How can I secure
my computer?
 Use
a Current Browser
Make sure you are using the most current and updated
version of a web browser. As security features
are strengthened, most of the popular software
providers make updates and new versions of their
browser available for free. Having a current browser
will help to ensure you have the most recent updates
and strongest protection.
To download the most recent version
of your Internet browser, the following
links are provided for your convenience:
http://www.microsoft.com/downloads/search.aspx?displaylang=en&categoryid=6
http://browser.netscape.com/nsb/download/default.jsp
Click
here for a list of the minimum
browser requirements in order to access
CU Online.
Set Browser Security Settings
Most of the popular Internet browsers
have built-in security settings that
you can customize to protect your
PC from viruses, spyware, harmful
cookies, and other threats to your
PC. Keep in mind, however, that the
more strict you set your settings,
the more inconvenient using the web
becomes. For example, cookies must
be enabled to use CU Online because
we use cookies to establish a secure
connection.
Some browsers, including Microsoft’s
Internet Explorer, allow you to create
lists of sites that you know to be
secure. You may find it convenient
to add certain sites to this custom
list to ensure their functionality,
but to set high security settings
for all other sites.
Don’t Open Email Attachments
From Unknown Sources
If you receive an email from an unknown
source, never open any attached file.
Viruses, spyware and other harmful
programs can be delivered through
email attachments. It’s good
practice to delete memos from unfamiliar
sources prior to opening or
previewing them.
Disable any Email Preview
Windows or Panes
Some email programs offer a preview
window or pane that automatically
shows the content of the email. Because
viruses, spyware and other harmful
programs can be delivered to you via
email, this preview can launch the
program (virus, spyware, etc.). It’s
good practice to delete memos from
unfamiliar sources prior to opening
or previewing them.
Use a Current Operating System
Like browsers, many operating systems
are continually updated with new security
enhancements. To download the most
current versions of your operating
system, the following links have been
provided for your convenience.
 Install
and Update Anti-virus Software
Using virus protection software will
help to keep your PC safe from some
attempts to load destructive programs
– whether its being done intentionally
or accidentally. However, simply loading
an anti-virus program is not enough.
You should also enable your anti-virus
software to receive online updates.
As new viruses are detected, many
anti-virus providers update their
system to catch and destroy them in
the future. If you do not update your
anti-virus software, your PC may not
be safe from the most current virus
threats.
Though neither of the following are
specifically endorsed by Arizona Federal,
the following are popular providers
of anti-virus software:
Install and Update Anti-Spyware
Software
There are many different types of
Spyware that may have found their
way onto your PC. They range widely
in their danger and significance from
either causing slight performance
problems, to being used to record
and transmit all keystroke activity
(including the passwords you enter)
from your PC to someone else.
Though none of the following Spyware
programs are endorsed by Arizona Federal,
the following are providers (or reviews
of providers) of anti-spyware software:
http://www.spywareinfo.com/
http://www.spywareguide.com/
http://www.safer-networking.org/en/index.html
http://www.pctools.com/spyware-doctor/?ref=ov_f
Install a Firewall
A firewall is software that acts as
a guard or barrier between a PC and
the rest of the world. Properly used,
a firewall scrutinizes and filters
information that attempts to pass
through it. Only information and files
that are permitted are allowed to
pass to the PC. Those that are not
are turned away and not successfully
passed through to the PC. If you have
an Internet connection (especially
a cable, DSL or any other high speed
solution) and no firewall, you are
making your PC available to others
to use via the Internet. Some firewalls
also help to fight or limit viruses,
spyware and spam.
There are a variety of both free
and not-free firewall systems. While
none are specifically endorsed by
Arizona Federal, the following link
provides information about popular
providers of firewall systems:
http://www.firewallguide.com
Contact Your Internet Service
Provider (ISP)
Many ISPs have built-in security features
which may include anti-virus software,
firewalls or other features. You should
contact them to determine what (if
anything) they are doing to help protect
you when you use their Internet service.
You can then create a strategy that
compliments what they already have
in place. If they have nothing in
place, you may want to consider alternate
providers.
Don’t Participate in Free Contests
and Giveaways
Many of these “contests” are illegitimate
and coaxes to install spyware or other harmful
files into your PC. There are obviously legitimate
contests and giveaways as well. A best practice
would be to make sure the company offering the
prize is legitimate and one that you are familiar
with. You should also consider whether or not
you had to go to their site to see the opportunity
or if it was sent to you by email or pop-up window
unsolicited. The degree of the aggressiveness
of the campaign may have an opposite correlation
to its legitimacy—the stronger the push,
the more likely its fraudulent.
Install a Pop-Up Blocker
Installing pop-up blocker software
will reduce the number of illegitimate
games, contests or other hoaxes presented
to you.
What harmful programs could
I get on my computer if I'm not careful?
Spyware
There are a few basic types of spyware:
Advertiser software (Adware), Web
Bugs, Proxy Adware, Stand-Alone Commercial
Computer Monitoring/Surveillance software
and Trojans.
Adware
Businesses will pay to learn your
purchasing habits, preferences, household
income, family composition and other
demographics to better target their
advertising to you. For example, if
a marketing firm thinks you are an
avid hiker, they will flood you with
pop-up ads selling everything from
boots to backpacks. These companies
devise schemes to get you to install
their software by offering a free
game or other ‘entertainment’
type product.
Web Bugs
Web Bugs are a form of adware that can track what
you’re doing online, return that
information to a third party, and allow them to
pop-up ads or just monitor you for
demographic purposes. While these forms of spyware
are intrusive, they usually do not collect any
personally identifiable information, just demographics.
Key Loggers
A keylogger is a hidden program that records every
keystroke you make, whether online or offline.
The information is stored on your computer until
it is retrieved, usually throught the Internet,
by someone else who can examine the keystrokes
to learn passowords, account number, email messages
and anything else you have typed on your computer
These spyware programs load executable
programs and take up resources running
in your computer and can, usually
by accident or poor design, interfere
with your own programs or operating
system causing unforeseen, unexplained
crashes or abnormal behavior. The
most often seen effect of adware is
a general slow-down of your PC as
more and more resources are diverted
to the spyware programs and fewer
resources are available for your own
use.
 Proxy
Adware
There is a new form of adware commonly
known as “proxy” adware.
This type of software is again installed
along with another program the user
deems useful but, instead of just
collecting demographic information,
this software has the potential to
collect absolutely all user information
no matter how private.
Proxy adware works by getting the
user to agree to allow all inbound
and outbound
traffic from their PC to be re-routed
through a marketers’ servers.
This is done by the
addition of a small software program
on the user’s PC. What this
means is that all
information sent by the user, to any
other person at any time, is captured
by the
marketers’ servers. This also
applies to SSL encrypted transactions
containing sensitive
information such as online banking
user IDs and PINs. This works because
the
marketer is actually a man-in-the-middle
who gets the encrypted transmission
from the
user, is able to decrypt it because
he is an authorized proxy, and then
re-encrypts it and sends it on to
its intended destination as the user.
This is an incredibly intrusive form
of adware. Many users are actually
unaware of the
implications of its use either because
they did not read the End User License
Agreement
(EULA) when installing the software
or were not technically knowledgeable
enough to
understand the full ramifications
of the Agreement.
Commercial Spyware
This software is sold for use by employers,
employees, spouses, private investigators,
identity thieves and others for one
purpose: to record everything you
do on your
computer ... silently. These include
URL recorders, keyloggers, chat monitors,
screen
recorders, program loggers and more.
While it may have legitimate uses
such as
monitoring your child’s Internet
access or ensuring that employees
do not access
inappropriate websites on company
time, it can be easily abused by unscrupulous
people.
Trojans and other malware
The last type of spyware is broadly
lumped into the category called a
“trojan,” which was named
after the infamous Trojan Horse. This
type of software is most commonly
used to deliver worms, viruses and
other forms of ‘malware’
to PCs. The worst type is called a
“RAT,” or Remote Access
Tool. This tool enables an attacker
to have complete control of your PC.
How Does Spyware get into
Your PC?
Adware is often installed along with
another program that the user considers
useful.
Trojan spyware is most often installed
either by a malicious prankster or
a criminal.
Certain types of trojans exist solely
to gather personal information, such
as online
banking user IDs and PINs, which enables
the perpetrator to commit identity
theft. As the name implies, trojan
software gets installed by the user’s
own action or, in some
instances inaction. In some cases
a user clicks a link in an email and
either runs an
executable attachment or links to
a website program that downloads and
executes a
program. In some cases just visiting
a malicious website and viewing a
page is enough
to silently download and execute a
spyware program.
Software ‘trading’ with
friends can also mean an Internet
spyware program could be
hidden in the traded software. This
also applies to music files, MP3s
and so forth. Even
graphics are not immune. There is
an exploit that allows certain picture
files to become
infected with malware and be able
to propagate on a vulnerable PC. As
to Stand-Alone Commercial Computer
Monitoring/Surveillance software,
this software/hardware is most usually
installed by a trusted person who
has physical access to your computer.
What Can Happen if Spyware
is on Your PC
While most forms of adware are intrusive,
trojans are even worse. Many trojans
contain RATs. There are three main
reasons why these trojans exist.
The first is the prankster or ‘script-kiddie’.
These perpetrators aren’t really
hackers; they’re usually much
less technically astute. They manage
to get a copy of an existing malware
program and modify it to some extent
to avoid detection by anti-virus scanners.
Some do this for a joke, some to get
bragging rights with their friends,
some to see how many PCs they can
‘own.’ If their malware
contains a RAT they may enter your
machine, copy software and/or cause
intentional or accidental damage.
These people usually aren’t
looking for any personal information.
The next use of trojans is by spammers.
Spammers are slowly being squeezed
by international law and are finding
it harder and harder to get ISPs to
host their activities. They have turned
to the method of creating ‘zombies.’
A zombie is a PC that has been infected
with, and is now controlled, by a
RAT. The zombie PC is used to send
bulk spam email for the spammer. By
infecting thousands of home and business
PCs the spammer can use them like
throwaway, disposable mail generators.
He can send millions of emails in
a single night using someone else’s
bandwidth and good name. The ISPs
that get this flood of spam often
block the sending machines and even
get the person’s account at
their ISP terminated.
The last, and most dangerous, use of malware
is identity theft. There are a number of trojans
that are created specifically to harvest online
banking user IDs and PINs, credit card numbers
and other financial information. Many of these
also install RATs as well.
Additional
Resources
While not specifically endorsed by
Arizona Federal, the following links
are provided for your reference to
assist you in learning more about
online security practices:
http://www.cert.org/tech_tips/home_networks.html
http://www.us-cert.gov
http://www.cert.org/homeusers/HomeComputerSecurity/
http://www.securityfocus.com/columnists/220
http://www.staysafeonline.info/home-tips.html
http://www.pcmag.com/article2/0,1759,2232,00.asp
View
Account Protection Resources • Read
an Article from the Education Center
|
Print
Page
