Once just advertising annoyance, Spyware and Adware can now capture everything from your browsing history through to critical information, such as banking passwords. Internode recommends that you regularly scan you machine for these programs.
Some products that can diagnose and clean Spyware/Adware include:
Antivirus software is an essential requirement on any computer - Windows, Mac, or Linux/Unix. These programs can help detect and remove threats that may cause issues both for your computer, and other computers in your local network.
While Windows-based PCs are the most vulnerable to viruses - despite common belief - Mac and Linux/Unix machines are still vulnerable to threats. 'Security through obscurity' does not equal safety.
There are many antivirus alternatives at your disposal; some are free and some require a subscription.
In general, the free versions lack features, have restricted licenses, and/or lack customer support. These limitations are usually illustrated for comparison on the website of the product, if they have free and paid variants.
Antivirus software must be kept up-to-date and used to do regular scans of your system to be effective - weekly as a minimum. Internode recommends purchasing full versions of antivirus software, such as those available from:
Firewalls are an important tool in keeping your PC safe from outside threats. Firewalls act as a barrier that inspects the traffic going in and out of your PC, and will block anything that is not permitted according to its rules. All major operating systems include a firewall of some form, and this is usually sufficient if configured correctly.
For additional protection there are several software or hardware firewall solutions that offer greater flexibility. All routers sold by Internode include a stateful packet inspection firewall, to help protect your home network from Internet attacks.
It is vital to keep your operating system and application software up to date. A virus can not only affect you and your systems, but can also mean your system can be used to attack others on the Internet.
Vendors frequently release updates to fix bugs, add new features, and address security issues in programs. There have been hundreds of vulnerabilities across the various operating systems over time. To date there have been:
Note: The above is based on the most recent major release and does not count the entire product history and does not include all of the 3rd party vulnerability patches available for applications running on these operating systems. Of course a majority, if not all, of these issues have since had patches released by the vendor and can be been resolved if patches are applied.
These vulnerabilities range from minor inconveniences to major causes for concern. It is important that you keep operating systems and software fully patched and up to date - otherwise your system may be vulnerable. Do not ignore update notifications when they appear on your screen, and regularly run software update checks to ensure your system is running on the latest version.
Spam is a very common email concern, and increasingly it is more than just a nuisance. Fortunately, anti-spam filters - both on the email server that you are using, and in your email client software - can provide effective protection.
Figure 1: Example Spam Email: Fiesta Casino Club
Never respond to spam: that only confirms your address exists and encourages more to be sent to you. Block it, delete it, and ignore it.
Spam filters assist in keeping your inbox free of unwanted junk email, and also messages designed to swindle you out of your password or credit card details (this is known as 'phishing').
Many email providers include anti-spam and anti-phishing filters: this facility is provided, at no extra cost, on all Internode email accounts.
Figure 2: Internode's Spam Filter Settings
These 'clean' your email before it gets to your inbox. You can also have a local spam filter within your email client software that can be set up to your specific requirements.
By default we have the rating set to 7+, however if you have issues you may wish to adjust this to 4+ or lower. Keep in mind setting this to 0 will block all emails that you have not explicitly added to your exceptions or friends lists.
Simply put, you need to be smart with your confidential information - and so to safely navigate the web, you need to know what's safe and what's not.
'Phishing' (pronounced fishing) is a social engineering technique that uses confusing links and misdirection to scam information from you. Modern web browsers and email clients have anti-phishing capabilities, however it's also essential that you know the danger signs.
In almost all cases, legitimate organisations will not 'cold-call' or email you asking for confidential information outright.
There are exceptions, however. For example, in response to your Support Request email to Internode, we may contact you for details to assist us in identifying your account or authorising changes - but only when you have contacted us first. If in doubt, disclose nothing.
Financial Institutions will never ask for your details via email, due to the potential for breaches of privacy and security.
Figure 3: Example Phishing Email: A typical bank scam
Look carefully at this example of phishing email. The link address (in blue) may at first appear legitimate - however it has an addition to it that makes for a different link altogether. The top level of the link - .account-updateinfo.com - is quite different to the bank's official Internet domain of .firstgenericbank.com - and means it's a completely different website.
And remember, no bank or organisation will ever ask you for your private credentials via email unless in response to your own request.
Figure 4: Example Phishing Website: A typical website set up for phishing
Phishing emails will often direct you to website that looks a lot like the legitimate website they are impersonating, particularly in terms of graphics and text.
However, there are some subtle differences. Critical details to look out for include the encryption symbol (typically shown by a padlock symbol in the bottom left or right corner depending on the browser); 'http' instead of the more usual 'https' in the address; and/or warnings from your web browser of invalid certificates.
All residential and commercial broadband routers ship with a set of factory default settings, typically the same along an entire brand model. Typically this includes the administrator username & password used to log in to the router. You should change this default password as soon as you have set up your broadband router.
Routers that are still set to default usernames and passwords are easy prey to attacks from the Internet. The Internode Network Firewall prevents many of these attacks, and is a free feature that is automatically enabled for all residential broadband services.
Furthermore, many broadband routers are shipped with wireless enabled and not secured in anyway. This means people may be able to use your Internet connection, and snoop on your Internet traffic. By default, Internode ship routers with the wireless access disabled to prevent this common exploit.
Please follow the instructions carefully when setting up the wireless on your broadband router. It is a good practice to have your wireless secured with WPA2. WPA can be used if your devices don't support WPA2 - but be aware it can be cracked in under a minute with the right software.
Suggestions for router security include:
Complex passwords are a vital aspect of personal security. The better the password, the harder it is for it to be broken by brute force or simply guessed.
A good way to make a strong password is to include capitals, lower case, numbers and symbols (if allowed). This is the approach used to generate passwords for Internode services.
A trick to remember complex passwords can be mnemonics such as: I have 8 Cousins, 6 aunts, 3 Uncles and 2 grandmothers. This mnemonic results in the password 'Ih8C6a3Ua2g' - a very strong password that is virtually impossible for others to guess.
Examples of strong and weak passwords include:
The Strong Password Generator can help give you some more ideas.
Staying smart online is an important aspect of being safe. You shouldn't share any personal details with people you meet online unless you trust them implicitly. You never know who could be attempting to get these details for malicious purposes, be it your personal physical safety or your own financial security.
Personal details, even subtle ones, can be used to dig up a large amount of information if one is careless. A school photo might show the school's name, pictures of a home party may show the address and with enough information one can do quite a bit of damage. Coupled with the right questions it's quite easy to socially engineer some chaos if one is a little loose with words.
Be careful when in online discussions, while you may feel anonymous through the text-only connection or even behind a screen name, but personal details in either profiles or given away in the conversation can be used against you in one way or another. Don't forget that anything put online, even if the site is taken down, can typically still be found for years after in caches or backups.
A special consideration with webcams is that anything you broadcast is usually quite easy to record or take snapshots from. There are several examples of these being used as blackmail material.
Also it is important to remain vigilant and know exactly what your software does. If you don't know, do some research to find out if it has any problems with set ups or security. The Internet is a treasure trove for this sort of information.
Just because a program is used by a large portion of the market, it does not mean that is the most secure or the 'best'. In some cases it can cause the opposite, as the large sized user base may cause it to be a target.
Finally, backing up your data is a smart thing to do. Keep a fresh copy of important data away from your machine, so if you are compromised you will be able to recover your information.
Further reading and resources are available from the Australian Communications and Media Authority at http://www.cybersmart.gov.au/