These security pages are not provided by Cheshire Constabulary - see foot note.
This document refers mainly to PCs running Microsoft Windows XP. While
many of the problems are common across other operating systems the solutions
may be different for those systems. The application of common sense is
valid across all systems! There is also information on separate pages regarding identity
theft and telephone security.
February 2010 - 10% fall for scams; 5% lose more than £50,
many lose over £5,000! - BBC
report
.
February
2009 - Fake Anti Virus sites cause havoc - use only bona fide products
through their official web sites! The virus peddlers
are expanding their use of fake anti virus software to find their way
into your PC. Please
read the BBC page for details on this.
Do ensure that you use only anti virus software from the recognised
providers and go directly to their web sites; don't use links in on-screen
message windows or dubious looking but convincing emails. Beware of
some of the links from web searches. Google is weeding out the bad
sites but they are always behind the scammers. The leading anti virus
providers include Norton, McAfee, AVG, avast!.
October 2008 - Banking turmoil provides crime opportunities -
be on your guard! The
upheaval in the financial world is providing opportunities for criminals
to extract cash from other people's bank accounts. It is more important
than ever to be alert to the attempts being made to extract personal information
from you. Read
this BBC news report for a fuller explanation.
The problem with online abuse is that the crooks are playing on the PC user's gullibility, lack of knowledge about the systems – his PC, the internet and the banking systems – and plain old psychology. Let me offer some guidance that should keep most people out of trouble:
Financial transactions
1. You will get many messages that claim to be from your, and many other, bank(s) and very plausible they are too, requesting you to reply with account and password information or to click on a web link for a security check or confirmation.
NO BANK will ever ask you to do this because it would be totally insecure.
DELETE the message; DO NOT reply and don’t
bother to forward it to your bank – they have seen millions of them
already. DO NOT CLICK on any link in the message. DO
NOT open any attached file.
2. All online financial
transactions are carried out through web pages - NEVER through emails.
The trader or bank may send you a confirmation email after a transaction
but that should not require any reply from you. Registering for some services
results in a welcome email that requires you to click on a link to confirm
that it was you who registered. Only click these if you have just registered
with the sender in the previous few minutes.
NEVER approach financial transactions from an email.
ALWAYS use the web link provided when you signed up for the service, NEVER one provided in an email.
Use a Verified credit card for online transactions.
3. Before you logon
to any financial service check that the LOCKED PADLOCK or UNBROKEN
KEY is displayed at the bottom right of your browser window,
or top right if you use the Google Chrome browser. Chrome also colours
the page address bar cream (like the background colour of this page)
while you are in a secure page. These indicators should remain in place
throughout the session. The web page address should always begin
https:// - the important bit is the s;
it stands for secure. But note: this security is about the transmission
of data between you and the web site. There is nothing to stop a fraudulent
site establishing a secure connection with you!!
4. Always LOGOUT from
financial sites using the appropriate button or menu link. This is especially
important on a shared computer. In fact, you should really avoid using
a shared computer for financial transactions.
5. NEVER give your name, account number, password or PIN number in response to any email. Emails are never secure (unless you have set up an encrypted conversation - I have never been offered the opportunity on a domestic transaction).
6. These rules are valid
for all online transactions whether they be banks, share trading, online
shopping, eBay, PayPal, Amazon or similar trading sites, or social site
such as Facebook, Twitter, Bebo, etc.
7. There are still many
minor online shopping sites that do not display the lock or key, or https in the address bar. They may be completely insecure or secure with a small
set up error; only an expert can tell the difference. Best advice is DO
NOT use them.
8. NEVER respond to emails offering you the chance to make easy money! If you do respond, even to tell them to go away, you just confirm that you exist and the crooks will then target you with ever more convincing messages. These messages are designed to steal your money. NEVER, NEVER reply to them.
9. IF
YOU SHARE your
computer with anyone else, or you use a computer at an Internet Café,
in the Library, Bridgend Centre or similar public place, remember that
almost everything you do, including your passwords, may be LOGGED.
It is fair to say that many perfectly responsible establishments won't
even realise that their systems are logging user information and your information
will not be at risk unless or until the PC goes for repair or second hand
sale and is looked at by someone who knows what they are looking for.
DON'T allow the system to 'REMEMBER' your access id's and passwords,
even if it may be convenient; learn how to erase your browsing history
(but this won't get rid of all logging information). See IE8 InPrivate™ browsing.
If you don't use the IE8 facilities, or you are using another browser
the best advice is not to use a shared computer for financial activity – it
is simply not worth the risk. Methods, Clear your browser history.
10. You've won the Lottery! The
scammers write and tell you that you have won a huge amount of money on
a lottery somewhere - even though you never bought a ticket. They offer
to recover your winnings for a fee. You have to provide the fee up front. DON'T.
This is another version of the transfer funds scam that has been used by
the Nigerians and others for many years. If you get one JUST BIN
IT. Example
text.
Have a look at Crimes
of Persuasion a
Canadian site giving more information on all kinds of computer based
fraud and many links to other relevant sites. Scotland Yard's SCD6 Economic and Specialist Crime unit also
have plenty of good advice.
11. If you use dialup (not broadband) check the
number being used by the dialup routine to see that it is the number provided
by your service provider. Some malicious emails and web pop-ups contain
programs to change these numbers so that you un-wittingly dial a premium
line number before being routed to your provider. This technique also allows
the crooks to monitor your activity and record userids and passwords. This
can seriously damage your wealth both in any bank account you access online
and when your next phone bill arrives. Methods, Check dialup number.
12. Many problems can be avoided by using a virus
checker and a Firewall. VIRUS CHECKERS are only any good
if their signature data is updated at least once per month, sometimes more
often; some, like McAfee, offer you an update every day. I use avast! and
they often update automatically twice a day™. Anti virus
software must be running whenever you are connected to a network – the
internet or a local network.
Virus checkers have become very large pieces of software and they can
cause your PC to run very slowly. If this is a problem you should look
at the configuration and see if you can maintain security but avoid the
unnecessary checks. For instance, the objective is to ensure that nothing
nasty gets into your PC from the outside. So you need to check everything
that comes in via the internet - all emails and their attachments, and
all web files. you also need to check all removable media such as external
disks, USB sticks, etc. There is really no need to check every program
when you start it. Programs could only become compromised if something
got in via an external source. So I suggest switching off that capability
if possible. I once used McAfee and it was slowing my PC very significantly
but I couldn't find any option to reduce its scanning. I have therefore
replaced it with the free version of avast! which does. I has improved
the performance of my PC very noticeably. Methods,
Virus checkers.
13. Some Internet Service Providers (ISPs) virus
check all your email before they pass it down the line to you. In theory
this means that you do not need your own virus checker, but remember they
are only checking your email – if you import files through any other
means, such as a data stick, then it won’t be checked, nor will your
web pages. If your ISP claims to virus check for you make sure they check
email attachments, zipped files (if you use them), and so on.
14. A FIREWALL is designed to
prevent trouble makers from getting into your computer without an invitation.
This is especially important if you are on broadband - your computer is
by default open to the world all the time it is switched on. Get a firewall
and make it invisible to the outside world. Methods,
Firewalls.
15. Windows (XP, Vista, 7) comes with a built
in firewall which is now considered to be adequate provided you have at
least XP update SP2 installed (see 20 below) and keep your system up to
date with Microsoft's security updates. However, in older systems (pre-SP2)
it is installed to be switched off by default – you need to
take action to switch it on, but much better to update your system to SP2,
SP3 and all subsequent security updates, or use Vista
or Windows 7 and all their security updates. Methods,
Windows XP firewall.
16. It is recommended that you enable Windows
automatic updates. Microsoft will then advise you when system updates,
especially security updates, are available for download and installation,
or even load and install them completely automatically. The automatic option
has one problematic trait - if the update requires a re-boot, as many do,
it insists on re-booting and won't let you delay it until it's convenient
for you. For this reason I set mine to accept update notifications and
then manually instigate them when I am ready for them. Methods,
Automatic Windows updates.
17. If you are buying networking equipment it
is a good idea to get a network box that also provides the ADSL interface
to your broadband AND has a built-in firewall. Ensure that you configure
the encryption feature otherwise anyone around the outside of
your house may be able to get onto the internet via your line. They may
also be able to access the data on your PC! You may also be liable in law
if they download porn or other criminal data via your line. It is virtually
impossible to prove that it wasn't you.
18. There are web sites that will test your vulnerability through the network. See security tests.
New threats
19. Looking at videos has become very popular. The malicious crew have wasted no time in using this popularity as a means to getting inside your PC. Read this item on BBC News. The short advice is be cautious in your use of YouTUBE or any other populist video sharing service – they are risky. Perhaps the virus defence industry will come up with a method of controlling them.
20. A popular scam! Emails are being sent out purporting to be from a bank or building society and inviting you to open a new account - the deal is you deposit £500 and they will add £200 to your new account! Don't believe a word of it! They are really after your existing bank details and your cash. You send them £500 and that will be the last you see of it. And they will probably empty your existing account as well. JUST DELETE ALL MESSAGES OF THIS KIND. Do not reply to these messages.
21. Broadband Routers and wireless network boxes. These devices are permanently connected to the internet. They can be approached from both sides - you, the user, can access out to read web pages, for instance, off the internet. Others, unknown, can try to get into your PC by addressing your broadband line which has a unique address. One of the purposes of the router (and wireless network boxes) is to provide a firewall between the internet and your PC.
However, it is possible to access the program within the router from either side provided that you know the password. Every router comes with a factory set default password. That password, though possibly different on every make of box, is common knowledge for those who want to know it. Therefore it is essential that this is changed to something known only to the user at installation time.
My first box came without a password set but did have installation instructions that emphasised the importance of setting the password and gave clear instructions on how to do this during the installation. Unfortunately it also provided the option to leave the password blank.
If you have the BT Broadband box the setup forces you to use encryption,
and other makes now do this as well.
If you can't remember whether you set your password then you should check
it. You will have been given a web address to put into your browser in
order to maintain the settings in your router. Enter this now and when
the maintenance home page comes on the screen look for Security or Password
and click on that. On the password screen it will provide the opportunity
to type in your password. To find out whether you set one, leave it blank
and press enter. If you get to the next screen without complaint of a bad
password you will know that you are not protected. Look for the Password
setting option. Make sure you use a high quality password at least 10 characters
in length and containing a mixture of letters, numbers, and special characters
(if it will let you). Remember that the hackers have all the time in the
world to test your system with every common password, in fact the entire
dictionary, until they find a match with your password. The more complex
you make it the more likely they will be frustrated.
What can they do with your router? Once the hackers can access your router they can install their own software into its memory. This will be designed so that you don't notice any difference in its performance. However, they may have changed it so that every internet access you initiate is first sent instead to the hacker's own system where they will extract any useful information such as bank details and passwords, credit card numbers, your name and address, and so on, before re-routing your information to the web site that you intended it to go to. This will respond to the hacker's site which will repeat the operation of data extraction and forward the page on to you. This all happens so fast that you will never notice what has happened.
If you suspect that your router has been compromised in this way you should
reset it (there is usually a recessed button for this) and then set up
your broadband link from scratch using the original instructions, and with
new passwords and encryption key.
22. Misuse of
popular sites such as Amazon, eBay and PayPal. The hackers
are now misusing these well known and popular names for phishing activities.
They send you an email that looks exactly like one from Amazon, eBay
or PayPal with questions or statement regarding your account. They provide
a link for you to pursue the matter online. This link, of course, is
fraudulent and takes you to the scammer's own web site where they extract
information from you such as account name and password.
If you get such a message always approach your account via the web address
originally provided by Amazon, eBay or PayPal; NEVER use
the link in the email message.
eBay and PayPal provide some protection by always including your registered
name in their emails, but I personally don't rely on this.
Other sites now being routinely cloned include the anti virus software companies like Norton and McAfee.
23. Computer support scams. Scammers have hit on the idea of phoning PC users and
telling them there is a problem then selling them malware that abuses
the PC and perhaps turns it into a spam-bot while taking some money of
the victim to pay for the 'protection software'. Here is a typical example
-
"I have just fallen victim to a scam. I did
not lose any money but I am going to have to spend a long time securing
my computer.
"I had been using my computer on the internet when it froze
so I left it for a few minutes to see if it would clear. This probably
had nothing to do with the scam but is the reason why I fell for it.
I received a phone call, the gist of it was that they were ringing on
behalf of Microsoft because Internet Explorer had been giving lots of
errors and they told me how to check. It did seem odd that they could
not tell me which version of Windows they were using.
"I kept being passed onto someone 'more
senior'. I was told to type in various things and tell what the results
were. I was also told that my security was out of warranty. Then
I was told to type something to download a program to let me talk to
their expert who would sort things out. I only did this as it was a secure
web site. I was then given a number to type to activate the service.
Eventually I was directed to a web site giving various payment options
and then the hard sell started. By this time I was getting suspicious
and to cut a long story short I told him in no uncertain terms that I
was not going to part with any money. He then became quite threatening
and said that by typing in the number I had accepted the service which
would cost his firm money and that if I did not pay they would take action
to recover their costs. With that I told him to do that and hung up.
My subsequent attempt to terminate the program was frustrated as it would
not let me control the mouse so I had to press the reset button.
"Subsequent investigation showed the web site
I was directed to was www [dot] techonsupport [dot] com and
an internet search showed it is part of a scam which the operators
are very good at. Apparently Staffordshire police are investigating
this company."
DO
NOT UNDER ANY CIRCUMSTANCE GO TO THAT WEB SITE! IT WILL WRECK YOUR
PC AND MAY RESULT IN MONEY BEING STOLEN FROM YOUR ACCOUNTS. I
strongly suspect that the frozen PC was the start of the problem - the
scammers had probably already hacked into the PC, identified the owner,
then called him on the phone. Note that a secure web site (https)
can be set up be anyone including crooks and scammers. The security only
applies to the communication between you and the web site. The site itself
can be full of insecure and dangerous materials.
There are a number of variations on the theme of PC computer support being
used. The rule is NEVER ACCEPT AN UNSOLICITED PHONE CALL ON THE SUBJECT
- JUST HANG UP PREFERABLY WITHOUT IDENTIFYING YOURSELF.
Wi-Fi 
The wi-fi boxes themselves appear to be generally well designed from the
security point of view. Every wi-fi box description that I have read shows
that there are two important security features available - a firewall and
encryption over the airwaves. Provided that these are configured correctly
and maintained in use (kept switched on) then they should provide the essential
protection that the domestic user needs.
The weaknesses with wi-fi are brought about by its very purpose - to make the internet accessible from a PC or laptop without the use of wires. This is achieved by low power radio waves. The range is supposed to be limited to around 10m. Depending on the location of the box and the structure of the building this range can be more or less. What is certain is that access can be obtained from outside the building as well as inside. While resolving problems in a friend's house I found that I could pick up a signal from my own wi-fi. Our houses are in line of sight but well over 200m apart!
Problems. If you leave the access password as the manufacturer's default then anyone can get in and re-configure your box and help themselves to information from your machine. It is possible to install a logger in the box that will provide the attacker with everything you transmit in or out of your PC including all userids, passwords and account information from banks or other financial bodies you happen to access.
ALWAYS change the default password to something of your own. Make it a strong high quality password. You don't have to remember it because you will very rarely need it but do record it off the PC, somewhere where you will look for it when you do need it.
A second problem will only concern you if you are working with highly
sensitive information which should be more strongly protected than the
average domestic data. The encryption used by wi-fi boxes is rather limited
in its protection capability. You will be given the opportunity to create
a personal key when you set up the box. Two methods are used. The easiest
is the encryption phrase. You are asked to type in a phrase of your choice
and this will be used by the software to generate a 128 bit encryption
key. The second method is to type in a key of your choice. This latter
method is prone to typing errors because it is hard to see whether you
have typed it in accurately. The key will be displayed in hexadecimal -
it will be composed of the digits 0-9 and letters A-F. 128 bit encryption
is OK for basic use but can be broken by brute force on a modern high powered
PC in about 10 minutes. The seriousness of this is that unless you change
it regularly this key remains in use continuously.
More advanced encryption systems use longer keys and constantly change
them automatically so that brute force takes much longer and then only
discloses one packet of data. This strength of security has not yet reached
wi-fi. The mobile phone networks use security similar to this.
Another potential problem with wi-fi is that a passing PC (and its user)
can detect your network and attempt to connect to the internet through
your broadband link. They can only do this if your wi-fi is not password
protected or they know the password. They will also need to know the encryption
key. It is a criminal offence under the Computer Misuse Act to obtain access
to the internet via someone else's connection without their authority to
do so. There have been successful prosecutions for doing this.
Why would anyone want to do this? Well it is usually those who choose not
to afford to pay for their own broadband service. Nowadays you can look
for networks in any built up area and find several, if not many, networks,
and there is often one or more that are not protected. Access to the wi-fi
box also provides access to the attached PC.
This widespread wi-fi availability has resulted in an obvious service
to those who spend their lives out and about with their wi-fi enabled devices;
not just laptop PCs but also hand-held PCs, net-books, mobile phones, navigators
and no doubt countless portable electronic gizmos yet to be invented. It
is now possible on some ISP services to invite domestic broadband users
to authorise the use of a part of their broadband capacity by passing subscribers
to an open wi-fi service. I've not heard any report of serious weakness
in the security of such systems.
Note that even though your broadband box has a wi-fi facility, your main
(desktop) PC should be connected to it by a cable. This not only improves
performance - no encryption/decryption required - but also improves security
by avoiding transmitting data from your main PC into the ether.
Security - absolutely essential with broadband
Broadband is an open network service. Its users are permanently connected
and open to the internet. Each user has a fixed address in the form nnn.nnn.nnn.nnn
. Your address is unique in the world. Anyone on the planet who has internet
access, including all of the world's hackers and crooks, can access that
address - your PC! If you don't have adequate security they can, entirely
without your knowledge, read from your PC and write to it - they can copy
all of your programs and data, they can delete your files and overwrite
your hard disk with rubbish or worse - such as running their programs designed
to use your computer to do their hacking for them - netbots or webbots.
Hackers run automatic programs designed to test every possible internet address to see if they can access the computer attached to it. There are so many of these programs running that it is said that every address is likely to be tested every ten minutes on average! Once they find a suitable machine they can turn it to their own use. They are also doing the same attacks on internet routers with even worse results possible - see 21 above.
Viruses and worms. The hackers continuously identify weaknesses in Windows security and attack through these. Viruses come in with the email. They usually hide in attachments - you open the email and click on the attachment and instantly the virus is executing in your system. Worms are more insidious because they attack without you calling in any email. They can access your system as soon as you connect to your internet service. Viruses can be killed by using a virus checker which must be up to date. Worms can be deflected by using a firewall and some can be killed with a virus checker.
Hacking is a criminal offence in the UK under the Computer Misuse Act.
But you could inadvertently become involved in criminal activity. Only
an expert could prove that it wasn't you who had set in motion activity
seeming to have originated from your computer. Do you know what your computer
does while you are asleep at night? Would you recognise in the morning
that it had been hard at work throughout the night - for a well known terrorist
group, for instance? You would not. Perhaps you should switch it off at
night, and save some electricity as well. Of course all this can just as
easily happen during the day - does your PC seem to be rather slower than
it used to be?
In Microsoft Internet Explorer (IE6 and IE7) – click on the Tools
command at the top of the screen, then Internet Options, the General tab.
Look for the section in the middle titled Temporary Internet Files, Click
on the Delete Cookies … button and OK out of the window. In the same
section click on the Delete Files … button, set the Delete all off-line
content check box and OK out of the window. Look for the History section
and click on the Clear History button. OK out of the window.
Microsoft Internet Explorer 8 (IE8) introduced a feature called InPrivate™ browsing
which saves you having to do the above activity. There are several facilities
...
- InPrivate™ Browsing lets you control whether or not
IE saves your browsing history, cookies, and other data;
- Delete Browsing History helps you control your browsing
history after you’ve visited web sites;
- InPrivate™ Blocking informs you about content that
is in a position to observe your browsing history, and allows you to
block it ;
- InPrivate Subscriptions allow you to augment the capability
of InPrivate Blocking by subscribing to lists of web sites to block or
allow.
Note that it is essential to close the InPrivate™ window
at the end of your session in order for IE to clear the history! Find additional
information.
General security note on Microsoft Internet Explorer - you really should
be on the latest version, IE8 as I write. The security of earlier browsers
was very doubtful and major improvements have been made in IE8. There is
no good reason for not upgrading - the product is free, it takes only a
few minutes to download and install, and there are no known problems that
should make the general user hesitate. This product will make a major improvement
in your PC's alround security. Why
not install it right now?
Return to section.
On Microsoft Windows – click the Start button, Control Panel, Network Connections, then right click on the file which is your normal dial up connection and click on Properties. Find the Phone number section in the middle of the window displaying the Phone number. This should be the number given to you by your Internet Service Provider (ISP). If not, then type in the number you were given and click OK. If it was correct Cancel or press the Esc key.
Be especially suspicious if the number begins 09... (premium rate number) or 00... (International number). You can have both these types of calls barred from your phone if you wish - call your telephone service provider for details. There may be a fee for this service.
If you are not sure which file you should be looking at look for a name that relates to the service you use; for instance, if your ISP is BT Openworld then look for those names in a file name.
If you have been defrauded by this scam you may be able to claim some recompense. In October 2004 PhonepayPlus (formerly ICSTIS), the Independent Committee for the Supervision of Standards of Telephone Information Services, ordered the phone service companies, such as BT, to disconnect a list of lines that were being used for this fraud. Customers who have been subjected to fraudulent charges should get in touch with one or both telecoms complaints services which are OTELO, the Office of the Telecommunications Ombudsman, and CISAS, the Communications and Internet Services Adjudication Scheme. Return to section.
If you are a broadband user then this fraud won't trouble you. BUT be
sure that when you have converted over to broadband you have disconnected
or disabled your old modem. If it was an external device then remove it
completely from your system - keep it away from your machine for use as
a backup should broadband fail. If the modem is built into your processor,
disconnect the telephone line from the back of your system.
It is essential to use a good quality virus checker, either on your machine
or one provided as a service by your ISP (see 17 above). A large proportion
of emails are infected with viruses and worms and if these get into your
system some of them can be very destructive. A maintenance agreement is
also essential so that you get virus pattern updates at least once a month,
preferably more frequently. Two well know and respected virus checkers
come from Norton AntiVirus and McAfee VirusScan.
The free (for personal use) AVG
virus scanner and
avast! are also very well regarded.
It may also be worth considering a service provider that filters spam
and viruses out of the mail before you get it. I use such a service (BTYahoo and
1&1 who provide space for my web sites) and the incidence of both spam
and viruses has fallen dramatically since they provided this service, which
is free. You do need to check the emails that they pull out as spam because
they sometimes remove messages that you would wish to receive. This review
is easily done via a web page without downloading the messages. Return to section.
|
A security firewall is absolutely essential for your protection
when connected to broadband! Windows XP SP2 (and SP3), Windows
Vista and Windows 7 all contain a good and reliable firewall and
it is switched on by default. However, you might consider a proprietary
firewall which has more management capability. A good place to
start is at Zone Labs Inc. who,
for instance, supply several different versions of their security
firewall. The most basic version, Zone alarm, is free and highly
rated by technical reviewers for its fundamental ability - keeping
the hackers out.
Many anti-virus product providers now also supply a firewall option
included in the security package.
|
If you use Windows XP Professional or have SP2 and SP3 installed on either XP Professional or XP Home there are some built-in firewall capabilities. These should be configured whether or not you use broadband because they can provide protection at any time that you are connected to the internet regardless of the technology employed.
Windows XP with SP2 (and SP3) applied provides a much better level of firewall security and it is recommended but see the notes under item 20 above.
Windows Vista and Windows 7 both have inbuilt firewalls which are switched
on by default.
All older versions of Windows have no built in firewall and some protection
should be employed regardless of the means of connection to the internet.
In short, every internet connected PC should have a firewall. In truth
none of the Windows versions older than XP are fit for connection to the
internet today. Return to section.
It is not recommended to have more than one proprietary firewall operating
in your PC at any one time. Some firewalls don't interact very well and
can interfere with each other's action to the detriment of your security.
Proprietary firewall software will automatically manage their relationship
with the Windows firewall.
Broadband routers and wireless network boxes normally contain firewalls which should be configured tightly - see 21 above. Note that it is still worth configuring the PC's firewall even when you have a router/wireless network firewall in operation. This will help to protect you from other PCs on your wireless network.
If you don't have SP2 installed (and you should have) then to activate the firewall, click the Start button, Control Panel, Network Connections, then select (hold the mouse pointer over) the connection file you wish to protect. Look at Network Tasks in the left hand column and click on Change settings of this connection. Click the Advanced tab and look for the Internet Connection Firewall section then select the Protect my computer and network by limiting or preventing access to this computer from the Internet check box. OK back to the Network Connections window. Return to section.
This procedure may differ where Windows XP update SP2 has been installed but the firewall is on by default so you shouldn't need to do anything more.
Spyware, usage trackers, keyloggers
These are all undesirable routines that create insecurity in various ways. Spyware are small programs that search your system for information that others consider to be useful. But if this information includes account numbers, passwords and other personal information it can really only be of use to those who would steal your identity and attempt the defraud you. Usage trackers are designed to log the web sites you visit so that advertisements, particularly popup ads, can be targeted at you. Keyloggers are perhaps the most dangerous because they are designed to record you typing your userid, account numbers and passwords and then transmit them to another place from which they can be misused.
These are not viruses. Some of these routines get into your system as a result of you clicking on links in popup adverts. For instance, an ad may come up and demand that you click on the yes button to get rid of it. Unfortunately that click sets a small program in motion that downloads and installs the malicious program in the background. Many of the problem routines save the information they want in cookies and this is extracted by rogue code in web pages. It should be said that cookies are an important and useful tool to you. Many web sites simply won't work if you switch them off - and I don't recommend that you do. It is much better to bring the misuse under control.
All of these miscreants can be brought under control. Have a look at Spybot
Search & Destroy.
This shareware program will identify these types of malware in your machine
and give you the option of getting rid of it, and protect you from catching
it again.
Alternative web browser
Because the Microsoft Internet Explorer 8 (and 7) is so popular - 60%+
users employ it - it stands out as a target for abusers. They seek out
its weaknesses for exploitation. This suggests that users could avoid the
problems by using another browser. You could have a look at Mozilla Firefox,
a free browser very highly rated by aficionados but not liked by me. While
slow to load the program, it is faster than MS IE in loading web pages
and is said to be immune to the kinds of attacks aimed at IE. However,
it rigidly complies with web page coding standards and makes a lot of pages
look hard to read because the pages haven't been written to the same standards.
Happy Valley pages have been though, so our pages should look OK on any
browser! If
they don't please let me know!
A better choice might be Google
Chrome,
new in late 2008, it is by far the fastest browser available - as much
as 20 times faster than IE8 in loading pages and quick to load the program!
I like and use it myself and it avoids the problems inherent with Firefox.
If you are still on IE6 or earlier you really should upgrade to MS IE8.
This and the latest releases of Firefox and Chrome are the best
browsers yet published. They have some really excellent new features, and
above all – the security has been very much improved
in all of them. If you have Microsoft updates switched on in your PC you
will have been automatically invited to update to IE8. Otherwise
why not install it right now?
Try looking at GRC.
There is no need to read and understand all the technical stuff - just
click the test buttons. The responses are pretty clear. If your system
is not invisible then you are at risk. These tests are checking just your
firewall - checking that no one on the outside can enter your system uninvited.
You should run these tests at least every six months or so or immediately
after you have done any maintenance on your security settings, virus checker,
third party security software, new installations of major software or a
new network box, etc. Return
to section.
Verified credit card transactions
Most internet card frauds occur when cards or card details are stolen in the real world and are then used by criminals to buy valuable items online.
By signing up to Verified by Visa or MasterCard SecureCode you can protect your card details from online misuse by fraudsters. You can arrange with your card issuer passwords for use when shopping on the internet. These provide two way control as an additional level of security and make it much more difficult for a fraudster to buy online using your card details.
With Verified by Visa and MasterCard SecureCode cardholders register their personal details together with a Personal Assurance Message and a personal password with their card issuer.
The Personal Assurance Message will be displayed every time your password
is requested during an internet transaction to prove that the password
request has come from your card issuer. Having checked your Personal Assurance
Message, you are required to enter your password, or parts of it, to authorise
the transaction. This security technique ensures that you know beyond doubt
that the transaction is being carried out by your card issuing company
and is not being faked by a fraudster in order to obtain your card details.
Many of the UK's biggest online businesses have now joined these security schemes. Visit Verified by Visa or MasterCard SecureCode and you can view demos of the systems and lists of participating online shops.
When shopping online look for the relevant Verified by Visa or MasterCard
SecureCode logos. Keep records of all transactions. Print out orders
and keep copies of the retailer's terms and conditions for delivery and
returns. When buying from other countries remember that you are not protected
by UK consumer law and it may be more difficult to recover your money
if problems arise.
You can also visit the following web sites for more details about fraud prevention: Get Safe Online; CardWatch; Identity Theft; Bank Safe Online; Cifas. Return to section.
Automatic Windows updates
To check and, if necessary, set automatic Windows updates first click the Start button and then Control Panel. In the left hand panel it should say See Also, Windows Update. Click on Windows Update and you will see the Windows Update home page loaded into your browser. Look at the top box on the right side. It will tell you how Automatic Updates is set on your PC. If it is set off there will be a link to enable you to turn it on (recommended). If it is already on it will say so. Other information on the page will also vary depending on the status of your PC. If you have not updated the system for a while I suggest you click the Express button and Microsoft will list all the updates that are relevant to your system. After downloading and installation it will most probably be necessary to re-boot the system.
Further advice
More information on scams can be obtained from a web site provided by the Office of Fair Trading (OFT) and called Consumer Direct.
... is a retired Information Security Manager. I give no warranty that the advice given will prevent your system from suffering from viruses, worms, spam, spyware, usage trackers, keyloggers, abuse or any unauthorised programs or macros of any kind introduced by any means. It must be accepted that the subject is not fully explored in this document and descriptions of problems and solutions are necessarily brief and incomplete. New security problems are regularly being discovered in PC operating systems and other software and users need to be constantly alert to the latest threats. Nor do I give any warranty regarding personal identification protection, use of social networking web sites, or calls to or from banks and finance houses. Neither do I take any responsibility for any third party web site nor for any products offered or supplied by those sites or any retail outlet or the companies promoting them. If in doubt ask for advice for your specific system or problem from a company offering such advice or service. Always follow the specific advice of hardware and software suppliers, banks and finance houses as appropriate.
© Copyright 2010 Tim
Boddington
