Practicing Safe Internet
How to avoid becoming road kill on the Information Superhighway

Hacking, phishing, adware, spyware, malware, viruses, worms, trojans, redirection, spam, spoofing, zombies.  What the hell is all this?

What this is, sadly, is a sign that the World Wide Web has become a treacherous minefield and that you simply cannot carelessly treat your Internet -capable computer as a toy.

The story is becoming more and more frequent.  It usually starts with accepting an offer for some kind of free software or game or service, or misspelling a web site, or downloading a program of dubious origin, or answering an unsolicited email.  Then suddenly the world turns upside-down.  The computer slows to a crawl, web browsing becomes fraught with relentless pop-up ads, your software is constantly crashing or disconnecting from the Internet, and in the worst cases you find out weeks later that your credit cards are being abused or that your identity has been hijacked altogether.

How can you protect yourself and your computer?

First establish two basic ground rules:

1.  Few things in life are truly free

2.  Everyone is out to get you

These ground rules are not revelations by any means.  They're just being applied specifically to the context of your Internet activity because for some inexplicable reason, many otherwise perfectly reasonable and intelligent people seem to throw all caution to the wind when they're surfing the web.

At any given moment there are countless thousands of people around the world who are busy trying to figure out how to use the Internet to extract money from your wallet or cause havoc, or both.  Use some common sense!  If a total stranger walked up to you and asked for the PIN number to your savings bank account, you wouldn't tell them, would you?  And if another total stranger walked up to you and promised you hundreds or thousands of dollars worth of goods and services for free, certainly you'd wonder what the catch was, right?

Now we need two simple but ongoing maintenance tasks:

1.  Make sure you have installed good anti-virus software from a respected vendor and make sure its "virus signatures" are updated regularly

2.  Keep up with the installation of the latest security patches for all your software (Windows, etc.)

The first item can be tricky.  Most computers now come with anti-virus software or anti-virus / firewall software suites installed, but the software must routinely download updates to its signature database that it uses to identify newer viruses.  If you don't keep this signature information up to date, the software becomes nearly worthless because new viruses and variants appear every single day.  Most of the consumer-grade anti-virus software products require that you pay a yearly fee for access to these updates, typically after a ninety day "evaluation" period.  So either pay the yearly extortion, or invest in a more expensive product whose extended maintenance costs are covered up front.

The second item is less tricky than it used to be.  Recent versions of Microsoft Windows and Mac OS-X have an Automatic Updates feature.  In Windows it puts a little flashing globe icon in Windows' System Tray (the row of icons in the lower right hand corner of the screen, usually near the time display) whenever there are critical security -related patches available for download and installation.  When you move your mouse near the icon, a little message pops up asking you to download the updates.  Yet as easy as this seems, I can't even count how many computers I've seen where that icon has been flashing for months or even YEARS, completely ignored.  I find it impossible to understand what makes people click on everything and anything except the things they really need to click on.


In order to understand the threats that you the Internet user are up against, it might help to understand some of the more popular terms relating to those threats.

Some of the software described above may be far more insidious than you think, due primarily to categorization.  For example, since commercially available keyloggers are not viruses or worms, nor are they adware or spyware, most of them will go undetected by popular anti-virus software and anti-adware software.  And your anti-virus software probably won't touch most of the adware and malware that's floating around either.  And while most anti-virus companies have huge resources tracking viruses and worms, no anti-adware companies have yet been able to achieve likewise for adware and malware research, thus limiting their overall effectiveness.

Get rid of your malware!

Beware of software that claims to remove adware and spyware, particularly if it is free.  Some of it actually installs adware and spyware of its own!  The two most trustworthy products available right now are:

In my experience these two programs complement each other fairly well, so feel free to use both, or more.  For them to be most effective, they all must be updated with their latest respective signature databases via the Internet.  Then you should use them to scan through your system while in Windows' "safe mode", and (in Windows XP) with the "system restore" function turned off.  It will take longer this way but it will work better.

As good as these programs are, they're not perfect.  Adding to the difficulty is the anti-virus software vendors' reluctance to classify and remove malicious software just because it doesn't strictly fit the glossary term for a virus.  Learn how to detect and remove malware by hand.  Another page on this web site discusses some of the methods.  Once it's gone, you should be able to keep it off if you remember, nothing in life is free!

For "perimeter" protection

If you have a broadband Internet connection, buy a cable/DSL router.  You can find really good ones for less than $100. These gadgets all have something called Network Address Translation or NAT, which is good for repelling the advances of most inbound worm and hacking attacks.  Many of these routers also have firewall software built in, which can afford you an extra layer of protection but at the cost of some configuration effort.  Firewall or not, these routers also allow you to share your Internet connection among several computers - great if you have more than one computer in your household!

If you don't have a broadband connection, don't fool yourself into thinking that you're not vulnerable.  It just means you're less vulnerable.  Use whatever tools you can, whether part of the operating system (i.e. Windows XP's firewall functionality, or third-party software) to prevent intrusion by viruses, worms and malware.

Protecting yourself

Peer-to-peer file sharing services are hugely popular, but many of their client software packages come loaded to the gills with adware and spyware.  So much for "free", right?  Even if you're using P2P software that doesn't install spyware, you still have to beware of the files you download through the P2P networks, too!  Without any way to verify their true origin, you have no idea what payloads might be hidden in those programs you download and share.  Anti-virus software can't necessarily protect you either.  Viruses frequently propagate faster than the virus companies can update their detection routines.

When installing any software - even software that appears to be perfectly legitimate - carefully read the license agreement screens, "README" files, etc., for signs of the inclusion of extra software and for signs of anything in the software that may transmit information to the publisher and/or third parties, and any other statements about what that publisher may do with personal information, etc.  If you're still suspicious, look up the name of the software in your favorite search engine along with the keyword "spyware", and see what comes up.  For example, go to Google and search for KAZAA SPYWARE.

Check your security settings in Internet Explorer.  Especially if you've had spyware problems already, some if it may have altered your settings.  Make sure nothing suspicious is in the Trusted Sites zone - it should be empty unless you put something there yourself.  And the security for the Internet Zone should be at least "Medium".

Phishing scams are getting more and more sophisticated.  The days of suspicious looking emails ripe with spelling errors and poor grammar are mostly behind us.  If you get an email asking for any personal or account info or directing you to ANY web site that asks you for personal or account info, no matter how authentic it appears, do not supply any information this way!  If you aren't sure if you're being scammed, the safest approach is to open your web browser and manually type in the familiar name of the web site as you know it, or select it from your browser's bookmarks or "favorites" list.