Gone are the days when viruses were written for the sheer joy of vandalism in their bedrooms by teenagers without girlfriends, called "script kiddies" for their technology and their age. There’s money to be made in attack software.
Old School defenses have become about as effective as a Keep Out sign. Big attacks, like Equifax, make the news. You probably haven’t heard about countless small businesses getting hacked every day, but it happens. Way too often, and way too often with far greater pain than a CEO being allowed to “retire” with a huge pension. Nothing is invincible, but we can surround your technology by a moat with alligators.
Safe Computing Practices
With unsolicited entry via the Internet getting harder as defensive technologies improve, attackers' easiest entry is via taking advantage of gullible users by luring them to click evil links and open evil email attachments. You can protect yourself from many attacks simply by being conscientious with passwords, email, and web sites. See our article on Safe Computing. If you don't let them in, they can't do their mischief.
Beyond safe practices, you need a mix of defensive technologies.
Traditional anti-virus keeps a database of known viruses and other types of destructive software, collectively known as “malware,” but with 100,000 or so new pieces of malware created daily, how do you keep the database current? You can’t. You need more sophisticated malware protection than those outdated products.
Typical modem/routers supplied by Internet Service Providers such as Comcast and AT&T include some firewall capability. A more sophisticated firewall is usually in order; blocking inbound connections from the Internet is only a start. Some outbound connections are best blocked, too.
- If what looks to you like a link to a good web page actually goes to a server in Berserkistan, it's up to no good.
- Likewise, what looks like a good link could actually go to a numeric IP address like 220.127.116.11 or 2607:f8b0:4009:801::200e. Those are Google and perfectly safe. Most of what look like good links but actually go to numeric IP addresses go someplace you don't want to go.
- DNS is the Internet equivalent of a phone book. When you ask for , DNS translates the name to a number like the example shown above. It's possible for malicious software to tell your computer to use a DNS server that reroutes some or all of your requests to not what you asked for.
- There are directories of compromised and intentionally troublemaking web sites and IP addresses. It's wise to block all outbound connections to them, as what look like links to desired web pages could get rerouted to one of them.
- Just as you want to keep your little ones off web sites for big kids and adults, you might want to keep certain individuals or your entire staff off time-wasting sites like dating. Or you might want to restrict access to your bank and other business-related web sites to appropriate personnel.
It's handy to be able to install any piece of software you like, but if you can, so can an evil or compromised web page, email attachment, USB stick, or CD/DVD. There are a number of other configuration options that are configured by default more for convenience than for safety. We review those options and configure them for your desired balance of convenience v. safety risk.
Criminals keep discovering new ways to attack, and software producers do their best to update their software so as not to be vulnerable to those attack methods, a cat and mouse game. All 200,000+ of the May 11 "WannaCry" victims were running outdated software that had could have been updated in March so as not to succumb to that method of attack. None of our clients were vulnerable to that attack, as they all had been updated.
Recent versions of Windows have gotten pretty reliable, with notable exceptions like the May 11 attack. (The Equifax attack was against non-Microsoft software that almost no small businesses run.) Other software, most notably Adobe's Flash video player, are riddled beyond repair with attack opportunities. That susceptibility led Steve Jobs to ban Flash from iPhones and iPads, which forced most video distributors to switch to safer display methods, but Flash is unfortunately still out there. Our computers keep yours updated, including Flash and other major non-Microsoft products.