The fight against malware is destined to be one of those Good Vs Evil style fights that go on for an eternity. When one side in the fight makes any ground, it is only a matter of time before the other side turns the tides with a new update or new script which disrupts what the other side is trying to achieve.
Whether it is a new botnet, or improved algorithms to identify and combat malware, or more sophisticated spear-phishing scams which harvest valuable data or evolution of malware from PC to other platforms such as smart phones, the battle will continue.
What I want to do, is empower the victims of the battle – you – by giving you some quick tips on how to minimise your chance of malware infection. Because at the end of the day, the best tool against malware infection is you.
1. Anti-Malware
It makes sense to start with the most obvious form of malware protection and the way to ascertain if you have been infected with any; an Anti-malware solution. Anti-malware software (also called Anti-Virus) is an effective tool which can be used to find an existing infection on your computer and then remove it. It makes the process of knowing you are infected that little bit easier. However, what some people don’t realise is that many anti-virus programs are capable of much more, and can actually be used for identifying incoming threats and nullifying them.
In fact, it is possible to set your platform up (dependent on the Anti-Virus software you have installed of course) so that you are notified of incoming threats as you browse the internet, or as email comes in to you. These alerts can then notify you of any activity you are undertaking, or any sites you are visiting, which may cause you headaches in the future.
If you don’t currently have a scanner in place there are a number of good online options which you can use for free. They will not offer you real-time protection, but can help you know if you have an existing malware intrusion. Try these products:
- Trend Micro HouseCall
- Kaspersky free online virus scanner
- Windows Live OneCare safety scanner
- BitDefender Online Scanner
- ESET Online Antivirus Scanner
- F-Secure Online Virus Scanner
- avast! Online Scanner
And for those of you rightly worried about malware on your smartphone, there is a new blog post by Securelist which you may want to read on what you can do and some of the issues confronted by Smartphone malware.
2. Use up to date software on your computer
Keeping all your network applications and programs up to date is pivotal for any company, no matter what the size of the organisation. The risk of updating some and not others opens you to zero-day vulnerabilities, scenarios where hackers look to exploit holes in code which may arise due to incompatibilities between updated programs.
Fortunately, most publishers now make it easier than ever to update their programs with the latest patches through inbuilt automatic updates. Generally, the update will ask you to authorise the download, but other than this, the updates will be applied automatically.
3. Be vigilant with the sites you visit
When doing research on the net, it is easy to get carried away, opening up new tabs or windows in the browser; compiling a number of pages you want to read to find what you want. Whilst this is great for churning through sites to find what you want, what this can do is make you less aware of what pages are potentially less than friendly and which may be opening pop-ups, and even installing malware to your machine.
Even if you were opening one window at a time and came across a page that was not quite legitimate, it would be too late, but because you knew which page it was, and were aware it happened, you could take steps (such as the use of an anti-malware program) to fix the problem.
It is worth noting that today’s web browsers are becoming more advanced. The larger players in the market now offer in-built phishing and malware protection. Check out Firefox and Internet Explorer’s latest offerings, both of which can help identify when a user’s actions will compromise their online safety.
4. Don’t blindly click on shortened URL’s or scan QR codes
The use of QR codes and URL- shorteners is growing rapidly. In fact between Quarter 1 2010, and Quarter 1 2011, the use of QR codes grew by 4549 percent It is no surprise really. QR codes and short URLs make communicating information a lot easier.
What I, in my role, hear way too often however is that people didn’t realise – until it was too late – that not all short URLs nor QR codes are generated nor distributed by businesses or individuals with pure intent. Sure there is growing awareness to the fact that a high percentage of email is Spam or malware and that many sites on the internet are malware ridden, however, many people fail to consider that websites hidden by QR or URL shorteners may be those sites that they would otherwise actively avoid.
5. Question strange emails from addresses you know
In other posts I have written I have advocated the need to question emails you get from banks and other companies asking for certain information. Where someone you know in a ‘professional’ sense asks for information which seems out of the ordinary, chances are it may be a ruse.
But what happens when you get an email from a friend, asking you for help financially? The email comes from their address, it is addressed to you personally and it claims the friend is in trouble (perhaps overseas). In essence the email seems like your friend needs help.
However, be wary as this is a well-known and elaborate scam designed to get you to forward an amount of money to a foreign account. Potentially worse, the email may direct you to click a link which will give you the bank details. In fact this link is in all likelihood going to take you to a site infected with Malware, thus resulting in your computer being compromised.
There are always going to be plenty of scams circulating, so if you are unsure, pick up the phone and call your friend/colleague or the sender of the email and see if it was legitimately sent by them.
Be aware, be active and be attentive
At the end of the day, the best way to minimise your chances of infection is to engage the three As: Awareness, Activation, Attentiveness. Be aware that not everything you receive is necessarily what it seems. Activate your software and keep up to date with new releases. Be Attentive to codes , URLs and other online activities.
Whilst these tips may not guarantee your computer will not get infected, they will help minimise your rates of infection.