Wednesday, May 6, 2009

Safe Travels

I've been on constant travel for the past month, connecting to various hotel, airport and coffee shop wireless networks, and talking with people about information risks while on the go. More and more travelers--business people, vacationers, kids and grandparents--are using laptops, netbooks and smartphones to stay connected, informed and entertained on the road and in the air. Our computers are more susceptible to infection by malicious software when we are on the move, connecting to different networks and dealing with distractions caused by unfamiliar surroundings and fear of missing a connecting flight. We are also far away from our safety net of computer support, whether that is the computer help desk at our company or the "computer guru" friend you can depend on to help you out of a jam.

True Story
I was sitting on an airplane at the Charlotte, NC, airport waiting to return home after visiting a couple of banks. Another business traveler sat down next to me and asked if I connected to the free Wifi the airport provides in the terminal. "I connected to the network and saw a certificate warning page," he said, "I clicked past that page and a few minutes later my McAfee antivirus started alerting me about viruses on my computer." I introduced myself and offered to take a look when we got up to cruising altitude.

We opened his laptop and I reviewed the virus alerts and looked in his browser cache. He said the only thing he did was connect to the network and open his browser, which loaded the Yahoo home page. I saw the file McAfee was complaining about, which was a download triggered by a javascript file downloaded from a server in China about a minute after the Yahoo home page loaded.

A little more reverse engineering and I found that a flash ad on the Yahoo home page had infected the computer and installed a downloader which started downloading all manner of malware. McAfee was not telling him it had blocked the infection, it was telling him he was already infected. The first Flash exploit got right past his antivirus protection with no problem. It wasn't until the second or third install of malware that McAfee finally noticed something was up.

Turns out the guy was general manager of a US company and this was the laptop he used for his corporate computing, commercial banking, everything. I strongly recommended that he rebuild the laptop, reinstall all the software and in the meantime refrain from any banking or other sensitive online use. But he was on the way to important meetings and far away from his IT support group. I invited him to stop by our offices near West Palm Beach, Florida for some cyber-assistance but I never heard from him again. I'm pretty sure he continued to use his compromised laptop, perhaps after trying multiple antivirus scan-and-clean routines.

Preparing for Travel

Given the increased chances for malware infection while traveling, here are a few things we can do to be safer on the road. These steps should be completed the day before you head out on your business trip or vacation.

1. Update Windows - Run Windows Updates and install all updates. This is your chance to let Microsoft close as many holes as possible in your operating system and Microsoft programs.

2. Update Applications - Adobe Flash Player, Apple Quicktime and a few other applications are closely tied to web browsing and are prone to exploitation if they are out of date. In the anecdote above, an out-of-date Flash Player was responsible for the business traveler's infection. Run the vulnerability scan at Secunia for free. It's a great tool that shows you what is out-of-date and gives easy links to click to make it all better (see screenshot below).

3. Update Antivirus - And, of course, make sure your antivirus is updated with the latest definition files.

Secunia Online Scan for Out-of-Date Applications

Making sure your operating system, application programs and antivirus are up-to-date will give you the best chance to stay safe during your travels. Good luck!