Most security attacks are targeted at a few weak points on your PC that aren't that hard to protect. Follow these simple tips, and you'll be a whole lot safer.
Fix 3: Let the latest browsers fight for you
The most insidious hijacked web pages are nearly impossible to spot. Tiny snippets of inserted code that don't display on the page can nevertheless launch devastating behind-the-scenes attacks.
Trying to avoid such pages on your own is asking for trouble, especially since crooks like to hack popular sites, for example Sony. But new site-blocking features in the just-released Firefox 3 and Opera 9.5 browsers provide some shielding.
Both browsers expand on the previous version's antiphishing features to block known malware sites as well, whether they're hijacked pages on legitimate sites or sites that were specifically created by bad guys. Neither browser completely eliminates the risk of landing on such pages, but every additional layer of protection helps. Microsoft plans to add a similar feature to Internet Explorer 8, but this version won't be ready for prime time for a good while.
Fix 4: Sidestep social engineering
The most dangerous crooks use clever marketing to get you to do their dirty work for them and infect your own PC. Lots of social engineering attacks are laughably crude, with misspelled words and clumsy grammar, but that doesn't mean you should dismiss the danger.
Every now and then, a well-crafted attack can slip past your defenses and lure you into opening a poisonous email attachment or downloaded file. A targeted attack might even use your correct name and business title.
To fight back, turn to a simple but powerful tool: VirusTotal.com. You can easily upload any file (up to 10MB) to the site and have it scanned by a whopping 35 different antivirus engines, including ones from Kaspersky, McAfee and Symantec. A report tells you what each engine thought about your file. While some (such as Prevex) are prone to false alerts, if you get multiple specific warnings that include the name of the particular threat, then you almost certainly want to delete the file.
A lack of warnings doesn't guarantee a file is safe, but it does give you pretty good odds. Use VirusTotal to check every email attachment and download you're not 100 percent sure about, and you'll avoid insidious social engineering.
If using VirusTotal starts to become a habit (not a bad idea) and you want to make sending files for scanning to VirusTotal really easy, download the free VirusTotal Uploader. Once you've installed the utility, just right-click a file, and you'll see an option (under Send To) to upload it to the VirusTotal site.
NEXT PAGE: Get the jump on fast-moving malware
- Tips to ensure your PC is a lot safer
- Let the latest browsers fight for you
- Get the jump on fast-moving malware
- Develop an antiphishing habit
- More quick fixes