Encrypt Your Email
Make sure your email provider supports secure methods for sending and receiving email — for webmail providers, that means ensuring you’re always logging on through ‘https://’ to prevent your password being sniffed out by hackers. In the case of major providers such as Google, this should now be the default, but also look for other ways in which to protect your account — see the ‘Protect Online Accounts’ box over the page.
If you use a traditional email account, check with your provider that it supports SSL, and verify you’re using those settings in your mail program to send and receive messages. This ensures your password and the content of your emails are encrypted when sent to or received from the server.
As things stand, however, the content of your email isn’t encrypted during transit, and is easily readable. If your mail provider supports TLS, it’s possible to encrypt emails you send to and receive from other email providers that also support TLS. Taking Gmail as an example, the feature is enabled by default, but look for an open red padlock when composing emails — this indicates that the receiver doesn’t support TLS, so the conversation won’t be encrypted. Otherwise, check with your email provider to see if TLS is supported, and what settings you need to apply in your client — plus check to see if it’s able to make it clear which conversations are encrypted, and which aren’t.
TLS isn’t a silver bullet, so if you want to go further (with cooperation from other individuals), look at implementing PGP mail encryption. This encrypts the mail before it’s sent, and then the recipient uses PGP at their end to decrypt the mail once it arrives. Wizards make it relatively easy to set up, but Google your email client (or webmail provider) and ‘pgp’ to find out more. password. They’d also need to know a MAC address to spoof, and know what IP address to assign to their device (as well as the IP address of your router), just to get on your network. In reality, this will make network setup longwinded, so you may want to strike a balance (perhaps leave DHCP enabled, for example).
Next, tighten your router’s other settings. Verify its firewall is switched on, and review any ports you’re forwarding — these are channels from the Internet to your networked devices, so make a note of what they are, remove any not in use, and disable those you don’t need permanent access to. Also, review your UPnP settings — these ports are dynamically allocated to applications running on your network. Disable any suspicious ones, and search for the originating apps to remove them.
It’s also important to protect access to the router’s settings. Change the default password to a stronger one (change the username if allowed, too), and look for a Remote Management or Remote Access option. This latter setting enables you (and anyone else) to access your router from outside your home network, using your public IP address (or dynamic hostname, if you have one). Disable this setting.
LOCK DOWN YOUR NET CONNECTION
Virtual private networks (VPNs) offer a number of security and privacy features — not only can you anonymise yourself and your location when connected through one, but they also encrypt all your internet traffic, which makes them an essential add-on for your laptop or tablet when surfing a public, unencrypted Wi-Fi hotspot.
There are many free services, such as CyberGhost ( www.cyberghostvpn. com), but these come with limits — CyberGhost’s only limitation is the speed of your connection, which is noticeably slower. Paid-for plans, starting from around US$6/month, lift this limit, and there’s no wait before you connect.
If you’d like to run your entire home network through a VPN, you need to use a second router that supports the DD-WRT firmware — check out www.techradar.com/1300740 for a complete guide.
BEHAVIOURAL CHANGES
Unfortunately, gone are the days when the only way malware got on to your system was through opening files or programs; these days, many threats are triggered by your own behaviour, through misdirection.
So how can you protect yourself from, err, yourself? Let’s start with email, where most of the initial phishing originated. First, treat all email with suspicion. If it’s peddling an offer too good to refuse, or making dire threats while exhorting you to click a link to verify your account or respond to some kind of dispute or offer, just take a deep breath. Re-read the message, spot the spelling mistakes, or the fact the address you’ve been emailed isn’t the one you’ve linked to your bank account. Who’s the sender? In the vast majority of cases, these basic checks will reveal that the email is a fraud.
Get into the habit of never clicking links in emails. Instead, open your browser, and visit the site specified by typing its address. But that’s not all you need to do against emails. Some contain malicious code hidden in the mail’s HTML, so configure your email client to read mail in plain text by default. Also, consider installing a mail-checking tool, such as POP Peeper ( www.esumsoft.com) or Mailwasher ( www.mailwasher.net), which can screen
mail for junk and scams, and let you preview email without downloading it. Connect using SSL or TLS (see the ‘Encrypt Your Email’ box, far left). In the past, surfing the web was a blind process — you typed in a web address and it loaded, no matter what was lurking at the other end. These days, most browsers can detect known malicious websites, and block them by default, but there are still many dodgy sites that aren’t considered direct security risks. This is where web filtering solutions, such as Web of Trust ( www.mywot.com), come in. WOT operates a traffic-light safety system, providing an icon next to web addresses (and search results) that’s green (safe), amber (use with caution), red (dangerous), or grey (untested, so be cautious). The ratings are communitybased, so aren’t always 100% accurate, but they do help flag up potentially dangerous sites, and block access to red-rated sites by default. Add-ons are available for all major browsers. Norton offers a similar feature with Safe Web, which is included as part of its Identity Safe password management tool.
Even with this extra line of defence, protecting yourself on the web requires extra effort. First, adopt the same level of scepticism to everything you see on the web as you do with email. Phishing occurs across all platforms, from pop-up pages masquerading as Windows dialog boxes, claiming you’ve been infected or need to update now, to scams in Facebook Messenger, trying on the same type of scam as found in email. You should even be suspicious of text messages exhorting you to share your two-factor authentication code “for security purposes”.
First, don’t react immediately. Neither should you try to close the window, unless you’re confident that what you’re clicking is the close window dialog box, and not a spoofed one. Instead, use Task Manager to close the process. Under no circumstances give out any personal data, regardless of who is apparently asking for it.
Another way to tighten web surfing is to use a secure web connection (https://) whenever you can. Some sites
automatically use secure connections, but others don’t — even though they support them. Force all compliant sites to encrypt your connection by installing the HTTPS Everywhere add-on for Chrome, Firefox, and Opera ( www.eff.org/HTTPS-everywhere).
MALICIOUS ADD-ONS
Browser add-ons such as WOT and HTTPS Everywhere help tighten browser security, but it isn’t surprising that not all add-ons are what they seem, with many able to track your movements and steal personal data. Malicious add-ons have been injected into the Chrome Web Store in the past, while some cybercriminals buy up legitimate add-ons, only to introduce nasties through updates, which are automatically installed. Even those add-ons that appear to be reputable can sometimes be poorly coded in such a way as to make them vulnerable to exploits.
First, exercise extreme caution before installing any add-on — do all the usual checks, such as checking who the publisher is, and reading reviews (and paying particular attention to any that allege the add-on is spyware or spam). Google the name and words such as ‘malware’ or ‘exploit’, to see if they’re linked in any way. Check the permissions (particularly during an update, where an add-on may ask for additional permissions it didn’t previously need), and ask yourself why it wants them. Also regularly check your browser extensions, removing any you no longer need or don’t recognise.
Consider using bookmarklets, too, instead of add-ons — bookmarklets contain tiny bits of code that do simple things, such as tweeting the current page, but they can’t automatically update, and only run when you click the bookmarklet. Again, be sure to obtain these from reputable sources, and be as sceptical as you would with an add-on.
DOWNLOAD PROTECTION
Downloads are a common source of malware, so make sure the installer is scanned by your anti-malware tools before you launch it — right-click the file to find the relevant option, such as ‘Scan with Malwarebytes AntiMalware’, if it’s not done automatically (Norton pops up a message in the Taskbar Notification area to tell you it’s scanning the file, for example).
An increasing number of developers provide checksums for the software you’ve just downloaded. These checksums, also known as signatures or hashes, are typically used to verify a download isn’t corrupt, but can also be used to calculate its authenticity, too. You need a third-party tool to generate the ‘hash’ of the file you’ve downloaded, then you compare this with the checksum given online — it’s not definitive proof, by any means, but it’s a useful extra step.
There’s a number of different hashes used: MD5 and SHA are the most common, and the MD5 & SHA Checksum Utility ( https://raylin. wordpress.com) makes it easy to verify either type. Just select your downloaded file, then paste in the hash from the webpage, and click ‘Verify’ — the program quickly confirms that the two match.
There’s one major development to look out for when downloading software. An increasing amount is shipped as ‘ bundleware’, which means it includes other program installers, offered to you during installation. Reputable installers make these offers crystal clear, and make it obvious how to opt out of them, but an increasing number don’t, making it all too easy to accidentally install unwanted extras, not all of which are desirable.
It’s not just individual programs, either — major download sites (we’re looking at you, Download.com) have also started bundling extra unwanted software with downloads, and some of this is little more than ‘crapware’, or even borderline malware. In the case of Download.com, examine the green ‘Download now’ button carefully for a greyed-out ‘Installer Enabled’ sign — if it’s there, it means the application is installed using Download.com’s own installer, which contains bundleware. You’ll find that MD5 & SHA Checksum Utility is downloaded through Download.com, but thankfully there’s no bundleware included.
Programs such as Unchecky and the Premium version of Malwarebytes screen most of these out — you still get the original program, but they either change the bundleware’s default settings to prevent the extra programs being installed by default, or may block the bundleware portion of the app. Either way, you get a notification that they’ve worked on your behalf.
Even if you have these programs installed, they’re not foolproof (particularly Unchecky). Therefore, you need to take extra care during the installation process — look out for licence agreements referring to other programs, and examine any checkboxes carefully to ensure you’re not about to inadvertently install an unwanted extra. Some offers come with ‘Accept’ and ‘Decline’ options — choose the latter, and you move on to the next part of the process, or close the installer and source a different program that doesn’t take such risks with your security (often, authors have no control over what bundleware is installed with their program).
Fan of torrenting? You need to be doubly cautious — torrents from official sources (such as Linux installer ISOs) are usually safe, but if you’re venturing into dodgy territory, looking for the latest TV episodes, be very wary. Check comments and reviews of individual torrents to see if anyone else has spotted anything dodgy, and run the usual scans before opening any files.
SOCIAL NETWORKING
One way in which we inadvertently hand out personal data is through our social networking profiles. Ask yourself if you really want to share
your birthday publicly with everyone on Facebook, or why a particular social networking add-on needs to know so much personal information about you. Take the time to check your profile’s privacy settings on all your networks, to review what data you’ve handed over to the network, and how much of it is public. Avoid making public posts that unintentionally give out information you use as security questions elsewhere (your mother’s maiden name, for example, or the city of your birth). And, as always, ensure your accounts are protected by strong passwords, with two-factor authentication where possible.
Many web links shared over social media — particularly on Twitter — are often shortened to save on characters, but how do you know the link published is genuine? Visit checkshorturl.com, where you can input the shortened link to examine the original webpage it points to, plus check the link’s safety ratings on WOT, Norton and various other reputable sites.
RANSOMWARE
One of the biggest threats in recent times comes from ransomware, specially formed malware that locks you out of your PC or your data (typically by encrypting it), before demanding a ransom in return for receiving the code required to unlock it. One clever trick on the thieves’ part is to ramp up the pressure by hiking up the ransom cost the longer you delay. Most anti-malware tools should offer some form of protection, but check with your vendor to see what it can and can’t do. BitDefender has released a ‘vaccine’ that can block some ransomware, by tricking it into thinking the computer is already infected — see the March 28 entry under https://labs.bitdefender.com/blog/ for details and a download link.
The most effective way to protect against ransomware is to keep your PC backed up — a drive image of an entire drive, or file-based backups of your data (including cloud services, such as OneDrive) ensure you’re protected. In the case of file-based backups,
these offer multiple versions of your files, enabling you to roll back to a pre-hijacked version; drive images enable you to wipe the drive and restore Windows, your apps, settings and data from scratch, with all but those changes made since the image was taken. Use a tool such as Macrium Reflect Free ( www.macrium.com/ reflectfree.aspx), with daily incremental images to keep the file size down.
Try to keep at least one copy off-site — in other words, not directly connected to your computer. Otherwise, it’s possible that the ransomware could locate the backups and encrypt those, too.
Future attacks may target your cloud storage, for example.
REPAIRING THE DAMAGE
It’s not always possible to keep infections off your system, so what can you do if they get through your defences? If your system is working, try running scans with your existing tools — reboot into ‘Safe mode with networking’ if necessary, via ‘Start > Settings > Update & Security > Recovery > Restart now’, to access the Advanced start-up menu.
From here, choose ‘Troubleshoot > Advanced options > Startup Settings’, then restart, and pick option 5. If this fails, you need some additional tools. First, download RKill and ADWCleaner from https://toolslib.net (use another PC if necessary, transferring them across on CD or DVD). Run the former to terminate known malicious processes, but don’t reboot if prompted. Next, launch Malwarebytes, update it, then select ‘Settings > Detection and Protection > Scan for Rootkits’, before running a Threat Scan, letting it clear everything it finds. If you need additional cleaning of adware, browser toolbars and hijackers, and other PUPs, run ADWCleaner, plus Malwarebytes Junkware Removal Tool ( www.malwarebytes.com/junkware removaltool), which may find things missed by Malwarebytes itself. See the box on the right for tips on removing ransomware.
Another tool to consider is the Emsisoft Emergency Kit — this is a portable dual-engine scan and remove tool, which can be downloaded direct to a portable USB drive on another PC (be warned: it’s rather large, at 228MB). Run the tool once on the second PC, and update it when prompted, then plug it into your sick PC, and let it attempt to find and remove the nasties.
Once your PC is clean, you may need to perform certain repair tasks. NetAdapter Repair All In One ( https:// sourceforge.net/projects/netadapter) can help with broken Internet connections, for example, while the Windows Repair Tool ( www.tweaking. com) can give your system the onceover, as well as restore functionality, such as resetting Registry and file permissions, removing policies set by infections (such as blocking access to Task Manager or Regedit) and repairing Safe mode.
With your PC running smoothly, follow our tips to tighten security, then restore any backups if necessary. With a fair wind, you’ll put your security scare behind you, and sail into calmer, safer waters going forward.