Keep security advice current

Cliches about safe computing behavior aren't enough, because e-mail, surfing, and patching vulnerabilities change all the time.

Remember when computer security was simple? Advice was as easy as, "Don't boot with a floppy drive in your A: drive" and "Don't enable the macro to run." Boy, do I long for the days of yesteryear.

More and more, application vulnerabilities are being announced every day, whether it's something attacking Apple QuickTime, Macromedia Flash, YouTube videos, Adobe Acrobat, or Microsoft Office. And telling people not to open untrusted content is like telling them not to open e-mail from people they don't know. It's not bad advice, but you can't stop there.

You've got mail

On the "don't open e-mail from people you don't know" recommendation, malware has been using e-mail address books for nearly a decade now. Malicious spam and e-mail often comes from our friends, parents, and coworkers. The better advice is not to open e-mail that is unexpected, seems out of character for the sender, and contains links or content to click. When in doubt, e-mail or call the sender and confirm that they really meant to send it. Or do like me, and just delete it when there's a shadow of a doubt. I can't trust my friends and associates to thoroughly validate the stuff they send me. To them it's a cute little animated GIF or a YouTube video of a hot girl dripping barbecue sauce over a less hot car. To me, it's probably malware. It's just the way my mind works.

All these years later, you still can't tell people to open e-mails from only people they trust. Targeted spearphishing is becoming more common. You can't count on mispellings (sic) and bad grammar to alert you to a phishing attack. They have your name and your interest [for example, your bank account, Better Business Bureau complaint, 401(k) provider, and so on]. I won't give you my bank logon info, but there's a good chance that I'll respond, strongly, to my Dell laptop warranty expiring earlier than what I paid for or object to an unauthorized change in my 401(k) portfolio. Those malware guys are sneaky.

Surfing safari

Today, the frequent advice you'll get, in the face of application malware, is to not open content from or visit untrusted Web sites. That is so 20th century! Unless you've been hiding under a rock for the last few years, security article after security article has been detailing how malware is being served up by the Web sites we trust most. It's the NFL Web site, travel site, news site, political gabfest site, and blog that we all love. They get compromised, we visit, and we get infected.

The popular Web site is compromised through its own application vulnerability and ends up serving malware to visiting users. Or it has banner ads that push malicious content. Or the favorite search engine contains highly ranked results that are thoroughly malicious. If you haven't gotten the memo, malware is infecting us from sites and people we explicitly trust! And this isn't something new. Years ago, during the initial minutes of the Nimba worm outbreak in 2001, one of the world's most popular news Web sites tried to infect me. I was reading that hour's news when all of a sudden Notepad kept popping up, displaying gobbledygook (that's a technical term). I had closed Notepad a few times before I realized that what was happening was a result of my computer security defense. In an effort to render malicious scriptable content harmless, I had remapped the Windows Scripting Host file extensions (such as ".vbs") to be reassociated with Notepad instead of Wscript.exe or Cscript.exe. I finally realized that my defense was actually working. What I thought was ASCII character gobbledygook was instead encrypted executable content.

Patch and learn

The advice I give family, friends, and readers is this: Stay fully patched, with both your OS and your applications. If you don't check your entire patch status on a regular basis, you're probably not completely patched. Run Secunia's Software Inspector as a check if you don't have anything else. It isn't enough just to check your OS and biggest vendor's patching status. Run anti-malware and firewall software on the computer and keep it up to date. Perimeter security won't suffice.

Educate your end-users about the risk of attacks from Web sites they know and love. Users should be encouraged to be skeptical about all downloads, whether or not they come from a "trusted" site. Tell your users to never install video codecs, even if they promise to let them see the latest cool video. Explain to them that free software is rarely ever free. Teach them how to recognize malware warnings from their legitimate anti-malware software and, conversely, how to spot fake advertisements telling them that they're infected. Tell them not to download and run anti-malware programs that appear to detect the threat first and then require the download. That's backward.

Join the PC World newsletter!

Error: Please check your email address.

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Roger A. Grimes

Show Comments

Most Popular Reviews

Latest News Articles


PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?