Anti-virus software isn’t the only computer security tool
Byron Acohido
USA Today
A browser message touts Firefox 2’s phishing-alert capabilities. Internet Explorer 7 is also designed to steer users clear of bogus websites.
Mike Saign smelled something fishy about the e-mail he received — purportedly from an eBay auctioneer — accepting his lowball offer for a high-end golf club.
The sender claimed his PayPal account was down and asked Saign to wire payment to him via Western Union. Instead, Saign, 25, downloaded Iconix e-mail ID, a free tool that pegged the e-mail as a fake.
Saved from being scammed, Saign, a real estate adviser, disabled Iconix and hasn’t used it since. “I feel like the security software in a normal computer keeps you away from most bad things,” he says.
That’s not necessarily so. Fraudulent e-mail and tainted websites are more prevalent than ever. Spam, much of it pitching fake drugs and financial scams, accounts for 80% of all e-mail, says Symantec. The number of new strains of malicious programs increased fivefold in 2007 over 2006, and about 20,000 new malicious programs are unleashed on the Web each day, says AV-Test Labs.
Yet most consumers are in a fog about the array of tech security tools they can — and probably should — use to protect themselves, tech security analysts say. Craig Spiezle, Microsoft’s director of security and privacy, says his own wife couldn’t tell anyone which security tools they really ought to be using. “The big challenge we’re dealing with is the volume and velocity of new threats,” says Spiezle.
Tech security companies add to the confusion by focusing on solving very specific problems. “We’re in a pandemic situation with consumer infections,” says Chris Rouland, chief technology officer for IBM Internet Security Systems. “And no one has figured out a business model to cure that.”
The result: Home PC users are left to decipher for themselves what set of security products they ought to be using and how much protection they are actually getting.
“There are many tools in the armory, but each will only offer narrow protection,” says Paul Wood, senior analyst at e-mail management firm MessageLabs. “Therefore, consumers need to try to understand what each of these tools actually tackles.”
Anti-virus programs fail to catch every malicious program. So keeping anti-virus subscriptions current isn’t enough. Consumers must also get in the habit of quickly installing all software program updates from Microsoft, Apple, Adobe, Mozilla and Java, because many contain the latest security patches.
Beyond that, consumers should consider using:
•Certified e-mail. Iconix and Goodmail each sell services to businesses that assure the authenticity of e-mails sent to customers. Iconix recently launched e-mail ID as a free program consumers can install in their Web browser. The program verifies e-mail sent from 500 companies, including eBay, PayPal, Citibank, Amazon.com and Expedia.
“This additional tool can help consumers know for sure whether they’re dealing with a safe e-mail message,” says Jeff Wilbur, Iconix marketing vice president.
•Web page scanners. These tools use varying technologies to gauge the reputation of most Web pages. Programs such as AVG’s LinkScanner, ScanSafe’s Scandoo, Trend Micro’s TrendProtect, McAfee’s SiteAdvisor and Finjan’s SecureBrowsing grade Web pages as safe, unsafe or questionable.
Web scanners aren’t perfect. But they provide a layer of protection against what has become cybercrooks‘ favorite way to spread malicious programs: via the Web. “The more layers you have, the safer you are,” says Roger Thompson, AVG chief research officer.
•Browser security tools. Microsoft’s Internet Explorer 7 and Mozilla’s Firefox 2, the most widely used Web browsers, both offer anti-phishing filters that alert users if they try to click to bogus websites set up to fool them into typing passwords and other sensitive data. Microsoft distributes IE7 with this feature disabled, so users must choose to turn it on. Firefox 2’s anti-phishing filter is always on.
Mozilla is in the final testing phase of Firefox 3. It will feature a much broader “anti-malware” filter designed to block Web pages tainted with programs that can turn a PC into a spam-spreading bot, or imbed a key-logger that steals all valuable data typed by the user. If a user tries to click to a known malicious page, a red screen appears and a button labeled “Get me out of here!” returns the user to the browser’s home page. Firefox 3 is expected to be ready for free public use by the middle of the year.
“There are no 100% solutions in security,” says Window Snyder, Mozilla’s chief security officer. “But we can get better step by step, and that’s what all of these technologies are doing.”
