This series of write-ups celebrates the Lenovo Forum's family of volunteer advocates - moderators, gurus and outstanding members of the Forum, who consistently go out of their way to help out in this community through sharing what they know, dissecting, delving and diving into various issues to educate other users and solve one another's problems. We salute and honor your dedication and hard work!
Beware, malware. And you should too, warns Linda Layton, aka Bugbatter, one of Lenovo Forum’s stalwarts, who has dedicated much time and effort on a personal crusade against such malicious attacks. In this guest entry, she highlights 10 things one should do to plug the loopholes which malware creators love making use of, and lists the steps you can take to ensure that your system is not compromised.
10 Things You Do That Puts Your System At Risk of Infection
1. Social Media - Platforms such as Facebook and Twitter are being used by attackers, spammers, and others. For example, in the past, attackers and spammers used Twitter to send victims to malicious sites through the use of the automatically shortened URLs. Fortunately, this has been addressed recently by special add-ons for some browsers, and by the sites’ allowing members to preview the actual URLs, as well as protect users from dangerous links that lead to malicious websites and malware sites.(Refer to this website). However, social media sites make changes in Settings every so often and those changes may be made without adequate testing. It is imperative that users routinely check their privacy settings and not get a false sense of security. Scammers, spammers, and malware writers are always one step ahead of us. Continue to be vigilant when clicking links to photos, videos, surveys, and other “fun stuff”.
2. Installations from games, tools and applications – As the saying goes, "If it sounds too good to be true, it probably is." Sometimes those fabulous fun can't-live-without apps can be tempting. While not malware as such, even some of our favorite “free” applications are now earning income by including toolbars in their updates and downloads. Before installing new software and/or updating, always uncheck any toolbar or other offering that you do not want.
3. File Sharing (aka: P2P), Crack, Keygen, and Warez Sites – Peer-to-peer file sharing is not technically malware, but it can install infection because it opens the door for any number of worms, adware, and spyware infections when you use their network.Even the safest P2P file sharing programs that do not contain bundled spyware still exposes a user to risks because of the very nature of the P2P file sharing process. By default, most P2P file sharing programs are configured to automatically launch at Startup, and are also configured to allow other P2P users on the same network open access to a shared directory on your computer. File sharing relies on its members sharing unfettered access to computers across the P2P network. This practice can make a system vulnerable to data and identity theft. Even if risky default settings are changed to a safer configuration, the act of downloading files from an anonymous source greatly increases the exposure to infection. Files being downloaded may actually contain a disguised threat that spreads across P2P files sharing networks because of their known vulnerabilities.
It is a given that if you use keygen and warez sites you will become infected. Not only is pirated software illegal, but the sites themselves can be a breeding ground for infection.
4. Malicious Advertising - This type of advertising is used when the product or service is a little more than you anticipated. Do investigate a program from other sources prior to investing in that product.
5. Malicious Websites – These sites can be specially crafted to use the latest discovered vulnerability in major browsers. Because they can infect by downloading without the user doing anything more than visiting the website, these are often called “drive by downloads”. Do ensure that your anti-virus is up-to-date and always question the authenticity of a website – if it seems dodgy (such as, for instance, a website may seem to be by a reputable company or source, but there are many instances of misspelling or inconsistencies in design, follow your gut feel and stay away.)
6. Insecure Passwords - The methods used for breaking a password vary. The analysis of 32 million passwords showed that 300,000 accounts used the password “123456”. For more information refer to the following link.
7. Internet Probing - Operating a system without an effective firewall is extremely risky as port scanning is a fact of life, and is one of the insidious ways hackers use to invade your system. Open, unprotected ports have always been attractive to internet worms. There is more information on software firewalls in the KB article here.
8. System Vulnerabilities and Outdated Software - Unfortunately, malware writers are constantly looking to use exploits to take advantage of software vulnerabilities. It seems that as soon as a patch is created, the bad guys have found a way around it. Keeping the operating system and other software updated will mitigate the risks of malware finding its way into a system.
9. Incomplete Malware Removal - End users often run one or two simple, general DIY scans and claim that the infection on their system is gone. Not only is there no one-size-fit-all fix, but some types of malware can be planted so far down into a system that remnants are just waiting to become active when the user visits a certain website, or launches a specific program. Ensure that your system is thoroughly cleansed.
10. Malicious Emails - Although these are not as prevalent as in the past, as malware has expanded to using social media, and users have become more security savvy, these types of email messages still exist. These would be emails including such things as phishing, infected attachments, and links to sites that have embedded malicious code. For anyone not familiar with phishing, there is a very comprehensive article here.
Nothing is 100% secure, and there is no “magic bullet”. As noted above, there are ways that we can become victims if we are not careful. The prevention is always easier than the cure.
Linda Layton, Microsoft MVP
Catch Linda and other panelists in our first Special Event on Malware and Security from Nov 28 – 30, where you can pose questions you may have about this topic and get them answered. Have a question about this topic? Post them in this board here!