The price of security

T

The announcement of a $250K bounty (a little while back) for the heads of those responsible for the Conficker worm is a good one. Let’s hope this kind of practice is extended to cover all kinds of virus/worm production. Especially in the current economic climate, the motivation for fame (one of the reasons hackers build these viruses and worms in the first place) could be countered by the thought that one of their strapped-for-cash hacker mates might switch to dobbing them in…

The bounty also serves as a reminder that so many computers still get infected. Millions it seems are being hit by worms. This is interesting to me, because I can honestly say I can’t remember the last time I was even touched (let alone infected) by a virus, worm or other attack. I’m guessing it must be 5+ years ago at least. In fact, at times I’ve wondered if the $50 I shell out each year to continue my AVG subscription is even worth it.

But I realise I’m a rare case:

  • My machine is always up-to-date via Windows Update
  • AVG is always up-to-date
  • The people I interact with are security savvy (and thus the emails/files/etc they send me are clean)
  • The sites I visit are predominantly IT related and thus likely maintained by people who understand good practice
  • The company firewalls I’ve worked within have been well protected, plus
  • I’m lucky (just saying)

Summary: I swim in a very clean little pond.

So, note to self: be aware that millions do get infected; make sure I don’t get complacent; and continue to be vigilant in keeping my machine updated. And I’ll happily continue to pay my $50 each year.

I guess there’s also another possibility – perhaps I’m infected and I don’t even know it…

2 comments

  • Hey mate,

    Never only believe anti-virus (AV) software. Of course, you may use an AV package for regular checking if you are not VERY confident about what you have done, but never rely on it.

    For me, I haven’t installed *any* AV software on my computers for more than 15 years, and the machines never got infected.

    Basically, four points are recommended for Windows users.

    1. Make sure the system is fully patched and updated (including root certificates!)
    2. Disable ActiveX for non-Microsoft sites.
    3. Disable scripts for untrusted sites, by default.
    4. Run downloaded programs in a separated VM if you have to use them.

    Additionally, better not use IE. :-))

    Cheers,
    Bing

  • Hey mate,

    Never only believe anti-virus (AV) software. Of course, you may use an AV package for regular checking if you are not VERY confident about what you have done, but never rely on it.

    For me, I haven’t installed *any* AV software on my computers for more than 15 years, and the machines never got infected.

    Basically, four points are recommended for Windows users.

    1. Make sure the system is fully patched and updated (including root certificates!)
    2. Disable ActiveX for non-Microsoft sites.
    3. Disable scripts for untrusted sites, by default.
    4. Run downloaded programs in a separated VM if you have to use them.

    Additionally, better not use IE. :-))

    Cheers,
    Bing

By Craig Bailey

Archives