Thursday, November 29, 2007

How to practice safe computing

For the home user out there without an IT department or computer science degree it is unfortunate that the software industry has put such a buggy, generally insecure, high-maintenance headache of a machine on the market they call a computer.

But, you can't do much about that (except lobby for liabilty for software security).  And it's the holiday season when the spammers and scammers come out of the woodwork.  I've already seen a huge spike in spam activity.  Here's what you should do to protect yourself.

[Note that I have written these as positive statements of what you _should_ do because research has shown that when you try to tell people about a myth or anything, they often remember the words of the bad examples but forget that the example was incorrect so they end up being trained to believe a falsehood on accident.  So, staying all positive should help your brain help you to remember how to practice safe computing.]

General security practices:
  1. Know that You are a target!  Yes, there are people who want to break into your computer for all kinds of reasons.  They may not care about stealing your high-school term paper, but they would love to either steal your passwords, credit card numbers, or even just add your computer to their network of others that are used to send spam, host malicious websites, and attack other systems on the Internet.  Your CPU cycles are valuable on the black market!
  2. Run Windows Update and install patches regularly!  New patches come out about every first Tuesday of the month for Windows so make sure you keep up!
  3. Upgrade your browser!  Internet Explorer 7 or Firefox 2.x are much, much, much more secure than the old Explorer was.  You can avoid lots of attacks with this simple change and get better active protection while surfing the Internet.
  4. Do not surf the Internet on a Windows XP or Windows 2000 computer as an Administrator!  This makes it way too easy for bad software to be installed that can ruin your day.  Create yourself an Administrator account that you can use for installing software, printers/hardware, and patches.  For everything else day-to-day, use an account that is only in the Users group.  Ask a geek for help setting this up!  It is simple but can really tighten your security.
    1. Also, when you have friends come over to use your computer, create a separate account for MyGuests that is only a lowly User so you don't let them screw up your computer or infect it with viruses.  Who knows what they will change or install (or whether they even know what they did...)
  5. Make sure all the rest of the software you have installed is also patched.  Run the update managers included in each package, such as iTunes, Firefox, and Acrobat Reader.  A ton of security holes are in these programs so keep them patched to -- Microsoft sure won't patch them for you!  A good program to use for this is the free Secunia Personal Software Inspector (PSI)
  6. Run a decent anti-virus, anti-spyware, and firewall program.  Oh, and be sure that your virus signatures are up-to-date!!
    1. I recommend AVG Freeware for the budget-conscious or Kaspersky or F-Secure for those wishing to purchase solid vendor packages.  I wouldn't let my worst enemy use McAfee and Norton is oft a resource hog.
  7. Do use different passwords for financial and shopping sites than you might use for your email, myspace, recipe site, etc.
    1. If someone steals your email password, you don't want them to also be able to get into your Quicken or online banking site!
  8. Use a free and secure password manager program such as KeePass to keep track of your passwords and other sensitive data and help you fill in online forms!
    1. You have no excuse for using bad passwords because these programs can help you use stronger passwords that you don't need to remember -- or even type in yourself! 
  9. Be very careful when accessing financial sites or shopping sites from computers at a hotel, library, school -- and especially at your relatives or friend's houses.  If you can, wait until you can use a trusted computer.  You wouldn't drink an unmarked cup of mystery liquid you just found next to a stop sign, and you should reserve similar caution when using an unmarked computer you just don't know is secure or not.
    1. If you must do something risky from a public computer (like at an Internet cafe in France...) then change your password right away when you return home!
  10. Check your credit reports from all three credit bureaus every year For Free!  But only use this site since it is the official one organized by the FTC to get you your reports that you are guaranteed by US law.
Shopping tips:
  1. Use reputable websites if at all possible when making online purchases.  Deal with the amazons and bestbuys of the Internet and be wary of some vendor you've never heard of.  When in doubt, ask someone to help you check an offer or website out for you!!  If it sounds too good to be true, it probably is.
  2. Check your credit card and bank account statements often, especially during the holiday season.  Use the power of online websites to stay up-to-the-minute and catch unauthorized charges early to minimize your losses.  Federal law allows banks to not cover fraudulent charges if you don't report them in a timely manner!  You are normally only liable for $50 maximum if you report it promptly.  Although these days, I recommend getting a $0 liability credit card and then you don't have to worry at all.  But you don't really need to fret so much anyhow since you aren't really liable for much.  And the risks of using checks these days far outweigh many other online risks.
  3. I recommend against using Debit cards online just because the laws protecting consumers are VERY different for those and your banks DO NOT have to honor any maximum liability caps (though most do).  You should only use them if you could handle the worst case event of all of your money in your checking (and if you have overdraft--your savings) being siphoned out and want to deal with the hassle of dealing with some shmo in the fraud/risk department of your bank begging to get provisional credit back so you can buy groceries or beanie-babies or what-have-you.  I've had my debit card stolen and it can be a real P.I.T.A.  It would be much nicer if it was someone else's money that got your bank's.
Email tips:
  1. Spammers and scammers love it when you forward chain emails because they know they can trick you into doing their dirty work for them and spread their lies and filth.  Stop these dead in their tracks and just delete them when you receive them.  Do not forward them, even though your friend Susie sent it to you.  You don't need to send that chain email around "just in case" you might get bad luck from not continuing the chain.  You may be giving your friends bad luck if you happen to send something malicious...
  2. If you must send something out to a large swath of people, check the veracity of the claims at Snopes before doing so.  It only takes a second.  And Snopes should be easy to remember.  There is so much misinformation on the Internet and you are part of the problem if you keep sending it around.
  3. Ignore any email claiming to be from a (Bank, paypal, ebay, amazon, etc.) and needing you to "verify your identity" or similar.  Those are all scams.  All of them.  I'm serious.  And the ones that aren't are from companies that you absolutely should not be doing business with anyway because they obviously do not know or care how to protect your security.
For the Advanced Placement members of the class:
  1. Use the excellent secure-deletion program Eraser to shred files securely from your computer.  The basic Trash can does not remove all traces of your data, just like throwing it in the trash is not as good as in a cross-cut shredder.
  2. Question sites that require you to provide personal information to get something, even software downloads.  Often there is nothing preventing you from putting in bogus information.  You can also try the website BugMeNot for lots of free logins and passwords to sites that require you to register so you can avoid proliferating your name, address, etc..
  3. Opt-out of junk mail at home, and opt-out of telemarketing.  Also call 1-888-5-OPTOUT (888-567-8688) to tell all three credit bureaus to not sell your info for pre-approved credit applications.  It works.  You will get tons less junk mail that you have to shred.
Other resources:

No comments:

Post a Comment