Keeping safe online

from the March 2006 Newsletter
by Rob Zorn

Viruses, spyware, hacking, zombies, auto-diallers, identity theft! When those bright boys invented the Internet back in the 50s, did they ever think about how much angst they were going to cause? Going online can appear to be fraught with pitfalls, but there are a number of reasonably simple things you can do to minimise your risk.

With millions of computers online at any time, net-predators have plenty of easy targets. The less vulnerable you can make yourself, the less likely it will be that they’ll find time for you.

Regular Windows Updates

The most common trick used to wreak havoc on your hard drive is to exploit a bug in your operating system or browser. Microsoft regularly releases updates for Windows that fix these bugs as they are discovered. If you have Windows XP, you should go into your Control Panel and turn auto-updates on. Your computer will connect to Microsoft and download and install updates behind the scenes as needed when you’re online. If you have an older operating system you should visit http://windowsupdate.microsoft.com regularly and download and install the latest critical security updates. Windows Updates can also be accessed by opening Internet Explorer and clicking Tools/Windows Updates. If you like use Firefox or another "boutique browser" you will need to use Internet Explorer temporarily to download updates.

0506bouncer.jpg (4401 bytes)Use a Firewall

Remote connections to your computer are a very real threat. A number of viruses can now find and connect to you without having to come through e-mail. Spammers commonly seek to take secret control of other people’s computers, which they then use to send spam or commit other net-crimes. These “harvested” computers are called zombies, and there are probably thousands of people in New Zealand who own zombie machines without knowing it.

Think of a firewall as being like a bouncer at your computer’s online doorway. It won’t let anything in (e.g. a malicious connection from a hacker) or out (e.g. spyware trying to call home with information about you) unless you specifically allow it. Even better, a firewall will keep you anonymous. People seeking to break into your computer scan the Internet looking for open doors. Most firewalls will hide you from these scans, and net-predators won’t know you’re there to attack you. Again, Windows XP comes with a firewall built in. At the very least you should use it. Go into your Control Panel, and then the Security Centre, and make sure it is on. If you don’t have XP, you can download a popular free firewall (Zone Alarm) from www.zonelabs.com. Look around the site for the link to the free basic version.

Viruses

Viruses are cleverly written malicious programs that seek to install themselves on the hard drives of the unwary. Worm viruses replicate and send out copies of themselves to find new homes (via e-mail or straight across the Internet). Once installed, they will often call home too for new instructions about what damage to do. Trojan viruses will open a secret doorway for a remote hacker to get in, and some will even broadcast your helplessness and location onto the Internet.

By default, Actrix scans and filters your e-mail for viruses, but you should not rely exclusively on that. It is strongly recommended that you augment that with your own personal anti-virus protection.

Anti-virus programs act as an extra filter before your e-mail gets to you, but they can also be scheduled to regularly scan your hard drive for viruses that have arrived by other means (straight across the Internet or via a floppy disk). Each time you connect to the Internet they’ll check with their home site and download an understanding of the latest viruses, so they can keep themselves up-to-date.

There are plenty of free, no-frills anti-virus programs out there such as Avast (www.avast.com) AVG (www.grisoft.com) and CLAM (www.clamwin.net). Again, look around the sites for links to free versions.

If you'd prefer a paid product with renown, reputation, and a proven track record, Actrix will soon be retailing NOD32 virus protection at a reduced price for existing customers. NOD32 can be downloaded to your personal computer for just $4.95 per month. It's the best performing anti-virus software on the market and comes with "Threatsense" technology which gives it a head start in detecting new viruses. It compares incoming files to older viruses looking for similarities, allowing it to protect you from some new nasties even before updates for them have been received. It also contains spyware detection, and will come with free Actrix help desk support.

Definitions
Firewall - A program that acts like a gatekeeper for your computer refusing to allow any connection in or out without your permission, and alerting you to possible intrusions.
Viruses - Malicious software designed to inhabit your hard drive, do damage, or make you more vulnerable to other forms of attack.
Spyware - Software that monitors your Internet habits, reporting them to someone else for “market research” purposes; often will download ads tailored to your deduced interests.
Auto-diallers - Sneaky programs that disconnect your legitimate dialup connection and redial you to a premium connection service leading to massive bills on your phone account.
Zombies - Computers that have been taken over and are remotely used by someone else to send spam, store porn, or commit online crime. Users are unaware their computer is being used for such purposes.
Bugs/exploits - Problems in software that aren’t detected upon release, but which can be fixed by later updates. Net-predators find these bugs and use them to get access to computers via “backdoor” means.

Spyware

Spyware is a constantly re-occurring problem for most computers. It sneaks onto your machine (often via programs that you or your kids have downloaded or installed) and reports back to its maker about your online habits. It may also cause ads to pop up at you, even when you're not online, and it can mess with your settings and home page. One of the most annoying things it does is clog your connection, slowing down the rate at which you can download the pages you really want. Many machines have a whole swag of these little programs all muscling in at once on available bandwidth.

There are several free spyware removal tools available. Spybot Search and Destroy can be freely downloaded from http://www.safer-networking.org/. Ad-aware is available free from http://www.lavasoftusa.com/software/adaware/. Each of these programs also connects home each time you go online and downloads the latest information about spyware. You can then run the programs whenever you choose and they will usually find and remove most spyware, auto-diallers and a few Trojans as well.

Off-the-Shelf

Free software mentioned here does a good job, but most of it is pretty “no-frills” and support is limited. A lot of people feel more comfortable using paid software that comes from tried and true companies that are also more likely to stand behind and support their products.

There are a number of off-the-shelf comprehensive packages available for those wanting a reliable “one stop shop” approach to their online security. Norton Internet Security 2006 (Windows XP only) and McAfee Internet Security Suite 2006 (most Windows versions) provide a firewall, and a collection of programs to help with most security needs. The Norton offering is the most comprehensive (McAfee doesn’t provide a spyware scanner, for example), but both are relatively easy to install and use. Each program retails for around $128, but new subscriptions need to be paid each year.

Some Common Sense Don’ts

Of course, nothing beats good old common sense.