Safe Computing   

CITI Bank provided the following facts:
•  Over 10 million Americans were victims of identity theft in 2002.
•  Most identity theft occurs offline.
•  Identity theft victims spent an average of 30 hours resolving the problem.
•  Americans lost a total of $5 billion from identity theft.
•  Online shopping is safe, convenient and fun if you take measures to protect yourself.

An AOL, National Cyber Security Alliance survey in October 2004 of home internet users reported:
77% believe they are very or somewhat safe from online threats,
77% believe they are very or somewhat safe from viruses,
60% believe they are very or somewhat safe from hackers,
67% do not have up to date antivirus software.
Does that make sense?

In the same study it was asked when was your antivirus software last updated:
33%  within the past week
34%  within the past month
6%  within the last six months
12%  longer than six months ago
15%  I don't have antivirus software!
80% were found to have some sort of spyware on their system!

The information broker company Choicepoint has admitted that it wrongfully disclosed information on more than 145,000 American consumers.  2/17/5

Here are several things you should consider to protect yourself and your computer.

Phishing  -  A form of identity theft.

Phishing is emails that seem to come from a bank or online shopping site that ask you to verify personal information such as PIN, mothers maiden name, or SS number.  The chairman of the Anti Phishing Working Group estimates 75 million phishing emails are sent out every day! These emails may look genuine but are not.  Reputable banks or shopping sites never ask for this kind of information in an email.  What you should do:
☺  NEVER respond to this type of email.
☺  NEVER click on a link in this type of email.  The link may be fraudulent, go the site the way you normally would.
☺  Delete suspicious email without opening.
☺  NEVER open suspicious attachments.
☺  Report this type of email to the site being referenced, they are very interested in stopping this type of fraud.

A new variation is a pop up security warning.  If you click on the warning it will send you to a site that will attempt to get information from you.  Use the "finger test" to determine this is what you have.  Move your mouse over the pop up and if you see the finger, indicating you  can click, over the entire pop up it is bogus.

 

Credit Card Theft  -  A form of identity theft.

If you shop on line and pay with a credit card it is possible that your credit card number could be stolen.  Here are two suggestions:
►  Get a special credit card with a low credit limit to use just for internet purchases.  This was recommended by a representative from the sheriff's office at a recent lunch meeting.
►  Some credit card companies (Discover and CITI Bank) offer a one time use credit card number.  The number translates once into your regular credit card number.
 

Spoofing

Spoofing is the creation of TCP/IP packets using somebody else's IP address. Routers use the "destination IP" address in order to forward packets through the Internet, but ignore the "source IP" address. That address is only used by the destination machine when it responds back to the source.  If an email is sent which has your IP address spoofed as the "source IP" address, any response from the "destination IP" address will go to you.  That means if an email is rejected by the receiver because it has a virus, or because the user address is not valid you will be notified.  There is little or nothing you can do except delete the notification.  It is a good idea to hide email addresses so they can not be easily found by spoofers.  If you forward an email you should delete all the email addresses that it contains.  If you send an email to several people you should make the recipients you should use the bcc address.
(An IP address is a 12 digit number in the form nnn.nnn.nnn.nnn and IP means Internet Protocol.)

Spyware

Programs that run on your machine, unknown to you, that can report to a third party what you are doing is called Spyware.  These programs can get onto your machine from emails, attachments, downloading other programs or embedded in other web sites.  You should run a (free) spyware removal program such as:
♠  Spybot - Search and Destroy  http://www.spybot.info/en/index.html
♣  Ad-Aware SE Personal  http://www.lavasoft.com/
♥  Microsoft AntiSpyware Progranm (Beta)  http://www.microsoft.com/downloads/details.aspx?FamilyID=321cd7a2-6a57-4c57-a8bd-dbf62eda9671&displaylang=en  (This is new and I have no knowledge about how it well it works but it is starting to get good reviews, the beta is free but Microsoft has not announced what the price will be, if any, after the beta.)  To see the evaluation done by PC Magazine look at http://go.pcmag.com/msas
♦  SpywareBlaster  http://www.javacoolsoftware.com/
(It has been recommended your run both Spybot and Ad-Aware, alternating between them.  I had the problem of spyware programs returning and being deleted over and over again until I installed SpywareBlaster.  SpywareBlaster blocks the others remove.)
 

Viruses

A virus is a program the sneaks onto your machine, in an email attachment or something similar.  When the program runs it can cause problems on your computer and send itself to other computers.  You should:
☼  Install an anti virus program, Norton and McAfee are popular, AVG from grisoft ( http://www.grisoft.com/us/us_index.php ) is free.
☼  Keep your anti virus program up to date.
☼  Run your antivirus program regularly.
 

Windows

Windows itself is riddled with problems.  It is not just Windows but all the programs Microsoft packages with it, e.g. Internet Explorer.  You should:
☻  Set window update to run automatically, but if you don't,
☻  Check regularly for updates.
There are alternatives to Internet Explorer, but that is a topic for a future meeting.

Firewall
When your computer is connected to the internet it is like leaving your car unlocked.  A clever person can get in and use it.  A firewall is like a lock on the doors of the car, it prevents easy access to your computer. 
"The perfect personal firewall would be inexpensive and easy to install and use, would offer clearly explained configuration options, would hide all ports to make your PC invisible to scans, would protect your system from all attacks, would track all potential and actual threats, would immediately alert you to serious attacks, and would ensure nothing unauthorized entered or left your PC." from Make Your PC Hacker Proof, Jeff Sengstack, PC World, July 21, 2000.
Before installing personal firewall software on a Windows XP computer, be sure that the firewall built into Windows XP is turned off. Never use two software firewalls at the same time. Completely uninstall one before installing another. Use the vendor's uninstall utility or if not available, use the Windows XP add/remove software tool in the control panel.  After you install a firewall, be sure to check it with a service like the Security Space Desktop Audit to make sure that it is configured correctly. Testing your firewall is the only sure way to tell that your computer is really being protected.
Hardware:  Install a hardware router with a built in firewall between your modem and your computer or network.
Software:  Microsoft has included a firewall in Windows/XP, SP2.  There are many others available, highly recommended are Norton (  http://www.symantec.com/sabu/nis/nis_pe/  ) and ZoneAlarm ( http://www.zonelabs.com/store/content/home.jsp ), other possibilities are BlackIce, eTrust, Fireball, Freedom/Hacker Stopper, F-Secure, Kerio, Look'n'Stop, McAfee, Outpost, Panda, PC-cillin, Preventon, PrivateFirewall, , Sygate, Terminet, Tiny & Trustix.
Before installing personal firewall software on a Windows XP computer, be sure that the firewall built into Windows XP is turned off. Never use two software firewalls at the same time. Completely uninstall one before installing another. Use the vendor's uninstall utility or if not available, use the Windows XP add/remove software tool in the control panel. 
Phil Reed does not recommend any hardware firewall (router) in particular.  Make sure you get one that will act as a fiewall.  He uses a Netgear RP614 v2 at home.

Internet Security Suites

The February 2005 issue of PC World has a review of three internet security suites.  These suites usually include an anti virus scanner and an email scanner.  The three were:
◙  PC-cillin Internet Security ( http://www.trendmicro.com/en/products/desktop/pc-cillin/evaluate/overview.htm ), $50, 4.5 stars.
◙  Norton Internet Security 2005 ( http://symantec.com/nav/nav_9xnt/ ), $70, 3.5 stars.
◙  McAfee Internet Security Suite 2005 ( http://us.mcafee.com/root/package.asp?pkgid=144&cid=12155 ), $80 or $70 download, 3 stars.
The star ratings, and prices speak for themselves.

Spam

"In October 2004, 80% of email traffic was spam - up from 60% at the beginning of the year."  PC World, January 2005.
Take a look at what we had on this subject in March of 2003.  Click here.
The current (Dec 2004) PC Magazine Editors Choice is Cloudmark SpamNet 3.0 ( www.cloudmark.com ) $40 per year, 4 stars.

Summary
Microsoft has a three minute video at http://www.microsoft.com/athome/security/videos/securityoverview-hi.html which is an excellent summary of everything we have discussed.  Check it out!
Barry Thompson of Cairns Australia runs a company called Living In The Tropics.  He has collected a list of all the software he uses.  It contains more than what we have been talking about but is an interesting collection you might want to look at.  See:  http://www.livinginthetropics.com/usedbyus.shtml
PC Magazine has a Security Watch web site ( http://go.pcmag.com/security ) which has links to security product reviews and other security related topics.
Here is a contribution from Dale http://story.news.yahoo.com/news?tmpl=story&u=/ttpcworld/119624