While not exactly on the topic of aquariums, most of us use aquariums every day (and you're probably using one right now!). I thought I would take it upon myself to write a small piece about computer security and privacy.
After working in IT and network
security for a decade, I have seen hundreds of security issues, problems,
breaches, and hacks. However, home users
are often unaware of the security threats they face on their own PCs. I decided to write this short piece in an
effort for to inform the home user how to increase the security on their PC
cheaply and effectively.
Spyware is single greatest threat to the
home user’s security. What is "spyware"? Spyware can lead
to ‘popups’, identity theft, and more, and is incredibly prevalent, and easily
infects the home PC. Spyware comes in a
few forms. Most are small BHO's (browser
helper objects, pieces of code that install themselves into your browser's
framework), illegitimate registry keys (hiding in windows registry, the
'database' of all the settings the Windows operating system uses) or as
standalone programs that seem legit but contain malicious code. All spyware has only a few reasons to exist:
to deliver advertisements (‘popups’ or others) to learn more about you (either
in an attempt to delivery targeted advertisements or to steal your information
some form of profit or identity theft), to have your PC perform work that you
are unaware of or to commit malicious acts remotely (and often without your
knowledge), or to install even more spyware.
What can you do? There are many
things you can do to protect yourself from spyware and other malicious software,
and I advise all of you to follow at least some (preferably all) of these steps
in order to keep yourself secure.
Have
good basic security habits. Change
your passwords regularly (never use the same password for more than 3 months),
don’t use the same password for everything, avoid easy to guess passwords such
as a password containing names, dates, phone numbers. Instead, try to use a combination of capital
and lowercase letters, as well as numbers.
Don't write your password down or give it to anyone!
Beware of
email fraud. Delete suspicious emails, do not believe or
respond to ANY email request for personal data, even if email seems to be from
a legitimate source such as eBay, PayPal, or your bank. These (and other) financial institutions will
not request your personal information via email. Also, delete any email from people offering
you money, or wanting any information about your finances.
Use a well known, secure browser, and keep
it that way. I recommend Mozilla Firefox, or Google
Chrome. Both are updated frequently, are
known to be well written, and do not have the many security holes that Internet
Explorer does (I recommend not using Internet Explorer). No
matter what browser you use, you should turn off "Accept third party cookies".
"Cookies" are small pieces of text that monitor your online actions
and report to a designated server. When you check "remember me" on
this site, that site "remembers" you because a cookie reports your
information to that site every time you visit it. Cookies can also track every
site you visit, and can be used to delivery targeted advertisements and are
invaluable marketing tools (both legit and illegitimate). By disabling third
party cookies, you at least are reasonably certain the cookies your browser
will be storing will only be from websites you intentionally visit, and not
from ads or embedded feeds. To do this in Firefox, go to Tools -> Options,
click the Privacy tab, and uncheck "Accept third party cookies". In
IE, go to Tools -> Internet Options, click the Privacy tab, click Advanced
button, check "Override automatic cookie handling" and click the
"Block" radio button under "Third Party Cookies".
No matter what browser you use, ensure that
you are actually visiting the site you think you are. It is very easy to make duplicates of
websites, but they will have different HTTP web addresses in the toolbar, and
may not display the lock icon and an associated legitimate security
certificate. When in doubt (or just to
be on the safe side) look for the correct web address in the toolbar (for
example, https://www.paypal.com is the actual web address for PayPal’s secure
website, http://paypall.com is not), and examine the website’s security
certificate by double clicking on the lock icon in the lower right hand of the
browser’s status bar. When visiting any website where security is an issue,
ensure your login information is being encrypted. You will see an
"https://www.mybank.com" URL, rather than an http://www.mybank.com URL (the added S means secure socket layer
encryption is being used). You will also see a lock icon in your browser’s’
status window. Ensure you see these two security indicators and the actual,
correct URL before entering in your information. I've seen paypal and ebay
duplicates that looked EXACTLY liked the real thing, but unless their web
servers are compromised (very rare and unlikely) the URL in the address bar
will not be the same on an illegitimate website.
Use at least one well know, quality
anti-spyware and anti-virus program and a firewall. Here is the software I recommend, in order of
prevention:
Firewalls: a firewall is either a piece of
software (on the user level) or a piece of hardware, that, to put it simply,
blocks incoming traffic from the internet. If you're using any type of router
or wireless router, you probably already have a simple but effective hardware
firewall built in to that router, although it probably isn't doing you a whole
lot of good when in terms of spyware prevention. This is because (by necessity) your router
allows all HTTP (web) traffic to your computer. In order to be more selective
about this traffic and (hopefully) prevent illicit material(s) from your
machine, I recommend a software firewall such as Zone Alarm or Comodo Firewall
Pro (both free from download.com). They're going to be a little annoying at
first, prompting you basically every time you do anything for a few days, but
after "learning" (aka you checking "always allow" and
"OK" when performing a known safe action) they'll sit in the
background and you usually won't notice them. Select "Deny" on
anything that seems suspicious, but if you accidentally deny yourself out of
your browser or online game, just go into the program settings and select
"allow" for that program (or with Zone Alarm, just open the window,
run the program again, and it will re-prompt you). A firewall is a must-have
first line of defense.
Use known effective anti-spyware
programs. The simple fact is that if you
aren't using an anti-spyware program, you have spyware on your machine. To avoid acquiring spyware while downloading
anti-spyware programs, only download directly from the software manufacture’s
official website, or a known secure and spyware free website (I recommend
download.com). Also, remember to
regularly update and scan if the software doesn't do this for you
automatically. For the first scan, I recommend scanning in safe mode. To do this, restart your computer and press
the F8 key (you may have to F8 a few times) after your machine posts, then
select safe mode with the arrow keys and hit enter. Run the scan if the program
is capable of scanning in safe mode, some aren't, then simply restart your computer
as you normally would. Here is a list of excellent programs that are all free or
have a free version available:
1. Spybot Search & Destroy by
2. Malwarebyte's Anti-Malware
3. Ad-Aware
4. Spyware Terminator
5. Spysweeper
6. AVG antivirus/anti-spyware
An anti-spyware program with a real
time shield is the preferred first line of defense, and a second anti-spyware
software should be used for weekly scanning. Make certain you are actually
downloading the real versions of this software (download.com has them, but
download.com also has ads that link to software with the same name, but are
actually spyware!) and not spyware infested versions with similar names. An anti-spyware program, plus common sense,
will drastically reduce your chances of infections and data theft. If you do
find spyware, remove it, restart into safe mode, scan again, then restart in
normal mode, and change the passwords on all of the important websites you
visit (banking, insurance, etc) and make certain they are all different from each other in a difficult to
guess way.
Antivirus software is numerous: AVG, Norton, and Mcafee are the most
common. Most of the commercial antivirus
software is about the same in terms of quality, so pick one and keep it
updated.
As data theft and spyware infections become
more and more common, it becomes more necessary to be knowledgeable about how
to prevent and remove spyware from your home computer. Surf sensibly and with caution, use the
appropriate protective software, follow good security and password habits, and
your chances of infection and/or data theft will be drastically
diminished.
Comments