June 22, 2005

Friends Don't Let Friends Surf Naked

Actually, I don't care if you are naked, but please don't expose your poor, innocent unprotected computer to the Evil Internet.

I keep hearing crazy insane user stories about spyware and viruses. The ghostly machine that reboots itself silently at 3 a.m., the parents of one friend who confess to having thrown away "3 or 4" laptops this year because they just "stopped working", or the elderly parents of another friend whose cable internet service was cut off after their computer morphed into a spambot sending 100K e-mails an hour.

Even if you think you are knowledgeable and careful, you are vulnerable. One of my company's web servers was hacked into by spammers last summer-even after we shut the server down, it left us feeling all nasty and dirty. (We weren't running Microsoft, btw, this was a weak password issue)

So every month I will update my suggestions for safe PC based co-existance with the Evil Internet. This month's recommendations are based on my experiences over the past 6 months. I haven't focused on re-evaluating these practices recently, and things change quickly on the frontier of the Evil Internet, thus my intention to revisit the topic monthly.

These recommendations are specifically for computers running Windows-I wish Mac people the best of luck and all that but I am not allowed to join any more cults.

Briefly, for this month:

1) Run an up to date operating system. Windows 98 will be seven years old on June 25th. The threat universe of the Evil Internet was very different back then. You can secure your W98 system but....why make yourself crazy? I advise any one who asks that the cost of paying someone to work on your old computer is probably greater than the cost of a new entry level machine that will blow your old one away in performance anyway.

2) Make sure you are running a firewall. Windows XP has a built in firewall-turn it on. Download and install a firewall if you are running Windows 98, ME, NT (I hope not!), or 2000. If you on XP and you prefer to use another firewall instead of the Windows firewall, turn the built in firewall off. Both Zone Alarm and Sygate have free versions of their firewalls.

3) Learn how your firewall works. You won't do yourself any good if you don't see the alerts from your firewall because they irritated you and you turned them off. You can read some useful general information about firewalls at How Stuff Works

4) Keep your antivirus protection up to date. Suck it up and pay for it. Buy a license for each computer. I don't care which anti-virus solution you use and I don't want to play anti-virus program wars so just do it and stop whining.

5) Run an anti-spyware program. Or two. Or three. Apparently no one program catches all threats. I have had good luck running only the Microsoft Anti Spyware beta, but I advise periodically checking computers with SpyBot Search and Destroy and Lavasoft's Ad-Aware.

6) Don't click on that. You know who you are, and what it is, and you should be ashamed of yourself. Don't click on it, you will be sorry. He or she is not that hot anyway.

7) Don't believe that e-mail about your compromised Citibank account, your PalPal account, or the one from the customer service people at AOL who want to confirm your password. For one thing, you don't have a Citibank account. If you are even tempted to wonder if any of these e-mails are for real, call me. I have LOTS of better ways we can spend your money.

8) Lastly, don't believe everything you hear or read about Internet threats and PC security. Don't take what I am saying for granted (actually you can trust me), spend a few minutes reading what the people who build your operating systems and and your computers (Dell) (Gateway) have to say about the subject.

9) Oh yeah, and don't use weak passwords. Don't use your name, your birthdate, the birthdates of your loved ones, or other easily guessable information. DO NOT use the same password everywhere for every site and every secure application. I know it's hideously difficult to keep track of a lot of passwords, but we have to accept the burden of secure passwords like we accept the burden of keys. I would no more use triggertech as a password than I would walk out of my NYC apartment without locking the door. Secure passwords seem to be more trouble than they are worth up until the day you really do get that Visa bill for someone else's European vacation. Microsoft has some good non-technical information on passwords for the general user. You can use a program to manage your passwords. I bought into SplashID a few years ago, our Publisher swears by Keepass (free!)

Posted by Trigger Tech at June 22, 2005 10:40 AM Permalink

Comments

Post a comment