Pages

Wednesday, April 4, 2018

Was I right about Facebook 7 years ago?

Oh my, the Facebook...

It took about 7 years to prove my opinion about the Facebook. Look into my old article about the cyber weapons.

In my article, I have noted:
"For instance, with over 350 million users (!) of Facebook, this social networking web site becomes a prime target for cyber-gangsters. I have no doubts that the FSB (former KGB) has a copy of all Facebook accounts coupled with scientific analysis software to filter down the most useful intelligence data on citizens of many countries, and especially, United States. Hey, it's almost free database with people who have no clue that their opinions, personal information, employment, personal preferences, and pictures are being thoroughly analyzed and stored in the mainframe computer. I would be surprised if China is not following the same plan, or, perhaps, Russians share their intelligence data with their partner? Thank you, Facebook!"

Will the latest news (and the stock market reaction to it) become the trigger for people to think about their Facebook accounts? Will they finally realize that the social networking = no privacy protection?

On April 3rd, 2018 Facebook has announced that the majority of its 2 billion users very likely have had their public profile information "scraped by outsiders without their explicit permission" not to mention previous announcement that information from the profiles of 87 million people may have been “improperly shared” by Cambridge Analytica, the company that is described as an “arsenal of weapons” in a culture war.

The CTO at Facebook, Mike Schroepfer, wrote that he wanted to update users on the recent changes the company made to protect their personal information, like strengthening the process for approving third-party applications with access to the site.

“Given the scale and sophistication of the activity we’ve seen, we believe most people on Facebook could have had their public profile scraped,” he wrote.
This is the case when I hate to be right but I was. 7 years ago.
If people would share their pictures only (like family's or friends') it would be not so painful (not to mention that your name is identified with your picture and reveals your friends).

However, every "like" or "not-like" is being recorded, every post or reply to the post is being stored, and all of it, including the history and the links you have clicked -- is being added to your PROFILE. By the way, if any of your friends has certain political views, it would be linked to your profile. Did you know it? How many friends do you have that you have no clue about who they actually are? Or what the web sites they do browse?

Now, if you would work for any adversaries mentioned in my 2010 article, you would want to merge the Facebook info with Google info. It would be very useful. In that case, your life will be shown like the blood test from the medical lab after visiting your physician.

The profile can be potentially used by the government in a very unpredictable way, or by the adversaries in a predictable way (your profile would reveal your political and social views that could be potentially used to achieve the long-term goals against your company or even country).

If I did sound paranoid in 2010, perhaps now you may agree that I have the point, especially considering the Russians who have used social media to influence people for or against some political figures. #DeleteFacebook hash-tag is a good start.
The story about Facebook may finally trigger the process of hardening the privacy information like it was done within HIPAA regulations to protect the private health information.

Truly, I don't believe it will happen on the same scale when those who violate the privacy could be penalized with a sizable amount of money or even get prisoned. Perhaps, something will be done. Mark Zuckerberg is expected to appear before multiple congressional committees, and his company is under investigation by the Federal Trade Commission on suspicion of violating an agreement in 2011 to protect its users’ privacy.

It is time, right?

No matter what will be done, one thing that cannot be changed: scrapping the FSB database on Facebook users.

And, hey, don't exclude Google and Twitter and the fake news!

Friday, February 2, 2018

How I was almost scammed


I’ll start it off with a bold statement: In the business there are probably more scammers than there are legitimate and honest businessman.

My life experience is a base for my statement. Yes, my friends, there are too many villains in this world - more than truly honest people.

I don’t have any hard proof and statistics. Just anecdotal evidence and experience. When you’ve been around as long as I have, you see a lot of things.

You can get in trouble because you trusted the wrong people.

That’s on the extreme end of course. But you might be surprised at how often people get cheated or misled – even in a minor way.

Thankfully, it doesn’t take much to arm yourself with the right tools. Most are just common sense.

Rule number one: Watch out for anything that sounds too cheap.

Here is my recent experience buying a new laptop. For years, I have been building my own PC from the part that I have been obtaining from computer shows. But when my "big daddy" - the PC in a case of a file server - began hikkin' up, I have decided that it is time to switch to a high-end laptop.

I have done some research, and have stopped on Samsung 15" laptop with the latest i7 processor from Intel.
The Best Buy and Amazon prices were similar: about $1,400 with taxes.

While I have been waiting for better price on Black Friday, I did searching other web sites. To my big surprise, I found better price on Discountsuperstore.com.

Would you be happy to see the $850 tag on the same laptop?

I honestly was excited at first, so I have filled out the required info about my login name, home delivery address, etc.

Proceeding to the shopping cart, I was ready to pay but something "from above" stopped me. I have decided to initiate a chat and verify if they still have that laptop in stock.

The guy have answered the chat and confirmed that I can order it. To tell you more, he promised another 10% discount if I pay through PayPal.

Wow, 10% discount? Something smelled not right...

So, I have asked why the price is so low? The rep answered: we have a special promotion from the manufacturer. Sounds familiar?

Since I was not sure if I have enough money on my PayPal account, I said, hold on, let me check my account.
I found that I could pay with PayPal considering even lower price with a promised discount.

I still remember my excitement while processing this information in a spite of clear warning.

So, using the chat, I have asked how to pay with a PayPal because the web site did not have the PayPal payment option. The rep has answered, just use the "send money to friends and relatives" that is not a subject to 3% PayPal fee.

Wow, the second warning!

At this moment, I have realized that there is something wrong with this picture...

I have decided to check that site with Whois tool.

I found that the site is legitimate but the owner hides his identity. The site was registered by the owner from Panama. The site's location was somewhere in Arizona.

I have continued my chat and asked where the company is located since I found Panama and Arizona? The guy has answered: that is correct about owner but they are operating from the New York City.
What is the address? It is shown on the site's main page.

Punching the address in the Google maps revealed that that address does not exist! Gotcha!

I send a chat message that I cannot find the address on the Google maps.
As you may guess, I did not receive any reply.

Needless to say, I did not proceed with a payment.

After all, I was able to buy the laptop in the Best Buy store for $100 discount before Cyber Monday.

The moral? Be vigilant, careful, and do not let be fooled by the villains.

This short story from my experience just proves my statement in the beginning of this article. I hope you can learn the lesson from somebody's mistakes.

Just be careful out there.

Friday, October 21, 2016

Compromised Cloud Hosting Services

I was a longtime advocate against storing your data or images on the cloud servers due to several factors:

1. You don’t personally manage the cloud hosting and know nothing about how they are protected;
2. The world-wide hackers are very sophisticated on finding the holes in the security systems, and they have been successful in their attempts to break the security not only in the average-protected systems but also in the government and large corporations networks that have enough resources for protection;
3. When you use the local (at home) storage, perhaps if you are security-aware, you have protected home network and know what secures your PCs and storage;
4. Your home network is a very small target to distort money because the large companies will pay more and, therefore, are more desirable targets for hackers.

If you think that your stored in the cloud images or documents are not important and you don’t care if you lose them, think again.

The cloud storages and services serve thousands of people and companies, so you will become one of many victims who had to pay a ransom to the hackers because by compromising the cloud they can also gain an access to your home PC and cause you a major headache.

Recent news: Microsoft’s OneDrive for Business was recently exploited by cybercriminals.  Although it’s unclear how the accounts were compromised, this new series of hacks allows cybercriminals access to sensitive business information.  Cybersecurity experts advised businesses to take actions and secure their accounts.

Here are few suggestions:

1. Consider keeping your data and images locally instead of could-based. Yes, I know your arguments regarding free services and convenience to share the data. Still, it is a fact that cloud can be compromised.

2. Remember that the Facebook is also a cloud-based service. In addition, almost every smartphone application communicates thousand times per day with Amazon-based cloud storage (I have personally seen it on my smartphone when I have installed the software firewall on my Note IV).

3. Think about your home network as your asset and a part of your belonging (like furniture, electronics, clothe, and jewelry). Would you let anyone steel or damage it? You would probably install the home security sensors on every door and window.

4. Start with your home cable modem/router. Check with the vendor if the firmware of your router has the latest updates. Apply them as soon as possible.

5. Replace your passwords with passphrases.

6. Install software firewalls on each PC in addition to anti-malware software. Spend some time on reading the articles about the best protection software today. Replace your existing antimalware software if it is in the bottom of the list vs. competitors. I have recently replaced my Viper and even Avast (still not bad) with the licensed copy of Bitdefender (good for 3 computers).

7, Create regular user accounts on your PCs or laptops that have no administrator's privileges. Login with those new user names. Switch to Administrator's account only as needed.

You may want to spend time reading my article (March 2015) about protecting your home network and smartphone.

Now, read below the latest information (the most important statements from the article) about compromised cloud hosting services.


Homeland Security News Wire | October 19, 2016

A study of twenty major cloud hosting services has found that as many as 10 percent of the repositories hosted by them had been compromised — with several hundred of the “buckets” actively providing malware. Such bad content could be challenging to find, however, because it can be rapidly assembled from stored components that individually may not appear to be malicious.

In the cloud, malicious actors take advantage of how difficult it can be to scan so much storage. Operators of cloud hosting services may not have the resources to do the deep scans that may be necessary to find the Bars - and their monitoring of repositories may be limited by service-level agreements.


Overall, the researchers scanned more than 140,000 sites on twenty cloud hosting sites and found about 700 active repositories for malicious content. In total, about 10 percent of cloud repositories the team studied had been compromised in some way. The researchers notified the cloud hosting companies of their findings before publication of the study.

“It’s pervasive in the cloud,” said Beyah. “We found problems in every last one of the hosting services we studied. We believe this is a significant problem for the cloud hosting industry.”

In some cases, the bad actors simply opened an inexpensive account and began hosting their software. In other cases, the malicious content was hidden in the cloud-based domains of well-known brands. Intermingling the bad content with good content in the brand domains protected the malware from blacklisting of the domain.

Beyah and Liao saw a wide range of attacks in the cloud hosted repositories, ranging from phishing and common drive-by downloads to fake antivirus and computer update sites. “They can attack you directly from these buckets, or they can redirect you to other malicious buckets or a series of malicious buckets,” he said. “It can be difficult to see where the code is redirecting you.”


Tags: cloud hosting, hacking, compromised data, storage

Tuesday, March 17, 2015

YOUR DIGITAL LIFE IS UNDER THREAT AND WHY YOU SHOULD BE SECURITY AWARE



The article below was already written, and I was making the final touches before publishing, as I received a call from a friend of mine who got a laptop hacked by the Russian hackers.

First of all, his Internet access was denied and the Russian web site apparently asked to provide his phone number to call back to unlock his Internet access (I believe for a ransom). In addition, he got a call to his home phone (!) from unknown person with an Indian accent pretended to be the technical support engineer from Microsoft who knew that there are few error messages on the laptop. And he really knew what the messages were there! It's good that my friend contacted me before doing anything with his laptop. I know what I am going to be busy with this evening...

I want to warn you right away: this article is not two-minutes read, however, if you are serious about securing your assets and identity, allocate time on reading and take the notes. The article covers most of the PC, tablet or smartphone security - related topics. It might seem very complicated at first but it is actualy not. The computer world has changed dramatically, and than more you know than better it is for your wellbeing.

Even if you are not so technical, this article may assist you in understanding current situation with computer security and protecting your computing devices from the "wolves of the Internet". If you are the IT professional, below are some useful pieces of information and references. Use the menu below to jump to any part of this article.



1. Intro to YOUR Digital Life.


"So what? I have nothing important on my PC" I often hear from some of my customers and many friends when I raise the issue about being security aware. In fact, I believe that many folks consider the PC (laptop, notebook, tablet or smartphone) as another TV set. Turn it on or turn it off! I have seen regular PC users who are not technical savvy and who are not even setting up the user’s login password – "I don’t need this hassle". To me it’s like to go to the bed with the wide-open entrance door.


Hello-o-o-o! It’s time to wake up and take at least small steps in protecting your digital assets. You may not know they exist but as soon as you entered your name and address into any web site form (including the webmail sites like Yahoo or Google), you have begun your digital life. Your digital life starts with very basic information that identifies you as an Internet citizen.


Than more web sites you access, then more you enter the information about yourself - on the bank sites for online banking, or for online shopping using your credit card - then more digital information about your identity is stored: on your computer or smartphone; on the companies’ web sites in the database, or in the digital "cloud" on several networked file servers across the globe.



2. Why now is the time to look at your home network security seriously?

Computer hacking is a worldwide problem – easily the biggest crime of the century - that affects not only the businesses but the regular PC users (consumers). Based on August 2014 data, only the Russian hackers infiltrated 420,000+ websites and stole 1.2 billion+ user names and passwords. This is a mind blowing number that represents about 40% of the entire Internet population.


Why would anyone want to hack your home network or computer? You have no valuable information there, right? Wrong!


It used to be the time when the teenagers were hacking into your computer system just for fun. I remember getting the e-mail from unknown person who informed me that my web site (hosted internally) was hacked and the hacker was some high school kid. That person was a victim as well. Our web site was "defaced", and instead our regular main page, there was a page with anti-government proclamation.


That time is gone along with the relatively "innocent" hackers. As computers got faster and more sophisticated, the hackers got verysophisticated simply because the Internet became the source of quick (and often easy) profit. In fact, we lose to the hackers almost always in spite of unprecedented amount of money spent on protecting the digital assets.


As of today, we don't know any organization or computer network that was not under persistent attacking attempts. While the profit gained from hacking the company by selling the valuable information residing in its computer network (industrial hacking), or money "stripping" from the banks and other financial institutions, the hacking of personal accounts can also be profitable.


Did you know that your Social Security Number associated with your name can be sold on the underground network for few dollars? If your name is associated with more data like home address, place of work, the banks and/or services you use, it could be sold for more. The danger is not that your personal information is being sold but when someone will buy it and use to cause you damage. In most of the cases, it is a monetary damage but there is more...


Small pieces of information about your identity can be put together and re-used without your knowledge. I hope you heard about the term "identity theft". This is when the hackers or unscrupulous people use your personal information for a profit.


They may fill out the tax return with your SSN and get the refund (because the IRS is slow on a fraud); they may get the loan or credit card on your name; they can screw your life to the degree that it becomes a nightmare. You will have to prove that it was not your tax return, or not your loan, or not many other things that are associated with your name. Your credit score will fall dramatically, your bank accounts can be stripped to zero, and your credit cards could be canceled.


This is not the impossible scenario, this is real, and there are thousands of people who have suffered greatly. It takes several years to recover from the damage. You must accept the reality that “data is the new cash” that the underground economy of cybercrime is exchanging, and some estimate the value in excess of US$1 trillion (per P.C. Dwyer).


The sophistication of attacks has been increasing exponentially for the last 5 years. The latest one is called "ransomware" and what it does is try to trick you into opening an innocent looking email attachment like Windows Help file (.chm) that claims to be a fax report from your own organization. But if you open it up, the malware locks all your files. It then demands a $500 ransom to get your files back. This can happen in the office and at home.


The number of scammers has grown up tremendously as more and more people using computers in everyday life including senior citizens who often become the victims of crime (and not only because they use computers).


About a month ago, my mother-in-law received a call from unknown person who claimed to be from the IRS. The caller had the FBI-style pressure voice when he claimed that my mother-in-low still has $314.50 tax due because the IRS did not receive the payment. The effect of that call was as expected: she got scared, panicked (especially after he threatened her with an arrest). It took me 15 min to calm her down by explaining what the Social Engineering is. More than 366,000 people have been targeted by tax season scammers over the last two years.


One more thing to warn you about is that you privacy is being exploited by not only the hackers and criminals but also by the U.S. Government. The latest revelations from the press were about the secret, CIA-sponsored conference where the participants discussed better method of penetrating to your home network and computing devices by exploiting the security flaws in household and commercial electronics, and particularly iPhones and iPads in order to decrypt data stored on Apple's devices. The researchers already claimed that they had successfully modified the Apple's updater (the program to deliver security patches to laptop and desktop computers) to install a "keylogger", so every key you press will be recorded and sent over to the perpetrator.


While it may be helpful in exploring the terrorists' plans, many citizens don't feel comfortable because those efforts destroy the privacy of ordinary Americans. Add this to already controversial efforts to listen and record your phone calls and SMS by the NSA.


Did I convince you that it's worth protecting your assets and identity? You bet. What I am trying to achieve here is to convince you that ignoring obvious is not the best way to live in the computerized world.



3. Analyze! Or what is the Risk Management?


Risk management... This is jargon that identifies what information to protect and the degree of protection needed to align with someone's tolerance for risk. Once this information has been identified, it can be used to make decisions about the level of investment (both financial and resources) that should be used to create appropriate personal information protection.



How does the Risk Management relate to you?


If you are taking the steps to protect your house by investing in the good lock with a dead bolt on your entry door and installing the alarm system, the same approach should be used in protecting your personal data.

You have decided that the risk of leaving the entry door unlocked is too high to ignore it, so, you have invested in the good lock. This is how you manage the risk.


When you take the steps to mitigate the risk of using the computers, first of all, let's identify what you do with your computer (or any other computing device including the smartphones):
  • Do you do online banking?

  • Do you use web mails?

  • Do you browse unknown web sites?

  • Do you use Facebook, Dropbox, eBay, PayPal, Skype?

  • Do you use the programs that send the log of your actions back to the software company (like Google, Adobe)?

  • Who has the access to your information? Who else knows your login name/password? How (and where) do you store the passwords?

  • Where did you submit your personal information? Which companies, banks, or web sites store your name, home address, SSN, mother’s maiden name, financial information, saved credit card data to be used for frequent purchases, etc.?

  • Do you do business online? Do you rely on the Internet heavily, and if yes to which degree?

  • Do you keep the data (not only the pictures) on the “cloud” networks like DropBox or OneDrive?

  • Where do you use the computing devices? At home only? At work? In public places?

  • Do you use the wireless network at home? In public places?

  • Do you use the mobile applications that collect your personal data?

By analyzing your answers you may put the "picture" together and identify where you are vulnerable and how much time and money you are willing to invest to protect your valuable information.


It's OK is you are not technical savvy. If you have the concern about safeguarding your valuable information including PII (Personally Identifiable Information), do something! Read more articles; learn what the other folks do for risk management, and take the steps to protect your assets, and be security-aware! As a last resort, hire someone knowledgeable and experienced to take care about securing your data, computers, smartphone, and the home network.


Do not wait until you realize that your computer is hacked like a friend of mine discovered yesterday (or even worse: your bank account is hacked).



4. Protect your data vs. protect your home network

Now, separate the answers to the shown above questions into two categories: my data and my networks.


My data: my PII, my banking information, my databases (if any), my valuable business information, my online accounts with other service organizations (water, gas, electricity, insurances, Internet and phone services, accounts with other web sites, etc.), and my contact list.


My networks: wired home network (the router or cable modem from the Internet provider, one or more computers connected by wire); wireless home network (the same router with a wireless access enabled, any computing devices that use this network); any workplaces or public places where you do use your laptop, tablet or smartphone (Starbucks, airports, your job facility, etc.)


Once you are done with it, the next step is to find out how to actually protect your assets and privacy. I will talk about it in the next few paragraphs.



5. Your smartphone is a part of the world network

Now, let’s talk about your most vulnerable computer: your smartphone. Why is it the most vulnerable? Because it is not your regular land line phone that you may still have at home through Verizon or Comcast services. It is your “wearable” personal computer. As any computer, it has many weak spots or as security pros call it “attack vectors”. Even the home phone is spammed with undesirable calls. Your smartphone is usually working in unprotected zone when you are outside of home. When connected to the Internet through the wireless carrier, your smartphone becomes a part of the world network, or put it simply, the Internet.


Your personal calls or your contact's phone number can be recorded by the phone service provider, government organization, or the hackers who hacked into the public network. Even using the smartphone at home with no adequate protection can cause serious damage to your digital assets. As any computer, the smartphone must be protected. For your information, there are specially designed viruses and malware that target your iPhone or Android operating system.


You may click on wrong e-mail's attachment or browse to infected web site and your smartphone becomes infected. The hackers can record your typing including your passwords and login names; infected smartphone can copy your bank account numbers and silently send it over to the hacker; it can copy your contact list and use it for spamming; it can finally slow down the functionality, discharge your battery, and much more.


In fact, 75% of mobile users encountered malware more often in 2014 than in 2013 (Check Point data). There were more than 6 million of free public Wi-Fi impostor hotspots that appear like legit but strip data from mobile phones as soon as they are connected.


One more important thing to remember is that each smartphone has many applications, and most of them are being downloaded from the Google Play or Apple sites. Unfortunately, there is no guarantee that those applications are safe (especially for Android platform). You may like the game or application but they may contain the malware.



6. How hackers can make your life miserable.

I heard it too (even from my wife): “Com-mon! You did not scare me! All of it drives me crazy and I hate all those lengthy passwords...” My goal is not to scare you but to inform you, so you can make the right, informed decision. Many non-tech-savvy people see security as dull, creepy and pretty much incomprehensible.


Well, let me give you a short overview of just very few hacking methods to prove my points.


Phishing. Phishing is one of the oldest forms of malicious social engineering used to gather your personal information, but it remains one of the most effective because spammers do a good job at decoying users to click on malicious links or open malware-infected e-mail attachments. Phishing emails appear to come from a trusted source, such as a friend or a well-known business or as a spam that counts about 2/3 of all e-mail traffic.In the recent McAfee Phishing Quiz, they found that the most successful phishing email sample appeared to be sent from UPS.


For instance, you can often see the small pictures below the articles with the underlying text that looks very appealing (like the shocking news about celebrities or politicians, new method of losing weight, etc.). Do not click on those pictures! There is a big chance that the links will send your browser to the infected web site that will silently install the script that can do many bad things: execute the hidden program, record your keystrokes, take over your administrative rights, access your camera, access your online accounts, use your computer as a spamming platform, steal your personal data and contact list, or, if you have the valuable data, encrypt it or lock and demand the ransom for decryption or unlocking (it’s called ransomeware as it was discussed above).


Even if you have no valuable data, the hackers can still find the method to extract your money. The script installed on your computer may generate the warning message that your PC is infected with a virus with an invitation to clean the virus if you buy the anti-virus software for few dollars.  If you are naïve enough and paying the fee in order to clean the virus, you become one of the thousands of victims who did the same and lost money with your PC still being infected.


I have touched probably no more than 5% of all hacking methods (not to mention, the bogus web sites “pharming”, the SMS scam –“smishing” , and Voice over Internet or VOIP – “vishing” scam, and many others),  but it is enough to steal your personal data and make your life miserable.



7. HOW TO PROTECT YOUR COMPUTER. MY PERSONAL EXPERIENCE.


  1. Password management.
When you login to your PC as an Administrator, your have full access rights to do with your PC anything: change the configuration, schedule any processes, delete or modify any files, install any program, etc.


Well, if your PC is being hacked while you run in the Administrator's mode, the hacker will have the same privileges. So, what to do? When you configure your PC first time, create a generic user that does not have the Admin rights. Next time, when you need to check your e-mails, or browse the Internet, login with a non-administrative user account. Your security rights will be restricted but you will be able to do whatever you planned. However, when you need to install the new program, it is easy to switch back to the Admin account. This is a commonly accepted practice in the business environment, so why not use it at home?


I am sure you know that the password must be secure so the hacker won’t crack it quickly. I don’t want to occupy precious space in this article on how to choose the password. Just use Google with the following search phrase: how to choose the password.


The most important suggestion: never use the same password for all sites you browse, and especially for online banking. I personally use the password manager program that is protected with a complicated password phrase. What is a password phrase? It is more than one word to be used as a password. The password becomes longer and more difficult to crack but you can easily memorize it. There are some password generators that you may use or create your own passphrase (i.e. “!moneYneveRloveSyoUbacK77” or “1likeSerialInTheMorning%”).
If you want to check the stength of your password, use the password meter online.


Microsoft, Apple, Samsung technologies are moving us away from easy-to-guess passwords toward new methods like retina scan and fingerprint reading. I use a complicated phrase to login to my main PC but instead of typing I use the fingerprint scanner that inserts my password.


However, I don’t rely on fingerprint scanning as the safer method to login but rather as the “accelerated” login. I believe that this login method (or factor) should be at least used in pair with another login factor (i.e. another security question), and I am looking forward to have this feature in the next version of Windows 10 as a two-factor authentication.


In accordance to Forbes magazine, the police have the right to force you to unlock your phone for inspecting the content if you use the fingerprint login but have no right if the phone is secured with a password. It sounds unreasonable and contradictory, but it is how the law is written. There are methods to “lift the prints” and steal your fingerprint’s digital copy. Consider also the fact that if your digital copy of a fingerprint is stolen you can’t replace it the same way as the password – it is with you forever. So, it’s up to you to use it or not.



  1. Firewall
With today's computing, the antivirus software along cannot prevent your PC from being infected. A good firewall is also a “must”. A firewall is a hardware unit or a software program that creates a "wall" between your computer and the outside world. Any firewall has the "rules" on what to allow or restrict. To simplify the technicalities, it may restrict an access to a computer from outside network or to restrict sending the information to outside networks. Good, properly configured firewall filters all unwanted communications in both directions.


I personally prefer using the combination of hardware and software firewalls. I have installed an additional router with the built-in firewall right behind the Verizon cable modem/router. It can be any other vendor’s router (Netgear, SonicWALL, ZyXel, or D-Link) but I prefer the Cisco routers/firewalls(former Linksys) with the wireless access point capabilities. Do not rely on the Verizon or Comcast modems only as they can be easily hacked.


If you have no skills to install extra firewall, perhaps, ensure that you have the software firewall. One of my favorites is ZoneAlarm firewall + antivirus software from Check Point, the firm that has developed the very first industrial strength firewall. The beauty of this software is that it has pretty good default settings, so you don’t have to be a guru to install it. It automatically disables the Windows firewall that is traditionally considered ineffective.


  1. Antivirus
Even so the anti-virus software does not guarantee 100% protection from malware and viruses it does not hurt to have it installed, and I would highly recommend it. Beyond the antivirus capabilities of already mentioned ZoneAlarm software, I used few others (not free), such as VIPRE from GFI (my second favorite), Webroot, eSet, and Kaspersky Lab’s antivirus. I personally use the combination of ZoneAlarm and MalwareBytes
from Malwarebytes.org. They complement each other’s capabilities very well without the danger of “fighting” when they run. Both companies offer free or paid versions. Paid versions offer more protection including identity protection, ability to run on your own schedule during night hours, and few extras. I usually recommend to have configured ZoneAlarm in auto scan mode and run the MalwareBytes manually once a week while updating the antivirus signatures before every scan.


The beauty of MalwareBytes licensed copy ($25.00) is the ability to run as a resident in a PC memory. When you hit the malicious web site, the software will block the site and popup the warning message. Just yesterday, I have mistyped the name of the bank in the address field and hit the Enter key. The browser went to the Chinese –owned, infected web site that was immediately blocked. Another great feature of this software is ability to work in the Windows’ Safe mode (used for Windows troubleshooting) and removing the malware that cannot be removed in the full mode.


In spite of being a "must have" on each computing device, the antivirus software takes plenty of resources when activated. This is a reason why I despise licensed McAfee, Symantec, and many free programs like AVG, Avira, and others not only because they are weak on filtering the malware comparing to leaders but also because they take plenty of computer resources and slow the PC down. I always uninstall pre-installed programs from Symantec and MacAfee and replace them with the mentioned above software.



  1. Applications' patches (updates)
Lately, the information security community has shifted the accent to protecting your applications and data from protecting your network only primarily due to the latest hacking techniques. To put it simply, every program on your computing device (beyond the operating system itself) is a good attack vector if the program does not have the latest updates (patches).


The broadly available hacking software (that can be downloaded for free or purchased for few dollars) can scan your applications for known vulnerabilities, and then exploit them to hack your device. While you may have automatic updated of Windows operating system, the other programs on your PC or laptop are not being updated automatically. It is your job to verify and update religiously. For instance, the Adobe Flash Player is the main "open door" for hackers to your computer if you do not update it regularly.


Having 5-10 programs or 25-30 (as I have), the updates could become a cumbersome job. What you can do is to install the Secunia Personal Inspector (PSI). The program starts right when you power your computer and it scans your hard drive for all versions of the programs. If you have the outdated programs, the popup window will inform you. The final report provides the links to the upgrade sites. It is not the most reliable program as it has some glitches running on Windows 8.1 but it is the best one (and free) that I know.


  1. Separate browsing
There is good practice that for some reason is not used by most of the computer users. These days, you have at least 2-3 computing devices that you use for various purposes. I use the following tactics. I have the laptop that is intended to be used only for financial purposes. I mean Quicken software for home accounting, Excel spreadsheets as well as the online banking. I specifically restrict all other activities on that laptop including e-mails, Facebook, etc. At the same time, my wife is using another PC for any other purposes BUT financial activities.


It makes perfect sense to separate the sensitive information including PII from the web sites that are being hacked periodically, like Facebook, DropBox, e-mail sites, and any questionable sites that offer hot news, free pictures, free books or movies, etc.


If you are really sensitive to protecting your privacy, I would not recommend using IE and Google Chrome browser because they are proprietary companies that have their own interest, the companies that often bend under the government pressure and reveals the collected information to the government organizations. Instead, use Firefox – the Open Source software. Uninstall everything from Google.


It is essential to note that when you use the Internet browser you should never open suspicions emails (including unexpected e-mails from your contact list). The most common form of social engineering is through email - very effective method for cybercriminals - because, according to the Verizon report, "at least 8% of users will visit a link in a phishing email."


  1. Security add-ons
If you use the online banking, lately the banks began to offer (and sometimes require) additional software in a form of browser’s plug-in or stand-along protection software. The software ensures that your Internet browser is not tampered while you access the bank online.


My own experience suggests that while it is a good plug-in to have, it slows down the browser. So, do not wonder why your Internet browsing is slightly slower than usual, it could be because of plug-in. If you did not install any plug-in but the browsing is slower, I would not also exclude that your browser is infected with Adware (advertising malware) or some other type of malware. Run the MalwareBytes to verify.



  1. Scheduled Backup is a king
I don’t know how many thousand articles about the necessity to back up your data are published on the Internet. If you have valuable data like Word or Excel files, Quicken data files, valuable pictures or programs it is suggested to make a copy and store it separately. Having the backup, you don’t lose data if your hard drive or few files got corrupted. You restore the files to the original location.


You may use Windows built-in backup programs but better use one of the additional programs like the one that came with your external hard drive from Seagate or Western Digital. Put your regular backup on auto-schedule.


I have lost data due to my negligence few times due to a failed hard drive. Now, I have the automated and scheduled backup to the external hard drive that collects data from 3 different computing devices. You may also use the high capacity USB sticks instead of hard drives.


  1. Wireless network at home.
This is a tough one. The problem is that the current security of the wireless networks definitely desires to be better. When you activate the home wireless network, it extends beyond your home to your neighbors, the surrounding streets, and any drive-by vehicles. Even when you activate the security features offered by the wireless access point (router or modem), it is not secure enough to protect you against the penetration to your network.


There are multiple hacking tools and mobile applications that designed to break through your password protection within minutes. You can download them for free or buy on the Internet. So, you can imagine what can be done to your mobile phone if you are using any public wireless network with NO password protection and no security.


What to do? Perhaps you can take three basic steps to limit the danger. The first thing is to use the strongest available wireless network security at your router or cable modem. Use the 802.11g security specification. There are WPA (older), WEP, and WPA2 technologies. WPA2 (Wireless Protected Access 2) is a security technology commonly used today on Wi-Fi wireless networks – the one you should activate.


The second step is to identify the home computing devices to be connected through the wireless network and find out their MAC addresses (the manufacturer's uniquely assigned address of a network interface) . If you are not very sure how to find it, you have to ask IT professional to assist you. Add the MAC addresses to the table of devices that allowed access to your network and deny all others. It will make the hacker’s life more difficult (but still will not entirely protect you).


The last step is to use the complicated password or phrase to login to your wireless network. Use special characters, lower and upper-case, and, of course, some numbers.


When the newer and more secure technology will be available, spend money on it -it really worth. Since we can’t predict the future, the best option is to be as secure as technology allows.


  1. How to protect the smartphone
This chapter alone can occupy few pages with lengthy discussion but I will try to be short.


  • Never use the public wireless access points that offer no security. If you disregard this requirement alone, your phone can be hacked within few minutes. What if you must use the public Wi-Fi in special situations? Then, there is a way to encrypt your Internet traffic using VPN (Virtual Private Networking) that creates the secured channel for your communication through a special gateway. Use the free or very-low fee VPN clients for Android or iOS that can be downloaded from Google and Apple.

  • Install one of the best possible anti-malware programs like Avast or Lookout for Android (I believe Avast is good for iPhones, too). Activate the identity protection, backup, application locking (like Facebook, Twitter, and any important programs), firewall, anti-theft, and antivirus.

  • Do not install the games or programs that require special access privileges to your personal data, location, contact list, and more. Perhaps, if you must, keep the mentioned programs to the minimum. For instance, I have removed from my phone the WBAL program (news and weather) due to access to everything on my phone including my wireless data, contact list, phone calls, etc. Outrageous!

  • Do not install questionable programs. Before installing, read the users’ comments. Disregard "sugary" comments as they could be posted by the designers. Look more on negative comments as they can reveal the truth.

  • Do not use your phone without password protection (use the PIN with at least 6 characters or digits). The fingerprint-enabled login is helpful (if available) but is not 100% proof. Do not store any password in a clear text. There are good password manager programs available. Make password invisible (see your phone settings).

  • Use the third-party browsers (perhaps for Android) like Dolphin that does not collect your personal information or tracks the web sites you accessed.

  • Backup your data, pictures, and setup settings.

  • Disable installation of the programs from unknown sources.

  • If you must access the banks online, bring it to the minimum. Better use the home PC.

  • Use the Bluetooth technology carefully. I usually disable it when I am out of my home or my car because anyone within 80-100 feet can hack your phone (when the Bluetooth is enabled) with the right tool.

  • Finally, if you have a serious concern about security of your smartphone, buy the new Blackphone 2 that is all about privacy over all usual fanfare features (should be available by the end of a year). Encrypt external SD card (if any). Your phone should have a special setting for it. Setup SIM card lock.

    If you store valuable data on SD card, and if it’s lost, without the decryption password the data will not be accessible. Also, encrypt your entire mobile phone (it will require the password every time you boot it). The new versions of the iOS and Android (5.1) allow locking your phone if a case it is lost or stolen. So, the perpetrator won’t be able to use it without knowing the password to unlock the phone.
Unfortunately, even by following the mentioned above steps you are not guaranteed to be completely safe. Just remember that your mobile phone is more prone to hacking than your PC because, first of all, it is being used mostly out of home, and secondly because the wireless communication is not as secure as wired at home, behind the router and a firewall.



8. What if you are not the computer professional?



First of all, know your enemy: try on the shoes of a hacker. What is easier of all to steal? Exactly! Something that is not secured or secured poorly. Did you leave your mobile phone in the car seat? Did your put your luggage or purse in the airport on the floor while looking out in the opposite direction? You are in a trouble.


The hacker tries to hack what is easier to hack with minimum of efforts. If you have no password protection it is an invitation to hack. If you are not security conscious and open unexpected emails or click on infected attachments, you are a good target for hacker. If you are browsing the web without basic antimalware protection, you are the next hacker’s victim.


Windows continues to be compromised more frequently than other platforms primarily because most of the world's computers run Windows. Criminals figured out long ago that the biggest targets offer the best return (which explains why hacking the companies is better and more rewarding objective).


Hackers intend to break what is the easiest, so if you take recommended precautions, your computer system will not be an easy target, and the hacker might consider looking for easier one and leaving your PC along.


Competently managed, a Windows system that's kept behind a firewall, has fully up-to-date virus protection, is run with non-administrative user accounts, and is operated by someone who doesn't click on weird e-mail attachments or installs obviously disreputable software, is the best approach that perhaps if not guarantees complete protection but eliminates large part of the threats from hackers. The same can be said about your Android, Windows, or iOS - powered mobile phones and tablets.



9. Useful resources


Beyond mentioned above programs and methods to protect your data and networks, I want to refer to a few more. They are especially useful to those who are IT professionals.


Once your home network was configured and protected, there is a good and free program to test your guards. It’s called Nessus Home.The program offers free security scanner that scans your network including all attached wired and mobile devices. The reports will reveal the configuration problems, missed patches, malware, etc.


Sometimes you need to download the file from the Internet from not very familiar site. How to ensure it is not infected BEFORE you run it? There is a very useful web site – free online service – to test the files against 50 antimalware programs at once. Virus Total is your friend! It can detect not only the malware in the file but also can scan your PC for any known malware.


Recently, I found one useful web site that works similarly to Nessus Home but it has one single purpose: to test your firewall from outside. Try ShieldsUp! It can be found under Services menu. Beyond the ShieldsUp, there are few other good programs to explore. Similar online program that checks the PC's open ports is HackerWatch probe.


I have already mentioned MalwareBytes as a program that covers what ZoneAlarm misses. One more similar program is HijackThis. The program can be installed along with others but you can run it manually or schedule through the Task Scheduler.


When you boot your PC and open the Task Manager, you'd be surprised how many processes are running on your PC. In fact, many of them are not essential to your daily activities and slow down your PC by consuming the memory and CPU cycles. The solution is to disable them or even to remove completely. Make sure you know what you are doing.


Microsoft offers the Autoruns tool (formerly Sysinternals). The tool contains many other useful utilities. It is a free program. Install this tool and disable “autorun on start” for the programs you found not being essentials (like background updaters, speed boosters, pre-loaders).


There are 3 more useful programs on my list that I did not try myself but want to recommend.


  1. Pandora Recovery – to recover deleted files by mistake
  2. CCleaner – to delete unneeded temporary files and pieces of old programs from your PC. I personally prefer spend time and delete the files myself, so I have better control over my PC.
  3. WDO – Microsoft Windows Defender Offline – your last resource. Download the program and keep it on your USB stick.
And finally, if you are an IT professional, I would highly recommend adding to your tools the Hiren’s BootCD. It is an excellent recovery tool that is available for free. The download size is more than 500MB. I used it successfully multiple times and even solved the problem of the lost Admin’s passwords.


Here is the last thing I want to mention. If you want to improve your employability and appeal to the potential employers, the known IT certifications will not only enhance your knowledge but will improve your chances to be hired. Here are few resources I personally used:


While I have tried to cover most of the topics related to a computer security, this article was intended mostly for non-tech savvy users. I still recommend reading more in order to keep up with the new technology and to learn more about the latest cases of hacking, so you will better understand the security overall. Happy and safe computing!