Most of us are aware of the really big risks out there on the internet – sites offering “free” software, hacks for games, or pirated films.
But it’s perfectly possible to allow cybercriminals a foothold on your PC without visiting the darker districts of the web.
Tiny things such as using an admin account on your PC when you don’t need to can give cybercriminals their “way in”. Thankfully, a few simple changes can make you safer – wherever you browse, and whatever you do.
Below are ESET’s tips for how to close off those last few “holes” you might have left in your trusty PC.
Promoting yourself to “admin”
Most computer operating systems allow for several users on the same machine at once – but many of us opt to use just one with administrator privileges, ie . If you choose not to, you’re less vulnerable – malware may not be able to get a foothold, and most of us don’t need admin privileges ALL the time. ESET Senior Research Fellow David Harley says, “Log on to your computer with an account that doesn’t have “Administrator” privileges, to reduce the likelihood and severity of damage from self-installing malware. Multi-user operating systems (and nowadays, few operating systems assume that a machine will be used by a single user at a single level of privilege) allow you to create an account for everyday use that allows you less privileges than are available to an administrator.”
“Pimping” your browser
It’s tempting to think of your browser as a “window” on the web that you can personalize – but it’s a mistake. That window is the one cybercriminals will come in through. Don’t store passwords in your browser – or any info, if you can, and don’t download dubious plug-ins. “Plug-in” might SOUND different from downloading an executable file, but this year ESET detected several “plug-ins” with a hidden dark side. Keep your browser clean – and you won’t hand information to cybercriminals.
Ignoring boring little boxes
Any nagging warning that pops up when your PC turns on is probably important – even if it makes you hate Adobe and Java, update whenever you can. Do it manually if you’ve noticed that the nags have slowed down. The source code for Acrobat – Adobe’s document software – was recently stolen, and may well be in the hands of criminals. This could lead to fast-moving attacks against which there is little defense except to update fast, and ensure you have good AV software running. Likewise, ensure Windows Update is on, looking for updates, and installing them every time it turns on and off. These updates are rarely to add new functions – they’re to prevent cybercrimals “zombifying” your PC. Patch, patch and patch again – and just remember to untick that box that makes Ask.com your search engine when Java updates. Google is much better.
Having too many friends
We’re told that this is the “social age” on the web – but cybercriminals are friendly guys too. Don’t befriend people you don’t know on Facebook – and if your Privacy settings are set to Friends of Friends, you’re effectively doing that already. Don’t post your phone number or email on Facebook – Facebook’s new Graph Search makes that information accessible to people you may not know.. Most importantly, though, don’t rush to click links – malware is increasingly delivered via social sites, and that shortened URL offering a hilarious video might well offer a not-so-hilarious Trojan. A detailed guide to “social” posts that you should distrust is here.
Trusting that “unbreakable” password
You might be the one guy who can remember a 52-character string of random numbers, letters and special characters – but that doesn’t mean you’re totally safe. The cybercrime landscape has changed a lot in the past few years – and with high-profile attacks on internet giants such as Adobe, LinkedIn and EverNote handing huge lists of encrypted passwords to cybercriminals, the worst risk we all take is using “real” email addresses and passwords across multiple sites. Any password can and will be decrypted. Use two-factor systems where you can – offered as an option by many sites, including Evernote. These won’t keep you 100% safe – but put another hurdle in the way of criminals. Cybercriminals sink the big ships first, sites such as Adobe – then go after the passengers. Once such lists are in the hands of criminals, they have the time and the technology to crack them – no matter what password you’ve chosen. When signing up to services such as these, use a “disposable” email address, and use a different password for each one – use a “password safe” such as LastPass if your memory isn’t up to it. For an ESET guide to making passwords as strong as possible, click here – it won’t keep your password safe forever, but it will slow the criminals down.
Author Rob Waugh, We Live Security