|
Today's Internet is filled with potential hazards, pitfalls, and
dishonest individuals. Every day it seems another security incident
hits the papers or a new threat is announced by virus protection
companies. This can lead novices to avoid using the medium's vast
resources altogether, mainly due to fear and a lack of knowledge
regarding the nature of these threats. What's a virus? How do
hackers work? How do I know if mail messages are really from my
bank? Knowledge is power The best way to avoid threats, whether on
the Internet or elsewhere, is to know what they are and how they
work. To start, I'll offer some brief descriptions of the more
common threats you're likely to encounter. Each will be covered in
more depth in subsequent articles. The five most common threats to
be found on the 'Net include:
-
Viruses.
These are pieces of software that, like their biological
counterparts, attempt to create copies of themselves. In
computing terms, copying usually involves spreading from one
machine to another via network connections, electronic mail
messages, or other methods. Viruses may or may not cause damage
to your PC.
-
Spam.
Also known as Unsolicited Commercial Email or UCE, spam simply
involves dishonest individuals or companies that send millions
of duplicate messages to unsuspecting users.
Most ISPs prohibit such activities, so many spammers make use of
illegal means, such as hacked systems owned by others or stolen accounts.
-
Spyware.
Another software based threat, spyware involves programs
installed without your knowledge or consent that monitor the
activities on your machine. These activities may include what
you type on the keyboard (e.g. a "keylogger"), the Web sites you
visit, or even the data on your hard disk. The data gathered by
this method is then transmitted over an active network
connection to some interested party.
-
Phishing.
This type of attack has become popular in the last few years,
and is more a social engineering approach than a technological
one. It involves forged mail messages, often purporting to be
from a bank or other financial institution, that use various
methods to entice users into clicking on an embedded link that
takes them to the phisher's Web site. Such attacks can be used
to validate mail addresses (if you click on the link, it means
someone received the message) or to deceive the recipient into
revealing personal information.
-
Pharming.
A relatively new type of attack, this is somewhat related to
phishing since it involves the creation of Web sites that are
nearly perfect copies of other, legitimate sites. Most often,
these involve banks, brokerages, or other financial
institutions. The objective of the game is to trick or redirect
others to these bogus Web sites in order to steal their login
and password data. The owners of the pharming site then use this
data to log into the real bank's site and drain the account of
the hapless victim.
-
Hacking.
This is a general purpose term that describes most of the
activities I've already talked about (people who write spyware
often do so in order to "hack into" other peoples' machines). In
a more basic sense, those who attempt to gain illicit access to
systems using network, password, OS, or other weaknesses are
engaged in hacking. To complicate things further though,
programmers often refer to obscure and tricky coding methods as
"hacks," and the term may also be used to describe legitimate
activity. Not all hackers are evil; motive and objective
determine whether this is the case.
Now
you know, in a basic sense, what all these terms mean. Other threats
exist, but they're less common and more esoteric in nature so I'll
leave them for later discussion.
|
