In the world of comic books, every bad guy is an evil genius. On the Web, hackers, spammers, and phishers may be evil, but they’re not required to be geniuses. They can make a healthy living just by exploiting known security holes that many users haven’t bothered to patch. Or by relying on the propensity of millions of people to do things they’ve been told over and over not to do.
The silver lining is that you don’t have to be a genius to avoid these common attacks either. Implement a few simple fixes, and you’ll avoid most of the bad stuff out there.
Fix 1: Patch Over the Software Bull’s-Eye
Have you turned off automatic updates for Windows and other programs on the rationale that “if it ain’t broke, don’t fix it?” Then consider this: Your programs may be very, very broken, and you don’t know it. The days of big splashy viruses that announce themselves to PC users are over. The modern cybercriminal prefers to invisibly take control of your PC, and unpatched software gives them the perfect opportunity to do so.
Today, a hijacked Web page–modern digital crooks’ attack of choice–will launch a bevy of probes against your PC in search of just one unpatched vulnerability that
Fix 2:  Find the Other Holes
If every program used easy automatic updates–and we were all smart enough to use them–the thriving malware business would take a serious hit. Until then, a free and easy security app from Secunia can help save the day.
The program also gives you links to the software vendor’s site as well as Secunia’s full report about the vulnerability on your system. You can choose to block future warnings about a particular program (but you should, of course, be careful before doing so).
Secunia PSI isn’t perfect, and doesn’t always make it easy to update unsafe program components. But for most apps it provides a quick–and very important–fix.
Fix 3:  Let the Latest Browsers Fight for You
The most insidious hijacked Web pages are nearly impossible to spot. Tiny snippets of inserted code that don’t display on the page can nevertheless
Trying to avoid such pages on your own is asking for trouble, especially since crooks like to hack popular sites–attacks against sites
Microsoft plans to add a similar feature to Internet Explorer 8, but this version won’t be ready for prime time for a good while. For more on the browsers’
Fix 4:  Sidestep Social Engineering
The most dangerous crooks use clever marketing to get you to do their dirty work for them and infect your own PC. Lots of social engineering attacks are laughably crude, with misspelled words and clumsy grammar, but that doesn’t mean you should dismiss the danger. Every now and then, a well-crafted attack can slip past your defenses and
To fight back, turn to a simple but powerful tool:
A lack of warnings doesn’t guarantee a file is safe, but it does give you pretty good odds. Use VirusTotal to check every e-mail attachment and download you’re not 100 percent sure about, and you’ll avoid insidious social engineering.
Fix 5:  Get the Jump on Fast-Moving Malware
Traditional, signature-based antivirus software is getting snowed under by a blizzard of malware. Attackers try to evade detection by churning out more variants than security labs can analyze. So
One promising approach uses behavioral analysis to identify malicious software based solely on how it acts on your PC. But your antivirus software
PC World’s ThreatFire review
Note: If you use the AVG Free antivirus program, hold off on trying ThreatFire until PC Tools releases a new version. The current 3.5 version conflicts with AVG, but PC Tools says it’s working on a fix.
Fix 6: Rescue Your Inbox From Spam
Spam filters are getting better, but some junk still makes it through even the best of them.
Such an address is something you create every time you encounter an online shopping site, forum, or other service that requires you to enter an e-mail address. If that address gets flooded with spam, you can terminate it. That’s a better system than the alternative, creating a free Web mail account that you use only for purchases and Web signups. With a single separate account, you have to throw the baby out with the bathwater and cancel the whole account if it gets too much spam.
Yahoo Web mail users can opt for the $20-a-year Plus service, which includes the AddressGuard disposable e-mail service (among other benefits). With it, you can click a bookmark to create a new, disposable address for any given site in about 10 seconds.
Gmail users can simply append “+ whatever” to their regular e-mail address before handing it out, but if that address starts to receive spam you can’t simply turn it off.
For everyone else,
Fix 7: Develop an Antiphishing Habit
The dastardly practice of phishing for personal information is still alive and well, and many fake sites can be hard to distinguish from the real ones. But a few simple practices can ensure you’ll never be snagged by a phishing hook.
The best approach, and the most straightforward, is never to click a link in any e-mail message to access your financial accounts. Instead, always type the URL or use a bookmark.
If you can’t make that change, then at least use the latest version of Internet Explorer, Firefox, or Opera to browse the Web.
Finally, keep an eye out for
Fix 8: Keep Your Own Site Safe
It’s not a good time to run a Web site.
Crooks use automated tools to search sites for the most common vulnerabilities. If they find one, they blow the hole wide open to plant harmful code that will attack your loyal visitors.
To help keep your site safe, start with some quick, free scans that ferret out the most obvious problems.
A clean bill of health from both scans won’t guarantee that your site is safe. For instance, neither will find problems with custom JavaScript code, another common type of attack. And while requesting or running either scan is easy, fixing a reported hole might involve a fair bit of work.
Fix 9:  Make Your Passwords Secure–And Easy to Remember
Online passwords are starting to seem about as safe as tissue paper protecting a bank vault. The supply of stolen logins is now so huge that crooks can hardly make any money selling them unless they add other ripped-off data, like addresses or Social Security numbers, according to security researchers.
Experts say we should use strong, unique passwords for all our accounts. But they don’t tell us how we’re supposed to remember them, so most of us end up using the same, not-so-safe password at all our accounts.
Here’s an easy fix that allows you to remember just one password,
For a download link and more info on this useful tool, head to the PC World Downloads page.
Fix 10:  Get Extra Cleaning Help for Stubborn Infections
Sometimes even the best antivirus program misses an infection. And once a virus or Trojan horse gets in, removing it can be incredibly tough. If you suspect some nasty got past your defenses, then it’s time to bring in extra help.
Many antivirus makers offer free and easy online scans through your Web browser.
Trend Micro HouseCall: Will detect and remove malware; works with both IE and Firefox.
BitDefender Online Scanner: Detects and removes malware; requires IE.
Kaspersky Online Scanner: Detects malware, but doesn’t remove it;
F-Secure Online Virus Scanner: Detects and removes malware; requires IE.
ESET Online Scanner: Detects and removes malware; requires IE.