Skip to content

Hackers’ Toll Goes Beyond Money

January 23, 2012

Computer and data security remains one of the major issues for consumers and small businesses without an in-house IT person or an outsourced IT service to manage their network, and will remain so for the foreseeable future.

The impact goes beyond the financial toll of buying anti-virus and anti-malware applications, anti-spam programs, and firewalls, or paying a computer service to remove an infection, or splurging for a Mac that costs two to three times more than an equivalent Windows computer because they think they’re immune from infections.

Hackers have taken a toll on computer users’ confidence and trust, too.

Hackers have been so clever in designing their attacks to look like legitimate Windows security alerts or legitimate anti-virus alerts that users are often tricked into clicking these fake alerts and triggering the infection.

Burned once, users lose confidence that the security warnings they see are legitimate, so in the future they’re afraid to act on legitimate security alerts. Of course, if they don’t click, they risk the security of their computers and their data.

Hackers have confused computer users on security alerts to the point of near paralysis. Users might spend hours or even days trying to figure out if they should abide by an alert on their system or ignore an alert altogether out of fear that it’s actually an infection. We get many calls from clients asking if they should act on this or that alert.

We’ve seen users lock themselves out of Internet Explorer due to legitimate anti-virus alerts about changes to the executable iexplore.exe following a standard Windows security update. They click the Block option instead of the Allow option, or close out the alert without taking any of the actions offered, and then they can’t access web sites.

Microsoft doesn’t help matters. Take a recent security update from Windows that could cause problems with accessing some secure servers. Windows solution is a Fix-It file that users would run to disable the security update to access the blocked secure server, then go back and run another Fix-It file to re-enable the security update after they’re finished with the secure server.

Honestly, how many consumers and small business people will be comfortable enough with their knowledge of computers or even have the time to perform these kinds of procedures?

Average computer users don’t have the knowledge to determine which updates or alerts to act on and they don’t have the time to learn. And if they don’t perform the updates or follow the alerts, they put their computers and data at risk.

As general rules, I recommend the following:

  • Read the text of the alerts before taking any action. Typically, malware alerts will have tell-tale grammatical or spelling errors as the malware is often written by foreign hackers.
  • Know what anti-virus and anti-malware products are on your system. If the alerts are not from one of those products but something like Windows 7 Security 2012 or Windows XP Security 2012 or some variation on that theme, don’t click. Immediately shut down your computer using the power button to hopefully prevent the malware from installing.
  • For Windows Updates, allow the updates to install. Windows will create a System Restore point that you can revert to if anything goes wrong.
  • If you’re the adventurous type, you can change your Windows Update settings to “Download updates but let me choose whether to install them”, which allows you to choose which updates to install. This can be confusing for the average computer user but is helpful if Microsoft comes out with, say, a new version of its web browser that doesn’t display some web sites properly because the sites haven’t been updated for the new browser.
  • For third-party updates like Adobe Reader or Flash or other third-party applications you might use like iTunes, always create a System Restore point before installing the update. The steps for creating a System Restore point will vary from one version of Windows to the next, so check your Windows Help section for instructions on creating a restore point for your specific version of Windows.

Again, these are general rules and not fool-proof. The point is that you must update your systems to prevent data or financial loss or both.

To avoid this critical task is only inviting bigger problems than the issues you face when things sometimes go wrong in the update process.

Advertisements
No comments yet

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: