The Internet offers many opportunities to its users. But it also has a dark side, that many users are unaware of, or chose to ignore. In Security 101, we discuss five aspects that ever Internet user needs to know to protect the computer, data, and identity online.
- In downloads, we discuss the dangers of downloading files from the Internet, and options to make sure the file downloads are safe before executing them on the local computer.
- In Privacy, we discuss privacy related topics like identity theft, and offer advise how to avoid it.
- In Phishing, we explain the concept, and provide the means to avoid phishing forever.
- In Spam, we detail how spammers find email addresses, and what you can do to protect your email from them.
- In Updates, we discuss the importance of keeping the computer system, and its software up to date to avoid leaving the system’s vulnerable to attackers.
File downloads are a high security risk, especially if the download provider cannot be verified. Files can contain malicious code that infects computer systems on execution.
A first rule of thumb is to always use the official download page when downloading files. That may however not always be possible. Several software developers for instance use free file hosting services like Rapidshare to host their programs.
A search on trusted software portals, like Softpedia, MajorGeeks or Betanews may provide alternative download locations from trusted sites who virus scan the files before offering them on their portals.
Trusted sources are sometimes not available, which leaves the option to download files from untrusted sources. The following security precautions are valid for all file downloads, but should especially be considered when downloading from free file hosts or P2P.
Lastly, testing downloads in a secure environment is another secure option before executing them on important systems. Two options are available, sandboxing or virtual machines. Sandboxing programs like Sandboxie and virtual machines like VMWare or Microsoft Virtual PC execute the files in a closed environment, so that malicious code cannot manipulate the “real” computer system.
Tu sum it up:
- Always download from the official source, or a trusted download portal, avoid free hosts whenever possible
- Make sure an up to date antivirus solution is installed on the computer
- Double-check suspicious files with online virus scanners.
- Try to avoid “shady” downloads, like key generators, cracks, hacks and the like.
- Sandboxed environments and virutal machines are the ultimate testing environments for suspicious files that are downloaded from the Internet.
The Internet offers many opportunities to reveal personal information to third parties. These information can be used for identity theft, social engineering or spam.
Avoid publishing personal information on the Internet, and if you do, make sure that only selected and trusted friends have access to them. Take Facebook for example. Many users like to fill out their profiles, enter the music they like, their relationship status, religion, political views, and so on. Privacy settings can be set to allow anyone access to those information, which in turn can be used for identity theft, or very target spam.
One thing that we suggest to users is to create an online identity, and use the information of that identity on all sites where the identity does not matter. For example: On Facebook, you might want to use your real name and email address, while that may not be necessary on other sites where you do not connect with friends, say an online tech forum, or when posting a comment on a blog.
The new identity should use a fake name, and use a second email address that cannot be linked to the real email address.
The risks are reduced dramatically when working with two identities online. This also helps in reducing the spam received in the “real” email inbox.
Reading up on privacy related topics is recommended, a good starting point is the website of the Electronic Frontier Foundation (EFF).
Many Internet users associate spam with email, as this seems to be the most common form that they experience. But spam refers to more than that. Spam is defined as every content or message that is received by a user without consent. That includes emails that sell viagra, instant messenger and chat room messages from unknown users, or comment spam on websites among others.
Statistics say that 19 out of 20 emails received by Internet users are spam. How do spammers get the email addresses? There are lots of ways. Some use crawlers to find them on the Internet, others buy them from address brokers who more often than not get email lists from legit websites who make a quick buck on the side by selling their user’s email addresses and information.
- Never give out your default email address on the Internet. This may sound like it is impossible, but it is not.
- Create a secondary email account at Gmail, Hotmail or Yahoo Mail and use that solely for the purpose of signing up for web services, leaving comments, chatting, registering software, free offers or anything else that requires an email address (even if it is not on the Internet, shopping catalogs for instance). That way you have one email address for friends, family and work, and one for the rest of the Internet. Remember, signing up with your real email address may inadvertently make it available to spammers. Even if a service is not selling your address, they might get hacked eventually so that your email address gets exposed this way.
- Temporary email services are another solution. Need to give away your email address to get that “great” free offer on this site? Need to login to read the information on this site? Temporary email address services like Yopmail offer instant email addresses for those purposes. Just enter firstname.lastname@example.org during signup, visit Yopmail afterwards and check that email address for new emails. If the service has blocked yopmail.com use one of the alternatives on the yopmail site, they usually work. See (the use of temporary email for additional pointers)
- Spam filters, programs or services, may aid in the elimination of existing spam that is send to your private email address. Most web email services do a good job at detecting spam so that it is filtered out before it reaches the inbox. Users who want more control over the process should use a desktop email client as an alternative. Thunderbird is for instance a good option, it can manage multiple email accounts and uses its own spam filter on top of the ones used by the email providers.
- Never reply to spam emails. Replying to spam emails provides the spammer with valuable information. It is a confirmation that the email address exists and that it is actively monitored by a user. Mark the spam as spam in your program, that’s all you need to do, ever. Do not click on unsubscribe links, do not write the spammer a nice message asking to stop sending the spam. This may work at times, but it leads to more spam more often than not.