But, believe it or not, in spite of all of the recent
media coverage and even newscaster hysteria about the
Conficker worm, Stuxnet, and more recently
Flame, there are many ordinary computer
users who have no current protection against any kind of
malware, especially the latest versions and iterations
of these, and older viruses.
Not good enough - really. The PC operating system must be kept up-to-date, and it can be as simple as activating the Microsoft Windows automatic update option in their browsers or visiting the Windows update webpage here --> http://update.microsoft.com/microsoftupdate
The Conficker situation presents a good example - Conficker code spreads through a security gap in the Windows operating system that Microsoft patched in October of 2008, but millions of computer owners have not followed recommendations to update their software against the loophole.
The result of this apathy? Millions of computers have been infected by it. Estimates range from 9 to 15 million world wide!
There are any number of reputable anti-virus and other 'anti-' software providers who offer reliable and effective security programs - some even free.
These must also be kept current and most all offer a variety of methods for updating - like automatic updates or alerts to which subscribers can elect to respond and download the latest virus signature data.
There is also a large number of less than reputable (rogue software) providers that offer programs which lure people into buying fake anti-virus protection as a result of displaying bogus infection results.
No one really wants to spend their time looking for the next major threat. The security software providers and organizations like US-CERT spend countless hours and much money doing that for us.
This information is available to all of us. It's just a matter of knowing where to look for it.
Here are a few places we can visit to be updated on current threats and their potential for compromising our computers, our financial resources, and our personal identities - (not listed in any order of preference)
1. symantic (Norton) Virus definitions and security Updates on the top threats http://www.symantec.com/norton/security_response/definitions.jsp
2. US-CERT United States Computer Emergency
Readiness Team - The US-CERT Current Activity web page is a
regularly updated summary of the most frequent,
high-impact types of security incidents currently being
reported to the US-CERT
SophosLabs blog where their experts discuss
Viruses, worms, spam, vulnerabilities and the latest
security attacks and threats
You can Identify rogue Software here(as published by CA.Inc)
5. McAfee lists types of recent threats, risk level and discovery date for home and home office users http://home.mcafee.com/VirusInfo/
F-SECURE Security Lab lists latest threats during
the first quarter of 09
Sunbelt Malware Research Labs - Assess the risk
level of thousands of viruses and worms listed by name
8. There are dozens more. A Gooogle search for the
better known security software developers will list
hundreds of possible resources.
(Keep in mind that these software providers must sell their products to cover the expenses of their extensive and constant research. A small price to pay for the research and development that we could not individually afford, or even know how to do ourselves)
Other major considerations in providing a secure fortress for our family and business computers include being alert to Virus Hoaxes, the afore mentioned rogue software, phishing, email threats, Spam, spyware, an on and on --
The important thing is to be aware - but not to
Security professionals are being inundated with alerts and bulletins on vulnerabilities and malware on a daily basis. The vast majority of these alerts are low-risk nuisances rather than serious threats...
...and the irony is – the more that computer users become aware of the importance of security information and Internet threats, the greater the temptation for the hackers to take advantage of this heightened awareness by scaring people into taking risks they wouldn’t ordinarily take and spending money unnecessarily.
This brief report just touches the surface of the depths to which the cyber greedy will go to take advantage of the lesser informed and more naive computer users. They are a clever lot, these hackers, and a real challenge to our friendly security software developers. They will attack major enterprises and steal from individuals.
Our best defense will be awareness and a personal
compulsion to keep our computer system security programs
and operating systems up-to-date.