GEEKNOTE: Email Security

GEEKNOTE:  It has been an interesting week with lots of news items in the mix.  Several of them have prompted the malware folks to take advantage of the gullible.

Both the terrorist attack in Boston and the fertilizer plant explosion in West, Texas were quickly followed by malware spam purporting to offer links to news articles.  Anyone clicking on the links would likely get more than they were expecting.

Over three thousand years ago, the Greeks figured out that they were not going to defeat Troy's security wall from the outside.  They created a horse and left it outside the gates of Troy as a gift.  The Trojans, excited by this surprise gift from the Greeks, brought the horse inside the walls of the city and the rest, as they say, is history.

What happens today is exactly the same:  We voluntarily bring the "gift" inside our computer firewall and the bad guys have access to everything we have.

Most individuals log into their computers with administrator level credentials.  By executing the malware with administrator level credentials, we give the bad guys access to EVERYTHING.   Microsoft tried to protect us from ourselves by adding User Account Controls beginning with Vista.  Unfortunately, most folks either turn off UAC or automatically approve any UAC prompt that appears.

When we set up a business network, we try to get our clients to let us set up two logins for anyone needing administrator access to the network.  That way, they can log in as a normal user for routine stuff and log in as a network administrator when they need to do something that only a network administrator can do.  It is a good idea for individuals to do the same... create a user account for everyday use separate from the administrator account that comes with the computer.

How dangerous is it to click on those email links or attachments?  How important is the information on your computer?  Can you afford to lose all your pictures or documents?  Do you have confidential information on your computer, such as saved logins to your bank account?  Perhaps you use Turbotax or other software to do your income taxes. 

It bears repeating:  Give the bad guys access by rolling that Trojan Horse / clicked link / opened attachment inside your computer and you have given them EVERYTHING.

Before your turn off your computer and box everything up, let me offer you some suggestions on how to protect yourself:

1. Be wary of unexpected attachments and links that show up in your email, even from friends.  When in doubt, call the person who supposedly sent you the email and ask them if they sent it.  One dead giveway here is that the person's name is in the "from" field, but their email address isn't correct.
2. Install McAfee SiteAdvisor (http://www.siteadvisor.com) so that you get at least some warning when you forget and click on a link.  SiteAdvisor also gives you security ratings when you are surfing the web and search for something on Google or one of the other search engines.  SiteAdvisor is one of those rare security resources: It is both excellent and free.
3. Run current AV / Security software on your computer.  Several of the free ones are okay, including AVG Free, Microsoft Security Essentials, and Avast.  Of the current crop of commercial AV products, I'm partial to the ones from F-Secure as they just received the top rating from AV-test.org.  (Disclaimer, we've been both using F-Secure products ourselves and selling them for a decade.)  Whether you go with one of the free products or spring for a commercial one, you need to keep your subscription current and scan your computer from time to time. 
4. The corrillary to recommendation three is to never run more than one AV package. They tend to fight each other, leaving you potentially unprotected and slowing your computer down to a snail's pace.
5. Make sure your firewall is turned on and stays on.
6. Finally, make it a policy to avoid "those type" websites.  You know the ones... those with "pictures of young ladies unencumbered by the best efforts of the ILGWU". (Jack Rickard - c. 1995)

Another new scam effort I saw repeatedly this past week involved emails telling me alternately that my credit scores had gone through the roof or gone down significantly.  Naturally, they were all bogus.  I've dissected one of these emails on my website blog.

I know our school system is dealing with some serious financial issues, but I have to wonder it it wouldn't be money well spent to require all high school students to read Homer's Iliad and Odyssey like I had to back when I attended Gulf High School.  The security lesson contained in the Iliad is just as timely today as it was three thousand years ago.

As always, feel free to drop me a note or give me a call if you have any questions about your computer or the Internet.

Rob Marlowe, Senior Geek, Gulfcoast Networking, Inc.
http://www.gulfcoastnetworking.com