Malware, spyware, adware, whatever-ware is all round us on the internet, its no secret and its getting harder to avoid it. It can range from tracking cookies to full blown rootkits and keyloggers.

Avoiding badware (this is what im going to call it for the rest of this article!) can be tough but there are several things you can do to protect yourself.

Note: No anti virus / software solution will ever give you 100% protection from badware, the creators of badware are a lot smarter than you think and avoiding detection from some anti virus engines is very easy for them!

So, with that being said if you follow these following tips you can avoid being another statistic for anti-malware companies.

1: Be careful what sites you visit. This one is common sense for most people, if your surfing suspect sites trying to download things you shouldnt be then be prepared to face the consequences. A lot of sites will ‘drop’ badware into your system, most the time without you knowing, regardless of what anti virus you have on your machine.

2: Pick a secure browser. I wont go into the detailed explanation of why Firefox is better than Internet Explorer, it just is! Use it and never look back, most web exploits are targetted at Internet Explorer (especially older versions) and will not work on browsers such as Firefox or Opera.

3: Use virustotal.com If you’ve downloaded a file that you think might be suspect then never trust your anti virus to give a 100% accurate result, as I mentioned before hackers can easily crypt files and prevent your Anti Virus from detecting them as a virus. Virustotal.com is a online scanning service that uses 32 different anti virus scanning engines to scan the file! Whilst this is still not 100% effective, there is usually at least 1 anti virus engine out there that will detect a badware file.

4: Use a good AV/Anti-Malware solution. I know, I know, i’ve just said that no anti virus will ever offer you 100% protection and whilst this is true some are better than others! If I had to recommend I would use either Kaspersky or Antivir (Antivir is free) and Malwarebytes Anti-Malware. The real time protection from your AV will offer a decent level of protection and its worth running weekly or if your over paranoid daily scans of your system with both pieces of software.

5: Check your task manager / netstat. This is a bit more of an advanced technique which I will cover properly in a seperate article. Task manager will display all your running processes, its a good idea to get familiar with it and check what is running on your machine. Do a google search for the processes to find out what they do and whether or not they are legit. If your familiar with using a command prompt then try typing in netstat and press enter. Netstat will display a list of a incoming and outgoing connections from you machine, this is handy if you want to see any rogue ones that shouldnt be there. It’s a good idea to run this when your machine has first started up as most the time there shouldnt be any (or very few) connections present.

Well thats it for now, whilst these 5 tips are not 100% effective against all badware they will certainly help you and give you a more secure online presence.

If you were to browse for wireless networks in a busy city you would be suprised at how many unsecured networks you will find, many people are oblivious to the dangers, however I would like to outline these.

By unsecure I am refering to a wireless network that is accessible without the need for a network key, although WEP is horribly insecure also I will not be covering its vulnerabilities in this article. Providing an attacker is in range he can connect to an unesecured wireless network and become a part of the local network. Ok so now what? The attack could then run an ip scan on the subnet to establish what is currently connected to the network. At this point the attacker could run various scans (port scans and so on) against the targets. It should be noted that this kind of scan would not be possiblefrom outside of the network as usually a router acts as a firewall and only forwards on traffic to ports that have been assigned for forwarding.

With the above in mind you are at risk to certain exploits if an attacker becomes a part of your local area network, these however are dependent upon what services you are running and if you have any software firewall in place, however the following are more serious exploits that are the real dangers that will jepordise your privacy and possible confidential details, and generally a software firewall will NOT protect you from these.

ARP poisoning – To put it simply this exploit enables an attacker to ‘pose’ as another computer or device, usually your router! This can be done simply by sending a certain amount of arp replies to the victim saying that he has the MAC address of the router. The victim then updates its ARP table and sends all traffic destined for the router to the attackers MAC address. By doing this the attack can then monitor ALL traffic coming in and out of the victim. This needs very little explanation as to why it poses a risk. A lot of confidential details (usernames,passwords) are sent over the internet in plain text or with weak encryption, thus allowing the attacker to compromise your email accounts or other websites you use. There is also the problem of the attacker being able to view pretty much everything your doing online! including all your msn conversations etc.

DHCP spoofing – This exploit requires a little more patience on the attackers behalf however if executed it can be very bad news for the victim. The attacker creates a DHCP server on their system, when a new user comes online whos adaptor is set to automatically assign an ip adddress; the attackers DHCP server attempts to offer a DHCP packet before the router does, if the victim acknowledges the request the attacker can include any details they want, usually their own IP address as the gateway and also DNS server(s) The problems of this are explained below.

DNS poisoning – This is the most serious type of exploit, the attacker can execute this in two ways. The first is explained above, the second is for the attacker to gain access to the router (most unsecured networks are left with default settings, this means the password for the router is usually default also and can easily be found online or guessed!) and then changing the DNS server that it uses to one of the attackers (this could be a local one on the attackers machine, or a rogue one hosted elsewhere) All the attacker needs to do now is create some rogue DNS records that redirect the victim to immitations of websites, usually these look identical however once the username and password are entered and submitted, they get sent to the attacker instead of where they should be sent! The attacker can even get the page to forward the details onto the correct site aftewards, therefore the attack going completely unnoticed. Obviously this is a very big problem especially for sites such as ebay, paypal and obviously online banking.

These exploits above are the most common for an attacker to use to gain confidential information, there are many more and a lot are dependent upon the setup of the network and victims machine.

Summary

In summary, it is clear to see that leaving a wireless network unsecure can have serious implications, and gives attackers an open door for them to gain access to all kinds of confidential information. The following security precauations are advised to give optimal security for home users:

-Always secure your network with a WPA or WPA2 key, make sure that the key is long in length and also complex. Avoid WEP at all costs, it is redundant and can be broken in minutes providing an attacker has a good signal.

-Implement MAC address filtering, this only allows traffic from registered MAC addresses. While MAC addresses can be spoofed, it can be a hard process as an attacker has to sniff traffic and anaylse frame headers to see source/target MAC addresses of an authenticated client, this can be very difficult for an unassosciated client.

-Dont broadcast your SSID, while this on its own will not stop an attacker, it is an extra layer of security.

-Use a software firewall, I recommend Agnitum Outpost

While no system in the world will ever be 100% secure, it is important to implement as many security precuations as possible to prevent attackers from exploiting. With the above points in place an attacker would have an extremely hard time ever gaining access to your network.

An interesting article on the vulnerabilities of WEP can be found here