Step 6: Staying Informed

Nothing except a firewall is more important than "web smarts" -- knowing how to recognize and avoid online threats.

There's a lot to learn about online threats, and you're not going to do it in a day. Work your way down this page, following the links. Learn something new each day until you have covered all the topics. Even if you're on the basic track of this plan, try to get a general idea of the threats and defenses. You can also use the catalog of threats menu at the right as a checklist.

The human dimension

The part between the chair and the mouse -- the user -- is often the most vulnerable component of a PC. Your firewall, antivirus, antispyware, etc., may not save you if a "social engineer" persuades you to do the wrong thing.

It's easy to unwittingly allow attacks to get past your firewall. Your firewall already allows web pages and, email and probably attachments to enter your PC. It doesn't even blink. That's why most attacks employ one or more of them as weapons.

An attack can take many forms. It may be an urgent email message asking you to straighten out a problem with your account. [phishing] It may be a popup telling you that 'Your PC is infected -- you need to download some wonderful program to fix it.' Or you may have won the Nigerian lottery.

You now have the opportunity to be a willing participant in your own misfortune. You can be so anxious to solve the problem that you let your guard down. You may give your Social Security Number to a fake website. You may dismiss warnings from your antispyware program. Even though you know better. ;-)

Remove the temptations

Spam and popups deliver most of the hazards to your computer. If you don't see them, they can't bite you. There are effective ways to reduce both of them. Thunderbird and Firefox are a good way to deal with the problem, and get other security benefits as well. There are many other solutions too. [spam] [popups]

What to watch out for

Be very wary of any contact you didn't initiate yourself. Don't provide any information. Don't click any links. Contact the (alleged) sender directly, using your normal method, to check it out.

Deception: It's easy to be taken in by urgent email, an enticing pop-up, or a slick Web site. Even experts are taken in. Clicking the wrong link can ruin your whole day. Deception can be a vector for viruses and worms, spyware, scams, fraud, and identity-theft.

Counterfeit and malicious email: Email messages are used for the majority of dirty tricks and fraud online. Most of them are designed to look like legitimate messages. It's very hard to tell some of them from real messages. There are effective ways to deal with them though.

Malicious attachments: Counterfeit email and malicious attachments go hand in hand. Even if the message appears to come from someone you know, it could be an email bomb.

Phishing: Using forged email to extract account information from you. The message often links to a carbon copy website where the theft takes place.

Fake and malicious websites: Often used in conjunction with phishing, but there are many other kinds of malicious websites.

Hoaxes: Usually comes in an email, warning of some dire result if you don't take urgent action, and pass the warning on to everybody you know. The warning often directs you to remove some file(s) because it's a virus, or baloney like that. Turns out, the file is required by Windows.

Dodging the dangers

Do not use public PCs at Internet Cafes or Public Libraries to do business online. Many have surveillance software installed. The information goes right to fraudster who put it there.

If you use public PCs for other purposes you'll want to know about Microsoft's safety tips for using a public computer.

Manage email safely: Email and email attachments are the most likely way for you to run into trouble on the Internet. Know how to avoid the hazards of email.

Handle attachments safely: Be very careful how you handle attachments. Attachments present a bigger online threat to the average user than all the other hazards combined. Know how to do it safely.

Validate files: Be careful how you handle email attachments, and files you download. The same principles apply. Know when and how to check them out, and how to open them safely.

Surf safely: There are many traps for the unwary out there on the Web. Learn to sidestep them with a few precautions.

Download with caution: Accept files only from well known and trusted sources that you fully trust. That's the basic principle Even then, know how to be careful.

Instant Messaging and File Sharing: A risky microcosm of the Internet, with it's own set of hackers, worms and Trojans. I would never mix sensitive information on the same computer with these peer-to-peer services. There are things you can and should do to reduce the risk if you use your computer for casual purposes though.

• map of security section

• know how to avoid trouble
• avoid deception online: phishing; identity theft; spyware; hoaxes
• 7-step security plan: 1: install a firewall; 2: tighten configurations; 3: install anti-virus; 4: install anti-malware; 5: back up your data and more; 6: dodge the dangers; 7: patch and upgrade software
• the best anti-malware programs
• special plan for new computers
• bonus: double your security
• *links to more on the web*

• email security
• web smarts
• catalog of threats
• elements of defense
• 7 steps to security
• my pro-active security setup
• how to remove malware
• WiFi security

• attack vectors: deception the #1 threat; phishing #1 deception; poisoned websites; poisoned email; email attachments; downloads; spam (scams and phishing); hackers and worms; popup warnings
• malicious content: spyware; viruses and worms; trojans

"The sad truth is that much if not most spyware and adware is installed on PCs after users "consent" to those installations, usually without fully understanding the nature of the software." --Eric L. Howes, Sunbelt Software www.sunbelt-software.com