mellanie@neptuneskitchen.com

NK Home

Mellanie's Work

Articles Home
    Practicing Safe Internet
    Do I Really Need a Website

Contact Me

Articles

May 6, 2006 - How Do I Practice Safe Internet? - Mellanie Hee

It isn't as hard as it looks, but you HAVE to do it. Why?

  • Viruses and trojans (and rootkits, too)- which I will refer to as "viruses" for simplicity (and don't write me about "virii", I am not going there!) - in very simplified terms, can and will destroy/corrupt data, record your keystrokes as you type in your credit card and password information, cause your computer to shut itself down, cause it to not startup, send nasty emails (with attached viruses) to your email contact lists in your name, and otherwise cause you to become bald from pulling out your hair, which is OK, since it turned gray in the three days your computer has been "down."
  • Let me expand quickly on the keystroke angle. Is your credit card tied to your checking account, which is tied to your CD's, Money Markets and IRA/401k's? Yeah, scary. Two things you need to do, Ok, three:
    1. Use a Credit Card Company that has a good reputation for protection for unauthorized transactions
    2. Open a checking account with a check card that is not tied to any other account. Use this account for online stuff. You get the advantages of Credit Card protection without the risk of losing more than you have in that account.
    3. Before buying online, Use a search engine to search for the vendor's reputation on the internet. You can save yourself a lot of headaches.
    4. Secure your computer
  • Update your computer (for free!) I will concentrate in Windows XP, but the same goes for Macs, although Apple updates aren't always free. (Linux users don't need me!)
  • Turn on automagic updates. (Control Panel --> Automatic Updates) I know it is annoying, but Microsoft provides this for a reason. New exploits are discovered, uncovered and published throughout the bad guy areas of the internet regularly (think daily!) The reason Microsoft appears to be such a target is that the vast majority of PC's run on Windows. As Macs gain marketshare, they are also becoming targets, so you guys aren't safe anymore either. (Linux users still don't need me!). If you haven't updated in awhile, you must update, restart, and update again and again until it tells you there are no more updates to be had. This is because the updates are often iterative, meaning that this month's update requires that last month's be running, hence the restarting.
  • Turn on Windows Firewall. It is on by default with Service Pack 2. However, you better be sure: Control Panel --> Windows Firewall. Other firewalls may even be better. You can search for reviews of third party firewalls and decide for yourself.
  • Stop using Internet Explorer. Now, this is no diss to Microsoft. It is that market share thing again. Since most people use it, the bad guys work very hard to exploit it. Same goes for Outlook Express.
    I highly recommend Firefox. Firefox is what Netscape could have been. Once you see the tabbed browser function, you will never want to go back anyway, so take the plunge. Check out all the themes and extensions available, too (check the extensions reviews, though, not all are fabulous, but most are.) Get the Internet Explorer extension. If you run across a site (like Microsoft Downloads) that requires IE, you just right click and select "View in IE tab". Very sweet.
    Do skip FasterFox, though. It isn't faster (not for me, anyway), and it is not fair to website providers who have to pay for the bandwidth you are using as FasterFox constantly refreshes pages for you in the background. This will get you blocked from sites pretty fast if you aren't careful, because it makes you look like a spambot.
  • Stop using Outlook Express. Start using Thunderbird. It is spiffy.
  • Be very careful about opening email attachments. Remember what I said before about viruses using your machine to send out emails in your name? Well, your best friend's machine could have that virus and be sending things to you. Now, this is tough. You have to learn a little about stuff to make good decisions, and even I have messed up on this one. Generally, you don't want to open stuff from strangers at all. It is all spam anyway. From friends, well, if you are in doubt, send them an email to verify they meant to send you something. If they don't answer your email, then their machine has crashed from the suspect email, and you know not to open it-LOL! Look out for files with the ".exe" at the end. Others can be bad, too. Check out this site for more info or do a search for "dangerous email attachments". Educate yourself.
  • You can take email security one step further. For $20 a year you can set up a Yahoo! Mailplus account, have all your mail filtered through it, and eliminate the possibility that a really sneaky bad thing will execute without you knowing it.
    Thunderbird is pretty darned good, but there are advantages to using Yahoo! Mailplus including the spam filters, the fact that they do backups so you don't have to backup your own email, you can open many types of potentially dangerous files like Word Docs within the protected space of the browser, and, most important for me, I can log in from anywhere to check my mail. Once you have signed up for Mail Plus, I can help you set it up so that it appears to come from your normal email account, then we can forward your normal account to the Yahoo! account. No one need ever know you are using Yahoo. Also, they do scan for viruses- not 100% effective. I downloaded something the other day that they cleared that was infected, but, hey, no one is perfect.
    There are other services that do this, but Yahoo! happens to be what I have used.
  • What about Norton and Semantech, etc?
    I personally don't like either of these because they hijack my computer and bug me far too often about stuff. I am sure they are fine products, but I don't have the experience to recommend them.
    I DO very much like AVG from Grisoft. The free version is available to home users. However, they worked really hard to make a great product, so go ahead and buy it. Besides, you get tech support that way.
  • I also scan weekly with Ewido, BitDefender and BlackLight Rootkit Eliminator. You can search for any of these, try them out, do some research and figure out what you like. Do run AVG or something comparable every night, though.
  • What is Phishing?
    OK, this is very important. I don't care if Bill Gates himself calls you and says he needs to verify your password to anything, you DO NOT GIVE IT!
    Lemme 'splain.
    When you enter passwords into a site, it is encrypted. Support people, sales people, even the President of the bank, does not have access to this info. So when anyone calls or emails you asking you to verify your password, tell 'em to...well, you know.
    The bad guys made up this new game. They email you saying that they are PayPal, Visa, your bank, whatever... and that if you don't click on the link and log in to their account, your account will be suspended. So, the link says "paypal.com" but the CODE actually is a number, or another address.
    Watch this: CNN.COM - Go ahead, it is safe to click. Did you see what happened? I told you that you were going to CNN, but I was sneaky and sent you to CBSNews.com. It ain't rocket science.
  • On a similar note, bad guys like to capitalize on people's errors. My friend found one the other day. She was told by her employer to go to a site and enter her SS# number to log in to see her medical insurance information. Well, the address is an odd one where it makes more grammatical sense to use the plural of the first word of the address. So, like many people before her, she typed the plural, since it sounded more correct. The site she got mimicked the real site and asked for her SS#. Being the clever gal she is, she sensed something amiss and called me. We checked it out, and, sure enough, it was NOT her employer's benefit site. These bad guys were capitalizing on human nature (to want to spell things correctly) and were harvesting Social Security Numbers. Pure evil. Remember the good ole days when mis-typing Yahoo.com only took you to a porn site? Well, it's gotten bad/worse out there. (Sigh!)

    I've thrown a lot of info at you today. I know it is hard. However, to be honest, I ran a totally naked Windows machine for 8, count 'um, 8! Years! With no virus protection or firewall, because I used my web-based email, alternate browsers, and didn't open fishy attachments. It wasn't smart ;), but I proved it can be done. When I got this new machine, I decided to do the right thing, if for no other reason than to be able to advise others. I actually had a scare last night. I was in a hurry and needed a shareware program- which I installed without researching. After installing, my machine got a little weird, and I had that sinking feeling (you know the one when the car starts making a strange noise and you are halfway in between Amarillo and Lubbock or someplace equally as remote). Anyway, it turned out well. I had no viruses, I had just launched too many programs at once (more than 20, including Photoshop and Illustrator- I have 9 running now...love my new 'puter!!!)

    So, just start at the top of the list and work your way down. ...and, yes, I KNOW you aren't doing backups...uh-huh. We'll talk about that later. -Mell

    Please note: For my protection and yours, you are responsible for protecting your computer and any information you may expose to the bad guys. If you want a guarantee that nothing bad will happen, please pay someone to help and advise you. The information I have offered is an example of how I secure my own systems. If you choose to follow my advice, you do so at your own risk.

 

All information, articles and images are ©1998-2007 Mellanie Hee unless otherwise noted.
Links to my site are welcomed. Reprinting may be allowed if I am in a good mood when you ask me.
Please note: Money and good publicity usually put me in a good mood.