Search in book...
Toggle Font Controls
Create new playlist

Name your new playlist

Playlist description (optional)
Sign In

Email address

Password

Forgot Password?

or

Continue with Facebook

Continue with Google
Sign Up

Full Name

Email address

Confirm Email Address

Password

or

Continue with Facebook

Continue with Google

Chapter 2

Is the Internet Safe? Viruses, Spyware, Spam, and Other Yucky Stuff

In This Chapter

Taking a look at the dangers that lurk on the Net

Protecting your online privacy

Understanding how viruses can infect your computer

Preventing spyware-makers from installing unwanted software on your PC

Controlling how much junk email you’re stuck looking at

Keeping yourself and your family safe online

We like the Internet. It has been part of our lives — and livelihoods — for years. We’d love to tell you that all the stuff you may have read about the dangers of connecting a computer to the Internet is hype. We can’t. The success of the Internet has attracted unsavory people who view you as a money tree ready to be plucked. (Nothing personal — they see everybody that way.) In a few countries, perpetrating Internet fraud is now a major part of the national economy.

Even if no one steals your money, people can collect information about your online activities, which results in a real loss of privacy. And, some people are trying to take over your computer so that they can use it for nefarious purposes. When a new computer is hooked up to the Internet, it isn’t a question of whether it will come under cyberattack, but when. And not in months or days — but in hours or minutes.

When you combine the Internet with cellphones and global positioning systems (GPSs), privacy issues become even scarier. Cellphone providers can tell where you are whenever you have your phone with you. Phones or other online devices with a GPS can help you find your way around, but they can also report on your whereabouts.

Now that we’ve given you the bad news, relax: The Internet doesn’t have to be a dangerous place. Using the Internet is like walking around a big city — yes, you need to be careful, use some protection, and stay out of dangerous areas, but you can also safely take advantage of the wonders that the Net has to offer.

This chapter describes the types of issues that abound on the Internet:

Privacy issues involve how much people can find out about you over the Internet.
Security issues have to do with keeping control over which programs are running on your computer.
Just plain annoyance issues include ending up with a mailbox full of spam (junk email) or web browser windows popping up with advertisements.

Throughout the rest of this book, we include instructions for staying safe by using a firewall, a virus checker, a spyware scanner, and some common sense. Chapter 3 talks about rules for letting kids use the Internet, and most of the suggestions make sense for grown-ups, too.

Privacy: Who’s Who and What They Can Tell about You

Advances in technology are eroding the privacy that most of us take for granted. Technology we use every day — credit cards, cellphones, electronic key cards, and automobile toll transponders — allow our every purchase and movement to be tracked. The Internet is an extension of this trend. Many of your online activities can be watched and recorded — sometimes for innocent reasons and sometimes not.

All this is further compounded by the amount of publicly available information that is now conveniently available to people all over the world via the Internet. When paper records were maintained by government officials and people had to visit the office and dig through files for the specific information they wanted, a lot less information abuse was possible. Now the potential exists for anyone anywhere to access information about people hitherto unknown, and to gather information from various sources, including online directories. No longer is a geographical or time deterrent enough.

Some people worry that snoops on the Net will intercept their private email or web pages. That’s quite unlikely, actually, other than the specific case of public Wi-Fi networks; see the sidebar “The perils of free Wi-Fi,” later in this chapter, or government surveillance, which is beyond the scope of this book. The more serious problem is that advertisers build profiles of the sites you visit and the stuff you buy. Most web ads are provided by a handful of companies, such as Google’s DoubleClick, AOL’s Advertising.com, and Microsoft’s Razorfish, which can use their ads to determine that the same person (you) is visiting a lot of different websites. Using this information, these companies can create a profile. They say they don’t create these personal profiles, but they don’t say they won’t in the future.

Several techniques for gathering information about you as you use the Internet, or tricking you into providing information, are described in the next few sections.

Who is the party to whom I am speaking?

Although the Internet seems completely anonymous, it isn’t. People used to have Internet usernames that bore some resemblance to their true identities — their names or initials or some such combination in conjunction with their university or corporation names gave fairly traceable routes to real people. Creating a new email address now takes just a few minutes, so revealing your identity is definitely optional.

Depending on who you are and what you want to do on the Net, you may, in fact, want different names and different accounts. Here are some legitimate reasons for wanting them:

You’re a professional — a physician, for example — and you want to participate in a mailing list or newsgroup without being asked for your professional opinion.
You want help with an area of concern that you feel is private and you don’t want your problem known to people close to you who may find out if your name is associated with it.
You do business on the Internet, and you socialize on the Net. You may want to keep these activities separate.

Most Net activities can be traced. If you start to abuse the anonymous nature of the Net, you’ll find that you aren’t so anonymous after all.

Safety first

The anonymous, faceless nature of the Internet has its downside, too. To protect you and your family, take these simple precautions:

Before posting information on a social networking site like Facebook or Google Plus, carefully review your privacy settings. See Chapter 10 for details. These sites give the impression that the information you provide will be visible only to your close, personal friends, but it ain’t necessarily so.
When posting information that appears on a public website (other than your own, or your social networking sites) or in any discussion venue, don’t use your full name unless you want to be identified as the author of the information. This advice doesn’t apply if you’re working in a business context, such as posting information on your company’s website.
Never provide your name, address, or phone number to someone you don’t know.
Never believe anyone who says that he’s from “Facebook tech support,” “eBay fraud prevention,” “PayPal administration,” or a similar-sounding authority and asks you for your password. No legitimate entity will ever ask you for your password.
Be especially careful about disclosing information about kids. Don’t fill out profiles that ask for a kid’s name, hometown, school, age, address, or phone number, because they’re invariably used for “targeted marketing” (also known as junk mail).

Although relatively rare, horrible things have happened to a few people who have taken their Internet encounters into real life. Many wonderful things have happened, too. We’ve met some of our best friends over the Net, and some people have met and subsequently married. We just want to encourage you to use common sense whenever you set up a meeting with a Net friend. A person you email or swap instant messages with is still largely a stranger, and if you want to meet in person, take the same precautions you would take on a first date with someone you don’t know: Meet in a public place, perhaps with a friend along, and be sure that your family knows where you are and when you’re planning to be back.

The Net is a wonderful place, and meeting new people and making new friends is one of the big attractions. We just want to make sure that you’re as careful as you would be in the rest of your life.

Phishing for inphormation

Phishing is the fastest-growing Internet crime, and you’re the target. The good news is that protecting yourself is easy when you and your family know how to spot the phish-hook.

Learn what phishing looks like. After you start using the Internet and receiving email (as described in Chapter 8), there’s an excellent chance that you’ll receive a message like this one:

Subject: Ebay Important Warning

From: eBay Billing Department! <[email protected]>

eBay Fraud Mediation Request

You have recieved this email because you or someone
had used your account to make fake bids at eBay.

THE FRAUD ALERT ID CODE CONTAINED IN THIS MESSAGE
WILL BE ATTACHED IN OUR FRAUD MEDIATION REQUEST FORM,
IN ORDER TO VERIFY YOUR EBAY ACCOUNT REGISTRATION
INFORMATIONS.

Fraud Alert ID CODE: 00937614

Please access the following form to complete the
verification of your eBay account registration
informations:

http://www.eBay.com/cgi_bin/secure/Fraud Alert ID CODE:
00937614

If we do not receive the appropriate verification within
48 hours, then we will assume this eBay account is
fraudulent and will be suspended.

Regards, Safeharbor Department (Trust and Safety
Department), eBay Inc.

Sounds authentic and scary, doesn’t it? Think you had better deal with this message right away? Better think again. You are the phish, and this message is the bait. The underlined text in the middle is the hook. Click it and soon an official-looking page appears that looks just like an eBay sign-in page. After you enter your username and password, another official-looking page asks for your credit card number, PIN, billing address, checking account details (complete with a helpful graphic so that you can find the right numbers on your personal checks), Social Security number, date of birth, mother’s maiden name, and driver’s license number. The page is smart enough to reject an invalid credit card number. If you fill in all the information and press Continue, you see a valid eBay page that says you’ve logged out. Then, who knows? The bad guys know enough about you to do anything from making a small purchase paid for by your credit card to full-scale identity theft that can take months or years to straighten out.

This message did not come from eBay. Millions of these types of messages are sent over the Internet every day.

Certain clues might alert you. The misspelled words recieved and informations suggest that the author is someone whose English skills are limited. And, if you take the trouble to save the email to a file and then print it, the underlined link in the middle of the message looks like this:

<a href="http://192.168.45.67/cgi_bin"> http://www.eBay.com/cgi_bin/secure/Fraud Alert ID CODE: 00937614</a>

The text between the angle brackets (< and >) is where the link goes in reality, to a website with a numeric address. (When we tried clicking the link two days after we got the mail, the website had already been shut down. Those eBay security folks are on the ball.)

Don’t take the bait

Phishers have gotten a lot more skillful since the earliest phishes a decade ago, and now often have good editors and use a spell checker, so you can’t rely on spelling and grammar mistakes, although they’re dead giveaways when you spot them. Here are a few additional tips:

Assume that every email that leads you to a page seeking passwords or credit card numbers or other personal information is a phishing expedition.
If the email purports to be from a company you’ve never heard of, ignore it.
If the message says that it’s from a company with whom you have an account, go to the company’s website by typing the company’s URL into your browser (see Chapter 7), not by clicking a link in the email. When you get to the company’s website, look for the My Account link. If there’s a problem, when you log in, you should see a notice. If there’s no way to log in and you’re still concerned, forward a copy of the email to the customer service department or pick up the phone and call the number on your card or monthly statement.

One trick phishers use to fool Internet users is website spoofing — tricking your browser into displaying one address when you’re actually at another site. Some browsers allow a website to show only its main address so that it doesn’t look so geeky. Phishers take advantage of this ability. Better web browsers offer protection against website spoofing — they always show the actual web address of the page you’re on.

To summarize, make sure that your family knows this rule well: Never, never, never enter passwords, credit card numbers, or other personal information at a web page you opened by clicking a link in an email.

Web bugs track the ads you read

Ever since the World Wide Web became a household word (okay, three words), companies have increasingly viewed their Internet presence as a vital way to advertise their goods and services and conduct their business. They spend millions of dollars on their websites and advertising email (the legitimate kind you actually asked for) — and want very much to know just how people use them. It’s a small wonder that when you visit a site, companies can keep track of your actions as you move from link to link within the site. But they really want to know what you were doing before you entered their sites — and even more they want to know whether you read their mail. To gather this intelligence, they insert tiny images in mail messages that they call web beacons and everyone else calls web bugs that report your actions back to the mailer.

Most mail programs offer the option not to fetch images in mail messages from unknown or untrusted senders, which stops web bugs and also makes your mail reading faster.

Cookies can be good

When you browse the web (as described in Chapter 6), the web server needs to know who you are if you want to do things that require logging in, collecting items in a virtual shopping cart, or completing any other process that requires that the website remember information about you as you move from page to page. The most commonly used trick that allows websites to track what you’re doing is setting cookies. A cookie is a tiny file, stored on your computer, that contains the address of the website and codes that your browser sends back to the website every time you visit a page there. Cookies don’t usually contain personal or dangerous information; they’re mostly innocuous and — believe it or not — useful.

If you plan to shop on the web (described in Chapter 15) or use other web services, cookies make it all possible. When you’re using an airline reservation site, for example, the site uses cookies to separate the flights you’re reserving from the ones that other users are reserving at the same time. On the other hand, you might use your credit card to purchase an item or a service on a website and the site uses a cookie to remember the account with your credit card number. Suppose that you provide this information from a computer at work and the next person to visit that site uses the same computer. That person could, possibly, make purchases on your credit card. Oops.

Internet users have various feelings about cookies. Some of us don’t care about them, and some of us view them as an unconscionable invasion of privacy. You get to decide for yourself. Contrary to rumor, cookie files cannot get other information from your hard disk, give you a bad haircut, or otherwise mess up your life. They collect only information that the browser tells them about. Your web browser lets you control whether and when cookies are stored on your computer; see Chapter 7 for details.

The web browser equivalents of web bugs are tracking cookies. If several websites show ads from the same advertising network, the ad network can use cookies to tell whenever you’re looking at one of its ads. By piecing together the information from many websites, these tracking companies form a clear picture of where you go online — and what you look at when you get there. Many are careful to provide only statistical information to their clients, but the potential for abuse is there. It’s worth noting that US courts set a lower standard of protection for “business records” gathered in this way than they do for personal papers stored in our homes. Fortunately, most web browsers provide an option to reject third-party cookies, or cookies from anyone other than the source of the web page itself; this makes tracking cookies go away.

Do not track, or maybe do

With the increasing awareness of online privacy issues have come proposals for do-not-track laws, analogous to telephone do-not-call laws. The idea is that whenever you visit a website, you can tell your web browser to send a do-not-track indicator that tells the website not to track you. (Many browsers, including Firefox, already have this feature.) We have mixed feelings about whether it’s a good idea.

For one thing, it’s not at all clear what do not track means. If you order from, say, Amazon, it uses cookies to remember your session and your shopping cart, and to recognize you when you return using the same browser. Most people agree that this strategy is acceptable because it’s all the same company and you deliberately made the first visit to Amazon. Well, okay, lots of people have set up Google accounts to use Gmail (see Chapter 8) and other Google services. Because the DoubleClick ad network is part of Google, it’s okay for DoubleClick to track you because it’s all the same company, right? Uh, no. Privacy researchers have multiday conferences to deal with issues such as this one, and the questions are far from resolved.

The other, even more serious, problem is that you can’t tell whether a site is obeying do-not-track. If a marketer ignores your do-not-call listing, you can tell because your phone rings, but if it ignores your do-not-track, how can you tell? Suspiciously relevant spam from companies you’ve never heard of?

The United States is the only advanced country without comprehensive privacy laws, and do-not-track is just a Band-Aid. Don’t settle for less.

Google yourself

One big attraction of the Internet is all the data out there that’s now easy to access. Some of that data is about you. If you have your own blog or have a personal website (see Chapters 17 and 18), expect that all the information you put up there is available for everyone to see — usually, forever. (We find stuff about ourselves from more than 25 years ago.) Other people also put up information — newsletters, event listings, pictures from events, and other pictures, for example. Your online data trail may be longer than you think. If you haven’t done it before, search the web for your own name. Enter your name in quotes in either the Google or Bing search box and press Enter. If you have a common name, you may need to throw in your middle initial or add the name of your town or school. (If you do this often, you’re ego surfing.)

We know where you are

Cellphones and GPS receivers make the privacy situation even more complicated. Anyone with a cellphone can take pictures or videos of you and email them to friends or post them to the web, which can be anywhere from innocent fun to citizen journalism to seriously creepy. (We’ve read news reports of people standing with their cellphones at the foot of stairwells and escalators and trying to take pictures up girls’ skirts. Ewww.) Modern cellphones have built-in GPS receivers, primarily intended to provide your location if you call 911, but also potentially usable to track your location whenever the phone is on.

Lots of cellphone users want to be tracked. Travel apps (programs) like Yelp and Facebook can tell you about restaurants and attractions near you, but only if they know where you are.

Security: How People Can Take Over Your PC

You can download and install software directly over the Internet, which is a useful feature. If you need a viewer program to display and print a tax form or when you want to install a free upgrade to a program that you purchased earlier, it just takes a few clicks. How convenient!

However, other people can also install programs on your computer without your permission. Hey, wait a minute — whose computer is it, anyway? These programs can arrive in a number of ways, mainly by email or your web browser.

Viruses arrive by email

Computer viruses are programs that jump from computer to computer, just as real viruses jump from person to person. Computer viruses can spread using any mechanism that computers use to talk to each other, such as networks, data CDs, and DVDs. Viruses have been around computers for a long time. Originally, viruses lived in program files that people downloaded using a file transfer program or their web browsers. Now most viruses are spread by opening files that are sent by email, as attachments to mail messages.

There was a time long ago when people in the know (like we thought we were) laughed at newcomers to the Internet who worried about getting viruses by email. Email messages back then consisted only of text files and could not contain programs. Then email attachments were introduced. People could then send computer software — including those sneaky viruses — by email. Isn’t progress wonderful?

What viruses do

When a virus lands on your computer, it has to manage somehow to get executed. Getting executed in computer jargon means being brought to life; a virus is a program, and programs have to be run in order to start doing their nefarious work. After a virus is running, it does two things:

Looks around and tries to find your address book, which it uses to courteously send copies of itself to all your friends and acquaintances, often wrapped up in authentic-sounding messages (“Hey, enjoyed the other night, thought this file would amuse you!”).
Executes its payload, which is the reason that virus writers go to all that trouble and assume the risk. (They do occasionally end up in jail.)

The payload is the illegal activity that the virus is running from your machine. A payload can record your every keystroke (including your passwords). It can launch an attack at specific or random targets over the Internet. It frequently sends spam from your computer. Whatever it’s doing, you don’t want it to do. Trust us: If your computer starts to act quirky or extremely sluggish, chances are good that you’ve contracted a virus or 20.

In the good old days, virus writers were content just to see their viruses spread, but like everything else about the Internet, virus writing is now a big business, in many cases controlled by organized crime syndicates.

What you can do about viruses

Don’t worry too much about viruses — excellent virus-checking programs are available that check all incoming mail before the viruses can attack. In Chapter 4, which describes connecting to the Internet, we recommend installing a virus checker. After you install it, be sure to update it regularly so that you’re always protected against the latest viruses. You can subscribe to receive updates automatically.

Worms come right over the Net

A worm is like a virus, except that it doesn’t need to hitch a ride on an email message. A worm simply jumps directly from one computer to another over the Net, entering your computer by way of security flaws in its network software. Unfortunately, the most popular type of network software on the Net, the kind in Microsoft Windows, is riddled with security holes — so many that if you attach a nice, fresh Windows machine to a broadband Net connection, the machine is overrun with worms in less than a minute.

If you rigorously apply all security updates from Microsoft, they fix most of the known security flaws, but it takes a lot longer than a minute to apply them all. Hence, we strongly encourage anyone using a broadband connection to use a hardware firewall, a box that sits between the Net and your computer and keeps the worms out. If you have a broadband connection, you probably should use an inexpensive router to hook up your computers, anyway, and all these devices include a firewall as a standard feature. See Chapter 4 for more information.

Spyware arrives via websites

Spyware (which includes adware) is similar to a virus, except that your computer catches it in a different way. Rather than arrive by email, spyware is downloaded by your browser. Generally, you need to click something on a web page to download and install spyware, but many people have been easily misled into installing spyware that purports to be a graphics viewer or another type of program they think they might want.

Know what spyware does

Spyware got its name from being frequently used for sneaky purposes, such as spying on whatever you’re typing. Sometimes, spyware gathers information about you and sends it off to another site without your knowledge or consent. A common use for spyware is finding out which sites you’re visiting so that advertisers can display pop-up ads (described later in this chapter) that are targeted to your interests.

Targeted advertising isn’t inherently evil. The Google AdSense program, for example, places ads on participating web pages based on the contents of those pages. Targeted ads are worth more to advertisers because you’re more likely to respond to an ad about something you’re already reading about.

Spyware can also send spam from your computer, capture every keystroke you type and send it to a malefactor over the Net, and do all the other Bad Things that worms and viruses do.

Don’t voluntarily install spyware

Lots of cute little free programs are available for download, but don’t install them unless you’ve checked to see that they’re safe and useful. Most free toolbars, screen savers, news tickers, and other utilities are spyware in disguise. Besides, the more programs you run on your computer, the slower all your other programs run. Check with friends before downloading the latest program. Or, search the web for the program’s name (see Chapter 13) to find positive or negative reviews. Download programs only from reputable websites. Keep your computer free from software clutter.

Are Macs the solution?

We hear you Apple Macintosh users gloating as you read this chapter: “We don’t have these problems. Why don’t people just use Macs?” Mac users still have to put up with phishing and other forms of junk email, and spyware has started to appear on Macs. But to date, almost none of the viruses or worms affects Macs, and the threat of spyware is lower than for PCs. Although this situation can change, we think that Mac users will always have an easier time on the Net. First, Macs are so scarce (compared to Windows machines) that it isn’t worth a virus writer’s time to attack them — partly because this scarcity also makes it hard to spread Mac viruses. Most email addresses in a Mac user’s address book belong to Windows users anyway, so if a Mac virus makes copies of itself, the copies it mails out don’t find nice, vulnerable homes. (Designing a virus that runs on both Windows and Macs is difficult, even now.) Finally, the Mac OS X is designed to be more secure than Windows and is difficult to infect.

Current Intel-based Macs can run Windows programs, or can even be set up to run native Windows, for applications that are Windows-only. We know of companies whose support staffs run everything on Macs — because they don’t get infected. When employees need to run something on a PC, they do it in a window on the Mac screen. Cool.

But don’t be silly. All our advice about not clicking on unknown links or downloading untrusted software also applies to you, Mac users.

This advice is particularly important on your mobile device. Some free apps are free because the programmer wrote them for fun, or they provide access to a commercial site, or they hope they can get you to upgrade to a more capable paid version. But some are free because they show ads and report back to headquarters. On Android devices, when you install an app it tells you what system facilities the app uses, and you should always do a sanity check. If you find a cool pinball app, and it wants access to your address book, huh, what does pinball have to do with your friends’ addresses? It’s probably spyware that will steal the addresses.

Protect your computer from spyware

Spyware programs are often designed to be hard to remove — which can mess up your operating system. Rather than wait until you contract a bad case of spyware and then try to uninstall it, a better idea is to inoculate your computer against spyware. To block spyware, be careful about the screen elements you click. Install a spyware checking program that can scan your system periodically, such as the free Microsoft Windows Defender. See Chapter 4 for details.

Spyware can attack Macs and even phones

Macintosh computers aren’t immune to spyware. (See the nearby sidebar, “Are Macs the solution?”) The Macintosh operating system is by design more secure than Windows, so few viruses and little spyware attack it. But a Mac user is just as likely as a PC user to be fooled into clicking a link to a free porn site that downloads spyware to your computer along with that sexy video. Even smartphones (such as the iPhone or Android phones) can be infected with spyware, and although most spyware targets Windows, it also targets other kinds of computers and phones, so think before you click on any of these devices.

Adware: Just another kind of spyware

Adware, a controversial type of software that many people consider to be spyware, is installed as part of certain programs that are distributed for free. It watches what you do on your computer and displays targeted ads — even when you run other programs. We think that no users in their right minds would knowingly install a program that peppers them with ads — and we want laws to ban the practice, pointing out that adware often behaves like a parasite, by obscuring or replacing ads from competing websites.

Before downloading a free program, make sure that you understand what the deal is. If you aren’t sure, don’t download it. Make sure that your kids know not to download free games, song lyrics, and the like — most are infested with adware. If you don’t, before you know it, you’ll have so many pop-up ads that you’ll have to unplug your computer to shut it up.

Pop-up browser windows pop up all over the place

One of the worst innovations in recent decades is the pop-up window that appears on your screen unbidden (by you) when you visit certain websites. Some pop-ups appear immediately, and others are pop-unders, which are hidden under your main window until you close it. The pop-ups you’re most likely to see are ads for mortgages and airline tickets. (No, we don’t give their names here; they have plenty of publicity already.)

Several mechanisms can make pop-ups appear on your computer:

A website can open a new browser window. Sometimes this new window displays an ad or other annoying information. But sometimes the new window has useful information — some websites use pop-up windows as a sort of Help system for using the site.
Spyware or other programs can display pop-up windows.

Luckily, web browsers now can prevent most websites from opening unwanted new browser windows. See Chapter 7 to find out how to tell your browser how to display fewer pop-ups.

What’s the secret word, Harry?

Everywhere you go these days, someone wants you to enter a password or pass code. Even Harry Potter has to tell his password to a magic portrait just to enter the Gryffindor dormitory (although there’s apparently no security between the boys’ and girls’ wings). Security experts are nearly unanimous in telling us how we should protect all our passwords:

Pick complex passwords that are long enough that no one can guess them.
Never use as a password a word that occurs in the dictionary. Consider sticking a number or two into your password.
Never use the same password for different accounts.
Memorize your passwords and never write them down.
Change your passwords frequently.
Find out how hard a hacker would have to work to guess your password. Microsoft has a site that tells you, at microsoft.com/protect/yourself/password/checker.mspx.

The perils of free Wi-Fi

Wi-Fi, the wireless way that your laptop can connect to the Internet, is available in many public places, including airports and coffee shops. As explained in Chapter 4, when you use Wi-Fi to connect your computer to the Internet, you locate the network and click Connect and then start using the Internet. One of the first things you’ll probably do is use your web browser to check your email or connect to your company’s network, And, in the process, you type a password or two.

Can you trust the Wi-Fi network? How do you know that the Wi-Fi network isn’t listening to what you type, including your passwords? Well, you don’t.

Wi-Fi snooping is surprisingly easy. A thief sets up a computer in an airport lounge or a coffee shop with a computer listening to all the radio traffic on the local Wi-Fi network. She monitors what you type and uses your passwords to send spam or empty your bank account or perform other nefarious deeds.

What’s a traveling Internet user to do? You can significantly decrease the likelihood of snooping by using secure https websites (which show a lock icon in the browser) rather than unsecured http websites. A secure site encrypts the traffic between your browser and the website so that even if someone is listening in, all they see is the meaningless encrypted traffic. If you use a mail program such as Thunderbird or Outlook to check your mail (see Chapter 8), set your incoming and outgoing mail connections to use encryption (often called SSL or TLS), which offers the same benefits.

If you absolutely must use public Wi-Fi to check your email while you’re on the road and you don’t have an https or SSL connection (which you should, all popular webmail systems offer them), here’s what to do, advice courtesy of our friend Mark Steinwinter:

Before you leave on your trip, change your email password (and any other password you plan to use).
While on your trip, limit your public Wi-Fi use to the accounts whose passwords you changed before leaving. Go ahead and use websites that don’t require a password.
As soon as you return home, change your email password again. You can change it back to the one you used before your trip, or to another password. Just assume that a Bad Guy has the password you used on your trip, and never use this password again.

This sound advice is intended for everyone — except ordinary human beings. Most of us have far too many passwords to keep track of and too little brain to store them in.

One common-sense approach is to use a single password for accounts where you have little risk of loss, such as the one you need in order to read an online newspaper. Use separate, stronger passwords for the accounts that truly matter (such as your online banking account). If you feel you can’t remember them all, write them down and keep them in a safe place, not on a Post-It note stuck to your monitor.

Our warning about not using a password that’s in the dictionary — take that one seriously! Hackers managed to find a hole in our firewall one day, and we had stupidly left one password set to a normal English word (weather, if you must know). It took the hackers less than two hours to break into our computer, by simply having their computer generate every English word until they found one that worked.

When making up a password, stick numbers and punctuation into words or glue two words together with some numbers, or spell things backward. Use both capital and lowercase letters, too. If your kids are Fred and Susie and your house number is 426, how about Fred426susiE? Or Susie426dreF? Using the first letters of every word in a phrase is a good method, too. If your favorite song is “I Wanna Hold Your Hand,” by The Beatles, it wouldn’t be that difficult to remember a password like Iwhyh1963. You get the idea!

Over the years, we’ve ended up with so many passwords that we started storing them in a text file — which anyone with access to our PC could read! This isn’t a horrible idea, as long as your PC has a password to keep random people from logging in, but you can do better. If you have a lot of passwords and no way to remember them, consider using a password manager, which is designed to store your passwords in a safe place. Of course, you have to remember one password — for your password manager. We use KeePass, a freeware, open source program that you can download from www.keepass.info for PCs and Macs.

Be careful with password hints

Website operators are tired of dealing with customers who forget their passwords, so a new computer tool has emerged in the past few years — the password hint. When you create a new account, the friendly identity manager software asks for your username and new password. It then makes you select and answer a couple of security questions, such as “What’s your favorite color?” or “What’s your pet’s name?”

Sometime in the future, you try to log in to that account — and find that you forgot its pesky password. No problemo! You’re asked the security questions you picked; if you type the right answer, you’re in. The problem is that a thief pretending to be you sees the same challenge. Rather than guess your password, all he has to guess is your favorite color (blue, maybe?) and figure out your pet’s name (and did your kid post captioned photos of Rover on the school website as part of his third grade computer literacy project?).

If you encounter one of these password hints when you sign up for an important account, pick questions whose answers an attacker can’t glean by researching you. And, there’s no rule that says you have to answer the security questions truthfully. You can pick a friend’s pet, for example, or a color you detest, or you can say that your favorite color is Rover and your pet’s name is Purple. You just have to remember your less-than-truthful answers to these questions.

Spam, Bacon, Spam, Eggs, and Spam

Pink tender morsel,
Glistening with salty gel.
What the hell is it?

Hawaiian lunch meat?
Someone else’s old shoe heels?
We may never know.

— SPAM haikus, found on the Internet, sometimes credited to Christopher James Hume and Reber Clark

More and more often, we receive unsolicited bulk email (abbreviated UBE but usually called spam) from organizations or people we don’t know. Spam is the online version of junk mail. Offline, junk mailers have to pay postage. Unfortunately, online, the cost of sending out a bazillion pieces of junk mail is virtually zilch.

Email spam (not to be confused with SPAM, the meat-related product from Minnesota that’s quite popular in Hawaii) means that thousands of copies of an unwanted message are sent to email accounts and even to instant message programs. The message usually consists of unsavory advertising for get-rich-quick schemes or dubious drugs — something that you might not want to see and that you definitely don’t want your children to see. Many spam messages tout worthless stocks that the spammers have bought and hope you’ll buy at inflated prices. The message is spam, the practice is spamming, and the person sending the spam is a spammer. Phishing often involves spam, too.

Spam, unfortunately, is a major problem on the Internet because it’s extremely cheap for sleazy advertisers to send. We receive hundreds or thousands of pieces of spam a day, and the number continues to increase. Spam doesn’t have to be commercial (we’ve seen religious and political spam), but it has to be unsolicited; if you asked for it, it isn’t spam.

Why it’s called spam

The meat? SPAM might be short for spiced ham. Oh, you mean the unwanted email? It came from the Monty Python skit in which a group of Vikings sing the word spam repeatedly in a march tempo, drowning out all other discourse. (Search for Monty Python spam at your favorite search engine and you’ll find plenty of sites where you can listen to it.) Spam can drown out all other mail because some people receive so much spam that they stop using email entirely.

Why it’s so bad

You may think that spam, like postal junk mail, is just a nuisance we have to live with. But it’s worse than junk mail, in several ways. Spam costs you money. Email recipients pay much more than the sender does to deliver a message. Sending email is cheap: A spammer can send thousands of messages an hour from a PC. After that, it costs you time to download, read (at least the subject line), and dispose of the mail. The amount of spam is now about 20 times the amount of real email, and if spam volume continues to grow at its alarming pace, pretty soon real email will prove to be useless because it’s buried under the junk. Another problem is that spam filters, which are supposed to discard only spam, can throw away good messages by mistake.

Not only do spam recipients have to bear a cost, but all this volume of email also strains the resources of the email servers and the entire Internet. ISPs have to pass along the added costs to its users. Spam volume doubled or tripled for many years, and is still growing, although not as fast. Large ISPs we know have estimated that more than 95 percent of their incoming email is spam, and many ISPs have told us that as much as $2 of the monthly fee goes to handling and cleaning up after spam. Spammers send 100 billion spam messages every day. And, as ISPs try harder to filter out spam, more and more legitimate mail is being mistaken for spam and bounced.

Many spam messages include a line that instructs you how to get off their lists, something like “Send us a message with the word REMOVE in it.” Reply to messages or click links to unsubscribe only if the messages are from lists that you remember subscribing to or from companies you have done business with. Anyone else will either ignore you or add you to other spam lists.

What you can do about it

You don’t have to put up with a lot of spam. Spam filters can weed out most of the spam you receive. See Chapter 9 to see how to use the spam filter that may already be built into your email program or how to install a separate spam filtering program. Also visit www.cauce.org, the Coalition Against Unsolicited Commercial Email, which is the major grass roots antispam organization.

Safety: How to Keep Yourself and Your Family Safe

Viruses, spyware, phishing, pop-ups, spam — is the Internet worth all this trouble? No, you don’t have to give up on the Internet in despair or disgust. You just have to put in a little extra effort to use it safely. In addition to the technological fixes we suggest (virus checkers, spyware scanners, and pop-up blockers), you need to develop some smarts about online security. Here’s a quick checklist:

Develop healthy skepticism. If it sounds too good to be true, it isn’t true. No one in Africa has $25 million to share with you if you help them move it out of the country, nor did you win a sweepstakes you never entered. As the old saying goes, there’s a fool born every minute. Today’s sucker doesn’t have to be you.
Keep your computer’s software up-to-date. Both Microsoft and Apple have features that make this process more or less painless. Use them. The latest software updates usually fix exploitable security flaws.
Use a firewall and keep it updated. Your computer probably has firewall software built in. Make sure that your firewall is turned on. Some malware programs know how to turn off protective software, so check it every week or so. We recommend using a router — a device that lets you share Internet connections among several computers (whether wired or wireless) — because routers include built-in firewall programs that malware programs cannot disable or bypass. These units are so cheap that you should get one even if you have only one computer. (See Chapter 5 for details.)
Install virus-protection and spyware-protection software and keep it current. You can get either free or paid software. Use it. Chapter 4 tells you how to install virus checkers and spyware scanners.
You must keep the virus description files in your antivirus software updated — automatically if possible, and every week at least. (New viruses are launched every day.) Your antivirus software should automatically download the updates; check your documentation.
Don’t open an email attachment unless it’s from someone you know and you’re expecting it. Contact the sender if you aren’t sure.
Don’t click links in email messages unless you’re sure that you know where they lead. If you click one and the site you end up at wants your password or credit card number or dog’s name, close your browser window. Don’t even think about giving out any information.
Pick passwords that are hard to guess, and never give them to anyone else. Don’t give them to the nice lady who says she’s from the Help desk or to the bogus FBI special agent who claims to need it for tracking down a kidnapped child. No one.
Be consistent. If you share your computer with several family members or housemates, make sure that every person understands these rules and agrees to follow them.

For more tips about staying safe online, the US government runs the OnGuard Online site at www.onguardonline.gov.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.

Table of Contents for Chapter 2: Is the Internet Safe? Viruses, Spyware, Spam, and Other Yucky Stuff

Create new playlist

Sign In

Sign Up