say it can be hard to configure these services to be totally secure from vulnerabilities. According to a 2009 report by the Secure Enterprise 2.0 Forum, threats can include increased phishing appeals (which try to get you to forfeit personal information on fake websites) or Web 2.0 code being exploited by hackers, which happened to Yahoo HotJobs in 2008. In that case, hackers could compromise people’s stored information on the site.
Even social networks are getting hit with phishing messages or malware-laden spam. “When there is a successful new application that drives a large volume of users, a cybercriminal will try to take advantage of it,” Kaiser says. Also on social network sites people are apt to simply post droves of personal information that can be exploited by someone to get into their bank account, for example.
To protect yourself and your family from the new online threats, here are some strategies you can put into place.
* For starters, keep your security system updated. This applies to your antivirus/antispyware/firewall software, operating system security and web browser security programs. Set your software and programs to automatically update with the latest protections. “If you don't get that frequent update, you're not going to be protected,” Kaiser says.
* Don’t follow the trail of pop-ups or links in unsolicited emails -- ever. If you get a suspect pop-up, close it and immediately run your updated security software.
* Change your passwords frequently and make sure they are long, don’t include your personal information and include numbers too. Kaiser suggests coming up with unique letter and number combinations of something like your favorite song title, for example, which can’t be easily guessed (just don’t post it on your social network profile!).
* If infected, use your security software or the vendor’s website to help you remove malware or get assistance at non-profit sites like
* To behave more consciously online, use the NCSA’s three W’s. Before posting on a social network, ask yourself: 1. Who will see this? 2. What is the value of sharing this information or photo? 3. Why do I want someone to see this information? “This is all about having the right tools and using good behavior,” Kaiser notes.
The good news for Morrissey is she has learnt how to protect herself from online threats and become
more conscious of how she could be at risk. “Sometimes it's a hassle,” she
says. “But then I remind myself that I never want to go through another scare
again and that it's better to be safe than sorry.”
27.2 The online social network I use asked me to enter the password for my email account so that it could find my friends who might already be members. Is it safe to do this?
It is never a good idea to give out the password to your email account to anyone or any company. In the case of social networks, some of the largest and best known -- Facebook, MySpace, and LinkedIn -- offer users a quick way to locate friends who are already members of the social network by asking for the password to your email account. They use automated programs to search through your email contacts and match the addresses with current members.
While some users choose this option, there are always inherent risks of sharing your password, such as that your password will be misused or divulged and that you will become the victim of identity theft.
A safer way to find friends on a social network is the old fashioned way. Look through the friends of friends to find individuals you know. Or use search functions to look for specific people you know who might already be members. It may take you longer to accumulate hundreds of friends, but you'll be able to sleep better at night.
27.3 I keep getting emails from my own email address, and the subject lines are always really lurid. Has someone hacked into my account? What should I do?
The good news is no one has hacked into your account. What you’re experiencing is called “From spoofing,” and it’s a favourite tool in the spam artillery.
From-spoofing is annoying, but it’s not dangerous. It’s the sender entering your name and address into the From field in their mail program instead of their own. Outlook, for one, makes this a snap. During the setup process, when asked to enter one’s own email address, spammers choose this option.
Since the name of the game for spammers is hiding their tracks and making sure you receive their mail, from-spoofing is natural. By putting your address in the From field, they obscure the true sender and nearly guarantee that your spam filter won’t block their email.
To prevent such emails from reaching you, take these steps:
* Set up a filter. You can create a special rule to automatically route anything sent from your email address to the Trash folder. You’ll still see emails sent by you in your Sent folder, and if you have intentionally added yourself as a recipient, you can always dig that piece of mail out of the trash.
* Verify. You can also set up a sender verification tool that asks every new sender to verify that they are a real person before the mail reaches you. (From then on, everything from that address is processed as legitimate and sent directly to you.)
* Take caution. Simply receiving these emails does not put you at risk, but just like any email from an unknown source, you should think twice before clicking on any links.
27.4 I want to set up a wireless network that covers my home and detached garage, which is 500 feet away. How can I reach this large area securely?
Start by shopping for a wireless router, a box that connects to your Internet cable or DSL modem and allows you to access the Internet without using a cable or wire. Look for a router with a range of around 1,000 feet, which will be sure to cover your house as well as the 500 feet out to the garage.
Once you’ve bought a wireless router, follow the instructions that came with it and plug it in to your cable or DSL modem. Then, enter the IP address provided by the manufacturer into your Web browser. (At this point, you’ll be connected to the Internet through your modem.) The IP address is a series of numbers separated by full stops (e.g., 220.127.116.11).
The IP address will direct you to a Web page where you can adjust your wireless Internet settings. You’ll be given the option of choosing Wi-Fi Protected Access (WPA) or Wired Equivalent Privacy (WEP). Both are encryption standards that scramble the data transmitted over the wireless connection, but WPA is more secure for home users.
Once you select WPA, change the default network name and password that were automatically generated when you set up the router. Your network name can be something easily recognisable, such as “Smith Family Network,” and your password should be unique and memorable to everyone who’s using the router. (Keep in mind, though, you’ll be able to store the password on your computer once you’ve entered it the first time.)
Now your connection will be secure and protected. If you experience any interference or loss of strength in the connection and you’re concerned about security, you can run such a tool as Wi-Spy. It’ll let you see where the interference is taking place, then you can move your router to a spot that allows a more direct path to your laptop or desktop computer. And if your connection ever goes down? Check the modem: It’s most likely a problem with the main signal.