[AI] Multilayered security setup

Sanjay ilovecold at gmail.com
Thu May 6 14:40:14 EDT 2010

The other night a friend called, apologetically asking for advice because
computer had been infected with malware.  (Truth be told, I knew already:
receiving multiple spam emails from your friends somewhat gives the game

It could have happened to anyone.  My friend had received an email
purporting to
be from an acquaintance with some 'photos' attached.  Open email, get
infected.  Even the most web-suspicious cynic can be caught out this way.

My friend had no idea that she required anything more robust than Windows'
built-in security tools.  She did, and does, but there's a lot of ignorance

Every PC user should be running up-to-date antivirus and antispyware and a
software firewall.  Even then there are no guarantees - staying safe online
requires you to manage risk.  Just as you wouldn't wave your wallet around
a rough part of town, you should proceed with caution if you're surfing

In this instance, slapping on as many layers of security as you can will
you less of a target.  The following walkthrough shows you how to pile on
security for free.

But you'll still need to follow some basic security rules, including
changing and protecting all your passwords.  As we reveal on page 114,
'soft' targets such as your webmail account are just as important.  Follow
our advice to keep the hackers out of your contacts book.


Let's make one thing clear: if your PC is connected to the web, you need to
protect it.  Beyond simply switching it off, by far the simplest way to do
is to purchase a brand-name internet security suite with all the updates and
technical support such products include.  Check out our online security
reviews for a recommendation ( bit.ly/J7161).

The down side to such products is that they cost you between ukp20 and ukp50
year.  We're always happy to provide exclusive trials of security products
the cover DVD, of course, and more tech-savvy users may find that they can
a security arsenal with no outlay.

Even so, you can never have too much of a good thing.  Most security experts
recommend adding extra layers to the traditional antivirus (AV), antispyware
firewall setup.  With the exception of the products mentioned in Layer 1,
apps below are all designed to work alongside your security suite.

Internet security is as much art as science.  Beyond the big three of AV,
spyware protection and a firewall, you could install all the products below
pick and choose some or none.  It's really a question of how risky your
behaviour is and how much you have to lose.

As with all installations, we recommend that you back up your PC and set a
System Restore point before adding security layers.  Build them one by one -
if you get a conflict, you'll know which tool is the culprit and be able to
excise the problem.

Layer 1 AV, antispyware and a firewall:

Everybody should have AV, antispyware and a firewall product installed, and
these tools should be included in even the most basic internet-security
If you don't want to spend any money, you could combine freebies such as
Antivirus ( bit.  ly/OOddh), Spybot (bit.ly/V4oC0) and Zone Alarm's free
firewall (bit.ly/4x6HtK).  But remember: free tools are typically less
user-friendly than consumer products.

If you're running Windows 7 or Vista, you may not need a separate firewall.
But if you're relying on the operating system to filter out net nasties, get
hold of Windows 7 Firewall Control Free ( bit.ly/rE6jb).

This free program offers fine-grained control over the firewall built into
Windows 7 and Vista, particularly the way it blocks outbound connections.

Layer 2 A behavioural blocker: PC Tools' Threatfire ( threatfire.com) is
designed to complement an existing antivirus setup, using cloud-based data
work out what's nice...  and what's not.  It's constantly on the lookout
for suspicious behaviour and is able to automatically block malware without
virus being announced or a patch issued.

Layer 3 A behavioural scanner: SurfRight Hitman Pro 3.5 ( surfright.nl/en)
designed to work alongside the other tools here, catching files that make it
through all other defences.  The scanner reveals and removes active threats
using behavioural analysis.

It can be installed on your PC and used regularly, or kept on a memory stick
scan when something feels wrong.

Layer 4 Understudy antispyware:

Ad-Aware ( bit.ly/16VxkA) does a great job of scanning your PC for threats,
warning you about them and then deleting them.  Even if you already have an
antispyware product on your PC, it's a good idea to use this as well.

Layer 5 A sandbox: Sandboxie ( sandboxie.com) creates a virtual 'sandbox'
between websites and your system Registry, preventing rogue software from
installing.  This is ideal for any occasion when you are surfing unfamiliar
websites.  Even if something nasty gets on to your PC, you can limit its

Layer 6 Shut those (back)doors: It's vital you keep your applications up to
date so any exploitable holes or back doors are immediately patched and
Manually visiting websites to grab an update for every program you've
installed is time-consuming.  Instead let Secunia PSI ( bit.ly/dxQRT) scan
system, list all your applications and automatically check for security
and apply any it finds.

Layer 7 Rewrite history: CCleaner ( bit.ly/URv5T) is well known as a
cleaner, but it also helps protect your privacy.  It removes traces of your
internet history, including cookies, temporary internet files, browsing
and auto-complete form history.  It also cleans Windows' Recent History list
- worth doing if someone else is likely to use your PC.

Layer 8 Lock up your bank details: Safe Calculator ( bit.ly/DLMzi) is a neat
utility that pretends to be the basic Windows calculator when you launch it.
It's actually a safe that can take a single file and encrypt it,
it into the app itself.  You can run it from anywhere, even an external hard
drive, so if you've got an important file that's for your eyes only, you can
make it vanish with Safe Calculator.

Of course, technology isn't the only way to secure your system.  The best
security tool is your brain, and the weakest part of your defence is your
mistakes.  Be sensible.  Avoid dodgy websites (McAfee SiteAdvisor -
bit.ly/pbqSe - can help with this) and don't download pirated software or
files.  Research software online before installing it, and never click on an
email link to a banking or shopping website.  Indeed, avoid clicking links
emails altogether.


Symantec says it is seeing more than 200 million online attacks each month
that, as a consequence, traditional signature-based security solutions are
"obsolete".  Due to the rapidly changing and exponential nature of the
it is no longer sufficient to recognise threats in the wild and then write
signatures to counter them.

As a result, Symantec has changed its approach to PC security.  Because it
believes the changing nature of threats requires a radically different
to protection, Symantec has released live betas of Norton Internet Security
( norton.com/ nis2010beta) and Norton AntiVirus 2010 (
You should only install these beta programs if you consider yourself
sufficiently technically savvy to deal with software glitches and flaws,
particularly security software-based ones.

The updated antimalware products use reputation-based security technologies.
These are part of Symantec's new Quorum security model, which uses feedback
from millions of users to assign a reputation score to files.  Reputation
be a key component for future software updates.

The company says the changes are designed "to tackle undiscovered malware
today's toughest threats head-on".

Expected to launch this autumn, the full 2010 versions of Symantec's Norton
line-up represent a radical change of approach from the world's biggest
security vendor.  The products also include Symantec's Sonar 2 technology,
which is behavioural antimalware, as well as signature-based AV and

Imagine having to explain an email message that asks your friends for
money -
a message sent from your webmail account.

That's exactly what's happening: scammers are breaking into such accounts
and, from those addresses, sending email messages to the victims' entire
contact lists.  The messages often tout a website or ask for money directly.

It's a new, dastardly twist on an old scam.  Crooks have long used harvested
addresses in the 'From:' field on junk email to make messages look
realistic.  But because antispam measures have been getting better at
such spoofed spam, the bad guys are now breaking in and sending email from
actual accounts.

Maureen Arnold was hit by such an attack.  When she checked her MSN mail one
day, she found several warnings about undeliverable messages sent from her
account that she hadn't written, along with messages in her Sent box.

The scam email - touting a site selling electronic products - went out to
her family and friends.  Similar attacks have asked recipients to wire money
a particular account; some have even deleted an account's contact list

The attacks underscore an oft-ignored fact: webmail accounts are a major
because they have value.  A recent report by the Anti-Phishing Working Group
says the most common types of logins stolen by keylogger malware are for
financial websites, e-commerce sites and webmail.  In addition to hijacking
email account to send out messages, crooks can often glean information that
helps them break into a victim's financial accounts.

The first step to protecting your webmail is to keep your PC clean of
But this isn't a complete solution: Maureen checked her PC with multiple
security scanners after the break-in and found nothing.

Another important step is to assume that any public or borrowed computer
you've used to check your webmail account was infected with a keylogger and
that your account login was stolen.  Change your password as soon as you
can, on
a trusted, secure computer.

Jeremiah Grossman of WhiteHat Security identifies another point of entry:
often lift webmail account details after breaking into other sites.  Many
require your email address for logging in and, since many of us use the same
password to log into several sites, these details are potentially

Ensure that you use a unique password for your webmail account.  Free tools
as Password Hash (pwdhash.com) can consolidate passwords.  Second, when
up for new accounts, use a 'disposable' email address - ISPs such as BT
offer such a facility.  There's a similar feature in the premium Yahoo Mail
Plus service (ukp12 per year).  Anonymizer's Nyms service costs a similar
amount and works with any email account.


Stop potentially dangerous email chains

Regardless of your security software setup, the weakest link in the chain is
likely to be you.  These days malware exists only to generate revenue for
crooks, so cybercriminals look for the easiest ways to disseminate their

Chain emails have one thing in common: they're lies.  They are also a
brilliant way of spreading malware.  It continues to amaze us how many
will blindly forward their wild claims to friends, colleagues and family

To check the integrity of a chain email, visit snopes.com.  Snopes
and debunks the hundreds of internet hoaxes and urban legends that continue
make the email rounds.

The next time one of these messages lands in your inbox, head to Snopes and
paste the subject into the search field.  Send the results to all recipients
the original email.

Break the chain and stop forwarding this nonsense to people you care about.
Yes, I'm talking to you, Dad.

More information about the AccessIndia mailing list