Warning: mysql_result(): supplied argument is not a valid MySQL result resource in /var/www/hosts/cases/inc/refcount.php on line 23
CASEScontact - solutions, tools & skills against latest security, cybercrime, hacking & malware threats
Just the facts
     
Title   CASEScontact.org guide UPDATE 2: Fighting off malware attacks the smart way
Description  

Protecting your PC against malware with CASEScontact.org's malware guide that tells you how to:

  1. protect yourself against identity theft, viruses, worms and other nasties, and
  2. set up your PC and software to assure that your risk exposure is being minimized

Get through this guide and after 15 minutes only, you will be in a position to implement some smart steps to improve your PCs security level significantly with no sweat.
CyTRAP LABs ID   CT210006
Date   2006-08-24
Systems affected  
  • Windows/2000/NT/XP etc.
  • Mac OS 10.xx (Jaguar, Panther)
  • Linux, Ubuntu, etc.
Select language  
Version number   1.2
ISSN   1603-9866
Verify tip   http://casescontact.org/tips/210006
Risk assessment   High
Impact/Severity   High
Audio/Podcast files   CyTRAP radio show - Protecting your digital assets - Thursday, August 24, 2006
Update - change  

Update 2: 2006-08-24

    > Updating of links
    > additional free checklists,
    > more tools are offered for downloading.
 

Why not get new tips and alerts by e-mail directly to your in-box? It's much more convenient:

Your email: or press here.
 

What's up?
     
   
Real life scenario Internet & PC scenario
What is the threat or vulnerability?    
We all have had a virus and felt sick, we know a few stories to tell about that one. Get more information here:
> What makes a biological virus different from the cyberspace menace? 		A program that can "infect" other programs by modifying them to include a, possibly evolved, copy of itself.

A user may not be aware that her system was infected by a virus or malware.
 
 

Problem & Solution
     
What does it mean to me? Am I vulnerable?  
Typically, malware (this is the generic term for such malicious programs as viruses, worms, or Trojans) is usually a destructive program that has the ability to reproduce itself on one's machine and infect other programs or disks. For instance, a virus (one type of malware) will not show itself immediately, but will add itself to programs and disks to spread itself widely on many computers before it is triggered into its destructive phase.

So why should you care?

Well, you are probably reading this tip because you:

  • you worry about virus risks,
  • believe you got infected by malware and other nasties because your PC has become slow and unstable,
  • have experienced weird things occurring on your PC or mobile (e.g., a screen showing up saying something such as: You have been dooped by Rollercoaster - system will be destroyed in 10 Min) and/or,
  • experience strange things when you start-up your PC

If you are concerned about any of the above you have most likely also thought about the possibility of becoming a victim of a social engineering attack, with malware or other nasties that jeopardize the effective working with your PC.

But you have come to the right place just read on to get fast and easy help to better protect yourself.

  1. The Threat
    May come in a variety of forms, including malicious code exploiting a known vulnerability or else by the user downloading a program from an untrusted site.

  2. Vulnerability
    There are more than one, such as:
    1. known or not known vulnerabilities could be used to harm a user's system,
    2. code already installed on a system may provide confidential information such as passwords to another machine on the Internet that is run by a malicious user.

  3. Impact
    Is such that malicious people could cause you harm in several different ways, such as:
    1. may manage to get information from your PC that you consider confidential and private;
    2. cause damage and/or corrupt some of your files making them unusable,
    3. a known or yet to be known zero-day vulnerability may get exploited and worms and other Trojan horses may infect your system and cause serious damage to your data and information
     
If I fix the problem - will it help me?
How		  
If you fix it you have to remain vigilant to avoid being infected in the future. System administrators should also check CyTRAP Labs' FAQ - best practices for protecting your organization's systems against malware
     
How can one describe the solution?  
The solution starts with caution as we have outlined here CyTRAP Labs’ FAQ - best practices for protecting your PC against malware
     
Does Microsoft offer me a solution?  

Microsoft does offer you an anti-virus package. However, while it is currently free it will, most certainly, cost you money down the line.

As importantly, the software does not work any better or worse than most others you can get. For various reasons, CyTRAP Labs' and other security firms' experts do not recommend you to use the Microsoft version exclusively.
     
Where can I get more help?  

For more definitions regarding buzz words and computer security check out:

What does this term mean - Information Security Dictionary
 


What is the solution to this problem ?
     
Tip 1   Most providers enable you to check if your machine has been infected by using their oneline scan, if you wish to choose one of them, you can find their links including some explanations about how well it works and a test here:    
     
Tip 2   You may also choose to submit a file that you are suspicious about to a scan engine to check on your behalf if something is wrong or not:  
     
Tip 3   Naturally, you must install an anti-virus software package, you can choose any one from vendors mentioned in Tip 1 or 2 above. There is also a free version available:    
 


Take another 2 minutes - More tricks to safeguard your information better
     
Tidbit 1   Viruses are not the same as spyware and your anti-virus or anti-Trojan program will not necessarily catch spyware. Accordingly, to catch spyware you need an anti-spyware program. You can get the CyTRAP Labs' Choice here:    
Tidbit 2   When you install anti-virus software it helps if you start being careful, vigilant and suspicious. This means that if you follow the right steps, your risk for being infected by malware is, most certainly, reduced substantially. This is even true in case of the recent zero-day exploits we have come across. So check out:    
 


Awareness and security culture
     
Parents & teacher   Ever more the PC is getting into the classroom. It is being used for whatever purpose you might imagine, including primary school pupils blogging about their school camp (this links to a site in German).

But this also means the risk for infection through viruses, Trojans or worms is getting ever bigger.

Best prevention is if you and your students/children understand a few facts and behave accordingly:

  1. every PC in the classroom including notebooks must have anti-virus software installed,
  2. the anit-virus software must be set-up that it scans every device that is being connected including USB memory sticks brought into the classroom
  3. working with files at home and bringing them to school including assignments increases the risk for spreading viruses in the classroom
Legal compliance & risk management  

To reduce regulatory hassles down the line, it must be feaisble to demonstrate to an outsider to have taken the necessary precautions by implementing the following procedures:

  1. Disable disk booting Change the CMOS bootup sequence on PCs so that rather than booting from drive A or your CD/DVD drive: if you leave a floppy or CD/DVD in your machine, you boot by default from drive C: instead.
  2. Disable running executable files from a memory stick or a CD-Rom
  3. Block any file with more than one file type extension such as LOVE-LETTER-FOR-YOU.TXT.VBS or ANNAKOURNIKOVA.JPG.VBS since they may appear to be ASCII text or a harmless graphic to the inexperienced.
  4. Ensure that all executables received from the outside world via email goes directly to your IT department or, in the case of small businesses, your IT person, for checking and approval so:
      a) it can confirm not only that the file is virus-free, but also properly licensed, unlikely to conflict with existing software applications, and is suitable (for instance, not pornographic).
      b)IT will always know what software is installed on which computers.
  5. Make sure that the security or safe computing/privacy policy in place addresses virus or malware issues and, most importantly, make sure every employee has read and understood the policy, and that they know who to speak to, if they have any questions. This means you need to remind them in one way or another about the safe computing policy 2 x a year!
  6. Please don't forget to protect your laptop computers and desktop computers used by home workers. Ensure they are running up-to-date virus protection as viruses, worms and spyware can easily use these devices to enter your business.

Trends  

CyTRAP Labs has made several predictions regarding malicious software. In particular we find the threat for virus infections as well as confidentiality violations of customer or business data will be coming from the _ever greater use of_:

  1. applications following the Web 2.0 mantra,
  2. mash-up sites ((what is a mash-up site?, ) used by your employees to do several tasks online including finding an address for an appointment in the calendar including a map showing the location of the meeting point, and
  3. employees using social networking sites at work or home to share files, data and images.

All the above means that threats are coming from an ever wider circle and in different types so a layered security approach is the only way to protect your business or private data and information assets effectively and smartly.
     


CYTRAP resources - check it out - because it will help you better protect yourself
     
Related tips  
Glossary   Please either sign in by clicking on 'Login as a guest' to get the definition, no registration required or else get a free registration to get access, its worth it.
Del.icio.us  

Was this tip helpful to you? If yes, why not bookmark it at Del.icio.us

     
Technorati tags   , , , , , , , , , , , , , , , , , , , , , , , , , ,

Administrative
     
Author   Urs E. Gattiker - CyTRAP Labs
     
Revisions  
  • 1.0 - 2005-06-14 - First Version
  • 1.1 - 2005-07-10 - First Revision
  • 1.2 - 2006-08-24 - 2nd Revision
    • Contact details   Web: http://CASEScontact.org
    E-mail: support01@CASEScontact.org

    Tel: +41(0)76-200-7778 or + 44(0)70-9237-6036
    Fax: +44(0)70-9237-6036, dial 3 send fax
     

    --END of ADVISORY - Important Info Below--
     
    We recommend that you VERIFY ALL ADVISORIES you receive IMMEDIATELY, by clicking on the link provided at the top of this alert.

    NO WARRANTY
    Any material furnished by CASEScontact.org is furnished on an 'as is' basis. CASEScontact.org, writers & sponsors make no warranties of any kind, either expressed or implied as to any matter including, but not limited to, warranty of fitness for a particular purpose or merchantability, exclusivity or results obtained from use of the material.

    Ride the rollercoaster successfully by subscribing to our alerts, tips, tools and skills training receiving them either via:

    1) e-mail
    2) RSS feeds, or else, just get a
    3) free skills tune-up


    NO WARRANTY
    Any material furnished by CASEScontact.org is furnished on an 'as is' basis. CASEScontact.org, writers & sponsors make no warranties of any kind, either expressed or implied as to any matter including, but not limited to, warranty of fitness for a particular purpose or merchantability, exclusivity or results obtained from use of the material.

    CASES writers & sponsors do not make any warranty of any kind with respect to freedom from patent, trademark, or copyright infringement.
    Full DISCLAIMER notice at: http://www.casescontact.org/terms.php

    UNSUBSCRIBE
    If you no longer wish to receive this TIP ADVISORY, please Unsubscribe at:
    http://www.casescontact.org/unsubscribe.php

    QUESTIONS, comments, ideas? Cheer us up at:Tips-Comments at CASEScontact.org

    CASEScontact.org -- Threat Alerts and Security Notices --clear and precise, no compromise -
    --currently hosted by Flashcable
    -- END of TIP & Tricks ADVISORY--
    Copyright (c) 2007 by CyTRAP labs - Urs E. Gattiker. All rights reserved.