http://media.bestofmicro.com/6/O/678048/original/Toms-Guide-Security-101-WID.jpg

How to Protect Your Identity, Personal Data and Property

Introduction

Between malware, botnets, viruses, worms, ransomware and DDoS attacks, it may seem impossible to protect yourself online. The trick is to stay abreast of all the latest threats and to know what to do when the worst happens.

That's why we've created this page as a one-stop shop to safely protect your data and privacy. We're going to keep changing and expanding this page, so please use the comments to let us know what you'd like to see — and don't be afraid to hit us up with any security questions you may have.

Latest Security Alerts

— At least eight apps in the Google Play store were infected with botnet malware. The apps, which were "skins" for the popular block-building game Minecraft, were installed by as many as 2.6 million Android users. Google has deleted the apps from most user devices. ADVICE: Make sure you don't have any apps developed by "FunBaster," and run antivirus software that screens new apps on your Android device.

Illustration: Tom's GuideIllustration: Tom's Guide

— A new strain of encrypting ransomware is being distributed by the venerable Magnitude browser exploit kit. Dubbed Magniber, the ransomware targets only Korean-language computers for now. But as Magnitude's reach is worldwide, expect to see the ransomware hit other language markets soon. ADVICE: Install and run Windows antivirus software.

— Lenovo rushed out patches for its Android tablets, Vibe and Zuk smartphones, and Moto E3 and Moto M phones. It seems a Lenovo-only app called Device Service let attackers remotely hijack devices. ADVICE: Install all app updates from Google Play, and then go to Settings à Apps à Device Service to make sure the current version is 4.8.0.2403 or later. If not, point your device's browser to https://support.lenovo.com/us/en/solutions/ht505318 to download and install the app package. (You will have to temporarily allow "Unknown sources" in Settings à Security to do so.)

— A Belgian researcher disclosed KRACK, a very serious security flaw in Wi-Fi network protections. KRACK lets a nearby attacker hijack encrypted connections to and from smartphones, computers, tablets and other devices. ADVICE: Update the software on all your devices, especially Android and Linux ones, constantly for the next few weeks as patches to seal the KRACK are rolled out.

— A very serious encryption flaw was disclosed in Infineon Trusted Platform Modules (TPMs) used in business laptops, "smart" identity cards and USB authentication keys. Attacks upon specific targets will break TPM encryption, although so much computational power is still needed that mass attacks are unfeasible. ADVICE: Update your laptop's firmware. If you use a YubiKey authentication key, check the Yubico website to see if yours needs to be exchanged for a newer model.  

What to Do If...

Many common scenarios can be resolved, some more easily than others. Here's what to do if....

Illustration: Tom's GuideIllustration: Tom's Guide

Current Scams

Tech-support scams: These usually come as random phone calls from technicians claiming to represent Microsoft or "Windows." They'll say there's something wrong with your computer, and that you need to install software so that they can get remote access to it. Advice: Hang up.

Illustration: Tom's GuideIllustration: Tom's Guide

Fake IRS/police scams: These are phone calls or text messages from people who claim you've broken the law or owe back taxes. They'll say you face immediate arrest unless you pay a fine, often via Western Union or a similar service. Advice: Ignore them and report any such calls to the real police.

Fake antivirus: These mostly arrive as pop-up messages in a web browser. They'll say your computer is infected, and that you need to purchase and install an antivirus product immediately. Advice: Don't do it — the products are almost always bogus, and some might actually be malicious.

Security Terms You Need to Know

Banking Trojan: Malware designed to break into online bank accounts. Banking Trojans often infect web browsers, then lie in wait until the user logs into an online bank account. The end goal is to transfer money from your account into accounts controlled by cybercriminals.

Illustration: Tom's GuideIllustration: Tom's Guide

Botnet: A network of otherwise unaffiliated machines running malware that has them working together on particular tasks. It puts the infected machines — often thousands at a time — to work cracking passwords, sending out spam or distributed denial-of-service attacks.

Cybercrime: An action that uses a computer, smartphone or computer network to commit a crime, or to target any of those devices during such a crime.

Data Breach: The accidental or deliberate release of digitally stored sensitive information to unauthorized parties. If a hacker were to break into Facebook's user database, that would constitute a data breach, but so would a health-insurance executive losing his laptop.

Identity Theft: The assumption of another person’s identity for financial or personal gain. In its mildest form, it may involve credit-card fraud; a worse scenario might involve a person who obtains mortgages or other loans while posing as someone else.

Malvertising: Malware that attempts to infect computers through infected browser ads. In many cases, you don’t even need to click on the ad to get your computer infected.

Malware: Any kind of unauthorized software designed to harm or steal from the user or the host computer system. Malware generally includes viruses, worms and Trojans (which refer to different infection methods) and spyware, rootkits and ransomware (indicating different kinds of post-infection activity).

Ransomware: A form of malware that locks up a computer screen, or encrypts the user’s personal files, and then demands that the user pay to free up the screen or files. Ransomware also hits Android devices and, occasionally, Macs.

Social Engineering: Tricking a human into doing something that compromises security. For example, today’s phishing emails trick you into opening malicious email attachments by saying you need to pick up a package, pay an invoice or respond to a lawsuit.

Spam: Unwanted messages, usually touting a service or product, that arrive in your inbox. Spam also comes via text messages and instant messages. Some spam contains malicious attachments, but that's rare, and most is perfectly legal.

Trojan or Trojan horse: A form of malware that hides inside a benign-seeming piece of software. The Trojan activates when a human opens the software. Malicious email attachments are usually considered Trojans, as is malicious software hidden inside web pages.

Virus: A form of malware that can’t exist on its own and must persist as a malformation of the code of a host piece of software. Viruses usually spread when infected files are copied from one computer to another. When the infected files are opened on a new machine, the virus will replicate by copying its own code from an infected file to an uninfected file.

VPN: A virtual private network creates a secure "tunnel" through the internet, encrypting all internet traffic between your computer or smartphone and a server on the other end. Companies use VPNs so employees working remotely can securely access the company network.

Worm: A form of malware that exists on its own, as a stand-alone program, and that can spread itself from one computer or device to another along a network.

Zero-Day Exploit: An attack that exploits a previously unknown software or hardware flaw. It's called a "zero-day" because it appears before software developers have had time to fix the flaw, or to prepare security software against the attack.

Create a new thread in the Antivirus / Security / Privacy forum about this subject
No comments yet
Comment from the forums
    Your comment