网络安全非常重要。我们在网上和计算设备上过着重要的生活。无论是笔记本电脑、智能手机还是工作中的台式电脑——(work –)您都拥有人们希望拥有的有价值的信息。如果您知道如何保护您的计算机免受黑客和数字世界的所有其他危害,那不是很好吗?
好消息是,学习一些将显着提高您在网络上的安全性的核心提示和技巧并不难。做好(Get)准备,因为这将是一个实用建议的大型指南,将帮助您使用计算机和互联网而不会被烧毁。
学习良好的网络安全习惯(Learning Good Cybersecurity Habits)
当我们年轻的时候,我们的父母会教我们生活(life meant)的一般规则,以保证我们的安全。过马路前一定要左右看看。永远不要(Never)和陌生人一起上车。之类的东西。
可悲的是,在我们许多人年轻的时候,今天的技术并不存在,所以肯定需要有同样的常识,但要适应数字世界。
使用强密码和密码管理器(Use Strong Passwords & a Password Manager)
密码仍然是我们防止被黑客入侵的最佳方法之一。大多数网站都会有最低密码复杂性(password complexity)。例如,他们会说密码必须具有一定的长度并包含特定的字符类型组合。可悲的是,人类可以轻松记住的任何类型的密码都可能是早晚可以通过暴力猜测破解的密码。
保护您的计算机免受黑客攻击的最佳方法是使用受信任的密码管理器(password manager)。这些管理器安全地跟踪您的所有密码,并将生成随机的强密码,使用暴力破解或任何其他密码破解方法几乎不可能猜到这些密码。
好消息是大多数人不必为寻找密码管理器(password manager)而费尽心思。谷歌浏览器(Google Chrome)已经内置了一个非常称职的浏览器。您可以在浏览器中生成强密码并将其同步到云端。因此,无论您在何处登录Google 帐户(Google Account),都可以轻松检索密码。
密码保护一切(Password Protect Everything)
当然,您需要为任何可能落入坏人之手的东西设置密码。您的电脑、手机和平板电脑(phone and tablet)都应该有自己的密码或密码。指纹或面部识别等生物特征解锁(Biometric unlocking)并不那么安全。因此,如果有设备的生物识别终止开关,最好让自己熟悉一下。
这是一个命令或按键(command or keypress),可以禁用除密码输入之外的任何内容。例如,如果有人强迫您交出您的计算机或手机(computer or phone),则如果没有您的代码,他们将无法访问该设备。然而,他们可以将相机对准您的脸部或将您的手指放在指纹传感器(fingerprint sensor)上。
尽可能使用加密(Use Encryption Wherever Possible)
加密是一种对数据进行数学加密的技术,因此如果没有正确的密钥就无法读取数据。例如,以“https ”开头的网站使用(” use)安全的加密方法发送数据。所以只有你和接收网站知道在说什么。
局外人,例如您的服务提供商或(service provider or anyone)在数据包通过互联网上的各个站点时检查数据包的任何人,只知道您的IP 地址(IP address)和您正在访问的页面的地址。
您不仅应该避免使用不使用加密(t use encryption)的网站,还应该坚持使用提供“端到端”加密(” encryption)的聊天服务。WhatsApp就是一个例子。端到端加密甚至阻止WhatsApp本身知道您在聊天中所说的内容。
不要盲目相信任何人(Don’t Trust Anyone Blindly)
在线时您将面临的最大风险之一来自假冒和匿名(impersonation and anonymity)。与某人互动时,您不知道他们是否是他们所说的人。事实上,多亏了人工智能,你甚至无法确定你正在与一个真实的人互动。
这意味着获得某种第三方确认您正在与您应该联系的人联系是非常重要的。即使这个人就是他们所说的那个人,你也应该对他们的主张和承诺持保留态度。对待他们至少要像对待现实生活中的新朋友一样怀疑。
尽可能使用双重身份验证 (2FA)(Use Two-Factor Authentication (2FA) Whenever Possible)
双因素身份验证是一种安全方法(security method),您可以使用完全不同的通道作为密码的第二部分。这是当今保护您的帐户免受黑客攻击的最佳方法之一。因此,例如,您可能会通过您的电子邮件帐户(email account)收到一次性PIN 码(PIN),或者在您登录服务时以短信的形式发送到注册号码。使用“2FA”让您的密码被盗并不足以让坏人访问您的帐户。
当然,只要付出足够的努力,犯罪分子就有可能绕过 2FA。他们还可以(also)尝试破解您的电子邮件密码(email password)或执行“ SIM 交换(SIM swap)”诈骗(” scam)并控制您的电话号码(phone number)。但是,这需要付出很多额外的努力和风险(effort and risks),这使得您不太可能以这种方式随机成为目标。因此,2FA 是您可以实施的最强大的威慑之一。
与黑客打交道(Dealing With Hackers)
“黑客”一词在计算机世界(computer world)中具有广泛的含义。很多人认为自己是黑客,而真正的黑客可能不符合大多数人从电影中得到的形象。尽管如此,黑客仍然存在,这意味着您需要知道如何处理它们。
黑客的类型(Types Of Hackers)
让我们从澄清一些误解开始。并非所有黑客都是罪犯。过去,合法黑客坚持将犯罪黑客称为“破解者”,但该术语从未真正成为主流。
黑客分为三种:白帽、灰帽和黑帽(white hat, grey hat and black hat)。
白帽(White Hat)黑客也被称为“道德”黑客。这些黑客从不违法,(law and everything)他们所做的一切都得到了目标的同意。例如,想要测试其网络安全性(network security)的公司可能会聘请白帽黑客(hat hacker)进行“渗透测试”。如果他们设法闯入,他们不会偷窃或损坏任何东西(steal or damage nothing)。相反,他们将向客户报告并帮助他们设计解决安全漏洞(security vulnerability)的方法。
灰(Grey)帽黑客也不会故意造成伤害,但他们不会为了满足他们的好奇心或在安全系统(security system)中发现漏洞而触犯法律。例如,一顶灰帽子(grey hat)可能会主动对某人的系统进行渗透测试(penetration test),然后让他们知道。顾名思义,灰帽子(grey hat)可以是犯罪的,但不是恶意的。
(Black hat)当您使用这个词时,大多数人会想到黑帽黑客。这些是恶意的计算机专家,他们想赚钱或只是播下无政府状态。这是我们都应该警惕的黑帽品种。(hat variety)
注意社会工程学(Be Aware of Social Engineering)
很容易想到黑客使用高科技方法侵入系统,但事实是,黑客武器库中最强大的工具根本不涉及计算机。一个系统的强大取决于它最薄弱的环节,而且通常情况下,这个薄弱环节是一个人。因此,黑客不会采用强大的技术系统,而是会瞄准人类心理的弱点。
一种常见的策略是给某人打电话(phone someone),例如公司的秘书或低级别技术人员。黑客将伪装成技术人员或权威人士并要求提供信息。有时信息并不(information isn)明显敏感。
还有一些社会工程技术可以通过文本聊天(text chat)、面对面或电子邮件来完成。
学习发现有害电子邮件(Learn To Spot Harmful Emails)
电子邮件仍然是恶意人员攻击您的最流行方式之一。这是完美的,因为您可以简单地发送数百万封电子邮件,并通过庞大的数量找到一些有利可图的受害者。
对有害电子邮件的最佳防御是知道如何发现它们。任何(Any email)为您提供难以置信的奖励并要求您花钱的电子邮件都应该被丢弃。如果你现在只拿出相对少量的钱,那么在遥远的土地上会有一个王子会给你数百万美元的想法可能很容易笑。然而,每年都有数百万美元从因这些骗局而堕落的人那里被盗。如果某件事看起来可疑或好得令人难以置信,那可能是。
检测这些诈骗的最佳方法之一是将电子邮件文本放入Google或访问ScamBusters 之(ScamBusters)类的网站。肯定(s bound)有一个非常相似的骗局已经记录在案了。
除了一般类的诈骗电子邮件外,还有网络钓鱼和鱼叉式网络钓鱼电子邮件。这些电子邮件旨在从您那里获取可用于进一步攻击的信息。最常见的目标是用户名和密码。
网络钓鱼电子邮件通常包含一个指向虚假网站的链接,该链接看起来像您的网上银行设施(online banking facility)或您拥有帐户的其他网站。认为您在真实站点上,您输入您的用户名和密码(user name and password),将其直接交给不应该拥有它的人。
鱼叉式网络钓鱼是同样的事情,除了那些以你为目标的人知道你是谁。因此,他们将定制电子邮件以包含特定于您的详细信息。他们甚至可能试图冒充你的老板或(boss or someone)你认识的人。
处理网络钓鱼尝试和保护您的计算机免受黑客攻击的方法是永远不要点击来自未经请求的电子邮件的链接。始终自己导航到该站点,并确保网址(web address)完全正确。通过使用第二个通道进行验证,可以阻止鱼叉式网络钓鱼尝试。
例如,如果有人说他们来自您的银行,请致电银行并要求直接与该人交谈。同样(Likewise),拿起电话询问你的老板、朋友或熟人(friend or acquaintance)他们是否真的发送了有问题的邮件。
出门在外要格外小心(Be Extra Cautious When Away From Home)
人们很容易将黑客想象成远在千里之外进行交易的人,他们坐在某个黑暗房间的电脑前。在现实生活中,坐在咖啡店(coffee shop)桌子旁的人很可能一边喝着拿铁咖啡一边攻击你。
公共空间可以为黑客提供轻松的选择。他们可以通过询问您的私人信息来试图当面愚弄您。您会在安全问题中提出或可用于社会工程攻击的那种东西。有时,当您输入密码或显示敏感信息时,人们可以简单地看着您。
一个常见的威胁是公共WiFi。与您在同一个WiFi 网络(WiFi network)上的任何人都可以看到您的设备正在发送和接收的信息。如果没有以某种方式正确配置,他们甚至可以直接访问您的设备。
如果您必须使用公共WiFi 网络(WiFi network),最重要的预防措施是使用VPN,它将加密离开您计算机的所有数据。您还应该使用防火墙并将WiFi 网络(WiFi network)明确标记为公共网络,以阻止网络上其他用户的直接访问。通常,当您第一次连接到某个网络时,系统会询问您是私有网络还是公共网络。
您应该警惕的最后一件主要事情是公共USB设备。切勿(Never)将找到的闪存驱动器(flash drive)插入您自己的计算机或工作计算机(work computer)。黑客经常将带有间谍软件的受感染驱动器留在周围,希望有人将其插入他们的计算机,从而获得访问权限。
公共(Public)充电站也很危险。从未知来源充电时,您应该使用只能提供电源而不提供数据的USB 数据线。(USB cable)以防万一充电器被黑客更换了。
处理恶意软件(Dealing With Malicious Software)
恶意软件包括病毒、间谍软件、广告软件、特洛伊木马和各种其他恶意软件包(software packages.We)的子类型。我们将介绍每种类型的恶意软件,然后介绍如何避免或解决问题。
计算机病毒(Computer Viruses)
计算机病毒(computer virus)很可能是最著名的恶意软件形式,它是一种自我复制的软件,它通过磁盘、驱动器和电子邮件从一台计算机传播到另一台计算机。病毒不是独立的程序。相反,他们通常会将自己附加到另一个合法程序并在您运行该程序时执行他们的代码。
除了复制自身以感染新计算机之外,病毒还有一个“有效载荷”。这可能是无害的或轻度刺激性的,例如弹出来嘲笑您的消息,或者可能很严重。例如完全擦除所有数据的病毒。
好消息是病毒不会自行传播。他们需要你的帮助!第一个也是最重要的保障是防病毒软件。Windows 10附带的Windows Defender对大多数人来说已经足够了,但也有很多选择。虽然存在macOS 和 Linux 病毒(macOS and Linux viruses),但这些市场相对较小,因此病毒创建者不会经常打扰。(t bother)
然而,这种情况正在发生变化,如果您确实使用其中一个操作系统,那么在它们日益流行带来大量新的机会性病毒之前,找到您喜欢的防病毒软件包是个好主意。
除了使用防病毒软件包外,常识性预防措施包括不要将 USB 驱动器插入您遇到的任何旧计算机。尤其是(Especially)公用机器。您还应该非常警惕在互联网上运行的不是来自信誉良好的来源的软件。盗版软件(Pirated software)除了非法外,还是病毒和其他恶意软件的温床。
木马(Trojans)
以将一群士兵偷偷带入特洛伊(Troy)市的木马命名,这种类型的软件伪装成合法的实用程序或其他有用的程序。与病毒一样,用户执行程序,然后恶意代码生效。此外,与病毒一样,有效载荷取决于创建者想要完成的任务。特洛伊木马与病毒的不同之处在于它们是独立程序并且不会自我复制。
大多数防病毒软件(antivirus software)都有一个特洛伊木马签名数据库,但一直在开发新的。这使得一些新的可以通过。一般来说,最好不要运行来自您不完全信任的来源的任何软件。
勒索软件(Ransomware)
这是一种特别讨厌的恶意软件形式,勒索软件造成的损害(damage ransomware)是惊人的。一旦感染了这种恶意软件,它就会悄悄地开始加密和隐藏您的数据,并用同名的虚拟文件夹和文件替换它。勒索软件(Ransomware)作者有不同的方法,但通常恶意软件会首先加密可能包含重要数据的位置的文件。一旦它对您的数据进行了足够的加密,就会弹出一个要求付款以换取加密密钥(encryption key)的弹出窗口。
可悲的是,一旦加密,就无法取回您的信息。但是,在任何情况下,您都不应该向勒索软件创建者捐款!在某些情况下,您可以通过检查卷影副本(Volume Shadow Copy)来获取重要文件的早期版本。但是,保护自己免受勒索软件侵害的最有效方法是将最重要的文件存储在云服务中,例如DropBox、OneDrive 或 Google Drive(OneDrive or Google Drive)。
即使加密文件被同步回云端,这些服务都提供滚动备份窗口(rolling backup window)。因此,您可以回到文件被加密之前的时刻。这会将勒索软件攻击从一场重大灾难转变为轻微的刺激。
蠕虫(Worms)
蠕虫(Worms)是另一种形式的自我复制恶意软件,但与病毒相比有一个(s one)主要区别。蠕虫(Worms)不需要您(用户)为它们做任何事情来感染机器。蠕虫(Worms)可以漫游网络,通过不受保护的端口进入。他们还可以利用允许恶意代码运行的其他软件程序中的漏洞。
你能对蠕虫做些什么?现在它们已经不是什么大问题了,但请确保您的computer and/or router上有软件防火墙(software firewall)。始终(Always)使您的软件和操作系统(software and operating system)保持最新。至少在安全更新方面。当然,使您的防病毒软件保持最新也是一项必不可少的预防措施。
广告软件和间谍软件(AdWare & Spyware)
AdWare 和 Spyware(AdWare and Spyware)是两种非常恼人的恶意软件,可以造成不同程度的危害。AdWare通常不会故意损坏任何东西(damage anything)。相反,它会在您的屏幕上弹出广告。
这会导致屏幕混乱并消耗大量系统资源,从而使计算机无法使用,但是一旦您删除了AdWare ,您的计算机应该不会因磨损而变得更糟。
间谍软件(Spyware)也很少造成任何直接损害,但恶意更大。该软件监视您,然后向其创建者报告。这可能涉及记录您的屏幕、通过网络摄像头观看您并记录您的所有击键以窃取密码。这是可怕的事情,因为这发生在后台,你甚至不会知道发生了什么。
(Specialized malware) AdAware等专门的恶意软件清除应用程序(removal apps)可以缩短这些程序的工作时间,但您也可以像处理木马和病毒一样防止感染。
浏览器劫持者(Browser Hijackers)
浏览器(Browser)劫持者尤其令人头疼。此恶意软件会接管您的网络浏览器并将您重定向到有利于创建者的页面。有时这意味着虚假或狡猾的搜索引擎。有时这意味着被重定向到虚假版本的网站或充满讨厌广告的页面。
好消息是,负责处理广告软件和间谍(adware and spyware)软件的反恶意软件也将处理浏览器劫持者。如果您运行的是 Windows 10,它们的问题也小得多,因为WINdows需要您的许可才能进行浏览器劫持者需要进行的各种更改。
You’re The Most Important Part!
如果人们通常是计算机安全系统(computer security system)中最薄弱的部分,那么他们也可能成为最强大的部分。如果有机会,请尝试阅读最新的网络安全威胁。试着练习我们上面讨论过的基本的、常识性的安全原则,并学会相信你的直觉。没有完美的安全性,但这并不意味着您必须成为网络犯罪(cyber crime)的被动受害者。
How to Protect Your Computer from Hackers, Spyware and Viruses
Cybersecurity is super-important. We live a significant part of our lives online and on cоmputing devices. Whether it’s a laptop, a smartphone or your desktop computer at work – you’vе got valuаble information shady people would loνe to have. Wouldn’t it be nice if you knew how to protect your computer from hackers and all the оther hazards of the digital world?
The good news is that it’s not difficult to learn some core tips and tricks that will significantly improve your safety on the net. Get ready, because this is going to be a mega guide of practical advice that will help you use a computer and the internet without getting burned.
Learning Good Cybersecurity Habits
When we’re young, our parents teach us general rules for life meant to keep us safe. Always look both ways before crossing the street. Never get in a car with a stranger. That sort of thing.
Sadly the technology of today didn’t exist when many of us were young, so there’s a definite need to have the same sort of common sense, but adapted for the digital world.
Use Strong Passwords & a Password Manager
Passwords are still one of our best defenses against getting hacked. Most sites will have a minimum password complexity. For example, they’ll say a password must be a certain length and contain a particular mix of character types. Sadly, any sort of password that a human being can easily remember is likely to be one that can be broken through brute-force guesses sooner rather than later.
The best thing you can do to protect your computer from hackers is use a trusted password manager. These managers keep track of all your passwords securely and will generate randomized strong passwords that are almost impossible to guess using brute force or any other password cracking method.
The good news is that most people don’t have to go looking very far for a password manager. Google Chrome already has a very competent one built in. You can generate strong passwords within the browser and sync them to the cloud. So wherever you’re logged into your Google Account, you can retrieve passwords with ease.
Password Protect Everything
Of course, you need to set passwords on anything that could fall into the wrong hands. Your computer, phone and tablet should all have their own passcodes or passwords. Biometric unlocking, such as fingerprint or facial recognition, aren’t quite as secure. So it’s a good idea to familiarize yourself with your device’s biometric kill-switch if it has one.
This is a command or keypress that disables anything but passcode entry. For example, if someone forces you to hand your computer or phone over, they can’t access the device without your code. They can however point the camera at your face or place your finger on the fingerprint sensor.
Use Encryption Wherever Possible
Encryption is a technique that mathematically scrambles your data, so that it can’t be read without the proper key. For example, websites that start with “https” use a secure encrypted method of sending data. So only you and the receiving website know what’s being said.
Outsiders, such as your service provider or anyone inspecting the data packets as they pass through various stops on the internet only know your IP address and the address of the page you’re visiting.
Not only should you avoid websites that don’t use encryption, you should also stick to chat services that offer “end-to-end” encryption. WhatsApp is an example of this. End-to-end encryption stops even WhatsApp itself from knowing what’s being said in your chats.
Don’t Trust Anyone Blindly
One of the biggest risks you’ll face when online, comes from impersonation and anonymity. When interacting with someone, you have no idea whether they are who they say they are. In fact, thanks to artificial intelligence, you can’t even be sure that you’re interacting with a real human being at all.
This means that it’s very important to get some sort of third-party confirmation that you’re in contact with the person you should be. Even if the person is who they say, you should also take their claims and promises with a pinch of salt. Treat them with at least the same skepticism as you would with a new acquaintance in real life.
Use Two-Factor Authentication (2FA) Whenever Possible
Two-factor authentication is a security method where you use a completely different channel as the second part of your password. It’s one of the best ways these days to protect your accounts from hackers. So, for example, you might receive a one-time PIN through your email account or as a text message to a registered number when you log into a service. With “2FA” getting your password stolen isn’t enough for the bad guys to access your account.
Of course, with enough effort, it’s possible for criminals to get around 2FA. They can also try to hack your email password or perform a “SIM swap” scam and take control of your phone number. However, this is a lot of extra effort and risks, which makes it unlikely that you’ll be targeted in this way at random. As such, 2FA is one of the strongest deterrents you can put in place.
Dealing With Hackers
The term “hacker” has a broad set of meanings in the computer world. Lots of people think of themselves as hackers and people who really are hackers might not conform to the image most people get from the movies. Nonetheless, hackers are out there, which means you need to know how to deal with them.
Types Of Hackers
Let’s start off by clearing up a few misconceptions. Not all hackers are criminals. It used to be that legal hackers insisted that criminal hackers be referred to as “crackers”, but the term never really stuck in the mainstream.
There are three kinds of hackers: white hat, grey hat and black hat.
White Hat hackers are also referred to as “ethical” hackers. These hackers never break the law and everything they do is with the consent of their targets. For example, a company wanting to test their network security may hire a white hat hacker to do a “penetration test”. If they manage to break in, they’ll steal or damage nothing. Instead, they’ll report to the client and help them devise a fix for their security vulnerability.
Grey hat hackers also don’t deliberately do harm, but they aren’t above breaking the law in order to satisfy their curiosity or find holes in a security system. For example, a grey hat may do an unsolicited penetration test on someone’s system and then let them know about it afterwards. As the name suggests, grey hats can be criminal, but not malicious.
Black hat hackers are the boogeymen that most people think of when you use the word. These are malicious computer experts who are out to make money or simply sow anarchy. It’s the black hat variety that we’re all meant to be wary of.
Be Aware of Social Engineering
It’s easy to think of hackers using high-tech methods to break into systems, but the truth is that the strongest tool in a hacker’s arsenal doesn’t involve computers at all. A system is only as strong as its weakest link and, more often than not, that weak link is a human being. So, rather than taking a strong technological system on, hackers will target the weaknesses in human psychology.
One common tactic is to phone someone, such as a secretary or low-level technical staff at a company. The hacker will pose as a technician or an authority and ask for information. Sometimes the information isn’t obviously sensitive.
There are also social engineering techniques that can be done via text chat, in-person or in email.
Learn To Spot Harmful Emails
Email remains one of the most popular ways for malicious people to get at you. It’s perfect, because you can simply send off millions of emails and find a few lucrative victims through sheer large numbers.
The best defense against harmful emails is to know how to spot them. Any email which offers you implausible rewards and requires you to part with money, should be discarded. It may be easy to laugh at the idea of a prince in some far off land who’ll give you millions of dollars, if you’ll only part with a relatively small amount now. Yet, each year millions of dollars are stolen from people who fall for these scams. If something seems fishy or too good to be true, it probably is.
One of the best ways to detect these scams is to put the text of the email into Google or by visiting a site like ScamBusters. There’s bound to be a very similar scam already on the record.
Apart from the general class of scam emails, there are also phishing and spear phishing emails. These emails aim to get information from you that can then be used in further attacks. The most common targets are usernames and passwords.
A phishing email usually has a link in it that leads to a fake website, meant to look like your online banking facility or some other site you have an account with. Thinking you’re on the real site, you enter your user name and password, handing it directly to people who should not have it.
Spear phishing is the same thing, except that those targeting you know who you are. So they will tailor the email to contain details specific to you. They might even try to pose as your boss or someone you know.
The way to deal with phishing attempts and protect your computer from hackers is to never click on links from unsolicited emails. Always navigate to the site yourself and make sure the web address is exactly correct. Spear phishing attempts can be thwarted by using a second channel to verify it.
For example, if it’s someone saying they are from your bank, phone the bank and ask to speak with that person directly. Likewise, pick up the phone and ask your boss, friend or acquaintance whether they really sent the mail in question or not.
Be Extra Cautious When Away From Home
It’s easy to think of hackers as people who ply their trade from miles away, sitting in front of a computer in a dark room somewhere. In real life, the person sitting at a table in the coffee shop could very well be hacking you while sipping on a latte.
Public spaces can provide easy pickings for hackers. They can try to fool you in-person by asking you for private information. The sort of stuff you’d put in security questions or can be used in social engineering attacks. Sometimes people can simply look over your shoulder as you type in a password or display sensitive information.
A common threat is public WiFi. Anyone who’s on the same WiFi network as you, can see the information your device is sending and receiving. They may even get access to your device directly if it’s not configured properly somehow.
The most important precaution to take if you have to make use of a public WiFi network is to use a VPN, which will encrypt all data leaving your computer. You should also use a firewall and specifically mark the WiFi network as a public one, to block direct access from other users on the network. Usually you’’ll be asked if a network is private or public when you first connect to it.
The last major thing you should be wary of is public USB devices. Never stick a found flash drive into your own computer or a work computer. Hackers often leave infected drives with spyware around hoping that someone will plug it into their computer, giving them access.
Public charging spots are also dangerous. You should use a USB cable that can only provide power and not data when charging from unknown sources. Just in case the charger has been replaced with a hacked one.
Dealing With Malicious Software
Malicious software includes viruses, spyware, adware, trojans and various other subtypes of nasty software packages.We’ll go over each type of malicious software and then also cover how to either avoid or fix the issue.
Computer Viruses
Quite possibly the best-known form of malware, a computer virus is a self-replicating piece of software that spreads from one computer to the next through disks, drives and email. Viruses are not standalone programs. Instead, they usually tack themselves on to another legitimate program and execute their code when you run that program.
Apart from making copies of itself to infect new computers, viruses also have a “payload”. This can be something harmless or mildly irritating, such as a message that pops up to laugh at you or it can be serious. Such as a virus that completely wipes all your data.
The good news is that viruses cannot spread themselves. They need help from you! The first and most important safeguard is antivirus software. Windows Defender, which comes with Windows 10, is perfectly adequate for most people, but there are many choices out there. While macOS and Linux viruses exist, these markets are relatively small, so virus creators don’t bother too often.
That’s changing however, and if you do use one of these operating systems it’s a good idea to find an antivirus package you like, before their increasing popularity brings a flood of new opportunistic viruses.
Apart from using an antivirus package, common sense precautions include not sticking your USB drives into any old computer you come across. Especially public machines. You should also be very wary of running software you find on the internet that’s not from a reputable source. Pirated software, apart from being illegal, is a hotbed of viruses and other malware.
Trojans
Named for the wooden horse that snuck a bunch of soldiers into the city of Troy, this type of software pretends to be a legitimate utility or other useful program. As with a virus, the user executes the program and then the malicious code goes into effect. Also, as with a virus, what that payload is depends on what the creators want to accomplish.Trojans differ from viruses in the sense that they are standalone programs and don’t self-replicate.
Most antivirus software keeps a database of trojan signatures, but new ones are being developed all the time. This makes it possible for a few new ones to slip through. In general it’s best not to run any software that comes from a source you don’t entirely trust.
Ransomware
This is a particularly nasty form of malware and the damage ransomware can do is staggering. Once infected with this malware, it quietly begins encrypting and hiding your data, replacing it with dummy folders and files with the same name. Ransomware authors have different approaches, but usually the malware will encrypt files in locations that are likely to have important data first. Once it’s encrypted enough of your data, there will be a popup demanding payment in exchange for the encryption key.
Sadly, once encrypted, there is no way to get your information back. However, under no circumstances should you ever give money to ransomware creators! In some cases you can get previous versions of important files by checking the Volume Shadow Copy. However, the most effective way to protect yourself against ransomware is to store your most important files in a cloud service such as DropBox, OneDrive or Google Drive.
Even if the encrypted files get synced back to the cloud, these services all offer a rolling backup window. So you can go back to the moments before the files were encrypted. This turns a ransomware attack from a major disaster into a mild irritation.
Worms
Worms are another form of self-replicating malware, but there’s one major difference when compared to viruses. Worms don’t need you, the user, to do anything for them to infect a machine. Worms can roam networks, entering through unprotected ports. They can also make use of vulnerabilities in other software programs that allow for malicious code to run.
What can you do about worms? They aren’t as much of a problem these days, but make sure you have a software firewall on your computer and/or router. Always keep your software and operating system up to date. At the very least when it comes to security updates. Of course, keeping your antivirus up to date is also an essential precaution.
AdWare & Spyware
AdWare and Spyware are two types of pretty irritating malware that can do varying levels of harm. AdWare usually doesn’t damage anything on purpose. Instead, it makes advertising pop up on your screen.
This can make the computer unusable by cluttering the screen and using up a ton of system resources, but once you’ve removed the AdWare your computer should be no worse for wear.
Spyware also rarely does any direct damage, but is much more malicious. This software spies on you and then reports back to its creator. That can involve recording your screen, watching you through your webcam and logging all your keystrokes to steal passwords. That’s scary stuff and, since this happens in the background, you won’t even know something is going on.
Specialized malware removal apps such as AdAware will make short work of these programs, but you can also prevent infection the same way you do for trojans and viruses.
Browser Hijackers
Browser hijackers are a particular pain in the neck. This malware takes over your web browser and redirects you to pages that benefit the creator. Sometimes this means fake or dodgy search engines. Sometimes it means being redirected to fake versions of sites or pages filled with nasty adverts.
The good news is that the same anti-malware software that takes care of adware and spyware will also deal with browser hijackers. If you’re running Windows 10 they are also much less of a problem, because WIndows requires your permission to make the sorts of changes that browser hijackers need to work.
You’re The Most Important Part!
If people are usually the weakest part of a computer security system they can also turn out to be the strongest component of all. Try to read up on the latest cybersecurity threats when you have a chance. Try to practice the basic, common-sense safety principles we discussed above and learn to trust your gut. There is no such thing as perfect security, but that doesn’t mean you have to be a passive victim of cyber crime.