Anti-virus software alone is not enough to protect against today’s sophisticated online threats – you need comprehensive protection, especially if you’re doing anything financial, or social networking.
That’s the message from security software provider Symantec, which recently released a list of security threats to watch for in the months ahead. Proper protection, says Symantec’s Vice President & Managing Director, Pacific Region, Craig Scroggie, should also include intrusion detection, intrusion prevention, firewalls and password management.
“The reality is, security is a complex challenge; protecting people in the number of mediums they use online today, so it’s not just your computer or your browsing the internet; it’s your email, it’s instant messaging, it’s the social networks you participate in,” he told NetGuide. “Anti-virus is only one element of a complex paradigm in terms of how you use the internet.”
Malicious programs, Symantec says, are now being created faster than good programs. Last year it identified more than 240 million distinct new malicious programs, a 100% increase over 2008. The latest security software is able to identify good and bad programs based on reputation – if it’s had lots of downloads and no complaints, it’s probably okay.
A primary way of attacking computer users these days is social engineering: luring them into voluntarily downloading something malicious disguised as something benign.
“The significant growth in social media means that more people have access to be able to trick you in a social engineering sense, like they would have in the real world,” Scroggie says. Social media users need to beware of messages from people purporting to be ‘friends’ inviting you to click on a link to look at something good. Chances are, it’s not good at all. Another trick is that pop-up telling you that your computer is infected with something and offering to fix it. Never touch these; their intention is just the opposite.
Web-based applications can be useful and fun, but beware of messages inviting you to download apps. The recent OWASP conference of security experts had some serious discussions about them, says convenor Roberto Suggi Liverani.
“Always double-check your source: is what you’re installing something you really need to have, and do you really trust the source? Check if there are any other users who have downloaded the application and have experienced any problem,” he says. “Social networks like Facebook – anything which can share content with other users – is a vector to being attacked, especially if you get a message from your friend suggesting you click on this or download this application. Maybe your friend didn’t send that link in the first place; maybe they were a victim of another attack.” Finally, if you use instant messaging (IM), avoid any messages containing web links. They’re a growing source of malware.