Internet Security – Page 7 – Anti-virus Software, Spyware Protection & Firewall

Jon December 23, 2009

How To Recover from an Infected Computer.

“I’ve been hacked. Now what?”

Maybe it was a keylogger. Perhaps it was a simple virus, or even a trojan. Spyware took over your computer? It doesn’t matter, really. Something happened, you’re back to being clean, but your confidence in the security of your computer is shaken; and now you’re sitting there wondering what to do next.

First off, you’re not alone. With an estimated 300 new viruses or malware variants coming out every month, most people at one time or another are going to be the victims of malicious software. And depending on the severity of the attack you suffered, it’s not unlike the feeling you get when your home is robbed or your car is broken into. There’s a sense of fear, mistrust, and possibly even anxiety about being hit by malware in the future. Again, you’re not alone.

While we can’t speak to the emotions you may be feeling about what happened, what we can do is help you fix what happened and maybe even help you avoid the problem in the first place. What you’ll find below is a list of suggestions we have to recover from a malware attack.

Change your passwords
All of them. Especially if you had some kind of spyware or a keylogger on your machine. There’s no telling what passwords, if any, the crooks who authored your malware were privy to, but why take a chance? Make good use of our blog post on how to create a good password and come up with a new one for each and every site you use.
Reconsider minor apps
Now’s as good a time as any to go to your Add/Remove Programs and look at what software you have installed that you don’t use or might be suspect. Not only will this (possibly) help make your computer a bit more peppy, but it’ll also reduce the chances having of a piece of software on your computer that may be vulnerable to attack (vis-a-vis the bad guys).
- While you’re at it, you may as well clean up and optimize your hard disk to help fix things up. That’s not going to prevent viruses or spyware from infecting your machine, but it is good general maintenance. 🙂
Consider canceling those cards
If you used a particular credit or debit card with your computer, consider calling up the issuing bank, explaining what happened, and have them cancel the card and get a brand new one issued. That is, admittedly, a pain in the behind; but if your card data was compromised then you could be looking at an even bigger pain trying to recover from a bank account being open to the whim of crooks.
Report any crime
It’s one thing to have some passwords compromised; it’s another to actually have sensitive data leaked or have money stolen a bank account whose information was on your computer due to malware. If you were a victim of a crime please contact the authorities.
Be careful what you open
Emails, IMs, downloads… Not to make you paranoid, but pretty much anything you can click on has the potential to deliver malware right to your computer’s doorstep. Only open files or click on links from trusted sources. You should also keep an eye open on those, too, since spammers and hackers can forge email addresses to make them seem like they come from a friend or co-worker. Read the subject and content of emails and IMs before clicking on any link or downloading any attachments.
Practice safe computing
Help yourself out by steering clear from traditionally virus and spyware-laden web sites: iffy download sites, adult sites, gambling sites, and movie/mp3/torrent/etc. sites. They’re not all bad, but they have a bad rap for a reason.

An ounce of prevention is worth a pound of cure.

While we can’t say that doing any, or all, of the aforementioned steps will keep you 100% protected against future infections, we can say that every bit of pre-emptive caution that you can take will pay off in the long run.

Image courtesy of http://www.flickr.com/photos/rockyx/ / CC BY-SA 2.0

If you're looking for great anti-virus software that won't break the bank, try StopSign. You don't pay extra for tech support for difficult malware, and our web protection software just works. Download & install StopSign to find out why our members choose us over the other options.

Filed Under: Blog Tagged With: Internet Security, passwords

Jon December 17, 2009

Six Secrets of a Safe Twitter Account.

Twitter is like a giant party in a community of over 18 million people, and there’s bound to be a few apples in the bunch who want to cause trouble. You can get around some of those problems by locking down your Twitter account and being aware of some of the potential problems you might run into when you’re tweeting. Just follow these simple Twitter tips and use your common sense, and you’ll be much ahead of the “safe twittering” curve.

Good, strong passwords.
The creation of a good password cannot be stressed enough! Make sure to create a password that’s difficult for others to figure out and contains a mix of letters and numbers. Also try to use a different password than you use on other social networking sites in case one of the passwords gets cracked or is leaked out. Read more about how to create a strong password on our blog.
URL shorteners.
Sites like bit.ly, ow.ly, and cli.gs are great URL shortening services, especially when someone wants to link to websites in 140 characters or less. But if you don’t know the person who tweeted with a shortened URL, you’re never quite sure what you’re going to get. (OK, that’s not 100% true*) Be careful what you click on!
Are you (literally) on Twitter.com?
Scammers and spammers love to build lookalike sites to try and trick you into submitting your user names and passwords to them instead of the real thing. Before you log in, check the address bar to make sure you’re actually on Twitter.com and not some scam website. Learn more about how to figure out if you’re on a fake website or a real one on the StopSign blog.
Third party access.
There are some really neat services out there like We Follow and Twitter Grader that help enhance your Twitter experience and learn more about your tweeting habits; but there are also some fishy ones too. Make sure to regularly check your Connections settings in Twitter to clear out any unexpected or suspect applications that have been given access to your account. And if they offer it, connect using OAuth, as it’s much safer than supplying your user name and password to a strange website.
Phishy phish.
You’ve got to be diligent about reading DM’s and @ mentions (there’s a particularly nasty trick going around now where a scammer will @ mention you regarding something you’ve tweeted about and there’s a shortened URL to a spam site in the mention – do NOT click on it!). There always seems to be a phishing scams of some kind happening on Twitter, so make sure you know what you’re clicking on or responding to.
Don’t get too personal.
It’s really important that you don’t expose too much information about yourself or your family online. The wrong tweet can get you on a spammers list, or at worst, can lead crazies on the Internet right to your front door. We’ve got tips on how to stay safe online and offline.

For more information on Twitter security, check out the official Twitter help article on safe tweeting.

*OK, technically you can preview any bit.ly URL by adding a “+” to the end of the URL. Other sites and/or services may do the same; but the main issue is that URL shorteners, by default and by design, do not natively display the destination URL. Back to the top

Image courtesy of Twitter

Filed Under: Blog Tagged With: Internet Security, passwords, social networks, strong password, twitter

Jon December 10, 2009

Six Ways to Stay as Spam-Free as Possible.

Spam, much like the Monty Python skit which inspired the digital definition of spam, is in everything. It’s on your mobile phone, in your emails, and on websites all over the internet. It’s pretty much an impossibility to be completely spam-free, but you can get pretty close if you take a few precautions.

Here are 6 easy to use tips you can use to keep your email Inbox as spam-free as possible.

Read sign up details:
When you sign up for a product, service, newsletter, etc., most decent websites will give you a link to details about what the sign up entails (usually a privacy policy or the like). Take a few moments to read this information, because details on what they plan on doing with your information will more than likely be listed there. Some things to look out for include:
- Do they sell or share your information with third parties?
- How often do they send out emails?
- Are the emails and/or other contact methods relevant to what you’re signing up for?
Opt out:
Read check boxes carefully during sign ups. Sometimes you have to check a box to opt out of a mailing list, or sometimes you have to uncheck it to opt out. There’s no standard, per se, and companies often do what makes the most sense to them. Read carefully to make sure you do what’s right for you.
Keep it under wraps:
If information is optional, don’t give it up. There may be a field for your mailing address, but if it’s not required for a sign up then why do it?
Get to know them:
Take some time to find out more about a website before giving them any information about yourself. Read their online privacy policies, check out their blog if they have one, and try to get a sense of who they are before you start typing in details about yourself.
Step away from the computer:
For really detailed information requested online such as home addresses, phone numbers, and any sensitive information, you should try to find a verified phone number for them (i.e. one found in the phone book) or a local office (if possible) to sign up instead of doing it online.
Get a new address:
No, we’re not telling you to move. 🙂 We’re suggesting getting an email address that you can use to sign up for newsletters, etc. that you won’t mind getting clogged up with spam instead of your real email address. This way you can keep your personal email address clear for the things that really matter like family and friends.

This list is by no means exhaustive. There are always new methods being created to find out your contact information, and you need to be vigilant about keeping your info under wraps. Be sure to read what you’re signing up and stay on top of what you’re agreeing to online.

Oh, and if you’ve never seen the Monty Python spam sketch, you can see it on YouTube. Enjoy.

Image courtesy of http://www.flickr.com/photos/buggolo/ / CC BY 2.0

Filed Under: Blog Tagged With: Internet Security, spam

Jon December 2, 2009

Online Crooks Spread Holiday Scams, Not Cheer.

If it’s the end of the year then that means it’s time for Christmas, Hanukkah, Kwanzaa, and the annual ramp up of holiday-related scams, phishing, and other related online naughtiness. If only Santa had enough room on his Naughty List for all of the digital scammers!

It seems like every year the “bad kids” of the online world all seem to come together to get some year-end maliciousness out of their system. Increases in email spam, fake friend requests on social networking sites, and identity theft are part and parcel for the holiday season and this year is no different. If anything the current economic problems in America and the rest of the world make us all more likely to be a victim of holiday scams since we’re all on the hunt for great deals and looking for a way to stretch our holiday budgets.

Here’s a breakdown of some of the more common scams, schemes, and potential problems that you’ll find this year:

Fake gift cards
A perennial favorite, fake gift cards are often touted as being sold for cheaper than their original price (e.g. a $25.00 gift card being sold for $10.00), but many times are either completely fake, stolen and worth no money, or have had most if not all of their value used already. We suggest that you avoid these at all cost unless you get them from the store they are actually from (like Amazon.com gift cards) or another reputable vendor.
Fake charities
Organizations like the United Way, Red Cross, and Toys for Tots do wonders for people across the country, but be careful when making a donation. Be sure that the representative you’re talking to is actually working for a charitable organization and not his or her own pocketbook.
Holiday e-cards
Even though the real ones can be fun, e-cards in general have been known to mask trojans and spyware that are installed on your PC without your knowledge. Be especially careful when you receive an e-card in your inbox during the holidays.
Lyric websites
When looking for Christmas carols you might end up finding malware. Many lyric sites are chock-full of advertising, popups, and it’s easy to accidentally click “OK” on a software install button. Be very careful when getting your play list ready for your carolers.
Fake websites
These tend to come out of the woodwork and often look very convincing. Identity theft and stolen credit card numbers are the usual gifts that are given to holiday scam artists when they set up a fake website that copies an online store or charitable website. Check out our post on “How to Spot a Fake Website” for additional details on how to know which are fake and which are real.
Online fraud
eBay, CraigsList, and other online auction and shopping sites have great deals and a lot of hard-to-find gifts. They also have a lot of fraud associated with them since anyone with an email address can set up an account. Make sure to look for user ratings if possible (eBay in particular has a pretty darn good rating system for buyers and sellers) to see what a seller’s track record is like before you click on the buy button.

We hope that you find these tips useful this holiday season, and we wish you and yours the very happiest of holidays! And if you’ve got kids and they’re still young enough to believe in Santa Claus, check out this Naughty or Nice form that asks a few questions and lets them know what list they are on.

http://www.flickr.com/photos/bixentro/ / CC BY 2.0

Filed Under: Blog Tagged With: identity theft, Internet Security, online scams, phishing, social engineering

Jon November 4, 2009

Social Engineering: A Digital Con Game.

Social networks such as Facebook, Twitter, and MySpace are wonderful ways to connect with friends and family. Unfortunately they also provide excellent resources for online crooks to gain sensitive information via social engineering, a term synonymous with con games in the world of computer security. By learning what social networking is, you can protect yourself from would-be (virtual) attackers and keep your data safe.

What is “social engineering”?

Social engineering is a non-technical intrusion using human interaction (thus, the “social” in “social engineering”) to gain information which directly, or indirectly, leads to a scam of some kind. The information compromised can be of any variety: passwords, access to computers and/or networks, account information, or anything else that can lead to additional data, money, identity theft, hacked accounts, or other problems for the victims. It’s considered a safer and easier way to run a con since the scammer rarely has to be physically present in front of the victim, so the Internet provides an excellent medium for these kinds of scams.

How does social engineering affect my social networking accounts?

Attempts to phish for information are notorious online, and you should learn how to protect yourself from phishers. Instant and direct messages, emails, chat… all forms of online communication have the potential to be tapped, spoofed, or intercepted. Whether it’s email, a social networking site, or something else, all it takes is one unsecure account and a bit of luck in order to gain access from hundreds, if not thousands, of other users. With access to one unsecured account, the scammer now has the trust of all of their friends and followers of the real account owner. The flood gates are now open for additional phishing attempts, data loss, and other forms of digital mischief.

Social engineering is very simple and very effective. The weakest link in any computer security scenario will always be a human, and social networks are chock full of them. With enough patience it’s only a matter of time before a scammer finds a victim.

How can I protect myself from being a victim?

The easiest way to guard against social engineering is to be skeptical of offers presented in emails, online, and over the phone. Social engineering attempts prey on every aspect of human behavior (greed, compassion, fear, love, etc.) and can even exploit outside events such as natural disasters and current news topics in order to extract information from the victim. Here are a few specific things you can do:

Ensure the legitimacy of anyone claiming to be a representative of a company, government office, or organization.
Never reveal personal information unless you are certain of their need for the information and that the information will be held in the strictest confidence.
Keep your passwords and other account access data secure. No company or it’s representatives should ever ask for your password, no matter how convincing the story they give you.
When entering sensitive information online, make sure you’re really on the web site you think you are on. Read our “How to Spot a Fake Website” post to learn more.
Never send sensitive and/or personal information via email or instant message to anyone, even friends and relatives. Spoofing emails and IM information is too easy.

If you come across a social engineering attempt, make sure to contact the service you used when the attempt occurred. Most social networking sites, companies, and organizations have a computer security team that handles these issues and you can help stop the spread of these attacks. Listed below are some resources for a few online services regarding safety, abuse, reporting, and/or support. To find out how to report on other sites, check their Help or Support links.