Benjamin Franklin once said, "The best
way to be safe is to never feel secure."
I used to call the former version of this
Level-3 plan my Paranoid defense. Things have changed a great deal
since then (then being the 20th -- not the
18th century). It was a great deal easier
to be a full fledged paranoiac in the past.
These days, it would take a full-time staff
of five or six to be properly paranoid. I
just call it "Level-3" now, and
try to be as paranoid as is practical. You
might want to digress to this introductory article to get a view of how the online world has
become the Wild Wooly West and how your defenses
The plan below is only a checklist. The links
in each item lead to the essential details
for putting the plan in action. Don't try
to do it all at once. Take it one step at
a time, and check each item off as you go.
- Gain a better understanding of the hazards
online and how defenses work.
- Learn about the nature of malacious computer code.
- Learn how attacks work.
- Learn about the defense tools that are available.
- Subscribe to Microsoft's update notices, and to a security oriented newsletter or
two. Security Pipeline and Brian's Buzz are a couple of good examples.
- Don't use Outlook Express, Internet Explorer,
Windows Media Player or Microsoft Word. Use
Mozilla (free) as your browser and either Mozilla
Mail (comes with Mozilla), Pegasus, Eudora, or Courier as your email client. See "Setting up Your Email Client".
- Install a robust firewall. If you're using Internet Connection Firewall
(ICF) install a better one: ICF is reasonably
good, but even Microsoft has a list of alternatives. Disable ICF first to avoid conflict with the new firewall.
Update: Microsoft intends to provide a better version
of ICF in the second half of 2004.
- Install anti-malware and anti-Trojan software, in addition to antivirus software and your firewall. Yes, you need all four. Enable automatic signature file updating
for the first three too, or update the files
yourself every time you go online for the
first time that day.
Firewall: ZoneAlarm Pro. Antivirus: NOD32 -- enable real-time scanning. Anti-malware: PestScan. Anti-Trojan: Trojan Hunter -- enable real-time protection. NOTE: All of this software offers real-time protection.
You may not be able to enable
it on all four
because of conflicts. I'll
update this note
later. Send an email with questions
- Examine all email messages before you process
them further: Your own wits and common sense are your
best peripheral defense against bogus email.
Before you open your email, examine your
list of new email messages, discard the spam
and any messages that look at all suspicious
-- even messages from someone you know.
Prescreen any that are questionable, and finally,
open just the ones you fully trust. See "Safe Email Practices".
- Never open an email attachment unless you're
99.999% sure it's OK: Be suspicious of any attachment you were
not expecting -- even if it's from someone
you know. Check with the sender first before you open
it and even then be cautious. Be doubly suspicious
of forwarded attachments, or attachments
from someone you don't know. You can improve your online security by 10
to 1 if you're always careful with email
attachments. See "Step 2. Handling attachments safely" and Step 3. Safe file handling.
- Never download any files unless you know
you can trust the source: Unfortunately, that advice includes pictures
and music. Scan all files for viruses, malware
and Trojans before you open them. All the precautions on the "Safe File Handling" page should be part of your prudence.
- Don't visit to risky Web sites -- gothic,
warez, crackz, gamer, cheat code, tres equis and sites of that ilk: And be doubly suspicious
of any unsolicited Web page -- pop up windows -- unexpected
requests to "log on again," etc.
Stay away from Web sites that you don't know,
unless you have a good reason to trust them.
In particular, don't click on links in email
messages if you don't know where they lead.
See "Safe Surfing Practices". Use the OffByOne browser to check a site if you need to bend
- Don't use instant messaging or IRC (Internet
Relay Chat), or download files from P2P file-sharing
networks, such as KaZaa or Morpheus. [details]
- Limit what you put at risk to what you're
willing to loose or what you can easily replace.
Never keep critical personal information on your computer -- information like sensitive
passwords, account numbers or your social
security number -- and never send it online
without strong encryption. Use good password protection practices as well.
- Backup everything you can't replace or would
hate to lose: Digital pictures -- the book you're writing
-- recipes -- genealogy records -- whatever.
If you're not willing to loose all the work
you have invested in setting up your computer,
be sure you always have a current drive image
to fall back on. See "Backup" and "System Backup".
- Encrypt all personal information that you
keep on your hard drive. Don't work with
it online except when you're connected to
a secure Web site. Purge your hard drive
with "NecroFile" first, and then install "SafeHouse".
- Be wary of scams, fraud and hoaxes online: There's a higher percentage of con-artists
online than there is in real life, because
it's so easy to hide online. Virtually all spam contains a scam of some