10 quick fixes for the worst security nightmares
The program also gives you links to the software vendor's site as well as Secunia's full report about the vulnerability on your system. You can choose to block future warnings about a particular program (but you should, of course, be careful before doing so).
Secunia PSI isn't perfect, and doesn't always make it easy to update unsafe program components. But for most apps it provides a quick -- and very important -- fix.
Fix 3: Let the latest browsers fight for you
The most insidious hijacked Web pages are nearly impossible to spot. Tiny snippets of inserted code that don't display on the page can nevertheless launch devastating behind-the-scenes attacks.
Trying to avoid such pages on your own is asking for trouble, especially since crooks like to hack popular sites -- attacks against sites for Sony games and the Miami Dolphins are just two well-known examples. But new site-blocking features in the just-released Firefox 3 and Opera 9.5 browsers provide some shielding.
Both browsers expand on the previous version's antiphishing features to block known malware sites as well, whether they're hijacked pages on legitimate sites or sites that were specifically created by bad guys. Neither browser completely eliminates the risk of landing on such pages, but every additional layer of protection helps.
Microsoft plans to add a similar feature to Internet Explorer 8, but this version won't be ready for prime time for a good while. For more on the browsers' improved security, see "New Browsers Fight the Malware Scourge."
Fix 4: Sidestep social engineering
The most dangerous crooks use clever marketing to get you to do their dirty work for them and infect your own PC. Lots of social engineering attacks are laughably crude, with misspelled words and clumsy grammar, but that doesn't mean you should dismiss the danger. Every now and then, a well-crafted attack can slip past your defenses and lure you into opening a poisonous e-mail attachment or downloaded file. A targeted attack might even use your correct name and business title.
To fight back, turn to a simple but powerful tool: VirusTotal.com. You can easily upload any file (up to 10MB) to the site and have it scanned by a whopping 35 different antivirus engines, including ones from Kaspersky, McAfee and Symantec. A report tells you what each engine thought about your file. While some (such as Prevx) are prone to false alerts, if you get multiple specific warnings that include the name of the particular threat, then you almost certainly want to delete the file.
A lack of warnings doesn't guarantee a file is safe, but it does give you pretty good odds. Use VirusTotal to check every e-mail attachment and download you're not 100% sure about, and you'll avoid insidious social engineering.
Reprinted with permission from
Story copyright 2009 PC World Communications. All rights reserved.
security
Additional Resources



White Papers & Webcasts
Share our Strength
Download Now
Lower the Cost and Complexity of a Mobile Workforce through Automation
Download This Resource Now!
Top 10 Things to Know about Data Protection
Download Now
Managing Mobility: Improve Data Security, Compliance and Manageability
Download This Resource Now!
Managing Secure File Transfer to Save Time, Money and IT Resources
Learn how companies are using innovative technology to overcome these challenges and improve user productivity by offloading e-mail attachments and replacing FTP with...
Ponemon Study: The Business Risk of a Lost Laptop
Download Now
Security Convergence Equals Network Security Cost Savings
Listen to IBM Internet Security Systems' take on network security convergence.
Airport Insecurity: The Case of Lost Laptops
Download Now
Disaster Recovery 2008: Reduced Costs and Improved Performance
How long can your Enterprise afford to be without your data? With an accelerated disaster recovery program, you never have to answer this...
