January 08, 2007

So how secure is your pc?

Richard Kuper
The Kuper Report

So how secure is your pc? According to a January 7, 2007 article in the NY Times titled "Attack of the Zombie Computers Is Growing Threat" by John Markoff, "the bad guys are honing their weapons and increasing their firepower." Programs are secretly installing themselves "on thousands or even millions of personal computers" and then using these computers and their collective combined power to commit crimes across the Internet. For example, the article states: "Last spring, a program was discovered at a foreign coast guard agency that systematically searched for documents that had shipping schedules, then forwarded them to an e-mail address in China." Elsewhere in the article, we are told about a program that collected data from 753 infected computers, generated 54,926 log-in credentials, 281 credit card numbers, affected 1,239 companies including "35 stock brokerages, 86 bank accounts, 174 e-commerce accounts and 245 e-mail accounts" -- and that was just one file that was intercepted that had collected data over 1 month. One company that monitors such things claims there are more than 250,000 new infections daily.

There were a number of other examples, including the spam regarding a penny stock that boosted the price of the stock significantly - just long enough for whoever spawned it to make a nice profit.

Even more interesting was this paragraph that appears near the end of the article:

"Serry Winkler, a sales representative in Denver, said that she had turned off the network-security software provided by her Internet service provider because it slowed performance to a crawl on her PC, which was running Windows 98. A few months ago four sheriff’s deputies pounded on her apartment door to confiscate the PC, which they said was being used to order goods from Sears with a stolen credit card. The computer, it turned out, had been commandeered by an intruder who was using it remotely."

So now that you know about these problems, what are you doing to prevent them? Are you making the mistake of Serry Winkler and turning off your antivirus, antispyware, antimalware products, or, worse, have you failed to even install such software or ensure it is up-to-date? Are you perhaps making the ultimate error of being connected to the internet 24x7 logged in with adminstrator rights and no password? If you are accessing the internet from home via cable or dsl, do you have both a hardware firewall and a software firewall? If you have gone wireless, are you sure no one can intercept what you are doing over the air?

There are a variety of very good antivirus, antispyware, antimalware and other products to protect your computer. Some are even available for free or very low cost. Some are bundled as suites.

And before someone tries to give you the old and tired line "just get a Mac", be advised that the recent Mac vs. Windows ads have raised the profile of the Mac and Linux operating systems and attracted the interest of the bad guys. There have been an increasing number of reports regarding breaches of such machines -- perhaps not to the level of Windows machines, but that is primarily because there are fewer such machines in use. Should machines running Mac or Linux continue to grow in popularity and become a larger portion of the user community, rest assured that there are folks out there who will manage to wreak the same havoc on those machines as well.

So make sure to take all the necessary steps to ensure that your computer and data are secure. If you are a company, your responsibilities may be further defined by a variety of laws.