I'm sorry in advance if this post comes of a bit like I'm about to promote a product or service, but I don't have any specific software endorsements. My intent is endorsing behavior.
A somewhat common theme in malicious software is it being delivered through advertising on websites. Frequently it isn't necessary to even click the ad for it to be an issue. An example is this fairly large scale malware campaign that hit a lot of very high profile websites.
Malvertising Campaign Infected Thousands of Users per Day for More than a Year (link opens in new window)
The concern here is that major websites don't spend the resources for vetting all advertising featured on their page. As a matter of good security practice, running ad blocking is now a part of maintaining good security. But it is important what adblocking software you use as one very large provider, Adblock Plus, does let companies pay to have their ads not blocked by default which does somewhat defeat the purpose from a security perspective (though you can turn that whitelist off).
Over 300 businesses now whitelisted on AdBlock Plus, 10% pay to play (link opens in new window)
So with that in mind, here are a some suggestions in terms of best practices generally recommended:
1) Run some form of anti-virus software. No one title is perfect, but something is better than nothing. 2) Look to run malware/adware specific checks. There is software specifically for checking that kind of software. This is in terms of things that re-direct your search preferences and similar hijacking tools.
3) Don't try to run multiple anti-virus programs as they frequently will conflict making your system less secure.
4) Run some form of adblocker in your primary browser.
5) Set up at least one standard user/non-administrative account on devices that allow it and use it as much as you can (this is mostly a suggestion for home as at work I don't see a way to make it work). This is even more important with a shared computer.
6) When you do install software, be mindful of what else it might be asking to install with it. Adobe Flash and Reader updates are fairly notorious for including options for unrelated applications (and somewhat ironically, they are usually for security software) that have to be unchecked to prevent installation.
Malware is also possible on mobile devices so preventative steps there are mostly about staying safe about where you get software from. Here's an article with some tips.
How to prevent mobile malware in 3 easy steps (link opens in new window)
Tip number 3 in this article is the most difficult as phones tend to depend on the service provider to push updates out so that is something to keep in mind. This is a much bigger issue with Android phones than Apple or Blackberry (as the article points out, Android is targeted more. This is likely because it's less restricted in how you install apps), but there are anti-malware programs for the Android platform available.
No comments:
Post a Comment