Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

Best Practices - Internet Safety for 2008

Post new topic   Reply to topic    Spyware Warrior Forum Index -> Security Notices & News
View previous topic :: View next topic  
Author Message
Junior Member

Joined: 24 Jul 2007
Last Visit: 09 Apr 2009
Posts: 43
Location: Roanoke, Virginia

PostPosted: Tue Jan 01, 2008 7:04 am    Post subject: Best Practices - Internet Safety for 2008 Reply with quote

When I first entered the security profession in 1996, there were risks associated with not being informed or technically protected from the dangers circulating in email and on the Internet. The only significant change is that things have worsened and the dangers are far more deceptive even for experienced users.

Below is a list of technical safeguards and best practices for the coming year. This list isn't complete and some folks won't agree with all items on the list. Still, following most of these protective principles below can help keep you and your family safer the coming year.

The key is to educate yourself on the security risks circulating and ways to avoid these dangers through best practices or technical safeguards.

Best Practices - Internet Safety for 2008

* Anti-Virus (keep it active and updated)
* Firewall (bi-direction preferred)
* Anti-Spyware
* Spam Filter
* XP users move to IE 7 for better security
* Hosts file (advanced users)
* Anonymizer (advanced users)

* Backup any files you don't want to loose to CD, DVD, or flash drives
* Apply Windows and Office Updates as soon as possible - Turn Automatic Updates on (use Microsoft update for both environments)
* Update all Software products periodically on your system
* Run virus scan scans periodically (weekly)
* Run anti-spyware scans periodically
* Clean up your recycle bin, temp areas, etc.
* Use UAC in Vista and prompt warnings in other Operating Systems
* Authenticate and register your version of Windows (including WGA checks)
* Read the EULAs in any software being installed
* Create a protected account (aka limited account in Vista or XP)
* Avoid entering sensitive information or performing e-commerce on a shared public PC in a cafe, hotel lobby, or library
* Avoid P2P File sharing sites for "free" music or videos
* Ensure you are using a trusted website and secure servers for e-commerce
* Use complex passwords of 8 characters or more (at least 1 letter and 1 number, plus 1 upper/lower case -- and special characters if desired)
* Change your passwords periodically
* Protect your privacy - Never share your SSN, bank account, credit card, or other sensitive personal information in emails or enter them on websites (unless you are doing so purposefully on a secure server)

* Avoid email attachments where possible
* Avoid clicking on any URLs in email (even to opt out of spam)
* Use plain text mode in email if possible
* Avoid links and files shared in Instant Messaging software
* Never open email from someone you don't know (line up all spam in your in-box and delete it)
* Avoid taking actions or clickin on URLs in official looking email from banks, government, etc. (verify by phone or on the primary website)
* Avoid e-cards which are not from a specific person (and check with the sender if you are unsure)
* Never install updates or free security software from an email attachment or URL

* Avoid clicking on banner ads where possible
* Avoid visiting untrusted and inappropriate websites
* Be careful of Internet search results as malware authors are seeding malicious websites with malware
* Complementary browsers (e.g., Firefox, Opera) have good security track records, phishing filters, and other safety measures (e.g., NoScript) that can be used in addition to IE 7 with no conflicts. You can use these as a tool to cross-check questionable sites.
* Completely clean your browser cache regularly of all temporary files, history, cookies, passwords, etc.
* Enhance your browser from automatic processing to prompt warnings where possible (advanced security settings in IE)

* Your computer may be infected with malware when performance deteriorates, browser pop-ups appear, home pages change, firewall warnings are issued, etc.
* When cleaning malware infections get technical assistance from a technically savvy friend preferably who can visit at your home or experts at a security website
* Find out the name of the malware you are infected with (as you must clean uniquely based on how you are infected)
* VirusIntel.com offers a list of free online and command line scanners from many AV vendors
* Free Standalone cleaners may be available to remove some difficult malware agents
* Use SAFE MODE to remove difficult malware
* Change your passwords after an infection in case a backdoor agent transmitted it

* Gain better general knowledge on security through articles, blogs, and security websites
* Stay informed - Follow the latest security developments on what to avoid or how to protect yourself against dangers
* Look for updates in any software you are running and install them promptly, so that you are always on the latest version
* Avoid email hoaxes circulating where you are asked to "pass on a special warning"
* Remember that there are "no free gifts" or "special bargains" for you from strangers on the Internet
* Setup separate user accounts for your children and use Vista's Parental controls
* Educate your children, family members, and friends
* Use a "Lessons Learned" approach when you make mistakes to avoid them in the future

Below are an older set of best practices authored in my prior company almost 7 years ago. While the dangers are more hidden and technically innovative, security protection is all about staying informed and keeping key technical safeguards in place. Security is about risk management and an ounce of prevention is always worth a pound of cure. Most of these concepts below still apply even though technology has changed substantially since then:

Best Security Practices (written during 2001)
Back to top
View user's profile Send private message Visit poster's website

Joined: 11 Aug 2005
Last Visit: 20 Aug 2009
Posts: 85
Location: NY

PostPosted: Fri Jan 04, 2008 2:54 pm    Post subject: Reply with quote

That's a good list. Thanks for sharing.

One thing that comes to mind for home users is to change the default password on their home router. There has been proof of concept attacks that will change your home router's DNS to malware sites to enable phishing that is that much harder to detect. Also using encryption on any wireless part of their network will help prevent eavesdropping.

Back to top
View user's profile Send private message

Joined: 13 Jan 2009
Last Visit: 15 Jun 2009
Posts: 51

PostPosted: Tue Feb 03, 2009 9:14 am    Post subject: Reply with quote

Thanks for the helpful advice Smile
Ninja Mode [ON] [OFF]
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Spyware Warrior Forum Index -> Security Notices & News All times are GMT - 8 Hours
Page 1 of 1

Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group