Know Your Source
Don't download everything. It's not always necessary to do so. but when you do, make sure where you're getting the file is legitimate. How do you do this in a vast sea of web sites? Despite the immense number of sites available, very few actually host files. Downloads can take up server space that site owners typically have to pay for, so they choose to host their files in the same place as everybody else. This equates to a finite but still large number of legitimate sites.The best way to know where you're getting your file from is to look at the bottom of the screen when you move your mouse over a link or button:
The address to the next place you will go to get the file is listed here. It can seem arbitrary, but the main part you need to look at is the address of the web site, which is the first part of the link (everything before the ".com" or ".org" or whatever) called the domain. You can actually open a second window and open this first part of the address to see where it goes. Does it go to a place you recognize?
It complicates things when a web site owner uses multiple addresses for different functions, like CNET using dw.com.com for its download pages and files. This server, if you went to it directly, shows nothing. It would look to a novice like it's something bad, but it is used by a reputable company. The second thing you might want to do is check the owner of the site by using "WHOIS" search.
Who.is is my favorite of these types of search sites but you can use most services you see when searching "whois" in Google. The function here is to see who owns the domain. Because one business can own another, you are looking for something that identifies the web site as owned by someone you expect it to be owned by.
In this example, we see that the owner of dw.com.com is CBS Interactive, Inc, which is somewhat arbitrary to someone who doesn't know who CBS Interactive is. However, we do see that the person to contact has a CNET address, so it should be legitimate (most hackers and scum won't ask you to send inquiries to a major company, because having that information on WHOIS means that company may have some legal control over its ownership).
You can do this your first time, and as long as you're going to the same place each time, you shouldn't have to go back and check WHOIS each time. If the domain was "dw.com.ru", which would be a Russian domain, or "dw.com.co.uk", which would be a British domain, you can decide if you should really be going out of the country for your file and act accordingly. The WHOIS should show the same information if owned by the same company. If it shows some random person with contact info that does not seem legitimate, be cautioned when going there.
Know the Sender
Email is not as common to contain viruses because less people use software like Microsoft Outlook for their email. Attachments in places like Yahoo! Mail or Gmail are often scanned by the provider, and many harmful extensions (detailed below) are denied being downloadable so their clients are not infected. However, some viruses still get through.
Don't open attachments from people you don't know, and verify that people you do know actually purposely sent you any attachment you didn't ask for. Some attachments are sent automatically or have been spoofed by a sender to look like your friend when it was really sent by someone else. And don't use "Reply" to ask a sender to verify themselves, as emails can reply to a different email address. Always type a new email with the original sender's email address.
Instant messaging is also potentially unsafe if a friend sends you a file. Don't open anything sent by a stranger; don't even accept the file transfer.
Know Your File Type
There are tons of types of files, PCs determining the type of file by the extension used (the letters after the dot in the file name, like ".exe"). Viruses are not present in many types of files because they are not "executable", meaning they don't create commands that the computer must follow to use the file. Items with extensions like .jpg, .png, .mp3 and some other media files are not likely or sometimes impossible to carry a virus.
Fileinfo.com discusses common file types and their uses. Use it as a reference to find the kinds of files you want, and know if the file you're downloading has the right extension.
However, the reality of the internet is that it always changes. And the internet community has seen viruses hide in all sorts of files, and new viruses are created everyday.
Treat all files the same is my motto. I scan everything I download from any source I don't know intimately, or at least have an active virus scan that can catch things before I open them. This is especially true for any .exe, .zip, .rar, .pdf, .epub, .mobi, .msi or .7z files that are common to include viruses if not from a well-verified source.
Know that double extensions,which can look like .exe.vbs or .jpg.c, are likely to be a virus in disguise. Hackers expect novices to not notice the extra letters, figuring it's some sort of enhanced version of a file type they know. Unless you know for sure the file should have a double extension like this, don't open it, and delete it immediately.
P2P and Torrents Are Plagued
Anyone who has used ThePirateBay.se or other torrenting sites, or used a peer to peer (P2P) networking software to download files from other people will have heard of or have experienced a virus being carried by the files shared. It doesn't seem illogical to assume when you're doing something illegal you will probably run into other criminals who want to mess with you. You also can't trust someone else's computer to be virus free if they're not a corporate server or a high-level tech geek.
Assume everything you download from torrents is potentially infected with viruses, whether you're pirating movies or finding legal free stuff from collections shared by others. Scan everything, verify all files, and don't download anything you don't know how to open. Don't even trust common safe file types like .jpg.
Torrent sites like ThePirateBay.se also have comments posted by other users. It is important to read these comments before downloading anything from a torrent because they will tell you if someone else caught a virus or if it's not the real thing. Communities like this try to tell each other when to beware. If you are active in these communities, give feedback when you can.
Please note: Pirating songs, movies, software or other copyrighted or patented material is illegal and you can be fined or jailed for engaging in communities that traffic this kind of contraband. These are considered black markets, and on top of virus possibilities you should consider the legal ramifications of your actions before choosing to download something that you don't own.
Use Common Sense!
You get an email from a friend that has some kind of general note in it like "This is so funny I almost died laughing" and that's it, but it has a file you have to download to view. Is something so funny you risk infecting your computer and losing your data? Or could you let your friend know you aren't opening that stuff unless they give you more details about what they're going to see, and add something that verifies it's really from them? Common internet courtesy for emails, file sharing and the like is to make sure there's a way you know who it's coming from and what's in the file. If you don't, you might as well delete the email or pass up the file sharing link until you can.
Only download stuff if you know it's really what you want. One of the most common mistakes made by people who constantly get viruses is to download items that say they're something the person really wants, like a cute game or, inevitably, porn, but the file they download uses those popular past times to lower the person's sense of security so they won't scan it beforehand and make sure it's safe.
And speaking of porn, for the sake of your security and family sanctity, find a better use of your friggin' time! Porn really isn't that exciting. Half of it is hilarious, and the other half is gross. But most video and photo downloads that are freely distributed have a higher potential than any other kind of software to contain something harmful, annoying, destructive or curious about your personal data. I have fixed more computers damaged by people who got porn viruses than any other kind of infection. You really want to see people having sex? Get a subscription to a porn site or go to your local smut shack and buy a DVD.
Now that we've covered that...
In the next installment, we will discuss virus software and what I suggest to use to scan and protect your system.
Apple products are less likely to have viruses. Is tax time the right time to switch?
No comments:
Post a Comment