13 tough questions about computer security

Security novices often ask great questions, and these student queries elicit responses worth a short security course

Page 4 of 4

Question 11: What kind of tools should I run to make sure my PC is clean (or as clean as possible)?
I never recommend a particular product. They are all fairly accurate, and they all fail miserably on a daily basis. Don't believe any of the "accuracy tests" you read. It's not that the tests are inaccurate, it's that they often set specific parameters that (accidentally or otherwise) benefit particular products.

I've been in the AV field since 1987. Accuracy goes up and down on every product over time. Just pick one that is reasonably accurate and one that doesn't kill your system's performance. You should run AV, but remember that 99 percent of all successful exploits are caused by unpatched software.

Question 12: How can I detect if my computer has been turned into a bot to help perpetrate a DDoS attack?
It can be hard, especially if your computer has been hit with a rootkit. AV is supposed to detect that sort of stuff, but it often misses it. I love to do two things to look for bot programs myself. First, I use the free utility Autoruns. It will show you everything that is running when your PC starts. It will be a hundred things. Research anything you don't recognize. When in doubt, uncheck the program and reboot. If it breaks something, run Autoruns again and recheck.

Second, download TCPView from Sysinternals. Close every program you think could possibly be communicating with the Internet. Then run TCPView. Research any programs or processes that are communicating with the Internet. Most of the time you'll see one or more things connecting to the Internet that you didn't know about. This is normal. Usually they are just legitimate programs connecting back to the vendor doing something the vendor programmed them to do. Research the destination connection points. If you can't figure out what the program is connecting to and whether it is legitimate, consider using Autoruns to disable it.

But the truth is that malware programs can be very difficult to discover and remove. When in doubt, back up all your data, reformat (or reset), and reinstall everything again. This is the only way to truly know that you are starting with a clean state.

Question 13: I use a MacBook Pro. I know it is built on Darwin Unix, but is it truly more virus-resistant than Windows 7 or 8?
Yes and no. No, in that OS X has far more vulnerabilities than Windows -- and I don't mean a little. Windows gets about 120 to 200 bugs a year. OS X gets two to three times as many, if not more.

With that said, because OS X runs on only 5 to 10 percent of the world's computers, it still isn't a very big target. Bad guys target popular things because they are more likely to get something of value. Running OS X will probably incur less risk compared to a Windows computer -- probably significantly less risk.

Note that computer viruses aren't nearly as common as worms, Trojans, and other sorts of malware. Use the term "malware" or "malicious program" instead of "virus." Virus indicates only one type of malware.

This story, "13 tough questions about computer security," was originally published at InfoWorld.com. Keep up on the latest developments in network security and read more of Roger Grimes' Security Adviser blog at InfoWorld.com. For the latest business technology news, follow InfoWorld.com on Twitter.

| 1 2 3 4 Page 4
Cybersecurity market research: Top 15 statistics for 2017