What if you had three simple rules that would help you avoid a wide range of malware?
Brian Krebs gives us three such rules in his book, Spam Nation.
Krebs is a former Washington Post reporter and is best known for his work at Krebs on Security. The award-winning blog has broken some of the largest cybercrime stories in recent memory, including the credit card data breaches at Target, Home Depot, and more recently Ashley Madison.
In 2014, Krebs detailed the rise and fall of the spam industry in his first book, Spam Nation. He also gave us three easy ways to avoid online scams.
Scammers often try to disguise malware to trick people into downloading it.
Imagine you are surfing the web and click on a site. A message pops up alerting you that a virus has put your computer in a critical position. The alert is even kind enough to offer you a solution: downloading a piece of antivirus software.
DO NOT BUY IT. Any antivirus software that you have not sought out, but rather has been presented to you on a random website, is not worth downloading. If you do, it can run amok on your computer.
Scareware earns millions
The above scenario is an example of scareware – a method used by scammers to frighten people into downloading fake anti-virus software that is of course malware.
In 2014, the FBI busted a scareware ring in Europe that accrued profits of $72 million over three years, evincing the lucrative nature of these scams.
Other times, scammers will prompt individuals to download a video player or app to watch a video, with the software of course being malware.
In general, Krebs recommends avoiding any software that you did not specifically request or thoroughly research. Unrequested software is often malware and will cause more problems than it solves.
Patching is absolutely fundamental to cybersecurity: as cybercriminals’ attacks evolve, so to must the defenses.
Not only should you update operating systems with the latest versions, other software products are just as critical.
Scammers often target weaknesses not only in Windows and OS X, but also the vulnerabilities of common software applications, namely Java, Adobe PDF Reader, Flash, and QuickTime.
In fact, last month hackers exploited a bug in a recent version of Java that allowed them to attack members of NATO and the White House. The bug allowed attackers to install malware and steal data from the infected machines.
If these vulnerabilities can allow attacks on such seemingly secure individuals, how would they stack up against your business? By the way, Oracle released a patch for this vulnerability last month.
Get updates on your patches
The moral of the story: common software applications have vulnerabilities that hackers often exploit, but developers are constantly patching the holes. To stay safe, you must take advantage of patches by updating software, or you will remain susceptible to attacks.
“lutter is the nemesis of a speedy computer,” Krebs laments. Many individuals would be best served by taking this motto to heart, as most computers contain a myriad of useless software.
In a 2012 article, pcmag.com detailed multiple examples of bloatware that could be slowing down your computer:
This extraneous software often installed on computers by the manufacturer, but users are also to blame. They often install numerous programs that seem important at the time, but as time passes, their utility fades.
Bloat is slowing you down
Regardless of how it got there, bloatware reduces a computer’s performance dramatically by increasing boot time and taking up RAM.
Not only does this extra software reduce performance, it provides more vulnerabilities for hackers: the more software on a computer, the less likely it is to be up-to-date.
Removing bloatware and other unneeded programs will increase a computer’s performance. In addition, it reduces the difficulty of keeping all software up to date, which better protects against internet scams and malware.
Of course, nothing will prevent every malware infection. However, these simple rules will, in Krebs’ words, “drastically reduce your chances” of infection.
In addition, the rules cost next to nothing in terms of time and money. They simply require increased vigilance and awareness.
Following these rules is a small price to pay for big returns in the security of your systems and clients.