MiddleEarth

MiddleEarth
Computer Security Simply Explained
Malware is getting nastier, but that shouldn’t matter
Apr 11, 2016

Malware: "an umbrella term used to refer to a variety of forms of hostile or intrusive software, including computer viruses, worms, trojan horses, ransomware, spyware, adware, scareware, and other malicious programs. It can take the form of executable code, scripts, active content, and other software."

Phishing: "the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication."

Ransomware "a type of malware that can be covertly installed on a computer without knowledge or intention of the user that restricts access to the infected computer system in some way, and demands that the user pay a ransom to the malware operators to remove the restriction."

"The real story is that, in 2016, we are still making the same dumb mistakes we made in the ’90s. So remember: Don’t click on unknown files or links, and do make nightly backups. It’s not that hard!"

"Sure, cybercriminals are always improving their wares, but nothing has changed about how our machines actually get infected. You have to do some fundamentally stupid things to get infected."
  • First, just because you get an email that contains your real address, or some other personal data, doesn’t mean the contents are real.
  • there are overwhelming odds that you would have to be running Windows for the malware to pose any sort of threat to you.
  • For the malware to get a toehold, you need to open a Windows format file — from a stranger. And why would you do that? Opening a Windows format file sent by someone you don’t know has been a mug’s move since the late ’90s

Security commandments:
1) Thou shall not trust messages from strangers.
2) Thou shall not fool around with anything remotely dangerous on a Windows PC.
3) Thou shalt never open an attachment from a stranger.
4) Thou shalt never, ever open a Windows-specific file from a stranger. Or from your mother, for that matter.

I’ll make this even simpler:
If you don’t know what something is, don’t click on it!

Ransomware works only if you’re fool enough to break all the rules I listed above.

Now, what simple thing should you have been doing every day to prevent any need of ever paying such ransoms?

How many of you said, “Back up my files”?

Congratulations. You need never fear ransomware. Making current backups is all it takes to mitigate ransomware’s effects.

Here’s one more commandment you should have already known:
5) Thou shalt always back up thy data.

"The real story is that, in 2016, we are still making the same dumb mistakes we made in the ’90s. So remember: Don’t click on unknown files or links, and do make nightly backups. It’s not that hard!"
 

Yalides

Am I pretty ?
Computer Security Simply Explained
So what, in your opinion, would be an acceptable security set up using the offers available these days like AVG etc ?
And free versus paid options ?
So many on offer and computer reviewers seem to have different views on which are the best which makes one wonder how much they are getting paid for their favourable reviews.
 

Jaycey

African Refugee
Computer Security Simply Explained
All very well making daily backups but surely there is the danger of overwriting a good backup with a corrupt one? And you only need to keep backups for a certain time before to need to delete them to free up space.

I do major backups in the middle of the month overwriting to the previous backup on external HDD(1) - then at month end I repeat to HDD(2).

Clumsy but it has worked for me so far plus the new 2TB Passport HDD are amazing!
 

bickern

Member
Computer Security Simply Explained
I will not negate the post you made ME as the advice is sound, it's just that other systems apart from Windows are at risk and I am not too sure anyone reading may have taken note or noticed that it covered other systems. (I am sure you slipped the Windows references in accidently)

Reveton / IcePol Ransomware is out on Android, another known as The FLocker (short for the Frantic Locker) malware has been in circulation since at least April 2015 and has concentrated on locking down smartphone handsets running the latest builds of Android. But the writer keeps on adding new features and has now extended the code to give smart TV owners problems too.

KeRanger came as a shock to Apple users, granted not everyone used torrents but....

The big weakness being targeted at the moment are browsers. Phony "tech support" / "ransomware" popups and web pages.

These scams can appear on any web browser running on any Mac, PC, or iOS device. They appear to be authentic, because they might include details such as your IP address and an icon of the browser you're using. Some of them include voiceovers or annoying alert sounds. You can't find a way to dismiss the popups, and you can't find a way to quit Safari. Even if you were to completely shut down and restart your Mac or iPhone, the annoying popups might just keep reappearing.

Scam1.png


spam.png


A troubling trajectory of malware and ransomware is targeting OS X and iOS. Think OS X and iOS are safe from security threats? Think again. According to Kaspersky Labs, from 2010 through 2014 malware targeting OS X increased 3,600%. (My Note: That sounds a big number but the original number was small)

First major iOS malware outbreak

About six months ago, iOS was the subject of the first major malware outbreak since its release. Affecting an estimated hundreds of millions of devices, XcodeGhost was the name given to the malicious code found in a number of apps hosted in the Apple App Store, which used a tampered version of Xcode to stealthily steal confidential data from iOS devices; the data could later be used to target individuals for Apple IDs and iCloud credentials.

Discovered by iOS developers in China, the targeting of Xcode effectively side-stepped many of Apple's checks and balances for its App Store (such as digital signatures) by passing on the malicious code to the apps created by third parties complied with the compromised Xcode and passing it off as a legitimate application.

http://www.techrepublic.com/article...alware-and-ransomware-targeting-os-x-and-ios/

Google and Android device manufacturers may be about to go heads on shortly, Google is a bit miffed they plug vulnerabilities and add functions regularly but the big boys don't roll out the updates to their users. The recent Oracle judgement might force Google to take some steps. Android Silver may even raise its head again.

Hmm, I could go on but I only mention it to be a bit more informative re other systems than Microsoft ones, because as other systems are getting more popular they are being attacked more, and those on other systems are being led into a false sense of security. Windows is also getting tighter so some of the stuff trawled off the internet is no longer as relevant.

Everyone needs to be on the ball, especially as more and more are embracing the internet. If anyone sits there thinking they don't need protection cos they don't run Microsoft then they are a fool waiting in the wings to be infected.
 
Last edited:

keefee

Member
Computer Security Simply Explained
Morning all,
How do you back up emails, except for sending everything to another email address?
Thanks.
 

MiddleEarth

MiddleEarth
Computer Security Simply Explained
I will not negate the post you made ME as the advice is sound, it's just that other systems apart from Windows are at risk and I am not too sure anyone reading may have taken note or noticed that it covered other systems. (I am sure you slipped the Windows references in accidently)

Hmm, I could go on but I only mention it to be a bit more informative re other systems than Microsoft ones, because as other systems are getting more popular they are being attacked more, and those on other systems are being led into a false sense of security. Windows is also getting tighter so some of the stuff trawled off the internet is no longer as relevant.

Everyone needs to be on the ball, especially as more and more are embracing the internet. If anyone sits there thinking they don't need protection cos they don't run Microsoft then they are a fool waiting in the wings to be infected.

I did not "slip" in the Windows stuff. All of the information I posted was from the author of the article. He is an admitted Linux user and makes that clear in his full article.

I try to post relevant excerpts and usually do not post an entire article unless it is short. For those who really care about the contents of an excerpted article they would be well advised to follow the links to the original article.

My point of posting security articles is not to bash any particular operating system. I have made it clear that I believe a well-installed Linux system is more secure than Windows but we have banged that back and forth in other forums. Microsoft has made great strides toward security in the last few years. Unfortunately, security technology is still way ahead of its user base.

The loose nut behind the keyboard is the biggest problem. We all have to practice heightened awareness and not just click on any link that comes to our attention and do NOT, under any circumstances open that zip or EXE file that a neighbour or friend or granny sent you. Their email may have been hijacked and a hacker is attempting to get you to do their dirty work for them.

I still get emails from people I know, or who, for whatever reason, have my email address in their contacts/address book. These emails have either attachments or links in them to web pages. I show the full headers in the message and can see that it does not come from the email address in the "Reply To." If Gmail or Yahoo or some other major mailer is being used I send the full message with headers showing to their admin. I also write whomever it is who was hacked and let them know. This has happened three times now with my next-door neighbour and she claims each time that her son has fixed the problem. She, of course, is still using Win XP :fish:

You wrote "The big weakness being targeted at the moment are browsers. Phony "tech support" / "ransomware" popups and web pages." Thanks for adding to the discussion, you underscore again the point, that users are the main problem for the transmission of malware.

XcodeGhost was a good example of Apple not doing what good website admins, should do, protect those who use the services of that website. Most malware problems, for any OS, are because of shoddy or lax administrative care to servers. No app on any app store should be allowed to be posted without thorough testing by administrators and assistants. Unfortunately that is not always the case.

Therefore good and regular backups of any data considered is essential.
 

MiddleEarth

MiddleEarth
Computer Security Simply Explained
NOTE: Desktop and laptop computers are not the only devices whlch should be backed up. A phone or tablet can accumulate a great deal of important data in a short period of time. Your data on such devices should get regular backups as well.

WhatsApp conversations including images, videos, and chats are easy to backup and WhatsApp does not keep them if you lose them.

All those photos you took on your last holiday could be lost.

Your Contacts/Address books, notes, and anything else that you value should be regularly backed up.

I put our phone and tablet data on my laptop and then backup the laptop.


All very well making daily backups but surely there is the danger of overwriting a good backup with a corrupt one? And you only need to keep backups for a certain time before to need to delete them to free up space.

I do major backups in the middle of the month overwriting to the previous backup on external HDD(1) - then at month end I repeat to HDD(2).

Clumsy but it has worked for me so far plus the new 2TB Passport HDD are amazing!

Jaycey, any good backup program will do incremental backups (see below). If you do them daily, then you only backup what you created or modified between the last backup and the current one. Backup programs can also be set to delete backups after so many days.

1)
Do full backup of everything (maybe to the same on both disks)
2)
Do daily incremental backups of new or modified data
3)
If you find your machine is infected do not do a backup and for safety perhaps you should not use the previous day's backup.

The Missus does translations and when she finishes a few hours of work on a translation she copies it to BOTH a USB disk and to GDrive. I do the "IT Admin" stuff for her and do regular full or differential backups using rsync for Linux.

This discussion mentions a wide variety of Windows utilities similar to rsync:
https://stackoverflow.com/questions/528298/rsync-for-windows

How do you back up emails, except for sending everything to another email address?

A very broad question. What operating system do you use? What email program do you use? Do you use an email app? Or, do you use webmail?

Any decent backup program will allow you to backup all your email incuding address books. Windows has a free, built-in backup utility, have you used it?

A Google search for "tutorial how to backup Windows" AND only listing posts in the last year yielded thousands of hits.


Full Vs. Differential Vs. Incremental Backups: What These Terms Mean And How To Get The Most Out Of Your System Backups
As the name indicates, a full backup includes everything — all of your folders, files, and data.

Differential backups are backups of all of the files that have been added or changed since the last FULL backup. Differential backups are faster than a full backup and take less storage space, because it doesn’t include all of the data.

Incremental backups are backups of all of the new and changed files since the last backup — NOT SINCE THE LAST FULL BACKUP, which is a differential backup. Incremental backups are super fast, because it backs up the least amount of data of these three types of backups and does not include duplicate files. Incremental backups also take the least amount of storage space.
 

Akbuk Rob

Member
Computer Security Simply Explained
Morning all,
How do you back up emails, except for sending everything to another email address?
Thanks.

If you use an email, client such as Thunderbird for example, you simply back up your entire profile folder. You would normally include that as part of your regular back up schedule, then if you accidentally loose or delete an important email you can restore the whole profile or just the inbox from the back up.

The same works for browser favourites, passwords etc.

This is real handy and fast when migrating computers or operating systems. I just set up a new machine for the wife, when it came to her email client and web browser I simply overwrote the new profiles with the old ones and everything is just as it was on her old machine.
 

Maisie

Member
Computer Security Simply Explained
I received an email from eBay. Except it wasn't! It was castigating me for not sending the purchased item. Threat that I would be reported to eBay and the police. All very well but, I don't sell on eBay. So obviously a scam.

I forwarded it to eBay who, a few minutes later, confirmed that it was a phishing email. So I just deleted it.

Maisie
 
Last edited:

bickern

Member
Computer Security Simply Explained
I know you did not slip in the windows stuff "I am sure you slipped the Windows references in accidently" was meant as irony. I knew you were not the author, but I knew you read it.

Linux on the Desktop has such a low user base for a reason, therefore having a dig at users of the most popular one can be counter productive to users in general. Using bias to omit information can be a danger because posting biased information has inherent problems if not checked; for instance:


Security commandments:
1) Thou shall not trust messages from strangers.
2) Thou shall not fool around with anything remotely dangerous on a Windows PC.
3) Thou shalt never open an attachment from a stranger.
4) Thou shalt never, ever open a Windows-specific file from a stranger. Or from your mother, for that matter.

I’ll make this even simpler:
If you don’t know what something is, don’t click on it!

Ransomware works only if you’re fool enough to break all the rules I listed above.



That is plainly wrong as it has omissions, which is what prompted me to reply and point out Ransomware can hit through browsers and hits other than Windows users. I also guess you are well aware of that John, therefore you knew the post was slanted and biased. I am not having a pop at you, I am just explaining my ironic/sarcastic comment.

I also started with "I will not negate the post you made ME as the advice is sound" but...

My point of posting security articles is not to bash any particular operating system. I have made it clear that I believe a well-installed Linux system is more secure than Windows but we have banged that back and forth in other forums.

I as well as Rob have made that clear also, but the computer experience isn't always just about security is it? As I have said before, there is a very good reason why people have tried Linux and abandoned it, and why the Linux evangelists fail to convert users on so many occasions.

Taking the p**s out of any operating system or IT company I fully endorse, but I know some members look in the geeky section for sound advice, so a serious topic, if purposely carrying a slant or bias can be dangerous to some.

Anyhow, end of the preaching, and this is me posting as Norman, not a mod, answering your post ME.
 

bickern

Member
Computer Security Simply Explained
Morning all,
How do you back up emails, except for sending everything to another email address?
Thanks.

Are you using a browser to go to Outlook or Hotmail or whatever, or are you using an email client, if a client then which one are you using?

Here is a list of some popular Windows clients.

http://www.techradar.com/news/software/applications/windows-7-email-5-best-free-clients-903699

I am guessing the new Fire Stick may have prompted the post. Here are some Android clients.

http://www.knowyourmobile.com/mobil...-apps/22475/very-best-android-email-apps-2015
 
Last edited:

the bueman

Member
Computer Security Simply Explained
Hi Guys

Get yourselves a good security program that protects you online and ALWAYS SCAN your computer before backing up to a cloud account or external Hard Drive.

Programs that can scan your Hard Drive and also scan devices that you plug in and play are good for keeping you free from viruses and unwanted malware.
 

bickern

Member
Computer Security Simply Explained
I know a few people that swear by this so I thought I would put a link. The only negative I have with the reporting is how it labels some cookies as a threat and scares the life out of people.


SUPERAntiSpyware Free Edition is 100% Free and will detect and remove thousands of Spyware, Adware, Malware, Trojans, KeyLoggers, Dialers, Hi-Jackers, and Worms. SUPERAntiSpyware features many unique and powerful technologies and removes spyware threats that other applications fail to remove.

SUPERAntiSpyware Free Edition does not include real-time blocking or scheduled scanning.

SUPERAntiSpyware - Downloads
 

Yalides

Am I pretty ?
Computer Security Simply Explained
I know a few people that swear by this so I thought I would put a link. The only negative I have with the reporting is how it labels some cookies as a threat and scares the life out of people.


SUPERAntiSpyware Free Edition is 100% Free and will detect and remove thousands of Spyware, Adware, Malware, Trojans, KeyLoggers, Dialers, Hi-Jackers, and Worms. SUPERAntiSpyware features many unique and powerful technologies and removes spyware threats that other applications fail to remove.

SUPERAntiSpyware Free Edition does not include real-time blocking or scheduled scanning.

SUPERAntiSpyware - Downloads

Totally agree Norman. Wouldn`t be without it.
 

Jaycey

African Refugee
Computer Security Simply Explained
Presumably we need to remove avg, Malware etc before down loading Norman?
 

bickern

Member
Computer Security Simply Explained
It is in addition to antivirus, not a replacement. It is not automated on the free version, you do a manual scan.
 

Yalides

Am I pretty ?
Computer Security Simply Explained
On this computer I run
AVG - antivirus
Mbytes - malware
SAS - antispyware

I occasionally run Wisecare365 and ADWcleaner across my whole setup.

Works well for me.
 

martin m

Member
Computer Security Simply Explained
Hi Guys. I know this is not correct etiquette but could someone tell me why I always have to log in every visit to TLF, you guys writing on this thread will know if anyone does, and yes I do tick the "remember me box " every time I log in.
thanks martin
 

Latest Posts

Top Bottom