Online Security: Introduction

The menus at the right give access to most of the security content at this site. You can also use the more-detailed section map, or the custom search below to find security-related topics.

Situation Analysis

Online security is a battle between good and evil, so I'm using military terms here. :-)

Online security is not easy. Chances are you don't have the time or interest to keep up to date on the hazards of the Internet. Knowing how to protect yourself is also complex. I hope to help you choose and implement an approach to online security that will work for you.

Current situation: Cyber crime is now an organized world-wide enterprise. Perpetrators are specialized and highly skilled. Newly discovered flaws in networks, browsers, operating systems, security software, and ordinary programs are swiftly attacked. Right now, the personal information of millions of victims is up for sale online. The revenue from cyber crime now exceeds the drug trade (over $100 billion per year). [snapshots]

What's the answer? Simply stated, match the strength of your protection with what you choose to put at risk. For example, you have protection under the law against credit card (but not debit card) fraud. Your defense does not heed to be as stout for online purchases as it should be for do online banking and other financial transactions. You'll find some security strategies below, grouped by what I'd put at risk using them. It's up to you to decide what to put at risk and which one to pick.

Security Strategies

These strategies are written from a Windows XP perspective, with [notes] that apply to Vista.

1. Basic defenses, suitable for emailing and surfing safer regions of the Web: The objective of defenses in this category is to avoid an infestation of malware that cripples your computer or turns it into a zombie for a "botnet". They are also adequate for shopping with your credit (but not debit) card.

This first strategy requires little or no extra software but running -- at lease internet-facinging programs with lower rights makes is as robust as other simple defenses. It does require learning how to live with a Non-Administrator user account.

Elements: Use a good firewall, learn about informed vigilance, keep Windows and your other software patched and updated and set up a Non-Administrator user account. [Vista (see Managing Vista)] And don't forget to do regular backup. Implement these five elements, and you'll have a good basic defense. Add the software described below and you'll have a much stouter defense.

Ed Bott, an expert at ZDNet, has a semi-humorous article on setting up this kind of defense up for his "Bad Dad".

Some newer anti-malware programs, like VIPRE and Avira AntiVir combine antivirus and antimalware engines. I use VIPRE. :-) Add one of them to the defense above, and you'll have a much stouter basic defense. I laid out this approach in A Solid Security Plan.

"Security suites" are finally becoming good enough to be a reasonable starting point for a decent security system. If you install one of these, learn about informed vigilance, keep Windows and your other software patched and updated, and do regular backup you'll have a good basic defense. [See "Security Suites" in my Google Scrapbook for information on the best ones.]

2. Robust defenses, designed to be strong enough for online banking and financial transactions: The objective of these strategies is to give you a low enough risk that your computer is compromised to allow you to put real money in harm's way.

You need to create and maintain a well-designed, multi-layer defense if you're going to risk substantial financial transactions online. I designed a multi-layer security system that I call 7 Action Steps for Online Security. It follows a beefed up tradional approach. It's not what I use (see below), but it will give you a very robust defense.

My own online defense employs fewer reactive measures, and more pro-active ones than traditional stragegies. I believe it's significantly more effective than my 7 Action Steps for Online Security, but it's not suitable for casual computer users.

One in four people have abandonded online banking because of the growing risk. I haven't gone that far yet, but I don't use my main computer either. I re-installed Windows on an old computer, installed a few essential programs, and I never use that one for any other purpose. ;^)

Notes

You'll want to take further precautions when using public WiFi hotspots or Ethernet connections in motels/hotels. And public computers, such as those in libraries or "courtesy business centers" are doubly risky.

More on the Web

There are several Web-based tools that you can use to enhance your security while surfing and downloading.

Staysafe.org is a user-friendly site that gives directions for being safe online.

"Security on the Cheap" or "The Four Pillars of Internet Security", by Alex Eckelberry, president of Sunbelt Software is a good basic approach.

Ian "Gizmo" Richards, has a well thought out outline of what products and proctices keep you secure online these days.

"Malware: what it is and how to prevent it" -- a superior article at Ars Technia on all aspects of malware

"Who says safe computing must remain a pipe dream?" -- Bruce Schneier's recommendations in a nutshell.

Links to even more security related information on the Web.