Protecting your computer from malicious code - AusCERT

/Home/Internet Security: E-books

Introduction
Since 2004 (and growing steadily since then) AusCERT has seen an increased level of threat in the use of Trojan horse malware to facilitate online identity theft. More than ever, it is critical that home users or SMEs (Small and Medium-sized Enterprise) without dedicated IT security support feel confident in the security of their computer before conducting any form of e-commerce or e-government transactions online. Examples of such transactions include accessing or updating your personal information on a government web site, filling in a web form to apply for personal documentation, conducting Internet banking or making online purchases.

Even if these transactions use SSL encryption (typically recognised by the presence of a golden padlock during the browser session), it is important for users to understand that it will not protect the leakage of personal information to an attacker, if their computer is already compromised with certain types of Trojan malware. Hence users should be aware that using e-commerce and e-government services involves a heightened risk that their personal identity information may be stolen, if they have not taken adequate precautions to secure the computer from which these services are accessed.

The results of the 2006 Australian Computer Crime and Security Survey again show that malicious software (malware) continues to be one of the greatest threats to information systems in Australia. The most common form of attack reported by large and small organisations was infections by viruses, worms and Trojans.

Viruses and worms are well known forms of malicious code but Trojans, spyware and other types of attack tools and some mobile code also have the potential to harm the confidentiality, integrity or availability of your computer data or network, and can potentially cause more harm in terms of stealing your personal information.

Like other forms of computer network threats, malicious code continues to evolve and create new challenges for organisations seeking to protect themselves. But these challenges are not insurmountable and there are a number of practical and effective strategies to reduce the risk.

This paper outlines effective strategies that will assist in minimising the risk of harm to confidentiality, integrity and availability of your computer data and systems when connected to the internet. It provides practical advice for protecting personal computers from malicious code for home users and organisations without dedicated IT staff. Most of the information provided is generic however some specific recommendations are included for Microsoft Windows, Apple Mac OS X, and generic Linux platforms.