What Can Users Do to Protect Themselves from Bots?
Widgets & RSS FeedsEvery day there are news stories about bots and all the harm they cause. Bots are pieces of software, often called malware, which criminals surreptitiously install on computers to inflict harm, such as sending spam, stealing financial information or conducting DDOS attacks against other computers. Corporate PCs are tempting targets as they often have access to confidential company information. Recent cases of infected corporate PCs have been in the news with tales of large sums of money stolen from corporate bank accounts.
Your first line of defense against bots is having a basic foundation in place by making sure your operating system is current and secure. Known as patching the operating system, both Microsoft and Apple offer the capability to set your system options to automatically update the operating system to protect against recently discovered security issues. If the operating system is not updated with the latest patches, it will be susceptible to well publicized vulnerabilities.
Having patched the operating system, the next thing is to make sure that up-to-date anti-virus, anti-spyware and firewall packages are installed on the computer. This is more relevant to Windows-based machines, although the incidence of bots on Apple machines is slowly increasing as the market share increases. Bots are created with ROI in mind, and until recently, the best ROI has been to target the largest installed base of machines, which are those running Windows.
The anti-virus package also should be set to update itself regularly. The criminals who create bots habitually update their malware to evade anti-virus software, so in turn, the anti-virus package needs to be regularly updated with the newest defenses. In larger corporate environments, there may be a firewall or Web gateway as a first line of defense against malware, but this does not obviate the need for defending individual machines.
More insidious is the stealthy attack mounted against a company using social engineering techniques. Someone pretending to be an employee might ring a call center and ask for a password to be reset so they can access the corporate system. Alternatively, someone might leave a couple of USB keys lying around that have files with interesting names like “Q4 pay raises” on them. Once opened, these files will install malware on the machine and perhaps allow access to a company’s internal network. A brilliant yet simple social engineering campaign involved flyers with a URL referenced on them that were posted on the windshields of parked cars. Once accessed, the Web site infected vulnerable unpatched machines, allowing the attackers access.
Finally, do not overlook remote workers. They often use their own machines which may not be up to corporate security standards. Between 10 percent and 25 percent of all machines on broadband residential networks are infected with bots. If a remote machine is going to access the corporate network, either strictly limit access or ensure the machine is protected properly, as described above. Many remote workers also use wireless networks at home and these should be protected using encryption techniques such as WPA2.
—
Michael O’Reirdan is
serving his second term as Chairman of the Messaging Anti-Abuse Working Group
(MAAWG), the industry’s largest global trade association that works against
messaging spam, viruses, denial-of-service attacks and other online
exploitation. He also leads the organization’s
Internet Service Providers Closed Colloquium, a MAAWG committee of
international network operators.
Professionally, Mr. O’Reirdan is a Distinguished Engineer at a major ISP
in North America with over 18 years of experience in the ISP field and with
public facing messaging platforms.
He has served on executive advisory boards for several major computer
vendors and is active in other industry organizations.
