- Technological flaws, human flaws, who is who?
- These risks that security suites can protect you from
- Social engineering: you are the fault
- Cryptocurrencies: when the system is infallible, it is the user who becomes the target
- ESET, a security suite that doesn't ask too much of you
A popular saying among system administrators is that "the biggest security hole is the chair-to-keyboard interface." But what can this interface be at the origin of so many evils in the digital world? Well… it's you. Well, not really YOU, who are reading us, but rather the human user behind every screen. No need to take it personally!
Because yes, humans are the real problem behind your computer's lack of security. Rest assured, by the end of this article you will know what to beware of, how your operating system is already protecting you, and why a security suite could even better protect you against certain attacks.
Try ESET Smart Security Premium 2022 free for 30 days!Technological flaws, human flaws, who is who?
Far be it from us to make you feel guilty, but hackers seem to prefer you to the good old software and hardware flaws which are becoming increasingly rare. The definition of a computer vulnerability is simple. It designates any weakness of a system (eg a web application), which would allow a potentially malicious person to alter the normal functioning of the system or even access unauthorized data. Its origin is rarely voluntary and may lie in the design of the software, operating system or programming language. Hardware flaws are inherent weaknesses in a device that cannot be corrected like computer flaws unless the faulty component is completely overhauled. A recent example would be the Specter security breach which has terrorized Intel, its processors (and their owners) for several years.
Back in the days when computers and the web were still reserved for a select group, the average user was much more alert to the dangers of the Internet and generally knew how to defend themselves. Then only the flaws in the system were left to hackers, which left even the most seasoned security experts powerless. With the simplification, and consequently the democratization of the computer in the early 2000s, a new population gained access to computer tools. These newcomers, due to lower entry barriers in terms of skills and prices, were not power users for the majority of them. Hackers saw in these neophytes a great opportunity: to exploit the fallibility of the human rather than that of the machine.
These risks that security suites can protect you from
Antiviruses have landed on our computers since the 90s; we only spoke of viruses, then the terms began to diversify: worms, Trojan horse, etc. The antivirus is then the safeguard for the frequent sharing of files between users (often via physical medium). Over the years, a galaxy of modules has been built around antiviruses to constitute what we now call security suites.
Security suite modules can be subdivided into two groups. A first group comes to prevent attacks. Here we find anti-rootkit defenses, but also protections against other forms of attacks such as ransomware, trojans or maldocs. Nowadays, security suites integrate machine learning into their antivirus to detect emerging threats or protect against so-called "zero day" vulnerabilities that can appear directly after updating a software or operating system. A password manager is also usually included and is used to prevent brute force attacks by providing long passwords without requiring users to remember them.
The second group will intervene downstream of an attack. It includes the scan utility which will scan a large part of the hard drive for threats lurking in the shadows. Depending on the security suites, a crawler can be integrated. It scans the Dark Web for identifiers that may belong to you and that have been compromised following a hack into your accounts or a massive data leak. Of course, other additional features exist and do not fit into either of the two groups such as parental control or theft protection.
Social engineering: you are the fault
Social engineering is the prime example of using humans as the weak link in the system. This method of attack almost exclusively uses OSINT (open-source intelligence), manipulation and deception of others to infiltrate the system. It is an attack of this type which allowed a group of teenagers to hack the Twitter accounts of Elon Musk, Barack Obama or even Jeff Bezos to beg for Bitcoin. Thus, by contacting an employee and posing as a member of the technical service of his company, it is possible to extract information such as his identifiers or the contact of his superiors with extended access rights to the system.
Even though the history of Twitter may seem spectacular, social engineering attacks are becoming more common and many are intended to be smaller and less sought after. A simple example would be phishing, that is, sending a fraudulent email where the hacker impersonates a company or an institution with the aim of deceiving the user and encouraging them to click on a link or download an infected file.
Cryptocurrencies: when the system is infallible, it is the user who becomes the target
Due to their dematerialized nature, cryptocurrencies and their blockchain are almost infallible. However, that did not discourage hackers from trying to get their hands on the crypto-loot. To achieve this, they preferred to exploit the lack of knowledge of the millions of users attracted to the crypto ecosystem by the hype generated in recent years as well as the anonymity of transactions to commit their misdeeds. Without being able to attack the banks, it is after the wallets that the burglars of the Internet have them.
Security suites do not yet offer specific functionality dedicated to cryptocurrency other than password managers. You will indeed need long strings of characters to protect your offline Wallet from a brute force attack or from a little more sophisticated decryption software. These locally stored Wallets are in fact only protected by a password. By infiltrating your computer they can recover the Wallet and the private keys located there. Cryptocurrency theft is primarily done by obtaining a private key. As long as it is stored in a note or in the cloud, it is easier for an attacker to access it and carry out transactions without the victim's knowledge.
ESET, a security suite that doesn't ask too much of you
Our partner of the day, ESET, is one of the most reputable security suite vendors on the market. With its prevention-based approach, ESET Smart Security Premium 2021 aims above all to prevent threats from reaching your system by constantly scanning open files and links. It also performs well on zero day vulnerabilities thanks to machine learning which helps it to stay on guard at all times without impacting PC performance.
Finally, ESET Smart Security Premium protects you against malware before it runs with the LiveGuard feature that scans files (documents, scripts, installers and executables) in a secure sandbox environment. Thus, everything is in place so that you do not have to worry about each of your clicks during your daily use of the web.
Try ESET Smart Security Premium 2022 free for 30 days! See the offer Read the opinion 8 ESET Smart Security Premium 2022- Features get to the point
- Very good efficiency in general
- Impact on improving performance (web browsing)
While waiting for a new version 15 which could very well be just as iterative as version 14, ESET Smart Security is not changing its approach, and for the public it targets with its minimalist and targeted solution, it is a little what is asked of him. That, and provide effective protection. On this point, it seems that some optimizations should be put in place to adapt the ESET Smart Security engine again to current “zero day” threats, a point on which the latest laboratory tests see it noticeably struggling. On the other hand, despite the lack of evolution of its interface, we still greatly appreciate its simplicity and its ability to adapt to different audiences, which is not the case with all software which sometimes has tend to popularize too much without thinking of more technophile users.
While waiting for a new version 15 which could very well be just as iterative as version 14, ESET Smart Security is not changing its approach, and for the public it targets with its minimalist and targeted solution, it is a little what is asked of him. That, and provide effective protection. On this point, it seems that some optimizations should be put in place to adapt the ESET Smart Security engine again to current “zero day” threats, a point on which the latest laboratory tests see it noticeably struggling. On the other hand, despite the lack of evolution of its interface, we still greatly appreciate its simplicity and its ability to adapt to different audiences, which is not the case with all software which sometimes has tend to popularize too much without thinking of more technophile users.