The bad news: It's you against an army of cyber criminals around the world. The good news: A little knowledge can provide an effective defense
1. Two starting points lead to the vast majority of attacks
Unpatched software provides the main entry point of entry for hackers or
malware, in part because very few computers have the latest updates for
every commonly hacked program. The victim surfs to a web page or opens
an email, and their computer is instantly, silently compromised. The
second-most-common attack method: The user gets tricked into installing a
Trojan. Together, these two methods account for almost all successful
hacks.
Sure, there are hundreds of other methods: SQL injection attacks,
password guessing, and so on. But nearly everything besides unpatched
software and downloaded Trojans is statistical noise. In fact, if you
fix the main two issues, you almost don’t need to do anything else.
2. Trojans make up the biggest proportion of malware
Most malware can be broken down into viruses, worms, Trojans, or hybrids
that combine features of two or more of those. Viruses spread by
infecting other host files, which when run or accessed, fire off the
malware program. Worms, once executed, are self-replicating; they don’t
need someone to do anything once they are started.
Trojans don’t spread themselves. They rely upon each victim to execute
the malicious program. The originating hacker must spread each and every
copy to each victim separately, usually via email.
Why is this important? Well, unless the Trojan is ransomware,
Trojans are easier to remove than the other malware types. Years ago
most malware programs were viruses, and getting rid of them meant
removing the virus from each infected host and trying to put back the
legitimate program back to its original state. It was a hard to
impossible task, and it significantly complicated removal and cleaning.
These days, because most malware programs are Trojans -- as long as they
aren’t ransomware that hasn’t already locked up your computer -- you
can identify the malicious programs and remove them (although Trojans
may contain self-protection techniques to hamper removal). Still, there
isn’t a malware removal pro or program that doesn’t mind messing with
Trojans as compared to the other types of malware.
3. Most people give away their logon credentials
A significant percentage of users give their legitimate logon
credentials to hackers every year. Typically this happens because the
user is sent a phishing email that claims to be from the legitimate
website asking for credentials -- or the user will lose the service.
Never give your logon credentials in response to an email request. When
in doubt, go directly to the legitimate website and see what it tells
you to do. Trust the website, not the email.
4. Antivirus programs are a necessary evil
Longtime readers know I don’t put a lot of faith in antimalware
programs. Hackers create millions of new malicious programs each month,
and signature-based antimalware can’t keep up.
That doesn’t mean people should disable or uninstall their antivirus
program. They may not be 100 percent accurate, but they catch some
malware, and for that alone, most computers should have one installed.
Source: InfoWorld
No comments:
Post a Comment