Computer Security
This page is also available as a downloadable pdf file.

There are lots of others.

Malware carriers are often very popular and some of them do good things, but they come with hidden trouble. And be especially wary of programs that claim to be removal tools. For every legitimate tool there are twelve bad ones.

How Did I Get This Stuff?

Your computer probably became infected by malware in more than one way. Here's how your computer can become infected.

1. You Installed It Yourself. You installed LimeWire or KaZaa and now you’re infected. What were you thinking?

2. In your email. This is the classic technique and not so common any more. Malware running on one machine mails a copy of itself to everyone in their address book. You’re more likely to get infected from people you know than from people you don’t know.

3. You didn't install updates. If your computer is not up-to-date the bad guys will come in through the holes. See the next section about updates.

4. Go to the wrong Web site. This is the big one nowadays. Software can be automatically installed on your computer just by browsing a Web site. A recent Google survey said that 10% of Web sites contain malware. It's called a “drive-by infection.”

5. Clicking on a bad link. This is a variant of #4 above. Someone posts a link on their social networking wall, you click on it, and you’re infected.

6. Instant Messaging users are very prone to malware. Malware on a machine will send a message into a chat room that looks like it came from a person. The message will say, “Joan, this program is you.” There will be a place to click to download. One click and your computer is toasted.

7. Pre-installed malware on new computers. I have seen it many times.

8. Pictures embedded in email can exploit a flaw in your email program and install malware without asking your permission.

9. AOL 9.0 comes with two malware programs in it, though AOL claims the information they gather is to help serve their customers better.

10. People who let Comcast install a (black) Linksys cable modem/router box are consenting to have Comcast spy on them. Read your agreement with them. The Comcast-supplied router allows them to gather personal information.

The point is, there are lots of ways to get malware. You can get it through your actions, or through your inaction. Once one malware program is running on your computer, it lowers your computer’s defenses and allows others to come on board too.

Malware starts out slowing your machine down a little bit, then a little more…

Soon your machine can’t do a thing. Once your machine is limping along or crashing, it has passed beyond what mortal civilians can do to clean it and it’s time to take it to the doctor.

How Do I Protect Myself?

The September 2004 issue of Consumer Reports had a great cover story, “Protect Yourself Online.” I highly recommend you go to your public library and read the article. Here are the facts about computer security today and lots of things Consumer Reports didn’t tell you.

A. Antivirus software

You absolutely must have antivirus software, and it has to be up-to-date or guaranteed you will get a virus. It is only a matter of a week or so before your machine gets infected.

Antivirus software will cost you $90 and it will keep your clean machine clean. Removing a virus from a machine that’s infected will cost you $250. Do the math.

I recommend AVG Free.

http://majorgeeks.com/download886.html

I recommend against Norton or McAfee.

Norton and McAfee are the “big boys” in the anti-malware game. Malware writers (“the bad guys”) test their new malware against these programs to make sure they can circumvent their protection. If you’re experiencing a slow computer and it has Norton or McAfee on it, removing it will make your computer run faster. Then install AVG Free.

Macintosh? Mac’s get malware, just not as much. This is not because Mac’s are safer, but because there aren’t enough of them to make it worth anyone’s time. I have cleaned viruses from Mac’s, but until Macintosh is more than 4% of the computer market, a Mac is safe.

B. Firewall

A “firewall” watches your Internet data going in and out and prevents communication from happening if it shouldn’t. Modern PC’s and Mac’s all have built-in firewalls. They are the ones I recommend, and again, you must have one.

There are other firewalls available: Zone Alarm, Black Ice, etc. These products are good if you know how to use them and that’s the problem. Civilians do not know what to do when the firewall puts up an “alert.” They almost always make the wrong choice, and then they wind up unprotected. Worse, these firewall products slow your computer and Internet connection down so even if they’re working, they get in the way.

If your home or office has a “router” between your machine and the Internet, you can relax a bit on firewalls. The router has a built-in firewall so you’re protected.

You must have a firewall, either in your computer, on your network, or both.

What if you’ve got an older computer? Are you ready for some bad news? Older operating systems were just not written with security in mind. It’s a lot like driving an older car before seat belts and air bags. If your privacy and data are worth anything to you, you’ll move up to Windows 7 or OS X on your Mac.

C. And…

Protecting yourself from malware is complicated. But if you’re one of the many families or companies that have called me back more than once to remove malware, you’ll want to follow these suggestions to protect yourself.

Set your Internet Security. Do it. This is important. See Part 4, following.

If the window or email says “Malware Alert!” or some-such, close it. Click the “X” in the corner. When you see a window that says “Your computer may be infected…,” close that window by only clicking the “X” in the corner. And, your computer is infected, by the way.

Get AVG Free.

Get Spybot Search & Destroy. Spybot is great and free. Download it, install it, run it, get the updates, and if your computer isn’t too badly infected, your malware problems are solved for the moment. Run Spybot weekly. You’ll be amazed at how much malware you pick up each week.

Update, Update, Update. Malware exploits holes in your computer’s security. As holes are found and fixed, Apple and Microsoft release “Critical Updates” for your machine to automatically install. Install them all, every time. Set Automatic Updates to run daily. Microsoft releases updates at least monthly (on the 2^nd Tuesday of the month) and other times when necessary.

When you see the text, “Updates are ready for your computer…” with the yellow shield icon, you know Microsoft is trying to update your computer.

Let them. Every time.

If you don’t see the “Updates…” prompt at least once a month, your computer needs serious updating, it is years out-of-date.

Other popular programs that need updating are Adobe Reader, Java, and iTunes. The latest versions of these programs all update themselves when a hole is found and fixed. Get the latest versions of these programs by going to their respective Web sites and installing them.

IM with care. The people who call me back again and again to remove malware are all people whose teenagers do a lot of instant messaging.

If it’s free, it’s probably bad. Not to be repetitive, but don’t download free clock-setting software, music sharing software, animated icons, weather info, search assistants…

Malware is impossible to completely prevent because you can infect yourself. All the home security systems in the world won’t protect you if you open the door to a thief. The same applies to a computer. To really protect yourself you have to have AVG, run Spybot once a week, and be careful all the time. Sorry about that.

I have a low opinion of AOL Antispyware and if you have the option, skip this product. Having it only gives one a false sense of security.

Be very suspicious of anti-malware programs not mentioned here. There are many ad blocker, spy killer, virus cleaner programs that are themselves malware. For example, Spy Hunter does indeed protect against some malware, but it pushes its own pop-up ads at you. Spyware Assassin is just that, a malware program that assassinates your computer.

There is a program out there called Spy Sweeper. Though it is a legitimate anti-malware product, I have found it to be largely ineffective. Some Internet Service Providers give away Spy Sweeper to people who ask for it. In my humble opinion, don’t waste your time unless you want a false sense of security.

Set Your Internet Security

Your browser should be set to high security, but it probably isn’t. You need to do this.

1. Start Internet Explorer (the big blue “E” program on your desktop):

2. Click on “Tools” at the top, then “Internet Options…”

3. Click on the “Security” Tab at the top:

4. Click on the “Reset all zones to default level” button at the bottom. This sets your security for all four kinds of Internet sites. Good job so far.

5. Next, click on the “Privacy” tab at the top of the window:

6. Set the slider to “Medium High”. If you don’t see a slider, click the “Default” button first, then set the slider to “Medium High.”

7. If you have a “Pop-up Blocker” choice, make sure it is checked to block pop-ups.

8. Click “OK.” Your Internet Security is set.

You Still Have to Watch Out

Unfortunately that’s not all there is to it. With the settings now set in your browser, a drive-by infection can still try to infect your computer, but now it will have to ask your permission! This is what one might look like:

Just say “No.”

And stay away from that Web site. They have shown themselves for what they truly are.

There are other browsers out there to choose from. Research “Browser Security Ratings” before choosing one. Some are easier to hack than others.

Phishing. The Scam Game of the 21^st Century

The bad guys are not just high school kids, they’re pros. Organized crime is into the Internet in a big way. The most egregious method yet of stealing with a computer has come to be called “phishing.” In it, you receive an email from a bank or someone you do business with asking you to log on to their Web site and confirm your account information.

You do so.

The site thanks you for your cooperation.

You go on with your life.

Two weeks later your account is short thousands of dollars.

That email was not really from Bank of America, or eBay, or Schwab, or the IRS. It only looked like it came from there.

It is very easy to fake where an email is from. I do it myself every Christmas when my kids receive an email from Santa@NorthPole.np.

It is very easy to set up a fake Web site. Just because a site looks and sounds sincere doesn’t mean it is sincere. Check the address at the top of your browser. What you see there is where you are, not what it says on the Web page. Phishing sites will have “similar sounding” names like:

e-bay.com which is not the same as ebay.com

MICR0S0FT.com Those are zeroes, not the letter “o” in “MICROSOFT”. See them?

whitehouse.com

The real White House is at whitehouse.gov

Be suspicious. Call your bank on the phone and verify that they need your account info. Use the telephone number you have, not the one in the email.

Poor people can be victims too. Thieves do not only steal thousands from large accounts. They also steal dollars and cents from small accounts. This has happened to me twice. If you see an unknown transaction on your credit card, even if it’s only for a buck or two, question it! Your bank will be happy to help you.

Don’t tell your password to anyone, ever. The good guys will never ask for it.

The good guys know your name. The bad guys don’t. A good sign of a phish is it is generic: Dear Account Holder, Dear PayPal User,… This may change, however, as phishers get better at it.

Make up a “strong” password. The length of the password is not what makes it strong. The variety of the characters is. Make up a password that is not going to be in a dictionary. Something with upper and lower-case letters, numbers, and a punctuation mark or two. “23skiDoo!” “GoRedSox2012!” “5000dollars?” Don’t use these, but you get the idea.

-LLiioonneell

Lionel Goulet

Te Deum