S | Security

S is for Security, Internet Security

It would be easy to believe that the worlds of Seo and Internet Security are totally unrelated, sort of like, say, Venus and Mars – worlds apart. On the face of it they are; however, tucked into your Google Webmaster panel, under ‘Diagnostics’, you will find a ‘Malware’ section. Every time I have looked, I am told that my site has no malware. The purpose of this feature on Webmaster is that it notifies you if Google believes your site is infected with malware. And, no great leap of the imagination required here, if Google detects malware on your site, that is going to cause a big hit on your rankings. So, your site security has a bearing on your rankings.

There are several ways that your site can get infected. The leading cause of malware seems to be, anecdotally, cross-scripting caused by sharing web hosting. But it is not the only cause. There are a multitude of entry points for malware, and when it comes to website security, to quote the old adage, you are only as strong as your weakest link.

This article is really not intended as an overview or analysis of all the possible ways in which your website and server can be vulnerable. That is a whole book, and more. And again, to repeat a security cliche, there is no such thing as a failsafe system. Just a gradation of levels of security, from highly secured all the way down to poorly secured. All I want to focus on here is one aspect of security, client-side security.

 

The Threat Landscape

“A study of senior management in more than 300 small and medium enterprises found a lack of awareness of cyber-security issues. Less than a third (27 per cent) had audited their business to assess their risk to online threats, only 19 per cent had brought in outside professionals to advise, and just 15 per cent had someone on their team with a cyber security remit. 16 per cent of respondents didn’t even know whether their computers had anti-virus software”. John Abbott, RSM Tenon

Poor client-side security can open you up to some serious issues. There are so many potential online threats, that it is not easy to identify one typical form of attack. But, for example, were you to suffer a keylogger attack, every password you entered in to your computer would be picked up by the attacker. So, once you have entered your website username and password, they are now in the hands of a hacker, and he or she is able to enter your content management system at will, and do what they want there. (And that of course includes attaching some kind of malware to your site, and destroying, amongst other things, your website rankings).

“A report released by APWG only last year stated that of 22 million PCs scanned, an alarming 48 percent of them were infected by malicious code. Nearly seven percent of all computers that were scanned were found to be infected with banking Trojans such as the deadly and well-circulated Zeus banking Trojan. A 2011 Prevx-CSI study showed that 68 percent of all PCs scanned were infected with at least one piece of malicious code.”

What other kinds of attack are there? Rootkits spring to mind. If your PC acquires a rootkit infection, your only really safe course of remedial action is to reformat your hard drive and then completely re-install your operating system. (This is because many rootkits access the Master Boot Record on your OS, Sector 0, and rewrite code in that part it).

And if you do have a rootkit on your PC….. then a third party starts syphoning off information from your bank account….your business account is hacked into, your confidential client database is hacked into, your server details are stolen…..where do you want me stop? Now that your server is accessed, your website is open to attack….your website gets pulled down, or your ordering system is destroyed. It takes you a week to find out and two weeks to repair, (I am being optimistic). You have just lost three weeks of trade, and your clients’ confidential information has been blown open to the world.

Covering Your Bases

Ok, I am not here to evangelize about internet security. You either get it or you don’t. Ideally, if you are an SME, you should get an IT security firm in to analyze risk, and implement protective actions.

The single greatest vulnerability in the online environment is Windows itself. The simplest remedial strategy I can suggest is to run your PC systems on Linux. Ubuntu and Mint are two well-favoured Linux operating systems. Linux has a host of inbuilt security features, including an inbuilt approved software repository, and automatic software updates. Most importantly, unix systems are a much less favourable environment for viruses, and to date Linux has not really been the target of hackers’ attentions, whilst Macs have enjoyed a lot more legroom than Windows on the malware front.

In order to implement some semblance of security on Windows, you need to cover a lot of bases. Unfortunately, the trouble with security is that a large element is dependent on human behaviour. The best defence known to man is not to visit shady sites, and not to download anything suspicious. But that is easier said than done. A classic malware strategy involves getting a dodgy site ranked well with Google. Before you know it you might have innocently clicked on the wrong site, and quicker than a Jack Russell you are in a world of hurt. But it doesn’t end there…malware can be embedded in images even, so clicking on an image can trigger a breach of security. The world of online threats is a world of polymorphous perversity.

I have an army of defence mechanisms I employ personally on Windows. It is complicated and tricky, and the terrain is ever-changing. Rather than suggest measures that are my security “best guesses”, I would strongly suggest that if you are using Windows, that you make security a part of your business learning curve.

Here are a few essentials though….

  • Check for rootkits with Kaspersky TDSSkiller. If you have a rootkit, you need to seek professional advice. (Personally I had to reformat my hard drive with DBAN and reinstall my OS)
  • Choose your web browser carefully. Install security add-ons where necessary (e.g. Ghostery, No-Script, Foxyproxy)
  • Use an updater service to keep all your programs up to date (e.g. Secunia PSI, Hippo Update Checker)
  • Run the best firewall you can find. Comodo do the best free firewall. Your firewall is your first line of internet security, and your most important line of defence
  • Do NOT rely on one solution in the internet security war. Norton basically declared in 2010 that they were losing the internet security war. So, whilst you can only run 1 anti-virus program, you can also run certain supplementary forms of protection. E.G. Zemana anti-root logger, Immunet online virus checker, Threatfire, Superantispyware, Piriform CCleaner
  • Be aware that abnormal behaviour, e.g. slow loading times, may indicate an infection

 

Whilst we specialize in lead generation, seo services, and other forms of online marketing, if you are really worried about your online security, we can suggest some diagnostic tests.

Drop us an email through our contact form and we will do our best to advise you

To carry on reading, continue to Dynamic Content