[Infoworld] 2012 in security: Rising danger
Here's a look at the security issues various technologies will face in the coming year.
Smartphones and tablets
The amount of malware spreading on phones and tablets continued to surge this year, rising 22 percent over 2010 in the first half of 2011, according to a McAfee study (PDF). Android came under fire -- surpassing Symbian and Java ME as the most attacked mobile operating system, according to the study -- with a 76 percent jump in malware from the first quarter of 2011 to the second. Android became the target due to its open nature and its large market share (43 percent in the third quarter of 2011, according to Nielsen).
Mobile infections will continue to rise in 2012 -- especially on Android products -- as the population of devices increases further. Mobile malware often spreads via app stores, posing as a new app or as a look-alike of a well-known app. Third-party app directories usually contain more malware than official app stores do, so stick with the latter. Even then, examine user reviews and do research before you download, especially in the case of new apps. Also, install an antivirus app like Lookout Mobile Security for Android, BlackBerry, iOS, and Windows Mobile, or AVG Mobilation for Android and Windows Phone 7.
As for other mobile threats, pay attention to Wi-Fi security when using wireless hotspots at restaurants, airports, hotels, and other public places. Tools like the Firefox add-on Firesheep make it easy for people to eavesdrop on your activity while you're using Wi-Fi. The tools enable any attacker -- or even just a curious Joe -- on the same hotspot to capture your logins to Facebook, Twitter, and other sites that don't automatically use SSL encryption.
To deter eavesdroppers, instead of using apps to access accounts on mobile devices, go to them directly through your Web browser (at least when you're using a public hotspot). Make sure the site URL begins with https instead of http. If it doesn't, try adding the s. Even better, check your account settings to see if you can force SSL/HTTPS encryption by default, a feature that is now available for Facebook and Twitter.
Finally, another issue with mobile devices is their physical security. Don't store any sensitive information or private documents on them. Consider using a passcode or PIN on your mobile device so that the average snooper can't access it. Keep in mind, too, that several apps and services let you remotely locate, lock, and wipe your mobile device via the Internet. Apple offers the free Find My iPhone, iPod Touch, and iPad service for devices running iOS 4.2 or later. Microsoft has a similar service, Windows Live for Mobile, for Windows Phone 7 devices. For Android devices, consider security apps like the aforementioned Lookout Mobile Security or AVG Mobilation. RIM provides the free BlackBerry Protect app for its devices.
For additional advice about protecting your mobile gear, see our feature story "How to Recover a Lost Phone, Tablet, or Laptop."
In 2011, social networks, particularly Facebook, also suffered from an increase in threats. Through tainted websites and apps, attackers hacked accounts and distributed malware, phishing come-ons, and other scams to Facebook users. The danger spread via wall posts, links, photo tags, comments, and scripting flaws. And considering that Facebook boasts more than 800 million active users, you can expect an increase in threats and scams in 2012.
Don't click suspicious links posted on social networks, even if they seem to have come from a friend; rigged sites and apps can post and send messages without a user's consent. Additionally, be careful not to allow malicious apps on Facebook -- check out the apps you have already approved, and remove those that you don't use, or that look dubious.
Traditional PCs and Macs
Mobile malware might be the hot trend, but threats still thrive on the PC, too. As in past years, malware will flourish on PCs in 2012, so install antivirus software and keep it up-to-date. If you need to cut expenses, try a free option like Avast Free Antivirus or Microsoft Security Essentials; either will provide adequate protection.
Recently, attackers have been exploiting vulnerabilities in Adobe, Java, and Microsoft programs, so don't ignore updates for your applications. Also, confirm that Windows Update is enabled, and consider setting it to automatically download and install key bug fixes.
In the past, Mac users didn't have to worry much about malware, but the situation is changing. This year Apple saw more infections on Mac OS X, such as a fake antivirus program called MAC Defender that caused pop-ups and tried to charge the victim to get rid of them. Expect more malware on Macs as Apple gains market share and becomes a bigger target. Though the infection rate will still be extremely low compared with that of Windows, to be safe you might want to install a utility such as the free iAntiVirus from PCTools