Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

How to protect your PC against devious security traps

Brad Chacos | Sept. 17, 2013
From phishers to hackers to all sorts of attackers, here's what you need to know to stay safe on the Web.

Many premium antivirus tools automatically scan email attachments for malware, but you still want to download attachments and scan them manually before opening them, just to be safe.

Though not all malicious email messages originate from foreign lands and contain spelling and grammar mistakes, many do. If you receive an error-ridden missive claiming to come from an official source, be on guard.

Fake update or error warnings
By now you're likely aware of adware, the annoying form of malware that inundates you with a flood of ads or scary messages that promise to disappear for a fee. You can eradicate such nuisances with antivirus tools, but that isn't the case for a similar strain of invaders that try to coax you into installing malware while you surf the Net.

These shifty sites and ads pop up boxes disguised as permission requests to update your browser, or claim that you need to download the latest version of the software to run a feature on the page. Clicking any button—often, even the Decline button—gives the attacker authority to run code on your machine, or brings you to a fake download page to install malware disguised as Flash or QuickTime or whatever. Pwned.

Side-stepping these landmines is fairly simple: If a website prompts you to update your software, manually surf to that software's website and look for updates there, rather than clicking the update pop-up. Don't click any buttons on the pop-ups, either; close the tab or window completely, or reload the page after you've installed the update via official channels.

Other drive-by downloads
Such fake updates and malicious "warnings" are part of a larger trend toward "drive-by downloads," or attacks designed to infect your computer stealthily by exploiting vulnerabilities in software.

Again, the basics for avoiding such attacks are fairly simple. Keep security and antivirus software active on your machine—but just as important, make sure that your PC and its other applications are current. Stay on top of Windows Update (Control Panel > System and Security > Windows Update), or just set it to install new updates automatically. Use Secunia PSI to automate updates for the rest of your programs: This superb software works in the background to look for new patches, applying updates automatically if possible, or prompting you to install them manually otherwise.

If you want to reduce the chances of running into fake update/error requests, you could use a plug-in such as NoScript to block JavaScript in your browser. Doing so breaks many feature-rich aspects of the Web, but you can whitelist sites you trust. Disabling the oft-targeted Java reduces your risk, too. I uninstalled Java and other popular, frequently attacked programs recently, and discovered it wasn't a headache whatsoever.

 

Previous Page  1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.