Online Threats

This is just a brief summary of the dangers online. The "catalog of threats" over in the right column leads to more complete information.

Fortune over fame:
Once upon a time the Internet was no more threatening than the Wonderful World of Oz. There's more than a wizard and a few wicked witches lurking there now though -- muggers, extortionists, and con artists -- all bent on separating the great unwary from their purses.
Internet crime is organized now as well. Technology that makes it easy is now available for purchase or even free on the Internet. Spammers, scammers and spyware writers band together to leverage each other's abilities. Cybercrime is concentrated in the middle-east, but operates world wide.
Hackers, viruses, worms, spyware, phishing, spear phishing... Only a healthy immune system can fend off a malicious menagerie like that. Spam has morphed from a devious deals to a vehicle for spyware and worse. And you now need more safeguards if you want to keep younger children safe online.

Points of attack

Attacks are directed at weak spots in the computing system called vectors. The system is the combination of the computer itself, the network it's connected to, and any humans in the system. You know that the part that's most likely to cause an automobile accident is the nut behind the wheel. Sadly, the person using the computer is often the weakest security link. ;-)

Cyber-criminals use deception -- often called "social engineering" -- to attack the human element. Phishing is a prime example of deception. Attacks often originate with an email message or a pop-up webpage. The perpetrator's attack succeeds if you to respond to his urgent, convincing message. He's then able to extract private information from you, install malware, or do anything else he wants.

Many attacks simply take advantage of weak spots in the operating system (i.e., Windows) or programs. There are many ways to send carefully designed content to the computer that will directly or indirectly install all sorts of malware. Many kinds of programs have been found to be vulnerable -- browsers, Word, Excel, WinZip, Adobe Reader, Windows Media Player, and many others.

The network (the Internet for most personal users) is another vulnerable part of the system. Network worms, eavesdropping and hacking are methods used to attack the network. Wi-Fi adds another easily compromised element to the network. Criminals also use legitimate websites by breaking in and substituting poisoned pages that attack anyone who visits them. This is a growing threat.

Even computer hardware can be attacked. For example, if someone can gain momentary access to your computer, it's simple to insert a simple bug, called a key logger, between your keyboard and computer. Then everything you type, including account numbers and passwords will be sent to person who installed it.

The only practical way to protect yourself and your computer is to set up and maintaining a structured defense. Threats are now so widespread and varied that I have moved away from traditional online defense (reactive), and adopted a proactive approach, which is radical but I think more effective.