To say that things have been quiet at work would be the understatement of the year. For some reason Friday and Saturday have been extremely quiet. I suspect it has to do with the confluence of end of the month and Halloween combined with school half-term. Still, it meant that we managed to get some work done. One of our biggest attractions is our repair service. Unfortunately, our success at getting people back into work has also meant that we are short-staffed, meaning the repairs have been backlogging. The volunteers we do have are wonderful and they are helping to get the repairs done. This is also on top of running the shop floor and helping users of the IT Suite. So this quiet time has been, in a way, fortuitious.
One of the biggest types of repair that we contend with is viral and malware infection. Unfortunately malware is prevalent out there on the ‘net, just waiting for the unwary surfer. I am still in the process of developing a set of basic security lessons I will be teaching at TechStart, and a list of safe-surfing tips which we will be handing out with every machine we sell. The following is part of an article I posted in Passing the Speed of Light but I thought it would be useful to post it here as well.
I’ve tried to create a simple list of precautions and it is quite long but, hopefully, easily understood and may help reduce the amount of times I have to run through the above process.
- – If an email looks too good to be true, it nearly always is.
- – Your email address is precious. Before you give it out, think about who you are giving it to.
- – Don’t open attachments sent with unsolicited emails. Even if you know who the email is from, exercise a modicum of caution and save and scan the attachment with AV software before opening it.
- – If an attachment has a .pdf.exe or .zip.exe extension then it is almost certainly malware.
- – Do not follow links in unsolicited emails, especially if they appear to be from your bank.
- – If you get an email purporting to be from your bank, don’t follow embedded links, use your normal method of accessing your account. This way you won’t accidentally give away your details.
- – Never, ever respond to Spam emails. This confirms to the spammer that the email account is active, and so you will suddenly be inundated with spam and potentially malware and/or adware.
- – Turn off preview in your email client. Many emails contain viral code that can be executed simply by viewing the email in a preview. It can also be used to send a confirmation back to the spammer that the account is active.
- – Be careful where you use your email online. Web-bots can be used to ‘harvest’ email addresses from public info and forums.
- – Keep a second email account. This can be used to register at sites from which you don’t want to receive further info or spam. It can also be used to recover password/username information in the event that your primary email account is compromised.
- – When going to a website from an email, type the website address into the browser rather than clicking the link, (unless the email is from a known, trusted source), as links can be falsified. (What you see is not what you get).
- – Ensure that privacy settings on your browser are on. This helps prevent too much info being passed to the website.
- – Ensure your pop-up blocker is on. Some websites drop malware onto your machine using a “background pop-up”.
- – Empty your webcache on a regular basis. Applications such as CCleaner are handy for this.
- – When browsing a site that claims to be secure, check that the web address starts with “HTTPS://”. There should also be a padlock symbol on the browser’s toolbar at the bottom or to the left of the address bar (if using Firefox or Chrome). If there isn’t then there is a good chance that it is a ‘phishing’ site, designed to harvest your details.
- – Try to avoid “Download Managers”. These frequently include malware in the downloads and some don’t even download the file you want, giving excuses such as “payment required”, “file unavailable”, “not enough disk space”, all the while downloading malware to your machine.
- – Avoid using banking or other private websites over public access wifi. Its too easy for an attacker to acquire your information, (known as a “Man-In-The-Middle” attack), as there is rarely any encryption or other security.
- – If using public machines do not allow the browser to store your passwords.