Monday, March 13, 2006

Safe Surfing

Virus, spyware, phishing attacks, identity theft - the headlines are scary for an experienced Internet user let alone the newbie. According to an article in the 3/20/2006 issue of Business Week, 33% of Americans age 45 or older do not use the Internet at all and the rate of new users signing up is expected to be less than 1% this year. Complexity and a lack of security are the two most important reasons quoted. With that in mind, let's take a look at a simple set of rules that will dramatically reduce your risk of being attacked by any of the above.

First rule: Run Windows update at least once a week

1. Windows Update. Many of the above attacks depend on errors (bugs) contained in Microsoft software. As soon as one is discovered the bad guys look for ways to exploit it and Microsoft looks for ways fix it. Microsoft makes those fixes available to you free of charge by way of Windows Update. You should run it manually (you will find it in your start menu) at least once a week or, better yet, work through the menus you'll find in it to set it up to run automatically once a day.

Second rule: Install and run antivirus software and
keep your subscription up-to-date.

2. Antivirus Software: Any good antivirus software will serve you in several ways.
a. You can manually start it scanning your computer's storage (hard disk) for any virus that might have found its way there.
b. You can set it up to do a full scan of your system automatically at the same time every day (recommended).
c. In addition to the system scans mentioned above, when you install the software (or later) you can tell it to always be active watching everything you download and every attachment you receive in your eMail and warn you if they contain a virus.

NOTE: The antivirus "stuff" you get from any reliable vendor comes in two forms, equally critical:
a. Software
b. Virus descriptions used by the software as part of its efforts to spot a virus.
The first, software, will continue to be able to run on your computer for years. The second, virus descriptions, are updated by the vendor on a daily basis and are available to you on a subscription basis. What this means is, you buy the antivirus package, install the software, and then have to renew your subscription for virus descriptions on a periodic basis, usually annually. Without up-do-date descriptions your antivirus software becomes more and more useless over time since new virus appear every day.

Third rule: Install and run antispyware software and
keep your subscription up-to-date.


3. Anti Spyware software: Spyware is a general term that refers to virus like software that watches what you do on your computer and reports it back to its creator over the internet. The result can be anything from annoying popup ads for things you might be interested in based on what you've been doing on your computer to identity theft as it sees (and reports) what you type as userids and passwords. Software to combat this threat works much like antivirus software does (see above) including the "software and subscription" model. As a result, antivirus software is beginning to look for and combat spyware and vice versa. Soon you should be able to buy one package and maintain one subscription for both.

Fourth rule: NEVER EVER respond to an eMail which directly or indirectly asks you to provide critical identifying information like account or social security number

4. Phishing attacks are usually eMails that pretend to be from a legitimate business that already has a relationship with you but "needs some identifying information refreshed" for some fictional reason. The eMail will usually ask you to click on a hot link. The link will take you to a web site that can look EXACTLY like the official site of the company you do business with but it IS NOT. Any information you enter will be captured by the "phisher" and used by them against you.

Safety is a relative thing. We all do things that are to some degree risky because of the potential reward. Riding in a car is a prime example. More than 40,000 people are killed annually in the USA in automobile accidents yet we don't stop getting in the car. Instead, we wear a seat belt, buy cars with air bags, and drive defensively. You can think of the above four rules in the same way. Safe surfing, folks.