|Page (1) of 1 - 10/25/05||email article||print page|
How Designers can avoid Internet security risks
For designers nationwide, computers are being used for a wide range of activities. From work-related activities to managing financial accounts, communicating with friends and colleagues, conducting research, and more, the PC has become a critical component of everyday life.
However, as dependence on PCs and the Internet increases, the security risks associated with Internet use increase?and evolve?as well. Online threats now include viruses, spyware, worms, phishing, and many others. Unfortunately, when a computer becomes infected, productivity and peace of mind are compromised.
Many users take precautions by employing antivirus software and personal firewalls to defend themselves against these attacks. Although these tools are critical in protecting against malicious Internet-borne threats, users should also educate themselves about behaviors that may expose them to Internet security threats. Making themselves aware of common security mistakes can help them take measures to avoid them.
Since threats to computer users now come from a range of sources, design professionals need to understand all possible vulnerabilities to guard themselves against the increasing number of digital attacks. In the last couple of years, the computing community was introduced to a new kind of threat?one that could pick and choose its point of entry based on the security roadblocks it faced. These ?blended threats combine, or blend, a number of dangers together into one, multi-pronged destructive force. Many blended threats require no human interaction to spread, so they can have an unbelievable infection rate. Additionally, once blended threats gain access to and infect a computer, they are usually very malicious.
Most internal threats to security take advantage of social engineering tactics?the act of creating a computer security threat that invites users to activate it. Social engineering methods can take a number of different forms. For example, the Sobig.F worm used a social engineering tactic by ?spoofing the email address, making it appear that the infected email came from a known party. Additionally, the subject lines were designed to look credible, like ?Re: Thank you! or ?Re: Approved. Design professionals need to be aware of these types of threats so they will not be easy prey for such attacks.
Viruses and worms are often spread via email attachments. If unsolicited email attachments are opened, or if a user does not have an antivirus product that scans attached documents for viruses before opening them, a computer or network can become vulnerable to virus attacks. Therefore, designers should be educated about viruses, how they spread, and the potential damage that will occur if a virus is launched. Antivirus software should be installed and updated on each computer, including laptops, to help deal with ongoing email threats.
Instant messaging has blossomed to become a staple for tens of millions of Internet users around the world. But people who use Internet Relay Chat (IRC) and Instant Messaging (IM) services such as MSN Messenger, Yahoo Messenger, AOL Messenger, and others should know about ploys that might be used to lure them into spreading viruses, worms, and Trojan horses as well as blended threats. Virtually all freeware IM systems have features that bypass traditional firewalls, and most allow users to exchange files with each other in an unencrypted form. This makes IM the perfect vehicle for fast-spreading computer worms and blended threats. The best protection against any threat spread through IM file transfers is to deploy up-to-date antivirus software on your computer preferably with protection for IM applications.
Peer-to-peer networks, which allow people to swap electronic files over the Internet, have recently gained momentum with searchable peer-to-peer network file databases, increased network connectivity and content popularity. Many peer-to-peer programs contain spyware, which allows the author of the program and other network users to monitor the infected systems online actions and steal information. In addition, many files that appear harmless, such as some designed to look like music or photos, can contain viruses.
Computer users have a way to protect their information and computer through the use of passwords. Yet most people choose convenience over protection by creating protective passwords that are made up of easy numeric patterns or familiar names. Choosing strong passwords takes minimal effort but can go a long way to protect a computer or network from security breaches. Passwords should be six to eight characters in length and contain letters, numbers, and symbols. Passwords with common words, names, or dates should never be used, as these are easy for hacker programs to crack. Design professionals should protect passwords like they would the PIN number to their bankcards. And they should not give out passwords to colleagues or store passwords near their computers where others might easily find them.
Designers should also consider the following list of practices in order to bolster security:
- Do not allow multiple employees to share a single login account.
- Turn computers off before leaving work each day.
- Routinely check for updated virus definitions and patches.
- Change passwords regularly.
- Install and use antivirus programs.
- Install and use a firewall.
- Make backups of important files or folders.
- Do not download free software, music files, or screen savers from the Internet.
- Keep IM use to non confidential or non-sensitive conversations only.
Security technology alone is not enough to secure a computer from attack, as many users have learned the hard way. Designers who are uninformed about security leave themselves exposed to security risks. Security education, in addition to security software, needs to be employed in order to minimize gaps in security. Users who educate themselves about security and who use security software are better protected from the hazards of Internet attacks: lost data, lost productivity, and lost time.
About the Author
Laura García-Manrique is Senior Director of Product Management for the Consumer Products and Solutions division at Symantec Corp (www.symantec.com). García-Manrique and the product development teams at Symantec design and build security products for individual users and small businesses, with a focus in building user centered protection that is industry best.
Related Keywords:internet security, antivirus, viruses, spyware, worms, phishing