Upload
schroedinger
View
667
Download
1
Tags:
Embed Size (px)
Citation preview
The Battle for Internet SafetyThe Battle for Internet Safety
Vic LaurieVic Laurie
vlaurie.comvlaurie.com
What We Will CoverWhat We Will Cover
What has changed and why the Internet What has changed and why the Internet security problem is so serioussecurity problem is so serious
The minimum defenses that the home PC The minimum defenses that the home PC owner must useowner must use
Steps for additional safety Steps for additional safety
The Bad NewsThe Bad News
Security problems are inherent and getting Security problems are inherent and getting worseworse Organized criminal gangs involvedOrganized criminal gangs involved
Defenses require work and vigilanceDefenses require work and vigilance Greater security means less convenienceGreater security means less convenience There is no perfect defenseThere is no perfect defense No one has yet written software that No one has yet written software that
guards against gullibility or greedguards against gullibility or greed
The Good NewsThe Good News
With reasonable care, most PC users can With reasonable care, most PC users can probably avoid any serious problemprobably avoid any serious problem
If a system does get infected with If a system does get infected with malware, regular backups will helpmalware, regular backups will help
The Problem Is InherentThe Problem Is Inherent
The Internet was designed with an idealistic The Internet was designed with an idealistic concept of a completely open community where concept of a completely open community where everybody is equal and anonymouseverybody is equal and anonymous Sociopaths, criminals, and stupidity were not Sociopaths, criminals, and stupidity were not
consideredconsidered The design did not take into account billions of The design did not take into account billions of
untrained usersuntrained users Windows was not originally designed for the Windows was not originally designed for the
InternetInternet Millions of old unsafe Windows PCs remainMillions of old unsafe Windows PCs remain
Social engineering is now the main threat Social engineering is now the main threat
Types of ThreatsTypes of Threats
Downloads to your computerDownloads to your computer Steal passwords- key loggersSteal passwords- key loggers Extort paymentsExtort payments Phony anti-virusPhony anti-virus Run your computerRun your computer
PhishingPhishing Nigerian and similar scamsNigerian and similar scams Phony bank sitesPhony bank sites
Bad Statistics Bad Statistics
In 2009, more than 25 million different In 2009, more than 25 million different unique malware programs were identified, unique malware programs were identified, more than all the malware programs ever more than all the malware programs ever created in all previous years. created in all previous years.
Some antimalware vendors report that 48 Some antimalware vendors report that 48 percent of the computers they scan are percent of the computers they scan are infected infected
An ad online showing bulk credit An ad online showing bulk credit card numbers for salecard numbers for sale
How Much Security Is Enough?How Much Security Is Enough?
Trade-off between security and usefulnessTrade-off between security and usefulness The more security, the less convenienceThe more security, the less convenience How to strike the proper balance?How to strike the proper balance? Depends on skill and usage habits of PC Depends on skill and usage habits of PC
ownerowner
21ZoneAlarm Internet Security
35Trend Micro Internet Security Pro
19PC Security Shield
24Panda Internet Security
15Norton Internet Security 2010
26Norman Internet Security Suite
19McAfee Internet Security
15Kaspersky Internet Security
40BitDefender Internet Security
Boot Time Increase (sec)Suite
Different Types of ProtectionDifferent Types of Protection
FirewallsFirewalls Antivirus- signature and heuristics Antivirus- signature and heuristics Anti-spywareAnti-spyware Anti-trojanAnti-trojan Rootkit detectorsRootkit detectors Link scannersLink scanners Intrusion and behavioral detectionIntrusion and behavioral detection Sandboxes Sandboxes
Criteria for Basic Defense for Criteria for Basic Defense for Average Home UserAverage Home User
Has to be simpleHas to be simple Has to be unobtrusive with few judgment Has to be unobtrusive with few judgment
callscalls Has to be automated as much as possibleHas to be automated as much as possible Has to be easy on system resourcesHas to be easy on system resources
Minimum Defenses for Average PC Minimum Defenses for Average PC UserUser
Windows firewallWindows firewall Microsoft Security EssentialsMicrosoft Security Essentials Automatic Windows updatesAutomatic Windows updates Latest Internet browser with site filtersLatest Internet browser with site filters
Internet Explorer 8, Firefox 3.6+, ChromeInternet Explorer 8, Firefox 3.6+, Chrome Anti-spyware programAnti-spyware program
MalwarebytesMalwarebytes In Windows Vista and 7, use limited accountsIn Windows Vista and 7, use limited accounts With children, use parental controlsWith children, use parental controls Regular backupsRegular backups Monitor all online accountsMonitor all online accounts
Additional DefensesAdditional Defenses
Use strong passwordsUse strong passwords Password managers, Password managers, e.ge.g., LastPass., LastPass
Intrusion detection softwareIntrusion detection software WinPatrolWinPatrol
Rootkit detectorRootkit detector SophosSophos
Use update software to check applicationsUse update software to check applications Secunia Personal Software Inspector (Secunia Personal Software Inspector (
http://secunia.com/vulnerability_scanning/personal/http://secunia.com/vulnerability_scanning/personal/)) Turn off scriptingTurn off scripting
NoScript extension for FirefoxNoScript extension for Firefox
More SecurityMore Security
Two-way firewallTwo-way firewall Use SandboxieUse Sandboxie Scan all downloadsScan all downloads
Virus Total (Virus Total (http://www.virustotal.com/http://www.virustotal.com/)) View email in text modeView email in text mode Use DNS provider with filteringUse DNS provider with filtering Use virtual machinesUse virtual machines Surf from a USB keySurf from a USB key Run LinuxRun Linux
Useful ReferencesUseful References
The Best Free Security Software for PCThe Best Free Security Software for PC http://www.techsupportalert.com/pc/security-http://www.techsupportalert.com/pc/security-
tools.html tools.html How to Block Bad WebsitesHow to Block Bad Websites
http://www.techsupportalert.com/content/hohttp://www.techsupportalert.com/content/how-block-bad-websites.htm w-block-bad-websites.htm
Network SecurityNetwork Security
Encrypt wireless routerEncrypt wireless router Change wireless router passwordChange wireless router password Do not access sensitive information while Do not access sensitive information while
using public wi-fiusing public wi-fi