How to fight off computer RATs

Bob Sullivan Technology correspondent • Profile • E-mail

On the Internet, it was always possible to outsmart the phish.  Just don't click on unexpected links, and you were pretty safe.  But RATs? They are much smarter, and if you aren't careful, they'll probably outsmart you. 

Remote access Trojans — RATs — are crawling all over the Internet, experts recently told me. RATs can steal your online banking passwords and let criminals move money out of your brokerage accounts. They let a criminal watch everything you are typing from half-way around the world.

How to stop RATs? There's no easy answer, the experts say, but here are the basic hints. If they sound a bit like mom's advice, they should.

1) Don't go out in the cold without a coat
Maybe you thought it wasn't that cold out; mom knew better, and made you bundle up. After all, you couldn't see the cold viruses floating around at school. Somehow, she could.

The Internet's menaces — particularly Trojan horse programs — are just as invisible as cold viruses, that's why firewalls and antivirus software are a must now.  If you're worried about a criminal watching data flying out of your computer, a well-tuned firewall should stop that.

Windows XP now ships with a firewall turned on. Other firewall software is pretty inexpensive now, and the very vigilant can even buy small machines that act as hardware firewalls. It's a good idea to regularly make sure the kids didn't turn it off. Mom used to say you could catch a cold just running out to the car to grab a book. You can catch a RAT by turning off your firewall  — or your antivirus software — for a few moments.

Still, no firewall or antivirus software is perfect; many Net users with updated software are infected with malicious software like RATs. So there's other advice you must follow.

2) Stay away from places you know you shouldn't be
Rats like dark alleys; so do RATs. Pornography, file-sharing, and other murky Web sites are a major source of Trojan horses and other viruses. Innocent-looking downloads can cause a world of headaches. However tempting these sites may be, avoiding the Internet's seedy side will go a long way toward keeping your computer safe. And that means keeping the kids from downloading free software, too. 

3) Don't eat candy from a stranger
For years, unexpected e-mail has been a major source of trouble; now, unexpected greeting cards are causing trouble, too. Who can resist the offer of a cute, musical well-wish for Halloween or Thanksgiving? You can. Clicking on a greeting card invites the sender to execute a small program on your computer. It's a prime method for sneaking malicious software onto your machine. If there's a hair of doubt in your mind, call the sender to make sure it's a genuine well-wish and not a Trojan horse.

4) Get your money's worth
Online bankers and brokers are just starting to get the message that there should be more between a criminal and your money than your pet's name. Federal regulators recently told U.S. banks that by next year, they had to go beyond a user name and a password to identify customers on their Web sites. You don't have to wait that long.

Bank of America and ING Direct are two banks rolling out measures that include additional steps, such as entering a PIN number with mouse clicks. Demand more from your bank's Web site. Ask at a branch; send an e-mail. A host of technology is available that would let you retire Fido as your password. Give your bank the idea that you'll take your money somewhere else if they don't make you feel safer.

MORE FROM SECURITY

Security Section Front

S. Korea's spy agency lowers cyberattack alert Glitch in antivirus software troubles PC users PCs could be hit next in Web attack Debate over possible responses to cyber attacks Experts work to untangle cyber attacks S. Korean Web sites under renewed attack White House among targets of cyber attack U.S. eyes N. Korea for ‘massive’ cyber attacks How a denial-of-service attack works A look at Estonia’s cyber attack in 2007 Security Section Front   Add Security headlines to your news reader: