Protecting Yourself Online - Protecting Yourself
(Page 3 of 4 )
As you have seen, we were trying to stress that most of the "nasty stuff" lurks on the underground parts of the Web. In general, those people are easier targets because they are fiddling with warez (illegally pirated stuff). Chances are slim that someone will backdoor an executable coming from a Microsoft server, for example. Also, be careful in the case of forums and the links you receive via IMs!
It is especially crucial to have antivirus software not only installed but also left enabled on continuous protection. Don't forget to set up a schedule to automatically update your virus/malware file definitions. Now that you're pretty much always online anyway, why neglect this? Dedicated anti-spyware and malware apps are also useful. Here we're referring to Lavasoft's Ad-Aware, Spybot Search & Destroy, and so forth.
A software firewall is frequently neglected by the average home computer user. These utilities are necessary because they monitor the incoming and outgoing (this part is important!) packet traffic, and they are able to report which application(s) attempts to send something. This is how you find out that the executable your friend sent actually wants to upload something to an FTP server.
Well, guess what? Chances are that this is when the backdoor application wants to send (by uploading) the sensitive information it collected to an online repository where the attacker can meditate upon it. Aside from protecting you from this scenario, a firewall suite offers Portscan Detection, DoS protection, NetBIOS protection, anti-MAC and anti-IP spoofing, and many other forms of protection such as DLL authentication, anti-application hijacking, and so on.
You should also note the possible scam attempts you may be receiving via email. In the past few years, phishing has really become popular. Contrary to the fact that every provider and online service stresses the precautions you need to take, and some even encourage paying extra attention when clicking on links and so forth, a mind-blowing number of people fall into these traps on a daily basis.
In phishing, the attacker uses online social engineering techniques to convince the user to give out his or her sensitive information. Most of these attempts look really professional because they are composed of a seemingly "legitimate" email where they notify the user that, due to some security checks, they need to verify some of their account information.
Thereafter, once they thank you for cooperating, the hyperlink that is given looks totally identical to the legitimate website; however, the nasty stuff happens in the redirection. The website to which the user is lured also has the design ("look-and-feel") of the official site. So the user sees all expectations met and is satisfied that it's the real site; satisfied enough, in fact, to type in his or her information. Do NOT ever fall into this TRAP. This is becoming old... but it still works!
Every time you sign up for an online service of an online merchant, payment processor, or online bank, it is specified more than once that no employee will ever ask for your password again. Never! And PayPal also stresses that you should never click on the hyperlinks received within emails, instant messages, etc. Always open a new browser tab and write in the address of the web page. This is the only secure way.
Here's an example. The link looks identical but it redirects to the phishing website.
Next: Don't Freak Out! >>
More Web Hosting Security Articles
More By Barzan 'Tony' Antal
