How To Protect And Survive The Internet Wild West

Although it's approaching 20 years since the grandfather of IT security, Dr Alan Solomon, dressed up in a cowboy's outfit at computer shows to illustrate the Wild West nature of the very early Internet and computing, things have not changed that much.

Dr Solomon was, of course, the founder of S&S International, one of the first anti-virus companies in the PC industry and is now enjoying a well-deserved retirement.

But his legacy lives on as the Internet has been hit by criminality, with organised crime now driving fraudulent emails and malware-infected Web sites on a global scale.

The solution for most business users is to install a solid defence of anti-virus/malware/spam software or hardware technology, and, if the security software does not supply the feature, a browser add-on that tells you which Web sites are potentially dangerous to visit (e.g. http://securebrowsing.finjan.com).

There remains, however, the problem of email that is designed to lure the unsuspecting user to infected or compromised Web sites, which then install malware on user's machine, which then causes all sorts of problems including keyloggers, data relays and Web site misdirections.

The problem of malicious email is a more difficult issue to solve, as, if a fellow Internet user's computer becomes infected, then you could see messages in your in-box that are infected or similarly malicious, as they will have been generated automatically by the infected PC, rather than the person concerned. (ed: that's called social engineering).

One of the latest types of attack methodologies, says Webroot, involves fake virus/worm alerts, which malware authors have been refining since they first appeared in a basic form earlier in the year.

Free Download - 7 tips for Better Email Security whitepaper

According to Andrew Brandt, a security researcher with the IT security vendor, for some months, the malware authors behind this fraud have been refining their skills and working to push their malicious web pages higher in the search rankings.

Victims, he says, experience a PC that appears to be out of control, seemingly unable to do anything but download whatever application a malware such as fakealert forces upon them.

The good news, he said, is that it is not hard to avoid these fakealert sites, but users have to be on constant alert and carefully scrutinise the results of any security scan warnings that appear on their computer screens before they click on a link.

Because of these issues, Brandt advises users to "sweep before they shop" and always scan your computer with a fully updated antivirus and antispyware application before you even get to the order form on your favourite shopping Web site.

Internet users are also advised to look carefully at search engine results before they click. "When in doubt, kill your browser: If you do happen to find yourself sucked into a fakealert vortex, don't click anywhere in the browser window. If you know how to use the task manager to terminate the browser application, you can do it that way," Brandt said.

"Most users will find it easier to simply use the Alt-F4 keyboard combination. Remember, you can always go back to the page you want by restarting the browser and looking at your link history," he added.

Brandt also advises that malware authors and hackers are using a number of tricks to fool Google and other search engines into indexing their malicious links so they have a high relevance score, and therefore appear higher in the results than a legitimate site would.

"One of the tricks they use is to have a large number of the same key phrase interspersed in the middle of text culled from another source." If you're using Mozilla Firefox, there's a useful add-on called Noscript that - as the name implies - allows you to selectively block and control any scripts running on Web sites.

Whilst there's no magic wand that you can wave to protect your PCs in the home or office, the use of favourably reviewed IT security software - and preferably a security suite - and the addition of sensible Internet browsing precautions will go a long way to help prevent your computing environment becoming infected.

If this article has been useful and you are interested to find out more about the current trends in email and web security we would recommend downloading a free whitepaper titled, ‘How bad are the web bad guys?’ This free whitepaper considers the current threats posed by today’s online criminals and covers a number of strategies for ensuring your organisation stays safe. Download ‘How bad are the web bad guys?’ Whitepaper

Related Whitepapers to this topic:

E-mail and Web Security SaaS by Butler Group

Seven Important Tips for Better Email Security in 2009 by the Aberdeen Group

The Critical Need for Encrypted Email and File Transfer Solutions an Osterman Research Whitepaper

Why Security SaaS makes sense today by Webroot