People often think they are secure with their online activity. For example, your bank site is secure, right? One might think that because it’s a bank they know what they are doing! I can’t even use my debit card on a vacation trip if I don’t call them ahead of time these days, so they are clearly on top of security. However, we still read about data leaks from all over, though we tend to ignore them if they aren't applicable to us. Are you as secure as you think you are? This is the first of a three way summary of do’s and dont’s and some solutions that can help you along the way, so buckle up and enjoy the comments!
Do any of these sound familiar to you?
- “Macs don't need antivirus.” There are a lot of people who still believe this, despite evidence to the contrary.
- “I don't go to potentially infected sites on-line.” Really? The Internet has more malicious software than ever – the sites you love might still be infected!
- “Everyone in the office knows not to open unexpected attachments.” Actually you would be surprised and even if they are told not to, how do you know if they do or not?!
- “No, I didn't read the message I just clicked through it.” So that means there isn’t a problem? Hmm, hide and watch.
- “It was free.” Of course it was. And now how much did that free offer cost you in support, lost data, lost time and embarrassment with your boss and colleagues? Note: This is no slight against FLOSS (Free, Libre, and Open Source Software – just be a wise consumer and read reviews).
We hear many of these and more all the time and the real problem is there’s a pretty high labor charge involved for the people we hear it from. Have you heard the expression that an ounce of prevention is worth a pound of cure? This holds true when it comes to security. A friend of mine received an e-mail from someone that said they were going to promote his company on their website and to check it out. They had the details of his site, the owner’s name, a lot of personal information so he clicked on the link and, yes you guessed it, the rest is history. Replacement machine and a whole host of new software. If only……..
How many of you have ever heard of “Mac hack” competitions? They exist. People find and save exploits to use later during these events or even just to exploit Macs online. It's not just Windows based machines that are vulnerable to attack. “Macs don’t need antivirus” is a myth.
So what can you do to prevent some of these annoying, irritating and expensive things threatening you personally AND your business?
It's not enough to only update your operating system and antivirus, you need to keep an eye on the software you are using as well. They are vulnerable to exploits that allow remote operators to run their own software on your computer. These include such well-known names as Adobe Acrobat, Adobe Flash, Java, MS Office, your web browser, etc. Some of our recommendations include:
- Secunia PSI (Personal Security Inspector) free for personal use. This is for Windows only and will help keep you aware of updates for other non-Microsoft software running on your computer.
- Windows updates.
- Mac updates.
- Adobe products. These can sometimes be tricky as some websites try to imitate these and if you aren’t careful you might also install extra 3rd party software (like McAfee or Intel Security). Nevertheless, you should update. Adobe PDF and Flash are notorious for allowing malicious code to be run on your system (Mac, Windows, and Linux alike).
2. Endpoint Protection
This is the software you run on your system for “Antivirus“, which is a misnomer that is a holdover from the 90s. Back then, most threats were called a computer virus. Today, only a few threats that these software protect against are considered viruses. You can use free software (as in beer, meaning they generally take more staff time for management), however most license statements for free versions of security software state “for home use only”, (though Microsoft Security Essentials says for home use or small businesses up to 10 devices). These are okay. They are like putting a lock on your door. They will usually stop the casual hacker or unwanted malicious software. Some of our customers have still been compromised with free antivirus.
Good professional endpoint security software is much better. It’s like adding a guard dog and some extra locks to the house. Your casual hacker won’t likely get in at all and your professional hackers will have a harder time of it. Professional hackers today are better funded, have support systems in place, have exploit software available to them for purchase with money back guarantees, and even YouTube videos showing how they can be used. All these professional hackers need is one foot in the door, one tiny crack and they can end up finding enough exploits to control your entire computer or network if you don’t follow good security practices.
Professional Solutions: We recommend you give Sophos Endpoint Protection a try - sign up for a 30-day free trial now and let us be your Sophos Partner. It runs on Mac or Windows. The Windows Server edition has extra features for lockdown. It also lets you protect and manage your mobile devices (these are also a large target for hackers). Licensing is per-user, not per-device.
Free Solutions you can try:
- Sophos free Mac – this is an “always on” solution.
- Sophos free for Windows – this is not “always on” and will only scan your files when you tell it to.
- Sophos free security for Android.
- Microsoft security essentials, AVG Free for Windows – these are “always on” solutions.
Products we do NOT recommend (also known as the software we are usually uninstalling when people have trouble):
- McAfee / Intel
So if you can relate to any of these issues and need some help walking through the ever winding maize, let us know. We’ve been doing this for a while now, we keep up to date with everything that’s out there and would be happy to help you all any way we can. Hope you enjoyed the read.
If you enjoyed this, be sure to read Everyday Computer Security for Everyday Computer People - Part 2
Chris Shipley is the President of Nutmeg Consulting LLC and Information Technology and Services Consultant based in Hartford CT. If you want to find out more about how we protect ourselves and our clients, please feel free to contact me and see how we can help protect you as an individual as well as your company