Online Security
![[picture: Padlock]](/images/padlock.gif)
I've saved the topic of online security for part three of the WWW Basics articles because the foundation given by the first two articles helps to illustrate online security issues. Do not make the mistake of thinking that it's unimportant -- even if you don't do any shopping online this is still the most important topic you should have a grasp of if you want to plug your computer into the internet.
Online security is a concept that goes beyond ecommerce. Simply connecting to the internet presents security risks. In this article I'll explain some of the larger concerns that you should be aware of so that you can protect yourself, your family, and your computer from benign or malignant threats.
Let's take a quick review of some of the topics that I will be covering in the 'basics' articles:
Table of Contents
- Topics covered in the first article, WWW Basics:
- Topics covered in the previous article, the Interactive Web:
- Topics covered in this article:
|
If You have a question that you do not see addressed here, please use my contact form to let me know! I want to make this page as useful as I can, and your help is indispensable. |
I'm still writing this article (last update Sept. 2006) please check back soon for more!
1. What you probably didn't know you ought to know about online security!
Try saying that ten times, fast! Go ahead, it's probably easier than ensuring you're completely safe when you go online. But then again, you probably leave your home almost everyday -- you might even get into a car, bus, train, or airplane in order to get where you're going... While there are a myriad of safety / security issues to be aware of on the web, it's not really much different than many of the safety and security issues we face everyday in our modern lives. We mitigate the danger of stepping outside the door of our home with awareness, education, and (let's face it) a bit of luck.
The same can hold true when we expose our computers and our personal information online -- if we stay aware of our surroundings, if we remain educated as to what the "villains" are up to, then we can mitigate just about all danger, but of course, just like in real life, there's always going to be a remote chance that you become a victim when you go online. It comes down to a matter of risk vs. benefit. If we can reduce the risk to near zero, most people feel comfortable going online.
Let's review some of the major threats to the security of your computer and your personal information in this day and age:
< Return to the Table of Contents >
2. What are the major threats posed by the internet?
|
Malware -
Viruses, trojans, worms, ad-ware... these are invasive and oft-times malignant programs that all fall into a broader category called malware. The level of malignancy varies, but, really, you don't want any of these programs on your computer. The two most common vectors of vulnerability to malware are: email attachments or software that you download and run on your computer, such as "free" screensavers or other seemingly harmless tools.
As a general rule of thumb, you should never open an attachment that you get in the email unless you know beforehand what it is. Most particularly, you should never open a file that has a .exe file extension. Opening an image, such as a file with a .jpg file extension will generally be safe, but these days even pictures can contain malignant code. I recommend never opening or running attachments unless you know the person they came from, and expect them to know the difference between a safe attachment and a potentially unsafe attachment. Even files that seem innocuous, such as Microsoft Word or Excel documents may contain malicious scripts (in this case, typically via macros). Adobe Acrobat (a PDF file viewer) is yet an other program suceptible to being exploited as a vector to infect your computer with malware.
Using an anti-virus scanner that "proofreads" your email is a very good idea, but if you use one, do not allow it to cause you to become complacent. So-called zero-day exploits appear all of the time, and these are types of malware which at the time of their release "into the wild" are not recognized by anti-virus programs, so you could potentially be running an up-to-date anti-virus tool that won't detect such a payload. So, I refer you back to the point in the prior paragraph -- if you don't have positive validation that you can trust a file of any variety then it is best to not download or open that file.
Similarly, you should exercise caution when downloading free software from the internet. The great majority of software (free, shareware, or commercial) is exactly what it purports to be, but there are also those out there who would entice you to run malware programs on your computer through one or more nefarious methods, perhaps by bundling it with some software that might seem useful, or perhaps by surreptitiously installing it without your explicit consent by taking advantage of a software vulnerability (called an exploit) when you go online or browse to a particular website.
Recently (in the summer of 2006) it came to light that Sony BMG had created a large number of music releases on CD which utilized a default setting of Windows to install a root-kit as an attempt to prevent the copying and distribution of music -- the root-kit left backdoors in-place that could be used by other malicious software as well... Sony has since apologized, but the music discs are now "in the wild" and you could unknowingly purchase a used version that still does harm to your computer.
Sometimes, through no direct fault of your own, your computer might be attacked through an exploit of your operating system, so it is very important to make sure that all of your operating system and other software is kept up to date with current security patches. Furthermore, in addition to running the occasional virus-scan, or using active anti-virus scanners, it is also wise to run scans with anti-spy programs, such as SpyBot Search and Destroy and/or Ad-Aware to help to scrub your computer clean of many programs that the typical anti-virus doesn't immunize against.
As a final note on malware, it is unfortunate that the vast majority of exploits, trojans, adware, spyware, viruses, etc. are designed in such a way that they typically are only a danger to computers running Microsoft Windows as their operating system; Apple computers, and PC's running an alternative operating system such as one of the many varieties of Linux or BSD are far safer in this regard. I don't say this as an attack against Microsoft or people who use their products, but the simple fact is Windows has the largest marketshare of any operating system, and therefore it's the largest, most juicy, target for people who would be looking for computers to attack.
If you have no option but to use Microsoft Windows, the single largest impact you can make to enhance your security is to stop using Internet Explorer to surf the web, and switch to a free alternative, such as Opera, or Firefox. For example, Firefox lacks the commonly exploited ActiveX controls of Internet Explorer, and has configuration options and extensions that allow you a great level of control over what types of web-content you allow onto your computer -- you can selectively turn off java-script (such as allowing only your online bank to use java-script) and even use extensions that block ads and pop-ups for a safer, faster, and generally more enjoyable web-surfing experience. To try to tell you how to completely secure a Microsoft Windows PC is beyond the scope of this article, but there are plenty of sources for such information available online, such as http://www.dwheeler.com/essays/securing-windows.html
Predators -
General lapse in security -