10 quick fixes for the worst security nightmares
The program also gives you links to the software vendor's site as well as Secunia's full report about the vulnerability on your system. You can choose to block future warnings about a particular program (but you should, of course, be careful before doing so).
Secunia PSI isn't perfect, and doesn't always make it easy to update unsafe program components. But for most apps it provides a quick -- and very important -- fix.
Fix 3: Let the latest browsers fight for you
The most insidious hijacked Web pages are nearly impossible to spot. Tiny snippets of inserted code that don't display on the page can nevertheless launch devastating behind-the-scenes attacks.
Trying to avoid such pages on your own is asking for trouble, especially since crooks like to hack popular sites -- attacks against sites for Sony games and the Miami Dolphins are just two well-known examples. But new site-blocking features in the just-released Firefox 3 and Opera 9.5 browsers provide some shielding.
Both browsers expand on the previous version's antiphishing features to block known malware sites as well, whether they're hijacked pages on legitimate sites or sites that were specifically created by bad guys. Neither browser completely eliminates the risk of landing on such pages, but every additional layer of protection helps.
Microsoft plans to add a similar feature to Internet Explorer 8, but this version won't be ready for prime time for a good while. For more on the browsers' improved security, see "New Browsers Fight the Malware Scourge."
Fix 4: Sidestep social engineering
The most dangerous crooks use clever marketing to get you to do their dirty work for them and infect your own PC. Lots of social engineering attacks are laughably crude, with misspelled words and clumsy grammar, but that doesn't mean you should dismiss the danger. Every now and then, a well-crafted attack can slip past your defenses and lure you into opening a poisonous e-mail attachment or downloaded file. A targeted attack might even use your correct name and business title.
To fight back, turn to a simple but powerful tool: VirusTotal.com. You can easily upload any file (up to 10MB) to the site and have it scanned by a whopping 35 different antivirus engines, including ones from Kaspersky, McAfee and Symantec. A report tells you what each engine thought about your file. While some (such as Prevx) are prone to false alerts, if you get multiple specific warnings that include the name of the particular threat, then you almost certainly want to delete the file.
A lack of warnings doesn't guarantee a file is safe, but it does give you pretty good odds. Use VirusTotal to check every e-mail attachment and download you're not 100% sure about, and you'll avoid insidious social engineering.
Reprinted with permission from
Story copyright 2009 PC World Communications. All rights reserved.
security
Additional Resources



Learn the important issues you must consider before starting your next mobility initiative. Get your mobility white paper from IDC now, compliments of Sybase.
White Papers & Webcasts
Death to PST Files
Download Now
The Tangled Web: Silent Threats & Invisible Enemies
Download Now
Tape Killed the IT Guy
Watch Now
Forrester Consulting Mobility Study: Taking Control of Enterprise Mobile Device Diversity
Download Now
BRM: What You Can Do To Reduce Risk In Challenging Times
Watch this webcast now!
What IT Must Do to Support Employee-Owned BlackBerry, iPhone and Android Mobile Devices
Download Now
Web 2.0, Social Media and the Dark Web - A Web Criminals Paradise?
In this discussion, learn about the challenges of protecting your users from the potentially unsafe content hidden in the "Dark Web".
eGuide: Enterprise Security
Smart Security Strategies for 2010. Read now!
Disaster Recovery 2008: Reduced Costs and Improved Performance
How long can your Enterprise afford to be without your data? With an accelerated disaster recovery program, you never have to answer this...

