Once just an advertising annoyance, Spyware and Adware can now capture everything from browsing history through to banking passwords. Internode recommends that you regularly scan you machine for these programs.
Some products that can diagnose and clean Spyware/Adware include:
Antivirus software is essential for any computer - Windows, Mac, or Linux/Unix. Antivirus detects and removes threats that may cause problems - both for your computer, and other computers in your local network.
While Windows-based PCs are most vulnerable to viruses - despite common belief - Mac and Linux/Unix are still vulnerable. 'Security through obscurity' does not equal safety.
There are many antivirus alternatives at your disposal - some are free and some need a subscription. In general, the free versions lack features, have restricted licenses, and/or lack customer support. If a company also offers a paid version, these limitations are usually shown on a comparison chart on a product's website.
Antivirus software must be kept up-to-date and used to do regular scans of your system to be effective - weekly as a minimum. Internode recommends purchasing full versions of antivirus software, such as those available from:
Firewalls are an important tool in keeping your PC safe from outside threats. Firewalls inspect the traffic going in and out of your PC and block anything that is not permitted according to its rules. All major operating systems include a firewall which is usually sufficient if configured correctly.
For extra protection or flexibility, there are also several software or hardware solutions available. All routers sold by Internode include a stateful packet inspection firewall. This helps protect your home network from Internet attacks.
It is vital to keep your operating system and application software up to date. A virus can not only affect you and your systems, but can also mean your system can be used to attack others on the Internet.
Vendors frequently release updates to fix bugs, add new features, and address security issues in programs. There have been hundreds of vulnerabilities across the various operating systems over time. To date there have been:
NOTE: The above is based on the most recent major release and does not count the entire product history. Neither does it include all the 3rd party vulnerability patches available for applications running on these operating systems. A majority, if not all, of these issues have since had patches released by the vendor. These vulnerabilities can be resolved if the patches are applied.
These vulnerabilities range from minor inconveniences to major causes for concern. It is important to keep operating systems and software patched and up to date - otherwise your system may be vulnerable. Do not ignore update notifications, and regularly run software update checks to ensure your system is up to date.
Spam is a very common email concern, and increasingly it is more than just a nuisance. Fortunately, anti-spam filters - both on the email server that you are using, and in your email client software - can provide effective protection.
|Figure 1: Example Spam Email: Fiesta Casino Club|
Never respond to spam: that only confirms your address exists and encourages more to be sent to you. Block it, delete it, and ignore it.
Spam filters assist in keeping your inbox free of unwanted junk email, and also messages designed to swindle you out of your password or credit card details (this is known as 'phishing').
Many email providers include anti-spam and anti-phishing filters: this facility is provided, at no extra cost, on all Internode email accounts.
|Figure 2: Internode's Spam Filter Settings|
These 'clean' your email before it gets to your inbox. You can also have a local spam filter within your email client software that can be set up to your specific requirements.
By default we have the rating set to 7+, however if you have issues you may wish to adjust this to 4+ or lower. Keep in mind setting this to 0 will block all emails that you have not explicitly added to your exceptions or friends lists.
Simply put, you need to be smart with your confidential information - and so to safely navigate the web, you need to know what's safe and what's not.
'Phishing' (pronounced fishing) is a social engineering technique that uses confusing links and misdirection to scam information from you. Modern web browsers and email clients have anti-phishing capabilities, however it's also essential that you know the danger signs.
In almost all cases, legitimate organisations will not 'cold-call' or email you asking for confidential information outright.
There are exceptions, however. For example, in response to your Support Request email to Internode, we may contact you for details to assist us in identifying your account or authorising changes - but only when you have contacted us first. If in doubt, disclose nothing.
Financial Institutions will never ask for your details via email, due to the potential for breaches of privacy and security.
|Figure 3: Example Phishing Email: A typical bank scam|
Look carefully at this example of phishing email. The link address (in blue) may at first appear legitimate - however it has an addition to it that makes for a different link altogether. The top level of the link - .account-updateinfo.com - is quite different to the bank's official Internet domain of .firstgenericbank.com - and means it's a completely different website.
And remember, no bank or organisation will ever ask you for your private credentials via email unless in response to your own request.
|Figure 4: Example Phishing Website: A typical website set up for phishing|
Phishing emails will often direct you to website that looks a lot like the legitimate website they are impersonating, particularly in terms of graphics and text.
However, there are some subtle differences. Critical details to look out for include the encryption symbol (typically shown by a padlock symbol in the bottom left or right corner depending on the browser); 'http' instead of the more usual 'https' in the address; and/or warnings from your web browser of invalid certificates.
All residential and commercial broadband routers ship with a set of factory default settings. These are usually the same across a brand's entire range. These settings include the administrator username and password used to log in to the router. You should change this password as soon as you have set up your broadband router.
Routers that still have their default usernames and passwords are easy prey to attacks from the Internet. The Internode Network Firewall prevents many of these attacks, and is automatically enabled for all residential broadband services.
Furthermore, many broadband routers are shipped with wireless enabled and not secured in any way. This means people may be able to use your Internet connection, and snoop on your Internet traffic. To prevent this common exploit, Internode ships routers with the wireless access disabled.
Please follow the instructions carefully when setting up the wireless on your broadband router. It is best practice to have your wireless secured with WPA2. WPA can be used if your devices don't support WPA2 - but be aware it can be cracked in under a minute with the right software.
Suggestions for router security include:
Complex passwords are a vital aspect of personal security. The better the password, the harder it is for it to be broken by brute force or simply guessed.
A good way to make a strong password is to include capitals, lower case, numbers and symbols (if allowed). This is the approach used to generate passwords for Internode services.
A trick to remember complex passwords can be mnemonics such as: I have 8 Cousins, 6 aunts, 3 Uncles and 2 grandmothers. This mnemonic results in the password 'Ih8C6a3Ua2g' - a very strong password that is virtually impossible for others to guess.
Examples of strong and weak passwords include:
The Strong Password Generator can help give you some more ideas.
Staying smart online is an important aspect of being safe. You shouldn't share any personal details with people you meet online unless you trust them implicitly. You never know who could be trying to get your details for malicious purposes, be it your physical safety or your financial security.
Personal details, even subtle ones, can be used to dig up a large amount of information if one is careless. A school photo might show the school's name, pictures of a home party may show the address and with enough information one can do quite a bit of damage. Coupled with the right questions it's quite easy to socially engineer some chaos if one is a little loose with words.
Be careful when in online discussions. You may feel anonymous through the text-only connection or behind a screen name, but personal details in profiles or given away in conversation can be used against you. Don't forget that anything put online, even if the site is taken down, can still be found for years after in caches or backups.
A special consideration with webcams is that anything you broadcast is easy to record or take snapshots from. There are several examples of these being used as blackmail material.
Also it is important to remain vigilant and know exactly what your software does. If you don't know, do some research to find out if it has any problems with set ups or security. The Internet is a treasure trove for this sort of information.
Just because a program is used by a large portion of the market, it does not mean that is the most secure or the 'best'. In some cases it can cause the opposite, as the large sized user base may cause it to be a target.
Finally, backing up your data is a smart thing to do. Keep a fresh copy of important data away from your machine, so if you are compromised you will be able to recover your information.
Further reading and resources are available from the Australian Communications and Media Authority at http://www.cybersmart.gov.au/