Christmas Hackers And The Sanity Clause

I’m getting into the Christmas spirit. As a security writer, I’m a great hit at parties with my stories of encryption derring-do,worms, hacks and spam exploits. I’m easily found by the expanded personal space that surrounds me as people back off into their own chatter groups.

Such banter may not be suitable for staff parties, unless you work for Sophos or the like, but it is a good time to think about security. Many a Christmas tree will be casting its flickering lights over a new smartphone, tablet or computer and it’s insane not to use some form of security software from the outset.

Covering your assets

New devices often come naked into this world relying on the user to activate their own anti-malware package. Laptop and desktop computers usually have a “free” introductory anti-malware application on board that needs to be set up. I dare say, or would like to think, that many users will take advantage of these offers – and go on to pay the annual fees to maintain the optimum protection offered.

Alternatively, the Scrooges of this world will scour the Internet, relying on Microsoft’s Windows Defender to ward of evil while they search for freeware protection, such as Avast or AVG. And there’s nothing wrong with that as both of the mentioned packages seem to provide excellent protection against most things.

In any event, an antivirus package is a good stocking filler, if somewhat lacking any romantic virtue, for the recipients of the smaller mobile devices. Some will eschew this protection because they have a tablet, phone or computer operating system that is renowned for being incorruptible – but, believe me, there is no such thing.

The main thing is to keep up to date with the regular updates and to ensure that operating system and software patches are also regularly applied. We seem to accept in life that houses, cars and other household possessions need regular attention, but maintenance of computing devices sometimes gets forgotten.

Christmas presence

If the recipient of a shiny new device is a younger person eager to burst onto the social networking scene, a different kind of protection is required. A Facebook membership is not just for Christmas and can affect the rest of your life. It will soon be possible to erase major mistakes but the trackers are out there.

It may be illegal to keep tabs on people but I’m pretty sure that there will be someone illegal tracking students in various disciplines to record the slightest misdemeanour and store it away for future use. Even older users of the social media available should watch their words carefully. Careless talk costs livelihoods.

The social concerns regarding security seem to be spawning a number of publications in the “… for Dummies” genre. When it comes to business, IBM is busily amassing articles to give guidance but quite a lot of the information is also relevant to responsible personal use.

Here’s the rub. No matter what you do or how much you spend, any computer connected to the Internet is vulnerable. Zero-day attacks, new exploits which have not been processed by the anti-malware companies, appear daily, targeted spam finds a new sucker every second, and passwords are being cracked or exposed with increasing frequency.

Even if you don’t connect to the Internet but use portable storage media – like USB disks and sticks – there is still a chance your data could be damaged. This was the hard lesson learnt by the Iranian nuclear industry when Stuxnet was launched.

There have been cases where hackers have left USB sticks lying around in the hope that someone will find them. So, you see a pen drive in the car park and pick it up. It looks innocuous like every other USB stick. Most people would want to know two things – what’s on it and who does it belong to. Only way to do that is to plug it into your computer – no harm in that …

A momentary lapse but a costly one. Malware on the stick could cause damage or install a backdoor virus on any network to which the computer connects.

Have a good holiday but don’t let your guard down.