The other day, thousands of stored images from my wife’s photography business disappeared from her computer. Up popped a message warning her that the machine was infected with malware, and suggesting she buy a piece of software to clear up the problem.
The computer had been hit by the Smart HDD computer virus, which tries to scare victims into buying bogus software. My wife’s computer’s security software, Microsoft Corp.’s Security Essentials, hadn’t done a thing to protect the computer from attack.
Perhaps if she had used a different security program, it would have been all right; perhaps not. Or she might have bought an Apple Inc. Mac computer, which is far less susceptible to infiltration. But even Macs are getting attacked these days.
There’s really no fail-safe defense. But to protect your data, privacy, and sanity, you’ve got to try.
Despite their weaknesses, a good antimalware program — frequently updated — is essential. Install regular updates for your computer’s operating system and for all the software you use. It’s also vital to back up all essential files, to use good, hard-to-guess passwords, and to store those passwords in a safe location.
I have used Microsoft Security Essentials for years, largely because it can be downloaded free at Microsoft.com. The attack on my wife’s computer was the first time I have seen it fail. But no product is perfect. New threats spring up every day, and it takes time for the virus fighters to update their products. Still, antimalware programs work against thousands of malware attacks. So use them, and make sure to install the regular updates.
Also, fire up a firewall, which blocks unused entry points into your machine. Windows and Mac computers both come with built-in firewalls; just make sure they’re switched on.
Set your machine to automatically download and install updates for the operating system. Windows and Mac software are routinely patched to fend off newly discovered attacks. Applying these patches can save you lots of grief.
But online criminals also target the applications on your computer. These are the programs that actually do stuff, like music players or video editors. Some programs, including Adobe Systems Inc.’s PDF document viewer, warn you that they need updating. But others won’t. So I run the Secunia Personal Software Inspector, a free program at secunia.com that identifies all your apps, then checks to see if updates have been issued. In many cases, Secunia PSI will download and install the patches for you.
With luck, these tools may fend off invaders. But you’ve got to be ready if they still manage to get in.
“Rule one: Back up, back up, back up,’’ says Bruce Schneier, author of several books on computer security. He’s right — not having a second copy of your critical files is inexcusably dumb. That’s why my wife’s photos had been copied to a backup server. You might prefer to copy your vital documents to a simple external hard drive, burn them onto DVDs, or sign up for an online data backup service like Carbonite or Mozy. For a fee, these companies will copy your files to an online data center for safekeeping. Whatever you do about backup, do something.
If you’ve got lots of secrets to protect, consider using an encryption program that lets you scramble data so that it’s unreadable even if stolen. Macs have an encryption feature built in, while Microsoft includes it only with the high-end versions of Windows 7. But there are commercial crypto products on the market, as well as the highly regarded program TrueCrypt that you can download free at Truecrypt.org.
You also need a strategy to protect your passwords. In the past year, my Gmail and Twitter accounts were both hacked. In both cases, it was my fault — I used easy-to-guess passwords. I now use much tougher passwords, utter gibberish, in fact. But I don’t memorize them, or store them on my home computer where some intruder might steal them.
Instead, I use LastPass, an Internet-based service that automatically generates hard-core passwords for your favorite online services, then stores them in the online cloud. I can access my passwords from any Internet-connected computer, tablet, or smartphone. And I only need to remember one password — the one that unlocks LastPass. For $12 a year, it’s an excellent security investment.
By the way, my wife’s photos hadn’t really been deleted. Smart HDD just hides them, and I was able to track down the images. But the next virus might do real damage. In the end, the only defense is eternal vigilance.