A woman looks at a website designed to check for problems stemming from malware known as DNS Changer, July 9, 2012 in Washington, DC.
After weeks of media-fueled hullabaloo about DNSChanger all but dooming the Internet — what actually happened as July 9 came and went was even less than Y2K-bug worthy — it’s worth pausing to reflect on why some were infected with the Domain Name Service malware and others weren’t.
(MORE: DNSChanger: No, the Internet Isn’t Shutting Down on Monday)
Most of you, like me, didn’t contract DNSChanger, just as you probably don’t find yourself often engaging in life or death battles with malware, ever-threatening your volatile data’s viability. That’s because you’ve already scooped out your digital moat and lined up your virtual semaphores to keep your computing redoubt as well-fortified as today’s tech allows.
This, with affection, is for the rest of us: the ones who still use “password” as their password for anything, or run their wireless networks like public swimming pools.
Are you running security software? Let’s get the forehead-smacking obvious one out of the way. Most computers that aren’t sold by a certain Cupertino-based company come with preinstalled antivirus utilities, but don’t assume you’re in the clear just because someone put a security vendor sticker on your desktop or laptop’s chassis. Is the tool active? Is it set to autoupdate? Has it been autoupdating?
Yes, most security software falls under the “fire and forget” column, but it’s worth taking a look anyway, just to be sure. When was the last time your antivirus checker updated? That it fully scanned your local drives? If it’s been awhile, has something interfered with its ability to? A router or firewall tweak? Has another user of the computer disabled your security software for some reason, say to get a game working?
Here are some steps to take if you don’t have security software installed:
If you’re a Windows user, Microsoft maintains a list of Windows 7-compatible antivirus vendors, many of them free. And if you’re running older versions of Windows, Microsoft has separate vendor listings for Windows 8 (beta), Windows Vista and — though it’s over a decade old — Windows XP.
Linux users, we’re not forgetting you: Check out Avast! Linux Home Edition or AVG Free Edition for Linux or Bitdefender Antivirus Scanner for Unices (though the very fact that you’ve taken the time to learn how to install Linux suggests you’re the sort of person who’d never run a computer unsecured).
If you have a Mac, you’re not off the hook (you never were, really) and also probably the most likely to be running unsecured, thanks to years of Mac-mythology and Apple marketing contributing to it. Go, as soon as possible, to any of a handful of vendors that offer free antivirus Mac utilities, like Sophos Anti-Virus for Mac Home Edition or iAntivirus by Norton.
And if you want the long list of security software options, Wikipedia maintains a table of international antivirus vendors, sortable by operating system, features, cost, country of manufacture, etc. (with obligatory caveats about Wikipedia’s potential inaccuracies and/or datedness).
Is your computer’s firewall enabled? Your firewall is your computer’s virtual border patrol, checking incoming information (or in some cases, exiting) and either blocking or allowing that information to pass based on your settings. Firewalls aren’t impregnable, but they’re your first line of defense against malware or hacker-related attacks. Leaving them off, whether gaming or simply browsing the web, is a very bad idea.
Windows users, you’re the least likely to run afoul of this principle, since Microsoft’s Security Center won’t stop complaining about its default firewall being disabled (it’s enabled by default on newer versions of Windows, so if it’s off, chances are someone turned it off for some reason).
If you want finer control over your firewall, the days of must-have third-party utilities have come and gone since Microsoft started providing an inbuilt firewall with Windows, but there’s still stuff like ZoneAlarm Free Firewall, Comodo Firewall, or PrivateFirewall to consider, especially if you want to fiddle with how your firewall regulates outbound connections like those originating from your computer.
On Macs, the firewall is bizarrely disabled by default, and Apple doesn’t bother reminding you to turn it on (nor, in my experience, do any of the third-party OS X-based security utilities). I’ve on occasion forgotten myself, when reinstalling OS X, to start up the firewall. If you’ve never checked, it’s time to do so by visiting OS X’s “Security & Privacy” preference pane (under “System Preferences”). You’ll want to make this one of your first stops after buying a new Mac, or when reinstalling the operating system. And if you feel like sending a stern (but diplomatic!) note to Apple asking them to rectify this in future versions, you can do so here.
Note that while your Internet connection (provided by your ISP) probably has its own firewall enabled by default, it’s no reason to disable your computer’s, especially if you’re using a laptop, or connected via a wireless network.
Get the latest OS-level security updates, then make sure you’ve installed them. These are the periodic operating system-level updates released to patch bugs or innate vulnerabilities in an operating system’s underlying architecture (including applications, like browsers). The nagging can sometimes be annoying, but they’re not distributed without reason, and both Apple and Microsoft are doing so these days.
It’s not only important that you’ve downloaded the latest patches, but that you’ve also installed them. I’ve seen legions of computers over the years that sit or weeks or months with patches or updates downloaded and at the ready, but which, for one reason or another, haven’t been rebooted to apply or pick up the changes. Mac users in particular are vulnerable here, since OS X nags much less often than Windows when an update’s ready to roll.
Secure your network. If your router’s firewall isn’t enabled, enable it. If you’re running a wireless network, enable wireless security (I’m still seeing unsecured Wi-Fi devices using default network names like “Linksys” in my neighborhood).
If, for some reason, you’re still running the easily cracked WEP wireless security protocol, switch to the far more secure WPA2 (do this manually and pass on Wi-Fi Protected Setup, which has security flaws — in fact you should disable the latter feature if it’s enabled). See your router’s manual for instructions on how to do this, or contact the manufacturer (or your ISP, if they provided the router) for help.
You might also consider filtering Wi-Fi connections by MAC address, the unique hardware identifier associated with your computer’s network card. And keep tabs on what’s been connecting to your network via your router’s security logs.
Back up your data. This one actually has a preamble: Organize your data. If you have 1GB of critical volatile data and 50GB of extraneous filler that’s duplicated elsewhere or that you downloaded for a one-time read (PDFs are notorious culprits) and haven’t deleted yet, there’s no reason to back up all 51GB of it (nor is your out-of-control file system an excuse to let this slide — make the time and keep your data organized rolling forward).
Then back it up. If you’re backing up to an external drive, scan it periodically with your security software, then be sure you’re only connecting the drive to secure and up-to-date systems. If you’re using an online file-sharing service like DropBox or Google Drive, ensure that your security software is scanning these locations as well. Google says Google Docs will automatically scan files for viruses, but it’s not clear if that applies to all files stored on Google Drive. And DropBox doesn’t appear to offer virus or malware checking of any kind.
Follow the “principle of least privilege.” Do you really need to run your personal computer with administrative privileges? If not, consider creating a basic user account for day-to-day operations and keeping the administrative account on standby for truly “administrative” duties. By minimizing what your computer can and can’t do, you’re also dramatically minimizing the harm malicious software can inflict. Give it a shot — you can always switch back.
Set your computer to require a password for sleep or screen saver (and disable automatic login). Think of it like establishing an auto-locking mechanism on a file cabinet — another way to protect yourself, say you have to step away from your computer in a public space, or your computer’s stolen. The only inconvenience to you: entering your password at startup, or when your computer wakes up.
Avoid behavior that could compromise your computer. You know the drill: Don’t share passwords, don’t use ridiculously obvious passwords, ignore requests sent from anyone asking for password or passphrase info, and curtail any insecure behavior (or settings) on social networking sites like Facebook.
Don’t download software you’re not familiar with, and by all means don’t launch an executable that’s suddenly appeared as if from nowhere.
What you do on the Internet is your business, but know that visiting certain sites (pornographic, illicit file-sharing, etc.), given their often less-than-stringent security standards, may (and probably will) increase your exposure to harmful software.
Beware of (and don’t respond to) phishing emails. Don’t click on links you’re unfamiliar with, whether in your browser or email. And remember that just because the text of a link sent by email appears to be valid, i.e. it looks like the web address of your bank or credit card company, it may be masking a completely different link — if you hover over the link, it should pop up a dialogue box that shows where it’s actually pointing. Always check this first to be sure the link is valid.
And please, don’t forward chain mail. Malicious or no, it’s annoying.
Consider encrypting your data. Encryption won’t protect you from stuff like DNSChanger or other non-data-specific malware, but it’s worth looking into file or drive encryption options, especially if you’re starting to store sensitive data in the cloud. I know, it sounds like an extreme security measure given the complexity involved in setting it up, and you need to be very careful that you don’t forget or lose an encrypted file or volume’s password, but as we start moving our data from local to cloud-based storage en masse, encryption as an additional security option ought to at least be on your radar.
If you have security-illiterate relatives or friends, offer a helping hand. I’ve always felt it’s incumbent on those of us who know how, to help those who don’t (within the bounds of reason, of course — you can’t be full-time tech support for everyone). And there’s an often overlooked perk: If the people you communicate most with are secure, chances are you’ll be safer, too.
If you have friends or family you know aren’t running security software (or you suspect might not be), or who don’t routinely update their devices, consider taking the time to explain why it’s important, then help them get started (as opposed to waiting for the call to come after their computer’s been compromised). Or just advise them to take advantage of support resources they might otherwise not think to in securing their system, say the support services offered by the manufacturer of their computer, or a free advisory and diagnostic service (for Mac users) like Apple’s Genius Bar.