4 Computer Security Threats You Might Not Be Protecting Against
By David Nield, Gizmodo, 19 January 2017.
By David Nield, Gizmodo, 19 January 2017.
Most of us know the drill of getting an antivirus program up and running or relying on the built-in security protections that come with our computers, but there are some less well-known threats that it’s important to look out for too. Here’s how to stay safe.
1. USB drive infections
Image: David Nield/Gizmodo
Malicious attacks can happen very quickly if a nasty USB stick should be plugged into your computer by you or someone else. Apparently more than half of us will readily plug in any random USB drives we come across just to see what’s on there.
Modern versions of Windows and macOS no longer run executables on USB drives by default, but the most advanced malware can get around this anyway. The best way of staying safe is just to be very careful about what you plug into your computer.
If you do have an antivirus package installed on your computer, it might already have some kind of USB drive protection available, so make sure it’s correctly configured and switched on. Otherwise, run a thorough virus scan on any new drives when you attach them.
For Windows, there are plenty of third-party tools around specifically designed to combat USB attacks: Panda USB Vaccine, Ninja Pendisk and Bitdefender USB Immunizer to name just three.
Unfortunately, USB attacks can be very sophisticated and difficult to stop. Short of never using USB drives at all, or setting up an isolated computer specifically for the purpose of checking USB sticks - neither of which are very practical - all you can really do to minimize the risk is be very suspicious of USB drives you haven’t just bought brand new.
2. Webcam monitoring
Image: Screenshot
We’ve talked before about keeping hackers out of your webcam. The easiest option is just to tape over the camera, or use the built-in shutter, if it has one - any security solution that’s good enough for Mark Zuckerberg is good enough for us.
There are some software tweaks you can make too, if you’re worried about anyone peering back at you over the web. In Windows, open up Device Manager, then right-click on your webcam (under Imaging devices) and choose Disable.
For a less drastic solution, in Windows 10 you can choose Privacy then Camera to set which apps can use the webcam and which can’t.
Deactivating an integrated webcam isn’t quite as straightforward on macOS. There are a number of unofficial hacks you can try, and this one is probably the simplest. Delete a file called QuickTimeUSBVDCDigitizer.component from Macintosh HD/ System/ Library/ Quicktime (just back up first).
If you’ve installed an external webcam over USB you can of course just unplug it when you’re not using it.
Of course you might not want to disable your webcam completely, in which case there are third-party software tools you can make use of. OverSight for Mac and Who Stalks My Cam for Windows will both run in the background and warn you whenever a program tries to make use of the camera.
3. Wi-Fi eavesdropping
Image: Screenshot
Even if you’ve got all your precious data safely locked down on your computer, once it’s beamed out into the ether it can be nabbed by someone else with surprising ease. We’re talking here primarily about public Wi-Fi networks, where you’re sharing your access with a coffee shop or hotel full of other people.
There are steps you can take to stay protected: stick to sites that use secure HTTPS connections, for example, usually signalled with a green padlock in your browser’s address bar.
Installing a VPN (Virtual Private Network) app is perhaps the best way of staying safe on public Wi-Fi. These programs (AirVPN, IPVanish, TunnelBear, CyberGhost and many others) add an extra layer of encryption and protection, making it much harder for someone sat on the next table over from tapping into your communications.
The usual mantra of keeping all your software up to date, from the OS to your security software, applies again here too. You should think twice about doing any kind of sensitive tasks, like online banking, on a public network - it might be better to wait until you’re back at home.
4. Social engineering
Image: Ilya Pavlov/Unsplash
A note reading “please don’t lock this door tonight” was enough for some enterprising burglars to break into the offices of the FBI in 1971, and social engineering is still one of the most effective ways of getting in somewhere that’s out of bounds.
In terms of computer use that means being suspicious of emails and messages that pop up over social media, thinking twice about following through on pop-ups and prompts on your machine, and being very careful about the information you part with, whether that’s over the web, in person or over the phone.
Watch out for phishing attacks too, where fraudulent emails and sites are mocked up to look like the real thing. Some of these are easy to spot, but some aren’t, and you should make sure your web browser is up to date as well as being wary of random requests for personal details that appear over the web.
If in doubt, visit websites directly rather than following links in emails (you should only really do this when resetting a password or verifying your email address for a new site).
You should also be thinking about the information you’re making public on social networks: should you inadvertently let your home location, or date of birth, or pet’s name public, you’re giving hackers clues about how they might get into your accounts.
As we’ve mentioned many times, turning on two-step verification for your accounts is important, but remember that most apps and sites have a password reset or account recovery option - if someone has the necessary information (like dates of birth or alternative email addresses) to reset an account, you’re in trouble.
Slow down, be suspicious, and be very careful with the information you give out online, whether in a tweet or a web form.
No comments:
Post a Comment
Please adhere to proper blog etiquette when posting your comments. This blog owner will exercise his absolution discretion in allowing or rejecting any comments that are deemed seditious, defamatory, libelous, racist, vulgar, insulting, and other remarks that exhibit similar characteristics. If you insist on using anonymous comments, please write your name or other IDs at the end of your message.