How To Avoid Getting Hijacked (Your Computer, That Is) (December 3, 2010)
Some basic computer security measures can reduce the risks of your computer being hijacked/hacked.
Having had my Comcast webmail hijacked by spammers has heightened my awareness of simple things anyone can do to improve the security of their computers. At the risk of boring tech-savvy readers, I'll cover a few basics.
Knowledgeable reader I.Z. suggested the hijacking was probably the result of my lapses rather than Comcast's:
While railing against Comcast can be cathartic, in all likelihood, this "hacking" was preventable - by you. Access to your account was obtained by acquiring your credentials. This probably happened in one of several ways:
Personally, I would reckon such obvious mitigation to be the responsibility of a monopoly, but I grant the primary point, which is that I enabled the hijack via poor security habits. (How difficult is it for network software to track that an email account is being hit with hundreds or thousands of login passwords?)
Since I don't access the web on public wireless networks, and I'm behind a router firewall and a software firewall, it seems most likely that the attack was a brute-force capture of my password, which was weak.
So here are the basic security measures to take:
1. Don't log onto password-protected accounts or sites while on a public wireless network.
2. Strengthen your passwords. Mix in capital and lower-case letters, numbers and special characters if the site allows them; avoid words found in dictionaries.
3. Connect to the web behind a router with a built-in firewall, or a hardware firewall, and also maintain a software firewall.
A tech with 30 years of experience said that in his experience anti-virus/anti-malware software did not really "fix" the security problem--every computer he'd run across that had been infected had Norton, McAfee, etc. running. His recommendation was to maintain a firewall and keep a backup of your hard drive which could be reloaded if your computer became infected.
I.Z. offered these additional suggestions:
These are my opinions, not facts. I am not a formal data security professional, academic, etc., and I base this on practical experience. That said:
Thank you, I.Z. for these suggestions.
I should also mention that my experience with the major AV software vendors has been poor. Basically the McAfee tech I chatted with online suggested running their free scan tool. That didn't turn up any virus, and McAfee's tech support response via email was along the lines of, "gosh, you must have a virus we don't know about, there are thousands of them out there, but we do have a nifty virus-removal service for $89 a pop."
Uh, remind me why am I paying for your AV software?
Neither tech thought of webmail as the source of the hijacked email.
Norton took three minutes to scan a two-line email (multiply that times 50+ emails a day), so that was dumped post-haste. The Norton "removal" tool tagged my Word and Excel executables as "bad" and deleted them. Great job, Norton!
While I have read about harmful files being loaded from malicious adverts and other passive files (hence all those warnings about ActiveX), my impression is the standard way people get malware is via an executable file that they click on.
Between a firewall, strong passwords (that you write down somewhere that you can find again, heh) not clicking on executables from unknown sources and not logging onto password-protected sites from public wireless networks, then I think the risk of being hijacked/hacked can be significantly reduced.
I remain a beginning student of security, and hope this entry spurs you to at least strengthen any weak passwords you might still be using. Common sense suggests avoiding using one password for all your accounts and logins.
Lagniappe/bonus paranoia: I also deleted all contacts lists from webmail accounts.
The inconvenience of entering an email address is a modest payment for the peace of
mind that comes from knowing that any future hijacking will not yield up a contacts
list to exploit.
Of Two Minds is now available via Kindle: Of Two Minds blog-Kindle
"This guy is THE leading visionary on reality.
He routinely discusses things which no one else has talked about, yet,
turn out to be quite relevant months later."
NOTE: contributions are acknowledged in the order received. Your name and email remain confidential and will not be given to any other individual, company or agency.
Or send him coins, stamps or quatloos via mail--please request P.O. Box address.
Your readership is greatly appreciated with or without a donation.
For more on this subject and a wide array of other topics, please visit
All content, HTML coding, format design, design elements and images copyright © 2010 Charles Hugh Smith, All rights reserved in all media, unless otherwise credited or noted.
I would be honored if you linked this wEssay to your site, or printed a copy for your own use.
|Survival+||blog fiction/novels articles my hidden history books/films what's for dinner||home email me|