Follow PC Advisor's simple advice to beat even the most cunning cybercriminals.

For years, getting a virus was seen as the ultimate disaster that could befall an innocent PC user. Fall victim to the dastardly doings of an evil hacker and Armageddon was sure to follow.

These days, we take a more measured view of viruses. Security software has become more sophisticated and the average PC user is now a little more savvy about practising safe computing.

The mass adoption of two-way firewalls has helped a great deal, as did the launch of Service Pack 2 for Windows XP – the most prevalent operating system (OS) out there. Vista purports to be more secure still. Limiting potential damage by placing restrictions on what individual users can install and the way they can use their PC has also helped.

SEE ALSO:

Antivirus software: the basics

Even so, a quality antivirus program – be it a paid-for application such as Kaspersky Antivirus or a freebie such as AVG – is an absolute must.

Malware continues to evolve at a rapid rate and it's all security program developers can do to keep up.

Thankfully, antivirus definitions are being constantly updated with an outbreak-to-patch time of less than a day in many cases. Time to exploit can be even quicker.

Few viruses are actually new, however; they're merely variations of others. That's why it's so important to get an up-to-date virus scanner with good heuristics.

Heuristics is the ability of the detection engine to spot patterns of behaviour and file structures characteristic of malware. It's the front line in preventing infection by undiagnosed viruses and offers an early warning to your PC's defences.

Many security firms issue weekly or monthly reports outlining the biggest security threats they've come across. As well as warning home and business users about dodgy files and email messages, these provide a snapshot of the speed at which online threats evolve, and allow security commentators to get an idea of the sorts of exploits that are currently at large.

But these bulletins only tell us about the threats that have already been identified. Security software vendor PC Tools issued a statement recently claiming that such warnings of the biggest current threat based on volume were oversimplified and served little purpose for the average user. And there's some truth in this, since the volume of a particular threat does nothing to describe how malevolent a rogue file is and how much damage it could do to your computer.

Even so, it pays to be aware of current threats, since it won't necessarily be the newest malware that turns out to be your undoing.
The likes of McAfee and Symantec issue such lists to raise public awareness of current threats, but also maintain a database of them on their websites for consumers to check suspect files against – a useful resource if you're unsure whether to trust a download or email.

NEXT PAGE: scan your emails > >

  1. Antivirus software: the basics
  2. Scan your emails
  3. Simple steps to keep safe

Visit Security Advisor for the latest internet threat news, FREE net threat email newsletters, and internet security product reviews

Follow PC Advisor's simple advice to beat even the most cunning cybercriminals.

Scan your emails

Since many items of malware are transmitted via email, it's important that you use an email scanner. Webmail services offer a basic scanning engine. Ensure yours is active.

Gone phishing

These days, of course, email has become synonymous with phishing attempts.
Judging by the number of alerts that arrive in PC Advisor's inboxes, bank-related phishing email is alive and well. One that arrived in March was particularly well-crafted and took us to verifiable links to the Royal Bank of Scotland – it was so convincing that we felt obliged to use the contact number provided on the site to check whether this really was a hoax email. The number was legitimate; naturally, the email wasn't.

Phishing emails aren't always so clever. We've since received one purporting to be from the same source that had telltale spelling mistakes in the body copy – but, given that such mailouts can spoof website addresses as well as the apparent source, it won't always be so obvious.

Email scams

And then there are the tales of woe. Take Dr Husain Amir, for instance. The former merchant was doing quite nicely in his Dubai tax refuge, until tragedy struck some months ago and his beloved wife and son were left in penury. Naturally M'beloved one', she asks for help accessing the $5m her late husband left her – and a share of the fortune will be ours.

Needless to say, this story isn't quite on the level. But with such scam emails increasingly common and identity theft now accounting for the loss of more than 220 million records in the US in the past three years alone, none of us can afford not to take responsibility for keeping our personal data safe.

We Brits also face the added worry of a government with a dubious track record when it comes to looking after our details.

  1. Antivirus software: the basics
  2. Scan your emails
  3. Simple steps to keep safe

Visit Security Advisor for the latest internet threat news, FREE net threat email newsletters, and internet security product reviews

NEXT PAGE: simple steps to keep safe > >

Follow PC Advisor's simple advice to beat even the most cunning cybercriminals.

Simple steps to keep safe

IdentityTheft.org and Get Safe Online urge consumers to be vigilant about any unsolicited financial emails they receive.

Get Safe Online offers a 10-step checklist to help you work out how clued up you are about online threats and to educate the more wide-eyed and innocent web user. Refresher courses are recommended.

Even if you're certain an email came from your bank and you genuinely need to re-verify some of your account details, call your branch first to be sure that's the case. Most state that they will never ask you to do any such thing.

Whatever you do, don't click on the link in an email and blithely follow it online.

What looks like a legitimate web address could just as easily lead you somewhere else entirely. Sometimes you can recognise a spoof link because the website it takes you to is different from the URL you expect.

Hover your mouse over the address info on the bottom left of your browser window and check it matches the address you think you're visiting.

Another telltale clue is when the web address is a confusing, mangled mess of letters, symbols and numerals. Microsoft's Internet Explorer 8.0 browser will try to combat this by highlighting the significant portion of the address in question, so you can easily see where you're really being taken.

It will also actively prevent you visiting a site it's blacklisted.

Typing in the web address yourself is the only way to be sure you're going to the address you want – and if you're not sure it's the right site, there are some simple checks you can try. Enter the company name into your search engine and see what's given as the main website address.

Two other basic things to look for when evaluating whether a website is legitimate: a padlock icon to indicate it's secure, and the prefix 'https://' at the start of the address (rather than just ‘http://'). The 's' part refers to a secured server.

Be particularly cautious when using an online banking facility or logging into a website where you're buying goods by credit or debit card. Never use automatic logins or password autocomplete options on such sites.

Finally: get good advice

Website browsers and email clients now routinely use a traffic-light system to let you know whether a website you're trying to access is all it purports to be. McAfee's Site Advisor is one example. It sits in your browser and flags up sites that are unsafe. A similar setup governs email links and instant-messaging conversations.

  1. Antivirus software: the basics
  2. Scan your emails
  3. Simple steps to keep safe

Visit Security Advisor for the latest internet threat news, FREE net threat email newsletters, and internet security product reviews