• United States




4 do’s and don’ts for safer holiday computing

Dec 01, 20154 mins
CybercrimeData and Information SecurityMalware

It's the season for scams, hacks, and malware attacks. But contrary to what you've heard, you can avoid being a victim pretty easily

holiday ecommerce
Credit: Thinkstock

It’s easier than you think to keep your computer malware and hacker free.

Believe it or not, most of today’s computers are pretty safe and secure, whether you’re using Microsoft Windows, Apple OS X, Linux, BSD, or Google’s Chrome OS. Mobile devices are equally as safe, as long as you’re downloading apps from an authorized app store.

The old adage that human error accounts for most computer exploits holds true. With the rare exception of true zero-day attacks, which impact a very small minority of users, most successful attacks result from a poor decision on the part of the user.

Here’s a shortlist of do’s and don’ts that will keep you safe through the holiday season and beyond:

1. Do patch it now

Most people suffer a malware infection because they fail to run the latest version of whatever software they use — or fail to download and install the latest security patch.

The average infected computer system hasn’t been appropriately patched in many months or even in years. I still see computers with whose status bars are full of pop-up “balloon warnings” asking for a simple mouse click so that they can patch apps or the operating system. People consider these patch notices to be nuisances and wish they would go away. Then they wonder why they got exploited.

This stubborn human reluctance has led most operating system vendors to patch people’s computers automatically within days of a patch being released. In many cases the user can’t opt out. Unfortunately, this aggressive policy tends to be limited to operating systems and browsers — and certainly does not include the browser add-on programs responsible for most exploits.

Want to keep your system clean? Patch everything as soon as the update appears. Whenever a legitimate vendor’s software prompts you, patch first, reboot if needed, and then — and only then — go back to work.

What should you avoid? If you visit a website that tells you have to get the latest version of something or install something new to view certain content, never allow the website to install the “needed” program. That’s a sure way to get infected. Instead, open up another browser page, go to the legitimate vendor’s website, and install the latest version from there.

2. Don’t get tricked into installing things you shouldn’t

The second most common attack tricks users into installing Trojan horse programs. These social engineering methods are incredibly popular — and tricky to avoid. I mentioned one already: being asked to install new software while visiting a website. Here are other ways to avoid common social engineering tricks:

  • Never install software from a link arriving in email
  • Never install software from a “remote tech support” person who called you to notify you that your computer is infected
  • Be aware that many software install routines try to install other, unnecessary software
  • When troubleshooting a computer problem using a search engine, never install the software driver or troubleshooting program it says to install unless that program is signed by the vendor that made the operating system or application you are troubleshooting
  • Realize that many fix-it programs are malware programs
  • Realize that many antimalware programs are malware programs
  • Realize that many of the top results in Internet search engines contain malicious links
  • Don’t get phished out of your logon credentials (and don’t reuse credentials between websites)

3. Don’t bypass security warnings

Please don’t ignore browser warnings that the software you’re trying to install may be (or is) malicious. This may seem like common sense, but study after study shows that a large percentage of users ignore or actively bypass malware and website warnings from their browser on a regular basis.

4. Do run current, updated antimalware software

Last but not least, run a current, trusted, updated antimalware program. I include this fourth recommendation begrudgingly. Usually I rant on and on about how antimalware software doesn’t work so well. It doesn’t, but you should still use it.

No single antimalware program can be totally accurate in today’s world of hundreds of millions of malware variants — with tens of thousands, if not hundreds of thousands, of new malicious programs arriving each day. Antimalware software is an imperfect defense, to say the least, but you may still catch malware you might not otherwise discover.

If you use Windows and are worried you might already be infected by an item your current antimalware software isn’t detecting, read my post: “How to detect malware infection in 9 easy steps.”


Roger A. Grimes is a contributing editor. Roger holds more than 40 computer certifications and has authored ten books on computer security. He has been fighting malware and malicious hackers since 1987, beginning with disassembling early DOS viruses. He specializes in protecting host computers from hackers and malware, and consults to companies from the Fortune 100 to small businesses. A frequent industry speaker and educator, Roger currently works for KnowBe4 as the Data-Driven Defense Evangelist and is the author of Cryptography Apocalypse.

More from this author