Good Practice
General Internet Guidelines
In summary:
- Check the Windows Update site frequently, or enable automatic updates.
- Avoid programmes like Kazaa
- Backup Frequently
- Read the rest of this site
The details:
- If you have a permanent net connection, check the Windows Update site regularly! Many security holes in Windows are discovered each month - whilst many are left unpatched, take advantage of those patches that are released and make your computer more secure!
- Download Service Pack 1. If you are aware of the risks inherent in connecting Windows to the internet and actively attempt to protect yourself (eg. by disabling unnecessary services) then I wouldn't recommend you install Service Pack 2. You will likely find it annoying, constantly warning about obvious security issues, whilst doing very little actual practical work to keep you safer. An excellent review by The Register entitled SP2 - A Security Placebo? offers a good summary of its failings. The average user possibly already has this installed (if automatic updates is activated) - for those left, it's certainly better than nothing and therefore something you should consider. Be aware that millions of people have experienced problems upon install (myself included) and therefore at the very least backup your work before you download it. You can find it here The ideal time to install it is immediately after a clean install of Windows and before you've installed driver software.
- Don't use peer-to-peer (filesharing) programmes like Kazaa. Unless you have a decent virus checker scanning every file that's run you may as well hold up a sign saying "please give me a virus". If you must use it then exercise caution: put your downloads folder on a separate drive if possible, only ever run it with a non-administrator account and backup your important files regularly.
- Don't browse the internet with an administrator account. If you just turn on your copy of Windows XP and arrive straight onto a desktop then this probably means you. I realise its a real pain to move and nobody will bother, but running programmes as an administrator allows them to damage your computer. You should really be running your daily programs under a 'limited account' and only use your administrator account for administrating! A Microsoft article explains here with further links on the right-hand side of the page. Under any other operating system you would be forced into this, but Microsoft are still catching up with the competition in the security department and therefore its something you should consider taking the initiative on.
- Backup your files regularly! No, really! Consider investing in a cd-writer - you can pick one up for as little as 14 quid at Overclockers UK who also offer an excellent service. Nobody ever bothers backing up until they lose a ton of data (myself included) so be smarter than me and take 5 minutes a week to do this. Use a CD-writing programme like DeepBurner which seems to do the job.
- Finally, look through the rest of this site - seriously consider switching your browser and email clients to something more secure. You'll never look back.
Protect yourself from malicious emails
In summary:
- Upgrade your email client and never reply to spam.
- Watch out for the suspect extensions listed below - never open attachments unless you expect them.
- Never believe any email which involves money transfers.
- Always go to secure sites (eg. banks etc) by typing the address in yourself. Never follow links there!
The details:
There are several types of unsolicited emails you might get, some of which are more dangerous than others. I'll cover them in what I consider to be their order of severity.
- Basic Spam. Consequences = high blood pressure. These can try and sell you anything from viagra, to dodgy insurance and even might tell you you've won the lottery. I got one of those today as a matter of fact. The University has a rather incompetent spam filter and as such a little user discretion is needed! Firstly, never reply to them! Don't even reply to tell them you don't want to be emailed again. If you reply, you confirm your email address as a valid 'target' and will surely be sent even more spam from their friends. It's worth noting that using HTML email, they can tell your email address is active without you even replying. By putting a link to an image on their website, Outlook Express will automatically download the picture when you look at the email and will therefore confirm your email address to them without you even realising it. M2 (the Opera client) will never do this automatically (even with HTML email viewing enabled) and Thunderbird (just?) lets you view mail as plain text to prevent this.
- Virus Emails. Consequences = at the worst you knacker your computer and help propogate the virus. You will only (to the best of my knowledge) get an email virus as an attachment. Therefore, be alert for suspicious attachments. Anything with a random subject line (eg. "look here", "tech support" etc) should be deleted on sight. Keep in mind that it is *very easy* to fake an email address - if in doubt, ask the person the mail came from before you open it. Extensions (the end part of the filename) you should never open include: .exe .pif .com .vbs and .scr. If it claims to be naked pictures of a celebrity this is a well-known ploy. Recent ones have capitalised on current events (eg. Bin Laden captured, see here!) so be aware of that. Often they are placed in passworded zip files to avoid virus scanners (although if you use any of my recommended ones they should stop them the moment you open the zip file) - it may sound silly, but people have typed the password into the zip file to unlock it and infected themselves that way. Don't!
- More Serious Spam. Consequences = loss of money. These usually take the form of "My name is Prince Ahmed, son of the late King Ahmed who recently tragicly perished..blah...blah. Often they'll include links to reputable websites correlating events in an attempt to gain your trust. They'll claim they need a UK bank account to transfer a large legacy into - if you give them your details then the transfers are only going to be in one direction - the wrong one. It rates higher than a virus because financial pain is worse than virus pain. Whilst it may seem common sense not to respond to these, people do (especially elderly people incidentally; often the most vulnerable but trusting) so do inform your more innocent friends/relatives.
- Phishing emails. Consequences = really serious loss of money/financial control. They are fake emails designed to appear from a reputable company. For example, you might receive one from Barclays bank which would look completely authentic, with all the logos etc. They will often ask you to confirm your details because they're updating their records or something similar and provide you with an authentic looking link to help you. Clicking it will take you to a site that *looks* official (it may be virtually indistinguishable) but will actually be fake. When you enter your details, you give them all your financial information. There are ways to spot them (eg. slightly different address etc) but you can avoid all the pain if you remember this one simple rule: never follow links from emails to any kind of secure site. If you need to update your details, then go to the website yourself *without* clicking on their link - that way you know you are where you should be.
Be wary of being sent strange MSN Messenger files
In summary:
- Always message your contact to ask about the attachment or link they just sent you before you open it.
- Consider getting Kerio Personal Firewall (see firewall page) to stop them if you do run one.
The details:
It is possible for a worm installed on your computer to open a conversation with someone on your contact list
(without your knowledge) and send them a file. Your contact will see it as a transfer from you and therefore may be more likely to accept
and run it. This of course spreads the worm. Therefore always ask your contact what the file is before you run it - if they don't respond,
then don't open it. Be especially wary if the file has any of the extensions listed above for suspicious email attachments. The varients I
have seen/have been reported to me are: "me_2005.pif", "LOL.exe", "look.scr", "webcam_004.pif", "cute.pif" and "hahahaha.pif". You can go
here for a description of the worm from the Symantec
website.
Update: The latest version is much more cunning and doesn't rely on a successful file transfer at all. Instead, they simply direct you
to a website link with the file - watch out for the all-important .pif at the end of the address and don't go there!