Technical Q & A: Malware

Background
On June 8, 2011, a judge in Maine ruled that a bank did not need to reimburse a company (Patco) for "fraudulent activity" in an electronic banking system which caused Patco to lose over $300,000. "Malware" ("evil software") on Patco's computer had been watching transactions with the bank, and it accumulated enough information to put in the correct user ID, password, answer all security questions. Then it transferred money out of Patco's account over 7 days, making sure never to transfer enough to trigger an alarm.
The court ruled that since the bank had provided a decent level of security (passwords, security questions), it did not have liability for the fraudulent transfers. Although it is not clear if this ruling applies to credit cards that are used when a consumer's computer is invaded by malware, or if it applies to the electronic banking caused by malware, it is clear that a precedent has been set that may well mean "computer user beware"!

I use Apple computers, so I'm safe from malware, right?
Not any more. For quite a while the number of Macs was tiny compared to the number of unprotected windows systems; now, however, the increasing number of unprotected Macs and the decreasing number of unprotected Windows systems means that the "bad guys" are now aiming at Apple products. You also need to follow these suggestions....
What should I do to keep my system free from malware (and thus keep my finances safer!)
There are several things you need to do. If you can't do all of them, then do these in this order of priority!
  1. If you don't use electronic fund transfers, or "internet banking" - contact your bank and disable these. (But for me, they are so useful I use them, but I follow the following list pretty rigorously)
  2. Keep your system up to date. In Windows, turn on "automatic updates" - and let the system reboot after updating! The reason is that a lot of malware enters through "known defects" that have been fixed weeks, months, or even years ago. Astonishingly, a worm (a type of malware that doesn't require user intervention to spread) which uses a defect that was fixed 5 years ago is still spreading and causing some people problems!
  3. Make sure you have an antivirus program, and that the subscription is up to date. Just buying and installing an antivirus program is not sufficient! These programs work by having a (large) list of patterns that have been determined to be "signatures" of known viruses. As more viruses become known, more patterns are added to the list. Therefore, if you don't keep your list up-to-date, even known viruses can sneak onto your system without you knowing about it.
  4. Allow your antivirus program to do "full scans" often (at least once a week). The reason is simple: if your system got invaded by a brand-new virus, before it was added to the antivirus program's list of patterns, it will only be detected after the list of patterns is added… and you allow the program to check what is already on your system.
  5. Don't click on links in email unless both of these are true:
    • You know the sender
    • The link is something the sender would think you are interested in. Sometimes I call the person who sent me a link, only to find that they did not send it to me!
  6. Use the "Chrome" browser to "surf" the internet. The chrome browser (download it free from www.google.com/chrome) is currently the most secure browser (better than Internet Explorer, and much safer than the Mac's default "safari"!), and it keeps itself up-to-date.
Computer Consulting to Small Businesses, LLC