When we think about computer security, it can be sometimes be a daunting prospect. With the inter-connectivity of all our modern computer devices, wireless peripherals and networks, it can be overwhelming when you think of all the ways ‘something’ can gain access to your PC. Sometimes when thinking of security, its best to work backwards by thinking of ways to gain access to a system-
Network
Windows prompts us, when connecting to a new network, what network permissions should be; is this a trusted home network, a semi-private work network, or a public access point? Based on these settings, Windows can help to mitigate outside connections to your system. Home and Work networks allow the most connectivity and file-sharing abilities, while public networks allow the least. It is very important to choose the appropriate settings here, as computers can be discoverable as soon as they connect to a network. With the right hacking tools, someone could gain access to your system in under a minute.
Phishing scams and trojans are most commonly picked up by email attachments. The most successful attempts are those that hijack a user’s email account, replicating and spreading by sending emails to everyone in their contacts. If you’ve ever gotten an email from a Nigeran prince, you’ve been the victim of a phishing attempt.
Trojans are files or programs masquerading as something else; when downloaded and opened, they create a ‘backdoor’ of sorts that allows the creator access to the system. These function exactly like the famous historical horse they are named for. Leave these outside the gate.
Pop Up Windows
Pop-up windows are extremely common when surfing the web; malware already on your system can exacerbate pop-ups showing when surfing the web. These pages can be programmed and designed to say anything; we’ve seen some that access the user’s webcam and takes a photo, including it in the page and demanding a ransom to remove the software. Most can be fairly easily removed if you know what you’re looking for.
The most nefarious of these are actually programs that resemble pop-ups. What makes these the worst is that the ‘X’ button on the top of the screen masquerades as something it’s not. Instead of just closing the window, additional scripts are added that tells the computer you have approved / accepted the program installing software or gaining control of the computer. This is the only virus I’ve personally ever fallen for early in my career.
Physical
This is an aspect we rarely think about, but it’s an extremely important one. Stepping away from your laptop for a minute at a coffee shop is long enough for someone to download and execute a program, or pop in a jump drive. Even desktops can be vulnerable; we recently built a server for a local print company here in Huntsville, and chose a computer case that included a locking front door that covered the power button, USB bays, and disc drive for this very reason. While this solution can be worked around in a few minutes, thats plenty of time for the agent to be caught and stopped. Creating a user name with password and logging out when away from the keyboard has become standard procedure at most companies that have workstations.
Your sensitive documents can even be vulnerable while they’re on your screen right in front of you; someone peering over your shoulder or sitting next to you on an airplane can get enough of a vantage point to make notes on whatever you’re working on. Obfuscating screen covers can be purchased for a few dollars, that make the screen look black from any angle other than straight on view.
For more on physical security of computers and viruses, do a google search on the ‘Stuxnet’ virus, and how it came to infect the computers of a nuclear power plant in Iran that weren’t connected to the internet. Fascinating stuff!