How Boobs and Curiosity Killed The Cat..and Your Pc

This article is how you can defend against viruses where the best and last line of defence is you.

Viruses are programs designed to alter the state of your data, either to make money or just ruin your day. They’ll delete, encrypt or spy on your data but I would say that you can stop around 99% of viruses by following some simple measures.

Don’t Be Stupid

Simple really. You receive an email about a subject that’s totally random to you and it has an attachment or web link then be careful. Apply these rules:

  • Is this an email from someone you know or have been communicating with?
  • Is the grammar or subject matter what you would expect from this person?
  • Is the email address correct? When you see an email and it looks like it’s from a name you recognise there are two parts to it. You’ll see the name and SMTP address, i.e. Joe Bloggs <> . Emails get spoofed all the time so check the SMTP (joe.bloggs@) bit and see if it’s correct. Chances are it’s a random address created by a hacker.
  • Does the web link look correct? If you hover over the link but the hover shows a completely different web address then they are trying to trick you by making it look like a legitimate website.
  • If you’re a middle aged bloke with a beer gut and you’re being enticed by emails from the young nubile Emily who wants you to click on her web link to chat then don’t. She’s not really going to show you her boobs.

Don’t let curiosity get the better of you. Just delete the email and don’t open the attachment or click on the link. If you do then you’ll unleash hell onto your PC. If it’s a legitimate email then the person will chase it by another email or call you if it’s important.

To be safe, make sure that Macros in your Microsoft Office programs are turned off so that don’t work automatically. If you receive an attachment that asks you to enable Macros then it’s highly likely you’re about to say goodbye to your data.

Patch Those Holes

Viruses typically take advantage of vulnerabilities in your software. These weaknesses are patched regularly by the software vendors hence you see Windows Updates or Adobe updates. Don’t ignore them. They patch the holes to prevent the vulnerability being exploited. If a software requires an update (and this is not limited to Microsoft or Adobe) then update it.

Do The Obvious

It goes without saying but you really need to use anti virus software and don’t think that having a Mac you’ll escape. Hackers are quite happy to go after Apple fanboys as much as they are Windows. Sophos are one of the most trusted anti-virus vendors going and they do a free home network version for up to 10 devices. Well worth it if you don’t currently have software and the link is below.

Sophos Home

Lastly, remember about your back ups. Have at least one back that you don’t automatically access on a day to day basis. If you can easily navigate to it then so can the virus which, at that point, you’re stuffed.


Securing your assets……

And I don’t mean a bra or tight fitting under crackers..
When I think of assets I normally think of stuff I can touch so with regards my personal IT that’ll be the iPad, Samsung phone, laptop and desktop PC but the reality is that it’s actually more than that. What about your data? Your music or 15 years or digital photos of the dogs or the kids growing up? What about all your personal correspondence? What about your online identity or bank account?

In previous blogs I’ve talked about using multiple passwords and 2 Factor Authentication to protect the confidentiality of your data. Confidentiality forms part of the triangle in information security. You don’t want people who don’t need access to your data gaining access. The other two sides of the triangle are integrity and availability. Integrity means that you don’t want someone changing it or corrupting it, for example ransomware encrypting your data. Availability means that it’s always there when you need it and you can gain access to. In terms of the ransomware attack it’s there but unavailable to use.

Have A Different Approach Depending On What You’re Securing

There are many many layers to securing your data so you need to think about the risk and the impact. This then allows you to consider what the best approach is and whether you want to spend a lot or live with the risk.

For example, losing your hard drive on your PC would have a high impact to the availability of your data. You may lose it completely or it may become corrupt thereby affecting the integrity. The risk is probably low to medium if it’s a typical desktop however if you’re using a laptop without a solid state hard drive then it’s a lot higher. I’ve lost count over the years on the amount of laptops that have been damaged purely because they are mobile devices.

Backing up your data doesn’t need to be expensive. You need to consider a 3-2-1 approach; 3 copies of the data, 2 which are local and one that is off site in case the house burns down etc. My approach is this:

  • I have a laptop and a desktop PC. The desktop PC has a second hard drive in it that hosts the majority of my personal data. This means that if the C drive is corrupt then I’m not going to lose the data. Also, my laptop hard drive is encrypted so if that’s stolen then the bloke selling it for £50 in the pub is selling a brick.
  • I use Google Drive and pay a couple of dollars a month for 100 GB of data. This synchronises with the desktop and about 80 GB of my photos sit quite happily in the cloud. They are accessible by all my devices and if my hard drive dies, my memories are still there. In addition, all my CD’s that I collected over the years that were burned to the hard drive of my computer now reside in Google Play
  • I have a 1TB NAS (network attached storage) device that my hard drive synchronises to. This includes all my music and photos. So, with the 3-2-1 approach I have the original copy on the hard drive, a copy on the NAS and another in Google Drive. Google Drive also comes with the ability of rolling a copy back within 30 days so if the original is corrupted and synchronised to the cloud then I can revert back to a decent copy.

So, I’m not too bothered if I lose my photos or music on my hard drive as they’re in the cloud. It’s a low impact as I can download them again.  The high impact bit is the operating system and all my programs that I’ve installed over time. It would take a complete age to restore it all to a working level. I’m not even sure whether I still have all the media or settings to get me back up and running.

With this in mind, another approach I’ve taken is to take a snapshot of my PC at a point in time. I’ve used Acronis True Image to take a copy of the whole hard drive and have stored it on my NAS box. This means that if I need to restore to a new hard drive it restores a lot quicker than re-installing and copying everything back.

Don’t Be Held To Ransom!

Ransomware is one on the increase. This is where you’re infected by a virus that encrypts all of your documents and makes them inaccessible to you. The attackers will demand that you hand over some cash to get the encryption key.

First thing first, don’t hand over cash. Walk away from it. If you can, restore the state of the PC using system restore. If not, delete the encrypted files and clean up the PC using anti-malware software and restore your data either from another local copy (in my case the NAS box) or your cloud service (Google Drive).

I’ll cover more on ransomware in a future blog.