FREEDOM FROM CYBERCRIME
Date of Publishing:16/8/2010
Location:Bangalore
Combine common sense and anti-malware product
The internet has become an integral part of our lives. There is little we do without it these days — we book movies and flight tickets online, ‘google’ for information, send emails to friends, ‘tweet’ to Shashi Tharoor and Lalit Modi on the IPL, ‘follow’ Shah Rukh on Facebook and much more. But everyone needs to be aware of the dangers of getting connected to an ‘instant’ network that can have both friends and foes on it at the same time.
The threats on the internet are real and one is exposed the moment he connects. Eager and greedy cybercriminals wait and prowl for innocent victims to exploit them of their money, reputation and even lives. In an ageless, faceless, borderless world, victims range from children to grandparents, men and women, young and old — literally anyone who can type on the keyboard, but are unaware of the fundamental man-machine hygiene that is required when they connect online.
Social engineering is a classic route that essentially taps vulnerabilities of the human mind, and hackers exploit software and hardware vulnerabilities to take over machines.
Common sense and awareness is the best protection against social engineering. "Don't talk to strangers", "Don't reveal your password", "Don't mail your credit card information", "Don't accept an invitation from someone you don't know", "Be careful posting personal information", "Use account names that are not easy to decipher", "Use strong passwords" — are examples of common sense protection against social engineering.
Basic software and network protection like using reputed anti-malware products will also guard against the evil designs of hackers. Today, the nature, scope, speed and sophistication of attacks have changed significantly. While anti-malware technology still continues to rely on traditional signature based approaches that are generally re-active in nature, there is an increasing emphasis on pro-active approaches that result in superior and faster protection.
The move is towards 'real time protection' that relies on behavioral and reputation based identification of malware. A good example is the real time threat intelligence 'in the cloud' that is integrated into traditional detection techniques — a trend setting approach taken by security vendors like McAfee.
Another area of shift is to use 'whitelisting' as opposed to traditional 'blacklisting'. This is a replication of typical human behaviour. You worry less about someone with a good reputation versus someone you have no idea about. With 'white-listed' files or applications or processes you typically cut down on the data that you have to deal with as it allows you to focus just on the ones that do not have a good reputation score.
Additionally, with risk and compliance applications, enterprises and consumers can identify vulnerable points within their network and take remediation action that can 'bump' off intruders from the network or 'quarantine' vulnerable digital assets that do not conform to pre-set security rules.
Ultimately it is a combination of common sense discipline coupled with basic up-to-date machine and network protection that will go a long way in ensuring peace of mind and freedom on the internet.(The writer is senior director for engineering in McAfee India Centre)
Web Resource for Reference of the Above Mentioned Article: