Cyber Security: It’s Not all Doom and Gloom – Here’s What To Know
CONTRIBUTED BY MICHAEL KLOTSMAN, EDITED BY BYAWOMAN
There are a lot of bodies that have formed to help towards establishing open, clearly defined and majority-accepted standards & technology, that have the well-being of society primarily in mind.
Notable examples include the Electronic Frontier Foundation (EFF) , the FSF, the Tor Project and others, including the efforts of individuals such as Edward Snowden, Linus Torvalds (Linux Foundation) and Richard Stallman (GNU Operating System).
But when it comes down to it, what can the average person do to secure their computer devices?
The solution is spread across multiple facets, where some are easier to deal with than others.
We must note though that there are psychological factors to consider. We all resist change and respond to the challenge differently. A few measures involve user intervention and being mindful of how to sensibly operate our devices. The best place to start is where home is closest; your personal computer devices. You most likely have a desktop or laptop computer and most certainly possess a mobile device and possibly a tablet as well.
First, however …
Before getting to the details of how to protect yourself, it’s important to have a look at the different categories of harmful programs, also known as malicious code, and what they can do and how they are contracted.
Virus:
This is the most commonly used expression for any harmful program that infects and affects the operations of a computer. However, the term doesn’t actually encapsulate all the categories of harmful programs that exist. For the sake of description, a virus is a form of a malicious software program/malware that, when executed, inserts its code into other programs to corrupt or modify them. This can be miscellaneous files on a storage device or more direly the boot sector of a storage device – the part that allows the computer and storage device to communicate and load the operating system of a computer. This is a horrible place for malware to work as it can have access to almost all the processes of modules that the operating system loads, and loads infections before everything has actually loaded.
The most targeted software platform for viruses is Windows. Unsurprising, as most desktop/laptop computer users run Windows. In the mobile world, Android is probably the second most attacked operating system. Unfortunately, viruses cause a great deal of damage, up to billions of dollars a year, by causing hardware/data damage and slowing down computers thus losing time and electricity.
Naturally, the counter proposal of this led to the advent of antivirus programs.
Worms:
This refers to a standalone malware that depends on spreading itself to other computers over a network. They are benign in design, in relation to causing specific hardware/data damage, but they are a nuisance as they consume network bandwidth and can be used in combination with additional malware that can actually cause damage, referred to as a payload. Worms are mostly spread through emails and instant messaging platforms. They are usually used for phishing attacks – the process of extracting usernames, passwords, credit card numbers etc.
Trojans:
These are named after the Ancient Greek story of the wooden horse used as a decoy to infiltrate Troy. Understandably, these are quite insidious as they pose to be something they’re not; social engineering exploitation. For example, you are sent an email with a seemingly innocent looking form to fill but, by opening the document, it acts as a backdoor to the computer device and executes whatever payload it was written to perform. They can also spread over a network and are usually used to access personal information. Trojans are used to facilitate a very cruel malware known as Ransomware.
Ransomware:
Ransomware is a type of malicious code that utilises cryptovirology. This attempts to lock the user out of accessing their system and/or non-encrypted data. More advanced versions of ransomware take it a step further and go through the process of encrypting a user’s data, by which the data is encrypted with a specific irreplaceable key, and the infector offers the key for money i.e cryptoviral extortion. This alone can be devastating. Plenty of people and companies have been hit by ransomware. In the case of businesses, having all their company and client data locked away, has led to a noticeable growth in this extortion racket. It is advised never to pay as it does not guarantee you will actually get the key to unlock the data but, in all honesty, it’s understandable if you do.
When a close friend was a victim of a ransomware attack, which was an invasive, seemingly helpless situation, I much better appreciated how computer security isn’t strictly a technical issue but one of the mind and heart as well.
Spyware:
As the name suggests, spyware is software that is meant to infiltrate a system, stay unrecognised and simply parse data it has been instructed to. There are a couple of categories within spyware:
Keystroke Logging (a.k.a keyloggers) – These run covertly and simply record every key pressed on a keyboard/touchscreen. Naturally, knowing all the keystrokes of a user reveals a lot of sensitive information, including their passwords.
Rootkit – All computer operating systems have a hierarchical system to manage user privileges. Administrator/root encapsulates the highest level of privileges. If executed properly, the infector can have full control and access to the affected computer. These are tricky to find and clean as there are multiple avenues to infect and if any reside intelligently in the storage boot sector, or even worse in the operating system kernel, this possess a massive security risk. With elevated privileges, you can not only read or delete sensitive data but change settings of the operating system.
Adware:
We’ve all seen these. Adware is software that displays adverts on a webpage for the purpose of generating revenue through the adverts. They typically analyse a user’s browsing habits and calculates how to target relevant ads. It’s not technically harmful, compared to ransomware or viruses, but they do teeter on the edge of discomfort as they can be quite invasive in their monitoring capabilities.
There are other categories but they get a bit more technical. However, the above is sufficient to get a sense of the common denominating malwares.
So how do we protect ourselves?
Note: This is written with desktop/laptop computers specifically in mind but the principles apply to mobile devices as well.
1.) Use an antivirus program. Any antivirus worth their salt utilise detection algorithms that work with real-time pattern detection (heuristics) and pre-existing/determined virus patterns stored in a database. These tackle the majority spectrum of malwares.
My recommendation would be ESET NOD32 Antivirus. The company is reputable, has been operating for a long time and, from my experience, the software is very effective at catching malware while requiring very little resources from the computer, leading to better protection and performance overall.
2.) Use a firewall. A firewall is a monitor and filter of any network traffic flowing through a computer system. Any network requests made to either upload (outgoing) or download (incoming) data for X program are managed by a firewall. From a basic level, a firewall can be used solely to manage the traffic flow for programs you use but they can get more advanced where you can actually regulate the core network protocols and addresses for the computer.
My recommendation would be either Comodo Firewall or ESET Smart Security if you would like the antivirus and firewall integrated in the same program.
3.) Keep your software up-to-date. This is a super important point. Most malware work off exploits and vulnerabilities in the software environment they run on, whether it’s the operating system or X program you use. All major software firms are perpetually dealing with protecting their software from threats so make sure to keep the operating system updated and any other programs you depend on.
4.) Use encryption. Very effective for internal and external storage devices, like flash disks or portable hard drives. Encrypting them ensures no one can access the data without knowing the appropriate password.
5.) Backup Data. Losing important data, under any circumstances, really sucks. The practice is indispensable as you never know when the original storage device will break down or situations such as a ransomware attack.
6.) Use different passwords!! Everyone knows this point but it can be a hassle to have to remember so many passwords. However, neglecting this can have severe consequences. If you are using one password for everything, and it is determined, you’re risking someone accessing every account you used it with. Vary your passwords; make them at least 8-10 characters minimum, add character variety i.e numbers, symbols like ^, % etc.
7.) Alternative software. Depending on the balance between your responsibilities, technical interest and personal ethos, this is tricky to answer. However, I can at least recommend a basis to start with.
– Operating System:
Instead of Windows (google ‘windows 10 privacy’) or even Mac OS, you may consider trying a version of GNU/Linux called Ubuntu.
– IP Communication:
There’s a nice communication program, called Wire, that is a very secure, open-source alternative to Skype & WhatsApp.
– Email:
Tutanota is a well-developed open-source email service that puts technical and social security at the forefront.
If you can implement and adapt to any of the above, you’re one step closer strengthening your own fundamental digital security and integrity.
The Future – Internet of Things et al.
This is a tough one to predict, but, based on the activity in the respective industries so far, there are a few technological advancements that will change the course of humanity. The first would be IoT (Internet of Things). This is technically achievable but not completely ironed out and finalized yet – not to mention the security implications. Next would be AI (Artificial Intelligence). The last pointer would most likely be the Neural Lace (interface between the human brain and a computer).
Editor’s Note:
Now that’s a handful to imagine; beyond trying to protect yourself, thinking of how to either meaningfully contribute to or thoughtfully utilise these technologies.
***
“As part of the human race, I am fascinated with the nature of existence and human behaviour. Technology, which is also fascinating, is the field I currently practice in as an independent IT consultant & technician.”
Michael Klotsman
*views expressed are the author’s own
Byawoman is dedicated to inspiring and enriching our lives through the stories we share as we navigate this life. Is there a story I can help you put together and share? Would love to hear from you. If you enjoyed this story it makes sense to touch base with the first part of the #byawomantechmonth on why we ought to care about cyber security.
No Comments