Why Common Sense is Vital to Computer Security
I read an article about the how Justice Department in Canada launched a mock scam as a security exercise to determine how the employees react to a phishing e-mail. Much like a real phishing e-mail, the mock e-mail was made to look like an official government or financial institution e-mail, with a link to a fake website made to look like a real site.
The results showed that people can still be tricked into navigating to a fake website with the intention of obtaining personal information. Unfortunately, phishing is still a popular method for malicious people to get information from others, and use that information for criminal purposes. This is a good reminder of how important it is to be vigilant about what we do while online, regardless if it is viewing a website or checking e-mail.
Common Sense is The Basis for Computer Security
I have talked about different ways you can secure a computer and a home network. There are many articles online that discuss security, and many tools – both free and paid – that you can use to secure your home network.
Above all else, as the Justice Department found out, is that common sense is one of the most influential forces for securing computers in a network. Without common sense, any security measures put in place can be defeated.
Phishing e-mails and malicious websites have been around for many years, and that won’t change anytime soon. Malware has been around even longer – since the DOS days – and the amount of malware being developed has slowed down. In fact, malware development has increased, and has also become more advanced and has even implemented ideas that come from the security world. For example, by using private keys, Cryptolocker encrypts local data files until a ransom is paid.
Much of the malicious software that is active on the Internet is spread through e-mail. A user opens the e-mail, downloads an attachment, and then runs the attachment. The attachment could be disguised as a document, but is in fact and executable that silently installs and runs malicious software.
The above scenario can easily be prevented if the user receiving the e-mail uses common sense to realize they shouldn’t download and run attachments when they aren’t sure about the contents of the attachments. Even if they recognize the sender, sometimes it would be beneficial to send a follow-up email to the sender to verify the first e-mail.
While you probably don’t want to do this with all e-mails from a person, especially if you are expecting an e-mail with an attachment, you should be vigilant if you receive an e-mail with an attachment out of the blue from someone.
Not Using Common Sense Affects All Systems
There has always been a great, and often heated, discussion online about the security of specific operating systems. Windows is always blasted for its security, while Unix-flavor operating systems are praised for security. I am of the mind that all software is insecure – period.
Does that mean I will stop using a computer? Not at all, I just won’t assume I will always be protected.
I have used Unix operating systems in the past, and while they do need more technical skills than Windows, they seemed to be less resource-heavy than Windows. The problem was all software that I use runs on Windows, and with my computer being shared at times with non-technical users, Unix just isn’t an option for me.
Do I feel I am at risk of malware because I am using Windows? Not too much because I use common sense when using my desktop, and have implemented both network-level and system-level security that helps keep me protected.
My desktop is 4.5 years old, still runs the original install of Windows 7 and has never had malware installed – ever. Using common sense and knowing what I needed to do to protect my system has kept my computer safe.
Of course, I have also worked on other Windows computers that have had a lot of malware installed, to the point where the computer was almost unusable. Further analysis of the computer tends to point back to the user of the computer. I always say – computers don’t get viruses, users do.
After performing malware analysis, I realize that the user installs unwanted applications during other application installations, download Web browser toolbars, participates in file sharing, opens e-mail attachments, and doesn’t keep their operating system and applications updated.
Most of these issues can be prevented by basically being vigilant about what the user does on the computer. Installation of unwanted applications, toolbars and opening e-mail attachments can easily be stopped. Operating system upgrades have become automatic, which just leaves application updates for the user to remember to do once in a while.
Secunia’s Personal Software Inspector can notify you when an application update is available for download, so it helps you to keep your applications updated.
By not using common sense and having malware install on your system not only impacts you computer, but it could have malicious consequences for all computers on your home network. This becomes a larger problem for a computer on an enterprise network. Practicing vigilance by using common sense is vital not only for computer security, but network security as well.