Aardvark Daily

Please visit the sponsor!

With power comes risk

The newswires have been littered with news of new vulnerabilities that have been found lurking on the Net.

We had the OpenSSL vulnerability that opened up huge swathes of the Net's servers to curious (and often malevolent) eyes and we're also being told there's another botnet due to start up within the next few weeks that will see a resurgence in compromised computers.

Even Linux systems are coming under increasing threat as previously undiscovered vulnerabilities in important bits of code are revealed.

Then there are the security issues associated with mail services such as YahooMail and the ever-present risks that carefully crafted attacks on wetware create.

A perfect example of this can be seen in this story in today's NZH.

The problem is that, with power comes risk and responsibility.

We're now so used to effectively connecting our own PCs, tablets or smartphones to other computers located half a world away that we seldom give much thought to the fact that we're dealing with unknown parties in undisclosed locations.

Every email that arrives in our inboxes has the potential to be a trojan horse or some other kind of malware.

Every website we visit has the potential to be harbouring some evil zero-day exploit that will give some evil little sod full access to everything on your hard drive or home network.

Despite the best efforts of anti-malware programs, there is still no guarantee that one of these zero-day exploits won't be leveraged to "pwn" your computer and if/when that happens, you might as well upload your entire disk drive to a public FTP server.

So if we accept that the risks associated with Net use are growing almost exponentially, due to the fact that we're increasingly storing sensitive/valuable information on our phones, tablets and PCs, what can we do to mitigate these risks?

Of course all the experts (especially the ones at Noel Leeming or whatever other shop you buy your new computing device from) will tell you that you have to buy anti-virus software to be safe. Sadly, they'll often recommend Nortons or some other malware that will effectively kill your machine's performance whilst only providing a modicum of protection.

Yes, AV software can be useful -- but it's no substitute for the basics:

Keep your software meticulously patched to the latest version (that's the OS and your apps).

Always engage in "safe surfing" -- which means turning off Flash/shockwave and only enabling it on a case-by-case basis when surfing -- and only when you are very confident that the site and the content are trustworthy (ie: *never* for advertisements).

Always keep regular backups and operate a multi-generational backup chain that allows you to roll back at least a month. This won't stop you getting whacked but it will allow a less painful recovery from such an event.

Stay alert -- read the newswires and make sure you're aware of the latest threats and vulnerabilities. This includes keeping up with the latest wetware strategies (ie: phishing, social engineering, etc).

Leave a system monitor application running on your desktop. This gives you the opportunity to spot any unusual CPU activity, surges in memory use and unexplained network activity.

Those are my basic strategies -- what are yours?

What insightful hints can readers add to this list that will make the internet a safer place for those who use it?

Please visit the sponsor!

Have your say in the Aardvark Forums.

PERMALINK to this column

Rank This Aardvark Page

Change Font