Number 304 - September 2008
Best ways to stay safe online
Advice from the Journal of the
Thousand Oaks Personal Computer Club


    Activate protection.

    If your operating system or software has a firewall, spam Mocker, or other built-in security application, make sure it's turned on. The firewall included with Windows Vista is adequate. The Mac one is lacking, but Apples are generally less targeted by hackers. Zone- Alarm 7.0 is a free firewall for Windows XP. Search for it at www download com. Also activate spam filtering and other online protection provided by your ISP or e-mail service, such as Yahoo, Google, or MSN. For spam, that may be enough.

    Update and renew

   Set your operating system and security software to update automatically. Spam, spyware, and virus- detection programs incorporate "rules" or "definition" files that must be updated regularly to catch the latest threats. If your computer remains disconnected from the Internet for long periods, you should ensure that automatic updates are occurring, or update manually. And when your soft- ware warns you to renew your service, be sure to do so, ensuring that protection doesn't lapse.

    Upgrade your computer and browser.

    If you're running Windows XP or earlier Windows versions, consider upgrading to the more secure Windows Vista, which lets you surf in a protected environment that prevents online threats from damaging your operating system and contains a two-way firewall that blocks both incoming and outgoing threats. (The outgoing firewall needs some improvement to make it more effective.) At a minimum, upgrade to the Internet Explorer 7 or Firefox 2 browsers Both notify you about known forged, or "phished," Web sites.

    Install a toolbar with security features

   We haven't formally tested these supplementary online tools, but we think they're a good second line of defense. The Earth- Link Toolbar (wwwearthlink.net/Software/ free /toolbar), for example, incorporates a scam and popup blocker, spyware scan, and home page protection. The Netcraft antiphishing toolbar (toolbar.netcraft.com) warns about known phished sites and can reveal a site's hosting company and even its registered owner, if you go to sites after in- stalling McAfee Site Advisor (www.siteadvisor.com), the program lets you know whether McAfee tested it and, if so, what it found, including viruses, spyware, spam, pop-ups, phishing, and consumer scams. It even overlays its site reports on Web search results and automatically blocks access to sites that exploit browser weaknesses.

    Shut off your computer

   Turning off your computer when not using it for long periods (or at least disconnecting the Internet cable) can reduce the chance that a malicious remote computer will access it. And you'l save energy.

    Use public computers with care.

   Avoid using computers at libraries, hotels, or airports for conducting financial or other personal business. The same goes for using your own computer on a public wireless network, especially if you're not on a secured Web page or haven't disabled your system's computer-to-computer connections.

    Watch what you download

   The myriad of free utilities, games, and other software on the Internet can be useful, but many are laden with viruses and spyware. Try to download only from well-known manufacturers or trusted sites such as those at wwwdownload.com, wwwsnapfiles.com, and wwwtucows.com.

    Consider a suite

   For a simple route to broad protection, select one of the security suites recommended on page 36*. Just remember that you might be paying a premium to duplicate some components already on your machine or available free. We recommend having at least a gigabyte of memory to prevent the suite from slowing down your computer. Run antivirus software. It actually works and you need it. That's true even if you own a Mac. Although Mac users have much less to fear from viruses and spyware, they aren't immune to them. And an antivirus program will prevent virus-laden files from being transferred from Macs to PCs.


    Run two antispyware programs

   Spyware is so insidious, and some-times difficult to detect, that it warrants double protection. Set the better of the two programs to block spyware in real time. Use the other to scan whenever you suspect something might have escaped the first program.

    Use "disposable"e-mail addresses to thwart spammers

    If spam's a problem, consider using disposable addresses for different purposes. For example, use "smithshopping08" for buy-ing online. If that address starts getting spam, abandon or change it. Many ISPs provide extra ôassociateö e-mail ad-dresses that you can change at will. For convenience, configure your e-mail pro- gram to check all your addresses simultaneously. Or set up disposable accounts at a free e-mail service such as Google or Yahoo. A caution: Guard the primary e-mail address you got from your ISP, because you can't change that one without abandoning your entire account.

    Use a credit card

   Credit cards offer better protection than other options when shop- ping online. Even better, some issuers let you generate virtual account numbers that are valid for a single purchase with a fixed dollar limit. Use those and you won't have to give online retailers your permanent card number.

    Don't assume a certified site is safe

    Although it's vital to have a secure connection when sending personal information online (indicated by "https" before the Web address and a padlock or other icon on your browser), it's no guarantee the Web site is reputable. Similarly, certification sym- bols from the Better Business Bureau, TRUSTO, and similar organizations provide some reassurance (assuming they're being used with authorization). But they're no substitute for reading the fine print and researching a site by talking to friends and checking online reviews before turning over credit-card or other information. Guard personal Information. Never respond to e-mail requesting your passwords, user names, Social Security number, or other personal information, no matter how official it looks. If you're asked to call a telephone number, verify it independently.

    Avoid using hyperlinks in e-mail

   Hyper- links can show one address but take you to another. Before clicking on links in Web pages, hover your cursor over the URL and see whether the address that appears at the bottom of your browser looks as if it's related to a page or site you expect to visit. When you arrive at the site, verify that the URL shown In your browser's ad- dress bar is the correct one. Pay attention to the part of the URL between "http://" (or https://) and the next slash. Look for tricks such as the use of a zero where the letter O should be. Verify the address and then type it into your browser. Or use a favorite or bookmark you've already stored in your browser.

    Type carefully

   Tricksters sometimes create lookalike sites that use common mistyping's of popular URLs.

    Report phishing

   If you receive a phishing e-mail, forward it to the Anti-Phishing Working Group (reportphishing@antiphishing.org), the Federal Trade Commission (spam@uce.gov), and the company or organization that is being impersonated. You also can file a complaint with the FBI's Internet Crime Complaint Center at www ic3.gov. If your antiphishing toolbar doesn't recognize a fraudulent Web site, re- port the site to the toolbar provider.

    Review your accounts regularly

   Review your credit-card and bank statements as soon as you receive them. Report suspicious charges or withdrawals immediately.
  Number 304 - September 2008