Happy Conficker Day!

April 1, 2009.  An unassuming day, April Fool’s, of course–until it is revealed the Conficker worm is going to “go off” that day.  Some malware was in wide circulation on the internet, taking advantage of a Windows vulnerability, or “hole.”  Microsoft released the patch for the “hole” in October 2008.  Most users remained unpatched.  Computing professionals like myself braced ourselves for what would happen…  which was mostly…

Nothing.

Was this a good thing?  Did we dodge a bullet?  It was a far cry from May 2000, when the “I Love You” virus hit the internet.  I was helping a customer in the midst of the virus’s effects when I happened to call home and tell my wife about it.  Right before I called, she received the email with the payload.  Yes, she double-clicked it.  Yes, we lost a few digital pictures that day.  Most of all, we learned about zero-day threats, threats in the wild but not corrected or patched.  We also learned that human behavior cannot be modified by an antivirus program.

Now, email is no longer the threat.  “Drive-by” malware can infect you just be visiting a malicious site.  Root kits bury themselves past efforts to detect them on your computer.  Hackers are not trying to ruin your day, they’re looking to steal your identity.

My advice?  Glad you asked….

• Use a good (no, GREAT) internet security suite.  I love Norton Internet Security or Norton 360.  Keep its virus signatures up to date.  Schedule a complete system scan once a week.  Use the firewall in the product.
• If you need a free product, I suggest AVG Free (http://www.avg.com/free) and Windows’ built-in firewall.
• Keep your Windows system patches up to date.  Usually, Microsoft releases patches on Wednesday.  Set Windows (on My Computer, right-click Properties, Windows Update tab) to download patches and install in the wee hours of the morning.
• Watch where you surf.  Use the phishing philter in Internet Explorer (or Norton Internet Security) to detech fraudulent websites.  Be very careful where you use your credit card; make sure the 128-bit security icon (usually a lock) displays when entering payment data.  Some browsers may be better than others, but it comes down to WHERE YOU CHOOSE TO SURF.

Happy Conficker Day!  I Love You.  Send all your money to a needy Nigerian.