Computer Times
May 2007

Go to front page

10 Steps to Ensure Your Safety on the Internet
By Aston Fallen

Aston Fallen, CEO of security software developer Steganos, outlines the biggest threats to data security and explains how you can defeat them. The top 10 steps to ensure your safety on the Internet is then provided for you to follow.

If your digitally-stored information fell into the wrong hands, it could expose you to threats of identity theft, fraud or blackmail. While early malware (malicious software) caused inconvenience, annoyance and data loss, today's malware is increasingly developed to steal your security credentials or take ownership of your computer. Don't fret - here's our guide to the most common threats and how you can defend yourself.

Viruses and worms

Viruses are programs that install themselves on computers and replicate by attaching themselves to other programs or files. Worms are self replicating computer programs but unlike a virus they don't need to use a host file.

The computer virus is now over 20 years old, but it's still causing havoc in its various incarnations. In the 80s, they copied themselves from disk to disk. Now, they e-mail themselves with alluring subject lines designed to persuade recipients to open the e-mail and the attachment, exposing the user to the virus.

Over the years, some viruses have had a destructive payload - wiping data - and others have just annoyed users with irritating messages. Now criminal gangs are exploiting them to take ownership of machines so they can be used for spamming, and to spy on computer owners and steal their financial information. For that reason, viruses are working harder to remain hidden. Today, the first symptom of an infection could be an empty bank account. To protect yourself, install antivirus software that prevents installation, scans all incoming and outgoing data, and regularly scans your computer. Don't open unsolicited attachments, even if they appear to come from someone you know. Persuade your friends to use antivirus software too: many of the threats that are still running wild have been preventable for years and can only spread because users don't protect their computers.

Trojans

Trojans are computer programs that contain or install a malicious program. These programs may appear to be useful, which means that a user may think them to be harmless until they are executed.

Trojans will often open a backdoor on the computer so that all its data and resources can by used by a hacker. In other cases, trojans will be used to install mass mailing software so that exploited computers can be used to send spam. To protect yourself from trojans, only run software from trusted sources and scan your computer regularly with reputable internet security software.

Spam

Spam e-mails are e-mails sent with virtually identical messages to a large group of people. Spam is usually unwanted, sent commercially and also sent by an automated account.

Because e-mail is cheap to send, it's abused by shabby businesses trying to make a quick buck. Network management company Ipswitch estimates that 70% of all e-mail received is spam, or unwanted advertising. Spam clogs up the Internet, increasing the costs to ISPs and end customers of handling e-mail. A good first defense is not to give out your e-mail address, although this is imperfect because spammers often target addresses they make up in the hope of finding a new address. If you do give out your address, look for guarantees that it won't be used for advertising or shared with others first. By using a spam filter, you can screen out messages and make it easier to identify genuine messages from friends, family and organizations you do want to hear from. The filters can be configured to understand what you consider to be unwanted mail. Above all, never buy anything from or act on an unsolicited e-mail. If spam wasn't profitable, spammers would crawl back under their rock overnight.

Phishing

Phishing is a type of spam that attempts to con people into parting with their security credentials for a financial services or e-commerce Web site.

Ipswitch says that phishing is the second most common type of spam, after mails hawking medication. In a phishing attack, a bulk e-mail is sent that claims to come from a major bank or business organization, usually asking people to log in to verify their accounts. The login links in the e-mail go to a spoof Web site, set up to gather identities and passwords so they can be used to empty the real bank accounts or trade on the victim's credit. A first line of defense is to use spam filters to weed out phishing e-mails where possible. To avoid being duped, do not follow links in e-mails purporting to come from financial organizations. Most banks will advise you to open a fresh browser session and type their URL into the address bar instead. Leading banks and Ebay provide a secure messaging area so you don't have to use e-mail.

Packet sniffers

Packet sniffers eavesdrop on data as it passes through a network, looking out for useful data such as passwords and credit card numbers.

One of the greatest risks for coming into contact with packet sniffing occurs at wi-fi hotspots, where people often use a hotspot without knowing who owns or operates it. The Internet's design, where data is bounced around between nodes until it reaches its destination, makes this threat impossible to eliminate. To protect yourself, use software that encrypts your connection to the Internet, so that any data that is intercepted cannot be read by anybody in the middle of the network. If sending important data by e-mail, encrypt the attachment and/or message first. Otherwise, don't write anything on e-mail that you wouldn't want to see in tomorrow's newspaper beside your photograph.

Port sniffers

Port sniffers look for computers connected to the Internet that they can attack.

To protect yourself, install a good firewall that filters all traffic going to and from the Internet, and block all unsolicited connection requests.

Maliciously coded Web sites

Maliciously coded Web sites are Web sites that may have spyware installed and may be stealing your data.

The Web was designed to be a safe environment, with even the animation and programming plug-ins working in a sandbox without access to any data on the machine. But sometimes bugs are discovered in browsers that make computers vulnerable to maliciously coded Web sites. Sometimes these will exploit browser bugs to install spyware or to install a backdoor so that data can be stolen from a machine. To protect yourself, keep your browser software and any plug-ins up-to-date. Use a good firewall to manage all traffic going between your computer and the Internet too.

Spyware

Spyware is computer software that steals your data without your knowledge and/or consent.

They say there's no such thing as a free lunch, and online is no exception. Some free software programs are bundled with spyware, which monitors your activity - usually to direct advertising at you. It can clog up your computer as well as waste your time by force feeding you adverts or diverting you away from Web sites you want to visit. To protect yourself from spyware, only install software from reputable sources and use antispyware software to prevent installation and to regularly scan for any spyware that slips through.

Shared computers

In cybercafés and libraries you need to keep an eye out for who's looking over your shoulder and make sure that you don't leave any of your accounts logged in. But that's not the only place you might want privacy. If you share a PC at home, health information, finance data and even Christmas or birthday shopping bookmarks might be something you'd rather keep to yourself. By password protecting bookmarks and using a reliable tool to clean your browsing history, you can protect your privacy. And maybe keep a few gift surprises along the way!

Web surfer profiling

Web surfer profiling is when companies use programs to target users by certain specific categories such as gender and age.

With only a handful of companies providing most of the adverts you see online, it's possible for those companies to build up a picture of the range and the nature of the Web sites you visit. Indeed, Microsoft now sells packages where advertisers can target users by gender, age, and household income. Its categories of profiled users include expectant moms, parents and homebuyers. What if somebody in the office looks over your shoulder when you're shown a job ad because an advertising network that's been spying on you believes you're job hunting? Using a proxy server, you can have all your data requests directed through a third party server and have your cookies filtered so that none of the companies you visit or are exposed to online can build up a profile of you.

Hardware loss

People often back up their data in case their computer or USB key is lost or stolen. But they tend to forget the privacy implications of their data being out in the wild. A survey by Steganos found that 64% of people would worry more about the privacy of their personal data than the cost of the hardware if their computer was stolen, but that only 12% use encryption to ensure their data is protected even if their computer falls into the wrong hands. Encryption software is now available off the shelf using the same high standard of encryption that the US government considers good enough to protect 'Top Secret' data. By encrypting your data, you can be sure that wherever it goes, it will remain private and can only be read by those who have been authorized by being given a copy of the password.

Residual data fragments

It is important to make sure data is properly shredded so that in the event of hardware loss or improper use of your computer your personal data can not be found.

Just because you've deleted a file, doesn't mean it's no longer there. Data from files that have been deleted often remains in empty space on the disk and can be recovered using specialized tools. Surveys regularly find that second hand hard drives still have traces of the original owner's financial data on them. To ensure that any data you want to dispose of is irrevocably wiped, use shredder software that overwrites it multiple times so that it cannot be recovered.

Top ten lists of measures to ensure your safety:

  1. Use a strong anti-virus package and make sure that you keep it updated so that all viruses can be caught and killed before they infect your computer.
  2. Use e-mail filtering to try and prevent the amount of spam you receive.
  3. Only run software from trusted sources.
  4. Scan your computer regularly using Internet security software.
  5. Never trust e-mails that appear to come from your bank asking for your bank details - your bank will never request that you to fill these in via e-mail.
  6. Do not follow links in e-mails purporting to come from financial organizations.
  7. When sending important data via e-mail make sure that you encrypt the e-mail and/or the message before sending it so if it is intercepted your data is still secure. You can encrypt your data using free software such as: Steganos Freecrypt.
  8. Install a firewall so that the traffic going to and from the Internet is filtered and any unsolicited connection requests are blocked.
  9. Password protect your bookmarks and clear your browsing history to ensure that your online activity is kept private.
  10. Use shredder software to ensure that all your sensitive data is totally overwritten and no trace is left on your computer.

 

Go to top of page