Internet Security Tips

The advice and tips in this section are for discussion purposes only. New York Metro STC assumes no liability for any losses or damages incurred or suffered as the result of following these suggestions and tips. Corporate users should defer to their organization's security policies and practices. Home and home office users should always consult the services of a professional in the event of severe computer virus infection or security attacks.

You Should Know That...

• No one can guarantee you a 100 percent secure Internet connection or experience.



• You are at risk! You are open and vulnerable to an attack on the Internet.

Types of Attacks & Intrusions

• Viruses – Attempts to place unwanted software (viruses) on your PC or network. Viruses may or may not cause damage. Viruses tend to replicate (copy themselves) and attempt to infect other computers and networks.



• Adware – Some viruses are actually types of robots ("bots"). One such type of bot is adware - special software that resides on your PC and intermittently accesses and displays pop-up ads, especially when you are surfing the Web. Most adware takes advantage of a browser's scripting technology, such as Javascript and Visual BASIC script (VBscript). While not dangerous, adware is annoying.



• Spyware – Another type of bot that is designed to monitor PC usage. Spyware can uncover user IDs, passwords, credit card numbers, and other personal information that is maintained or accessed on your PC or network (which can lead to identify theft). While adware is annoying, spyware is dangerous.



• Unauthorized Access – Attempts by unauthorized users to gain access to your PC or network. Sometimes, viruses and other types of bots (spyware) are used to assist the attacker to gain access. This access then gives the attacker the capability to remotely use a PC or network (even to the point of running programs). Such users can then run damaging programs (like those to delete files or reformat hard drives) or gain access to highly sensitive personal information (credit card numbers, user IDs and passwords, etc.).



• WiFi (Wireless) Security Issues – More people are using laptops as the workforce becomes more mobile and transient. Many home PC users have swapped desktop PCs for laptops. Laptops with wireless network interface cards (NICs) are standard today, and it is easy to connect to a WiFi hotspot, an open wireless network. Unfortunately, engaging in trendy laptop behavior, such as surfing the Web from Starbucks, or the public library, while enticing, is also dangerous. Hotspots are "open" and have no security settings. This has become the most vulnerable and popular hacker attack point in recent years. Wireless transmissions through airspace are easy to intercept and read using easily-obtained hackerware. Whenever you are WiFi surfing at Starbucks, be aware that unencrypted info transmitted from your laptop, such as user IDs, passwords, and credit card numbers, can be eavesdropped, and your security and identity easily comprimised.

What You and I Can Do

The following recommendations are aimed more at home and home office users. If you are a corporate user, you should follow the policies and procedures outlined by your company. Companies have well-defined computer and network security policies and practices, and have documented disaster recovery and business continuity (DR/BC) plans.

Software

• Purchase and install either MacAfee VirusScan or Symantec Norton Anti-Virus. As an option, you can purchase MacAfee Personal Firewall or Symantec Norton Internet Security.



• When you install these products, enable their netshield capability. A netshield scans the incoming packets for virus signatures and immediately blocks any potentially harmful packets and alerts you the moment it detects such packets.



• Make sure that you periodically obtain or download the virus data signature files for your anti-virus and Internet security (firewall) products. Anti-virus scanning engines rely on these files to be able to spot the most recent viruses roaming the Internet. Sign-up for online subscriptions to update virus signature data files and software over the Web.



• Ensure to apply update patches for operating system software. Microsoft in particular is still plugging up holes in its software. Microsoft users need to stay aware of this and apply software patches as soon as they are released.



• Use software that is more secure and avoid software that has a bad reputation.

Best Practices

• Using a broadband connection? Please note that it remains active, even when you are not using the Internet. Packets and Internet commands continue to flow through your modem and PC. Shut off the modem, or physcially disconnect the connection between your PC and the broadband modem. Hey, what about the Stand By button? That's a false sense of security: Stand By mode still allows packets to flow through your PC. The best protection is to disconnect your PC from the broadband modem.



• Network security policies you apply to your home wire-based network (such as cable or DSL) should be extended to your WiFi (wireless) networks. Be way of using user IDs, passwords, and credit card numbers over WiFi hotspots, such as those at schools, libraries, trendy cafes or bookstores. These locations configure open access on purpose - so that people can access and surf the Internet for research and entertainment while sipping their lattes, activity which presents no security threat. Unfortunately, such sites invite predatory hackers looking for unwary surfers who do shop online and exchange telling e-mails.
  
  There are basically two flavors of WiFi encryption: Wireless Equivalent Protocol (WEP) and WiFi Protected Access (WPA). WEP is considered weak and "crackable" by hackers. WPA is considered more secure (WPA-2 is the newer version of WPA which is considered even safer). If you can, enable WPA. If WPA is not available, then enable WEP (some form of protection is better than none). To be safe, realize that WiFi surfing is not as safe as wire-based methods. If you do a lot of online shopping, or are concerned about the privacy of your e-mail exchanges, restrict your surfing to your wire-based home network. If you run a WiFi based home network, shut it down after extended periods of inactivity to prevent hijacking.



• Be wary of downloading files, especially from untrusted sources. All binary downloads (binary command files, such as .exe and .com files; .dll files; graphical files like .jpg, .gif; Active X controls such as .ocx files; etc.) should be suspect.



• Do you know that text files can contain potentially damaging script code? Such files usually end with one of these extensions: .reg (registry script), .vbs (VBscrip), .js (Javascript or JScript), .bat (batch script) or .cmd (command script). Scan all downloaded files! The newer anti-virus programs can intercept script code before you run it and prompt you with a warning that the script may be potentially dangerous to your system. Caveat: sometimes such scripts are necessary and are part of a system update. Not all scripts are virus-ridden or damaging.



• Be wary of e-mail attachments, especially binary attachments (graphical .gif, .bmp, .jpg, etc.) and script attachments (.cmd, .bat, .js, .vbs, .ocx, .dll, etc.). Never open an attachment in an e-mail if you do not know or recognize the sender. As with downloads, attachments should be saved to a special directory and subject to virus scan before opening them. For small and home businesses, special e-mail servers and firewalls are available for you to "strip" attachments from e-mails that originate from unknown persons.
  
  Note: New York Metro STC does not send e-mail attachments! Subsequent or supporting information to an e-mail announcement is staged to the Chapter Web site with a link to it in the e-mail. Member notifications will link to either a subsite (stcnymetro.org/subsite/) or a specific HTML document (stcnymetro.org/moreinfo.htm). Do not click a link to a suspect or non-document file (stcnymetro.org/special/can_be_bad.exe)!



• Back-up critical system and data file. Develop a backup strategy (daily and weekly incremental backups, full monthly and quarterly backups).



• As part of your DR/BC plan, develop a PC rebuild kit which should contain the following:
  • Floppy or CD with virus scanning software (for standalone scanning)
  • Emergency boot disk (floppy, CD or both)
  • Original operating system CD that came with your PC
  • Driver software (for CDs, DVDs, ZIP drives, printers, monitor, video card, modems, etc.)
  • Security, firewall and/or anti-virus software
  • Internet connectivity software (for DSL or broadband connectivity)
  
  
  Note: Your computer's BIOS should be set to boot from devices in this order: floppy, CD (or DVD), hard drive.

I've Been Infected - Now What Do I Do?

1. Isolate the infection - The PC or PCs infected need to be disconnected from the network and quarantined.



2. Scan for the virus/viruses - Many newer viruses corrupt virus scanning software. The infected PC's virus scanning software may be corrupt, and should be suspect. You need to conduct a standalone scan using a floppy or CD that is not infected. Some products let you create a special standalone scanning floppy or CD that you can use on infected PCs. Use this floppy or CD to run a full scan on the PC.



3. Run a standalone scan product - Even the most up-to-date product may not be able to scan the most recent viruses. I recommend obtaining and running AVERT Stinger. Stinger (stinger.exe) is a standalone scanner that can detect the most recently released viruses that MacAfee and Symantec may miss. You can obtain it from the MacAfee Web site (www.macafee.com). Some of my friends also recommend running AdAware and a few other anti-spyware programs, but that is optional as far as I am concerned.



4. Clean and delete corrupted files - Rerun your scans (2 and 3) to ensure that no viruses are on the PC.



5. Restore system files - You may need to restore backed up files, especially system files that may have been cleaned or deleted. DO NOT REINSTALL APPLICATIONS at this point. You only want to restore system files that are critical to the booting and operation of the PC.



6. Restore anti-virus software - Remove, then reinstall the antivirus software on the recovered PC.



7. Restore applications - Reinstall any applications that may have been corrupted or deleted because of the virus.



8. Reboot the PC - Reboot the PC. Rerun the virus scan and ensure that the PC is virus free.



9. Enable Security Settings - Enable the security settings for your virus scan and Internet security applications.



10. Reconnect to network/Internet - Reconnect the PC to the network or the Internet (or both).



11. Repeat steps 1 to 10 for other infected PCs.

Note: Sometimes viruses may do low-level corruption to the hard drive. The Top Two PC security applications (MacAfee VirusScan and Symantec Norton Anti-Virus) can recover severely damaged hard drives, including ones whose Master Boot Record (MBR) have been seriously corrupted. However, there are times when you may need to perform a complete and comprehensive "ground-up" reinstall of your system. THIS SHOULD ONLY BE DONE IF IT IS ABSOLUTELY NECESSARY AND ONLY IF ALL OTHER OPTIONS HAVE BEEN EXHAUSTED. You may need the services of a computer professional, or need to return the PC to the manufacturer or to the vendor's support center for this level of service. (Steps vary among the different platforms and operating systems - Windows, MacOS, Linux, UNIX, Solaris, etc.)

Resources

• MacAfee Solutions
• MacAfee Anti-Virus Tips
• MacAfee Virus Removal Tools
• MacAfee AVERT Stinger (stinger.exe)
• Symantec Web Site (Norton Anti-Virus, etc.)
• Symantec Virus Removal Tools
• Symantec Security Advisories/Responses, etc.
• Virus Information (National Institute of Standards & Technology, NIST)
• WiFi Planet
• WildList Organization International