The next story in the Privacy and Trust series will be coming shortly, after a couple more updates from the Inside ID conference in Washington, D.C. In my keynote on the opening day of the conference I asserted that organizations and individuals should be spending more time and money on the security of their systems. I said that we don’t leave our homes for the weekend with doors and windows open and yet we effectively leave our "always on" network-connected PC’s wide open. In John Gould’s talk he took this to the next level and discussed specific vulnerabilities of the PC including viruses, worms, hacking, phishing, and spyware. It was a wake-up call for me and I immediately headed for the Net with my ThinkPad to get some new software.
The term virus is often used as a generic reference to any malicious software that gets to your PC from the Internet. John Gould said that "there will be more than 200,000 viruses that will attack us this year". A computer virus is designed to change the way your PC operates, copy passwords or the contents of your contact list, or worse yet damage your computer. In addition to a half dozen or so types of viruses, there are other nasty things traveling across the Net including Trojan horses, worms, and virus hoaxes. There is a good web page at Symantec that describes the differences between these various "viruses" and offers prescriptive advice.
Hacking attacks are also on the increase and an "always on" PC is likely getting attacked daily. It is really important to have the firewall in your cable or DSL modem setup properly and to *also* have a software firewall on your PC.
The newest threat is phishing where fraudulent persons are requesting users to update their eBay, PayPal, or other merchant account information. The phishers are sending emails trying to scare people that their account will be closed unless they update all their personal information. Thirty percent of people are unknowingly responding to these and providing for more personal information than any legitimate merchant would ever request. The solution to phishing, unfortunately, is mostly a matter of awareness. The Federal Trade Commission is attempting to bring legal action against the perpetrators. They also have a good web page called "How Not to Get Hooked by a ‘Phishing’ Scam".
Perhaps the most vile form of software is "spyware" and this is what really got me going today. I had read about this in an article in PC Magazine a long time ago and it has been on my list of things to take precaution against. Spyware can get into your PC from many paths (attachments, downloads, viruses) and can track every action including your keystrokes and then report this information to the "fraudsters". I went to PCMag.com and looked around. The best sounding solution appeared to be "Spybot – Search and Destroy" which is available at safer-networking.org. I installed Spybot and asked it to analyze my system. It found more than fifty potentially malicious programs on my ThinkPad. Couple of them I knew about — WeatherBug and Gator. I was aware of their potential to snoop but I trust both them and find them quite useful. The rest of the programs appear truly malicious and they were things I had never heard of, but yet they were living and running on my system! At this stage I can highly recommend Spybot.
My commitment to myself is to do a complete security audit of my systems as soon as I get home — I will continue to share my experiences here at patrickWeb. At a minimum I believe all of us need to be sure we are using the latest tools for anti-virus, spyware blocking, file checking, startup analysis, software firewall, hardware firewall, and encryption of critical and personal data.
