In Part I, we talked about securing your home network by setting and regularly changing the password for your home router. The router is the digital doorway to your home network, and keeping it locked is the best first step to securing your online presence. But what about your digital windows?
Digital windows are the ways that we look out into the internet. They are web sites that we access, some by signing in to them, such as Facebook, others without a sign-in, such as Google. In either case, when we open a web browser or use another application that connects to the Internet we are opening a window that could allow “bugs” to enter our home.
We’ve all heard the warnings about not clicking on pop-up windows, or downloading untrusted files, and those warnings are well informed. But computer critters come in all shapes and sizes, and some of the bugs that get inside we don’t see.
The most common critters, and generally the least impacting, are those tasty “cookies”. Most web sites will record these onto your computer as a rule, unless you have specifically configured your web browser to not accept cookies. Cookies are not really bugs, they track the last time you visited a site, how often you have visited it, and any sub-pages that you visit on the site. This information is used each time you visit the site to highlight links that you have already seen, and in some cases, to tailor the results of your future searches. This is not always a bad thing, but if you wish to remove bias from your future browsing, you may wish to disable cookies in your web browser(s). (Understand that by doing so, some sites will warn you that they will not work correctly without cookies – most still will, even if they say they won’t…)
Next on our list is ad-ware. Like cookies, ad-ware is generally more annoying than dangerous. In most cases, ad-ware does not actually run on your home computer. However, when you connect to internet sites and run searches, ad-ware keeps track of the searches you run and the sites that you browse, and you may notice the results. For example, I recently searched for an electric guitar on Musicians Friend … and for the next three weeks, every time I browsed the Internet, I saw ads for Musicians Friend! The most annoying thing about ad-ware is that many of the companies sell the information they collect to each other as part of their revenue stream. This allows a fairly comprehensive user profile to be built over a period of time!
At last count (mine), there are well over 100 primary ad-ware companies that scan your Internet usage – unless you opt out! Opting out is not the easiest thing to accomplish, but with a bit of homework it can be done – a great starting point is a Google search for “opt out of ads” – start by looking for a site that allows you to opt out of “NAI” advertising. But keep in mind that opting out only works for reputable agencies who will honor your request! It’s kind of like the “do not call” list on your phone – it only works for the agencies who respect your wishes.
Last in this episode, but certainly not least, is mal-ware. As suggested by the “mal-” in the name, this is usually bad stuff. Malware runs a range from spyware which records and forwards data from your computer or network all the way to viruses which can destroy your data. The most recent form of viruses that is taking the world by storm are the dreaded “ransom-ware” programs that encrypt your hard drive and then demand payment to unlock your computer.
The most important thing to remember about malware is that most forms are not automatically installed on your computer – you normally have to take action to allow or install malware to be installed on your computer. With that said, situational awareness is a key defense against malware. You should only install software from trusted companies, and only software that you go looking for – if a pop-up window asks you to install something, that’s a red flag! (For example, if you get a pop-up telling you that your computer is infected and you should run their cleanup tool now, run away! The computer on the other end cannot actually scan your computer for viruses, but if you click on anything in that pop-up window, you are authorizing the other party to install whatever they want onto your machine!)
A few quick points and then we’ll wrap this episode:
=> Most commercial anti-virus scanners such as Norton include detection and cleanup of adware and malware products. If you are budget conscious and don’t want to spend a lot on anti-virus software, there are some free alternatives that allow you to try before you buy. Of these, products I have used in the past include Ad-Aware and Spybot Search and Destroy.
=> I recently received the following advice from my employer which I’ll share here, these are practical tips to protect from Cyber Attacks:
— Set Secure Passwords, and Don’t share them with anyone. Avoid using common words, phrases, or personal information such as birthdays or anniversary dates. Change passwords regularly.
— Keep your Operating System, Browser, Anti-Virus and other critical software up to date. Security updates and major patches are usually available for free download from major companies.
— Verify the authenticity of requests from companies or individuals by contacting them directly. If you are asked to provide personal information via e-mail, you can independently contact the company directly to verify the request.
— Pay close attention to website URLs. Pay attention to the URL’s of websites that you visit. Malicious websites sometimes use a variation of the common spelling (e.g. “wallmart.com”) or a different domain name (most businesses are .com sites, so if a shopping site points to a .org site, that might be a warning sign!) to deceive unsuspecting computer users.
— For e-mail, turn off options to automatically open and/or download attachments.
— Be suspicious of unknown links or requests sent through e-mail or text messages. Do not click on unknown links or answer strange questions sent to your mobile device, regardless of who the sender appears to be. A very good practice is to use your mouse to “hover” over a link and look at the bottom of your browser to see the actual link. For example, a programmer can type “walmart.com” as a link in the message but embed a different URL (such as “wallmart.com” in the programming – automatically clicking on the link you see may send you to a location you don’t want to be!
J.P. Brueggen is a computer programmer with 15+ years experience in enterprise computing
Coming soon – Part III – Securing your “smart” phone
Yeah, this is the information I hate dealing with until I have been hacked 🙁 .. Great info.. thank you for the reminders.
This is good advice. I’ve recently been using Windows Defender. It’s free because it’s part of Windows.
The best practice these days is to use white list technology. Instead of scanning for viruses that would already be on your computer, it prevents installation of anything not on the white list. Basically, no invitation, no access to the party.