What’s in Your Computer (and phone, and WiFi)?

gates

Lenovo

This week the news is full of Lenovo, a computer manufacturer that has been selling machines that they have already fitted with what some call Malware or just Adware. Magic in the machine indeed!

The mal/adware in question is made by a company called “Superfish.” The software is essentially an Internet browser add-on that injects ads onto websites you visit. Details here.

Besides taking up space in your computer, the add-on is also dangerous because it undermines basic computer security protocols.

That’s because it tampers with a widely-used system of official website certificates. That makes it hard for your computer to recognize a fake bank website. This means that you are more likely to give all of your personal data away, let nasty things into your computer, and allow people to monitor your use.

No good I hear you say, and all so that they can feed you adverts while you are browsing.

Hidden Extras?

But this news does bring up another question, what else is in the computer? What else is it programmed to do? The simple answer is that I and probably most of you do not know. We have bought a machine that does the things we want it to do, but who knows what else?

Now as I eat my breakfast, I like to read the ingredients on the side of the packet. It is good for language skills as it is usually in several languages. But can I do this with my computer? You don’t get much in the way of documentation with a $400 laptop. Certainly not considering what is inside it.

So the computer company in question have disabled something at their end and the problem is resolved. But if they tell you that they fixed the problem are you going to believe them? After they did something that put your computer and everything saved on it at risk? Or should you put a new operating system on the new machine, wipe the hard drive and start again?

Why do we trust these manufacturers when they consistently do things that are not in our interest? WiFi providers that con your computer into trusting fake certificates so that they can block certain sites (and read your mail or follow your searches)? Samsung that record your voice through your smart TV and send it non encrypted over the Internet to unnamed third parties, social media sites and search engines that collect your data, mobile phone companies that map your every movement, the list goes on.

So if you cannot trust wifi, or computer manufacturers, or Google, or Facebook, or Samsung to treat our data securely and correctly, who can you trust? And more to the point why are we giving them our lives to play with?

What are the risks of getting infected by malicious software?

Have you ever thought of what is going to happen when you are infected by a computer malware? About a decade ago, computer virus aims were to replicate themselves and destroying key operating system functions. If you got a computer malware infection at that time, most probably your operating system will be corrupted by the malware and you will need to format your hard disk to solve your problem.

Today, malicious software behaves a little different. We have more than 10 types of computer security threats such as virus, trojan, worms, spyware and many more. Each type of malware has their own speciality and here are top 3 risks of getting infected by a computer malware.

1. Having your login credentials stolen

It is very popular today that a keylogger/keystroke logging is used to log a victim’s login credentials. Once the keylogger has a set of your username and password, they can login into the account and do almost everything unless your account is protected by a two factor authentication.

2. Losing hard disk space

Hard disk space today can be very cheap but we should not waste it on storing malicious software. Malware such as worms will replicate in your operating system and take up your hard disk space. You will not feel the burden at the beginning but as the process gets longer, you will start to feel the pain of having insufficient disk space.

3. Spending money on unnecessary stuff

There is also a type of malware where they scare you off by telling you that your computer has hundreds of infections which you actually don’t have. Upon scaring you, they urge you to purchase a bogus antivirus which claims that can clean all the mentioned infections. All in all, you end up actually paying for nothing.

4. Being part of a minion for DDoS attack

Have you ever thought of how DDoS can bring thousands to millions of traffic to a server? It is actually all the computers which are infected with some sort of trojan that explains how the attacker can have such massive amount of traffic. By getting a malware infection, you are at risk of becoming part of this big project which you do not want to be.

5. Losing your privacy

Another form of malware which is known as spyware is built to spy your daily activities. By knowing your daily activities, the attacker will be able to understand you better before attacking you. For instance, if you regularly surf to adult sites, the attacker will probably start off with some fake adult material to lure you into their trap.

Looking at someones internet usageBack to you now, are you able to take all the risks mentioned? If you are not, be sure you have a good habit when it comes to internet and computer security and always remember that having an antivirus and firewall is not sufficient for a good security.

Are Antivirus and Firewall Sufficient for Good Security?

Whenever people talk about computer and internet security, they talk about malware which consists of virus, trojan, worms, spyware and many more. When they come to talk about the solution for those threats, the solution is to get an antivirus and firewall to do the work.

The question now is, are they sufficient for a good computer and internet security? I would say ‘No’. It is very irresponsible to put the blame into that awesome software when you become a victim of malware infection. I believe that software like antivirus and firewall are there to help you in achieving good security, but not creating some sort of plasma shield to you.

The reasons why you have a poor security

As I said, you can’t blame the software for being too poor as the reason that you to get infected. Part of the reason why you are infected can be several below.

You are too careless when handling incoming links from email

Incoming links from emails especially from an unknown sender are usually malicious. They don’t lead to valuable site but either phishing site or malicious site. If you happen to land on a malicious site, your computer will most probably infected with virus, trojan, or worm the next minute.

If you don’t update and patch your operating system, the wounded area is the target for hackers

Sad to say, there is no such thing such as perfect software. Software is always 95% complete where 5% is the section for bugs and vulnerabilities to exist. It is the matter of time whether those vulnerabilities are found.

If the creator happened to find those vulnerabilities before the bad guys, they will still able to patch the wounded area. So if you don’t update and apply the patch, you will the one targeted by hackers to exploit your vulnerabilities.

You are the owner of your computer, not the administrator

Many of us think that being the owner of the computer means being the administrator as well. But do you know that Microsoft did not design it this way for us? There is an option to create a Standard User and there is User Account Control (UAC) so that we will use our computer in the way that we don’t have full privileges to do everything, same goes to the hacker.

A set of keysBy having a strict UAC, you will realize that every single time you run an application that might affect your System files, you will be asked for permission. The benefit here is, if a hacker tries to run an application to harm your system files, I bet you will know it as well when your UAC pops up.

My verdict to poor security

Having a bad security does not mean your antivirus is not efficient enough or your firewall is not solid enough. At times, it is the user who lacks of experience in handling computer threats. As a result, it is important to always stay alert whenever you are browsing the internet.

If you want to learn more about security, you can grab my copy of eBook for free on how to Build Your Own Security.