Protecting over 200 million PCs, Macs, & Mobiles – more than any other antivirus


March 19th, 2010

In the cloud identity – can we protect it?

Last few years can be called a “social networking era”. Just remember the rise ups (and depressions) of myspace.com, linked.in etc. These networks are now completely shadowed by FaceBook and Twitter. Even when myspace and similar networks are not that widespread today, they were at the beginning of all. It becomes more and more usual to identify a real ego with social network profile. That’s not too dangerous in its basis, but there’s a big problem – people completely loose a sense for their privacy on internet. This is not an attitude against social networks, it’s only a thought about dangerous habits appearing with the social networking phenomenon. The risk is not the existence of social networks, the risk is how people behave there.

A question has been asked in the title – can we protect your in the cloud identity? I must say – no, we probably can’t protect you, because we would have to protect you against yourself. What we can do is to protect you against localised “3rd party” attacks such as fraudulent software trying to steal your personal data directly from your PC. We absolutely can’t block you while you’re typing your name, address, phone number, social security number, credit card number etc. voluntarily to any legit site. And that’s it. Once you decide to join any social network, you should be very careful, because your identity (or a significant part of it) becomes public, completely dislocated from you, we can say – in the cloud.

We can see lots of attacks made by black hats everyday. These atacks are more and more based on social engineering and more and more precisely targeted. What gives black hats such wide possibilities to target you? Well, it’s you and how you behave on the internet (and social networks). Older approach of blackhats was based on simple machine work – they only harvested e-mails from forums etc. and redistributed them to spambot maintainers. That was easy to implement, but less effective. A logical step was to get more complex context of spam/malware victims. And this context is served by you in a luxury wrappage. How is this done?

So, do you think it is really so difficult to match keywords from your Twitter messages (sometimes assigned to GPS coordinates) or FaceBook groups membership and construct a group of your interests? In fact, it can be done by a few scripts and is definitely worth the effort of black hats. Also, once you’re a member of some popular social network, you’re a good target group for receiving fake e-mails with “Password reset confirmation” (Bredolab) etc., because you’re used to recieve tons of e-mail notifications. I don’t wanna frighten you, in fact – social networks also have some advantages, let’s discuss how to use them and how to not make black hat’s life easier.

First of all – think about the value of your identity and privacy. It is useful to compare what you would tell to known people (real friends etc.) and what you would tell to a community (completely unknown people!!!) on some social network. Unfortunately, the benevolence to community is often too big due to a false feeling of anonymity. Now your identity – it is represented by your name, sometimes by your name and social security number or your name and e-mail. These specifications may be very dangerous when they fall into wrong hands, you should always remember that. I can imagine a situation when someone makes a social network for people with similar consumer profile and paying habits and your credit card number will be a criteria to find your new friends. There would be lots of people who would provide their credit card numbers to such network. And why? Just because they will be “always connected”, maybe because they will virtually increase their social status, I don’t know. Sometimes I think it’s enough to say “it’s cool” and people go there – know what I mean?

Well, the second thing is – you don’t have to do everything what your friends do. If a friend tells you “wow, I’ve recently joined Facebook and it’s amazing”, don’t jump to conclusions so quickly just because your friend said that. Make a balance. What you have to publish, if you wanna join the network and meet your old friends or find new ones? If you want to make the searching accurate (and use all of its features), you should provide your real name, valid adress, e-mail (with your password!!!), where you studied etc. Well, one can say “no pain, no gain”, but the question is – who will have an access to these informations? FaceBook profiles are partly indexed by Google, so you can easily find people with a profile and even when you’re not registered, you can see their main picture, their virtual friends and membership in groups. Registered users may get more informations from your profile (remember – friends of my friends are not friends of mine, in fact – friends of my friends are roughly equal to “everyone” in terms of group policies). A fact that you were invited to some social network by your friend should not change your perception of your privacy. This leads to a consideration as a cool feature rather than a vulnerability.

As the article becomes longer and longer (and maybe uncomfortable to read), we’ll pinpoint again the key rules and make some conlusions.

- always think if you really want to let everyone know what’s your name, where you live, who’s your girlfriend, what you’re doing every two minutes etc – should anyone have a possibility to track your life?

- never ever tell to a community (or social network provider) anything what you wouldn’t tell to a black hat (your passwords etc.) – some information should remain completely private regardless the color of the imaginary hat

- always check who’s your virtual friend (and who are his/her virtual friends)

- if you encounter an enormous number of spam/malware attacks, you probably did something wrong – check your privacy settings on forums, social networks etc.

- use an up-to-date antivirus (+ firewall, antispam) to protect you at least on your PC (against targeted attacks), when you already decided to put your identity in the cloud

- if you’re conform with this article, then just enjoy a fun with your friends, no matter if they’re real or they reside somewhere on a network ;-)

  • Cahya

    I just half retired from social networks, so in other side, I don’t give to much concern about what happens in the networks. Just like using facebook, I forbide anyone to put anything to my wall, otherwise any unknown apps invitation would pop up daily (can we sure if they were trusted enough?) from friends.

    Keep our data secure, would be as equal as securing other’s when they’re in our networks. Sometime I got strict, if she/he change her/his true name into some fake alias, I say: please change it back, or I wouldn’t recognize you :D

    Some people think, if they have nothing to lose when someone hacked their accounts since there were nothing so much important. But one should think about it again… and again.

  • http://www.ppinfotek.com Yanto Chiang

    Cahya :
    I just half retired from social networks, so in other side, I don’t give to much concern about what happens in the networks. Just like using facebook, I forbide anyone to put anything to my wall, otherwise any unknown apps invitation would pop up daily (can we sure if they were trusted enough?) from friends.
    Keep our data secure, would be as equal as securing other’s when they’re in our networks. Sometime I got strict, if she/he change her/his true name into some fake alias, I say: please change it back, or I wouldn’t recognize you
    Some people think, if they have nothing to lose when someone hacked their accounts since there were nothing so much important. But one should think about it again… and again.

    Hi Cahya,

    Quick respond for avast! blog,

    Anyway, this social engineering attacks has been established from some old hackers like Kevin Mitnick (Whose hacked into FBI network), John Draper (Whose hacked phone for free), Vladimir Levin (whose hacked Ctibank’s network), Robert Morris (whose created 1st internet worm), Sven Jaschan (Whose created Netsky viruses & Sasser Worm) and etc.
    Today each young man could learn easily not same like previous hackers which is need to learn a lot things to develop or create or found vulnerability hole at some operating system.

    It’s good the steps that you using till today, to avoid unauthorized people to join with your facebook or social network account. But please keep in mindy, especially for everyone keep using reliable and powerful AV and network gateway protection at your network site.

    cheers,
    yanto chiang

  • Clint

    HI I like this article about social networking. I use facebook but I am always very careful when confirming people. Sometimes when I get notfications from so called friends I always ask someone if they now this person also I do not always except notfications from friends unless I recegnize their name. I like faceboook in that I can talk to people on facebook that I do not see often. But I am always careful just the same.
    I have avast free version as an updated antivirus and I have spyware checker on my computer as well.
    Use common sense it goes a long ways to being safe on facebook or using any site for that matter.

  • http://www.ppinfotek.com Yanto Chiang

    bios :
    I have it recognized by [not for your eyes] i like avast beign

    Hi Bios,

    Is it your company blog?

    Please don’t too much posting your blog in here, once is enough or you will indicated as spammer or phising user.

    cheers,
    yanto chiang

  • http://www.fuzzuck.com Fuzzy

    Good tips. As I hear of more problems people are having which looks like the result of their social networking habits, I’m glad that I’ve never really gotten too involved. I just can’t get past the amount of time some people devote to it.

  • 1TB

    Hi VLK,

    When are you going to do Part 2 of “avast! 5 small business console, part 2″?

    SBS Customers are very keen to upgrade – appreciate some more feedback please VLK??

    tnx