Saturday, February 10, 2007

Helpful Tips to Protect Yourself Online

I seldom give advice here. This blog is more for illumination and knowledge, but I am seeing trends which bother me. More and more, the security burden is being shouldered by the user and not the service provider. Also, a lot of the security measures we are seeing deployed are useless (TSA anyone?). You jump through hoops to enroll in online banking, or some such service, and all that "protection" gets undone when someone acquires your username and password and suddenly your hard earned money has been wire transferred overseas. Your bank approved of the wire transfer without notifying you even though you never do business there. Their excuse is that it was the correct username and password for the account, but they never checked the IP address that transaction came from, no matter that it originated in Russia or Romania. They also didn't check your transaction history either. So, for those who care (and even those who don't such as Linux and Mac users), here are some tips to protect yourself online.

1. If you have a DSL or Cable Internet service, go buy a cable/dsl router like the Linksys BEFSR41 (I am not endorsing Linksys, though I like their products). Install it between your modem and your computer. Make sure that you know your modem's IP address (In MS Windows, open a command prompt and type ipconfig /all. The gateway address will likely be your cable modem's internal IP address.) Write or copy that information down before you install the router. My ex-wife's DSL modem had the same IP address by default as the Linksys DSL router I bought her. Whoever thought that up was not very bright. If your DSL/Cable modem comes with it's own builtin firewall, then lucky you.

2. Use Firefox or another third party browser instead of Internet Destroyer, er Explorer, and keep it up-to-date.

3. If you are really paranoid, go to www.vmware.com and download VMware Server for free. Install it. Then go to www.knopper.net and download the Knoppix Live CD image. You can install Knoppix from the image file through the virtual CD-Rom drive. You will need to create a 3-4 GB virtual hard disk. Once you have Knoppix installed on the virtual machine, take a snapshot of it. After creating the snapshot, surf the Internet to your heart's content from the virtual machine. If the virtual machine gets compromised, roll back to the snapshot.

4. Only use your real browser for your online banking if they require a MS Windows browser version. If your bank is dumb enough to require a Microsoft only solution and they use Microsoft web servers, then you might want to find another bank that uses a more Web neutral solution. I am not knocking Microsoft. They have been good to me in the past, but their products are the common and easy targets for crooks. A bank that is locked in with Microsoft is over reliant on Microsoft's security for their protection, and it means that they haven't thought the online security issues through. Chances are that they went with convenience instead of security. There's a truism in IT circles, "No one ever gets fired for buying Microsoft."

5. Use a mail service like Gmail and download any suspect attachments in the virtual machine. Google is pretty good about catching viruses as attachments, but they use a passive scanner and I have captured viruses and emailed them to friends for analysis and Gmail missed the malicious code and let it through! You can submit any attachment to a service such as VirusTotal which will scan the file with multiple Antivirus engines and let you know if it's suspicious. Just because it passes VirusTotal's metascan does not mean that it isn't malware. It just means that nothing suspicious was detected.

6. If you don't believe me, read this ComputerSweden article, or visit Arbor Network's ATLAS service to see how good your ISP's security really is.

Some of you will wonder why I didn't suggest buying a wireless cable/dsl router. The reason I didn't is because you trade security for convenience. Wireless devices give one freedom and convenience, but they are easily sniffed. Anyone can eavesdrop on a wireless transmission. If you have a wireless router, take the time to lock it down unless you want people to use your cable or dsl connection as a public access point. If you have a laptop and it has sensitive information on it, look into encrypting the whole hard drive, or keep the sensitive information on a USB key. Don't check sensitive financial accounts via a publically available wireless connection unless you know what you are doing.
Comments:
you didn't mention AVG free?

here's another thought - go to Mac! *wink*
 
I use Linux myself. I never do online banking from a Windows system. But the whole discussion was for those people who use Microsoft products and who don't know any better. (And yes, many of them would be better off with Macs. Believe me, I learned that long ago supporting Windows 95 over the phone.) And yes, the application software dearth for Macs has long since disappeared.
 
Most AV products are passive scanners. They use definitions to detect malware. If no definition exists, then they see no evil. Do you understand the problem? I've captured malware for which no major product has definitions for it for up to 10 days in some cases, yet VirusTotal had two scans come back positive the first day. You can't depend upon any one vendor's product any more for complete protection.
 
Sounds good to me. I will think about following your advice on installing Knoppix or maybe even a Mac emulator. Tried these before. Maybe I'll install a download program or find a bittorrent to download the iso image. In the meantime I will install and use Firefox on my Windows Vista.
About virusscanners, you should try Bullguard.
 
I just tried firefox but was not very happy with it. Had to install all these players and plugins again like media player 11, shockwave player 10, etc. And it is very slow. I think I'll stick to IE 7.
Mac emulators are not vey good. Windows Vista is very excellent because it is self-repairing and really made for computer-and-internet idiots like me.
 
Anonymous, download User Agent Switcher from here ( https://addons.mozilla.org/firefox/59/ ) or here ( http://chrispederick.com/work/useragentswitcher/ ). After you install it, select Internet Explorer. Likely you are visiting Microsoft server web sites. Microsoft makes so that browsers other than its own are slow. It has nothing to do with the browser per se, it's just Microsoft playing unfairly. User Agent Switcher tells MS sites that Firefox is really IE 6. They then work normally again.
 
Post a Comment



<< Home

This page is powered by Blogger. Isn't yours?