National Cyber Security Awareness Month is just about through. As our last blog for the month, we would like to share a few best practices when securing your computer before you go online. There are some good practices we’ve covered on securing your data and recognizing social engineering attacks. Some common and often successful attacks involve not directly infecting your machine, but going after web servers. This way, they can infect any and all unprotected computers that visit the compromised site – one attack, infecting many computers.
How does it work? Well there are two vital requirements for this to work. The first is a vulnerable web server that may use old software, is not kept up-to-date, or is just poorly managed. The second requirement is a victim computer with unpatched web browsers and plug-ins visiting those sites. The victim computer goes to a compromised site, runs an application (like flash or java) and the malicious code is executed. What happens to the victim computer is actually normal behavior. Sites use embedded applications to enable special features or media to run within a website. These applications are usually trusted by your browser, which is only a problem if the content that the application will run has malicious code that your computer cannot defend against.
So what can you do to better protect yourself?
- First, make sure you update your browsers and 3rd party plug-ins and extensions. A good, free, tool to use is the BrowserCheck from Qualys. You can run it from the site or install a plug-in for your browser – it runs and provides a quick listing of the status of various applications and plug-ins providing “Fix It” links to remediate the vulnerabilities found.
- Second, if you are willing to add an extra click to your Internet browsing, change your browser settings to ask you before launching a plug-in. For example, if you set Chrome’s Plug-in setting to “Click to play,” and you go to youtube.com, it would display the gray box below. You click to enable the Adobe Flash plug-in to run and it runs.
- Third, use an anti-malware program and keep it up to date. Most machines that are compromised by malware are not kept up-to-date with their anti-malware (or anti-virus) programs that could have easily caught the malicious code. There are those newer bits of malware that are considered “zero-day” viruses (which means there is no patch for them), but these are not as prevalent as your everyday viruses and no excuse to not keep yourself as protected as possible.
Sophos is the standard anti-malware program utilized at WIT. Most Institute-owned Windows-based machines should already have it installed and licenses are available for faculty and staff who have Apple OS X-based Institute-owned computers. Send an email to firstname.lastname@example.org in interested in an enterprise version of the program.) Check out our “Tools” page for a link to a free version for your personal devices.
- Fourth and last, make sure you pay attention to what you click. A good way of preventing these attacks is to avoid these compromised sites to begin with. Be wary of phishing emails or tweets that ask you to follow a link. (Check out our page on Phishing.) Definitely be suspicious of email attachments, especially .exe files. 99% of emails with an .exe file are emails with malware attached.
We understand that it isn’t always easy to follow these tips as some services we use require the older versions of a browser or plug-in to work. Well, the advice for those that run into this is to use two different browsers. Use your favorite browser for everyday use and make sure it is as secure as possible by following these tips. Then utilize a second browser for those specific sites that require older versions.
UPDATE: Instructions for enabling “Click-to-Play” function on popular web browsers available from http://www.howtogeek.com/188059/how-to-enable-click-to-play-plugins-in-every-web-browser/.