This document is meant to explain internet security in terms that Joe Computer User can understand and to give some tips that he can use without having to go to a technical college. I have taken some liberties with terms and descriptions so Joe (or Jane) can easily understand them.
What is a virus and what do they do?A virus (Trojan, worm …) is generally a small file that is attached in an email or a download and can do any number of things to your computer from annoying you to destroying all your data. One thing that almost ALL viruses do immediately is they go through your address book and send themselves to all of your friends. Those emails, with virus attached, come from you (your friends will love you). This is the reason that you are told never open an attachment (an attachment is a file that is not in the body of an email but has to be opened separately) even if it comes from a friend unless you know they are sending it. There are a variety of other ways that you can get a virus but email is still the most common.
How do I protect myself?First, never open email attachments unless your friends tell you they are sending you something. If you are sending an email with an attachment, send a separate email notifying the recipient.
Next, get virus protection and make sure it is activated and up to date. Most antivirus software comes with one year of updates and after the year you are no longer protected unless you pay for updates. Open your antivirus software (Start – All Programs – Your Antivirus Software) and click Updates. If you receive updates, then you are protected. Expired virus protection is nearly worthless.
What is adware and spyware?Like viruses, adware and spyware are little files attached to programs that you have downloaded (with or without your knowledge). In general, these files do not damage your computer but they can install software that spys on you (spyware), giving spyware companies your account information and passwords. These files are little programs that take up your computers memory (RAM) and if you have enough of these programs running (without your knowledge) it will slow your PC.
Legitimate adware companies tell you that if you want their free software or toolbar, you are also going to get advertising to support the product. Then it is your choice if you are willing to see ads in exchange for getting free software. Illegitimate companies will do what is called a “drive by” and download adware or spyware without your knowledge.
Adware is annoying, spyware is destructive.
How do I protect myself?Like antivirus software, you can get adware and spyware removal software. Most of these products come with a free scan but the free scan does NOT remove adware and spyware. You will need to pay to have it removed and to have yourself protected.
Can I go phishing on my boat?Phishing is the latest scam and it is very easy to fall for. It is exactly as it sounds, bad guys fishing around for information and trying to trick you into giving it out. Mostly this is done via email and with the popular ones asking you to “Update Your Account” or “Confirm your password”. While the email that you are looking at appears to be your bank or eBay or Amazon, it is not. The bad guys have “spoofed” or copied the site and graphics. It looks like the real thing.
How do I know if it is a scam or if I really need to update my account?
If you go to the “eBay site” to enter your information and it says anything other than http://www.eBay.com then it is bad. Bad guys will create something like http://eBay.asdfasdf.com. That is their site but since it says eBay and has eBay graphics, you think it is real. Remember this is not just eBay, this is your bank or any other big name website that is commonly spoofed.
Here is the kicker, eBay, Amazon, Paypal, Citibank, your bank or any other reputable site will NEVER, EVER, in a million, zillion years send you an email asking you to update your password for ANY reason. If you are so convinced that the email is real, CALL the company or if you must go to the site, do NOT click on the email itself, open your browser and TYPE in http://www.eBay.com. NEVER click on the email itself (by the way, the email isn’t real, just delete it).
Can I have spam for lunch?It won’t fill you up, but sure, go ahead. Spam is unsolicited email. This means that you never requested to receive the email. Spam can be porn, offers for bank loans or it can be an offer for antivirus software IF you never requested it. Spam CAN contain viruses, phishing attempts and even adware and spyware. In general, if you have antivirus, adware and spyware protection on your computer, spam is more annoying than destructive.
How do I stop getting spam?A legitimate email list will have a Remove link at the bottom and will honor that quickly. Unfortunately an illegitimate company will also have a Remove link at the bottom and if you click it they know they have an “active” email address on their list. What do you do? Unfortunately if you are on a spam list, there is NO way to get off. Don’t try to call the company, don’t reply to the email and curse someone out and don’t threaten with lawsuits … you are just wasting your time as no one is reading it. Spam software is very effective in monitoring and blocking what you see BUT, spam software does not have your brain, so it does not always know what you want to see. A receipt from a legitimate online purchase can get blocked easily, Aunt Ginny sending you a joke can get blocked and anything with an attachment or pictures can easily get blocked. If you get good spam software AND you are willing to put forth a little effort then you can effectively block a significant portion of the spam email you get.
As an industry professional I can tell you that this is probably the most difficult and ongoing frustrating aspect of the online industry. The Can Spam Act of 2004 has made legitimate companies follow guidelines which are beneficial to the consumer but has done little to stop illegitimate companies from sending spam.
What is a hacker?When you go online you open up your computer to the outside world. The phone line (or any connection) that allows you to get to the internet, allows bad guys to “hack” into your computer. It isn’t that simple as you go online and hundreds of hackers are snooping around your PC but the general idea is that there are “ports” of entry into your PC that hackers exploit. Firewalls protect your computer from being hacked.
What is a firewall?A firewall is like caller ID on caffeine. It is either a piece of hardware or software that blocks inappropriate traffic and tells you when someone is coming into your PC (no pictures or names, sorry). Firewalls tend to require some work as they are setup specific to your browsing habits but often the preset conditions are fine. Also, if you have a router (generally with a DSL), those usually come with firewalls built in. Check with your internet provider.
What is identity theft?Identity theft means what it sounds like, a bad guy is trying to get your passwords, your license and your identity in order to get credit cards and loans and even married in your name. They basically live a life on your dime (actually a lot more). This is worse than it seems on the surface, once you are wiped out financially you are also in debt and have obligations that you never knew about. Identity theft does NOT go away when the thief gets caught or stops stealing. Credit agencies do not go away. Collectors do not go away. This is the most devasting risk online but compared to viruses and spyware is still relatively small.
How do they steal my identity?Phishing, hackers, spyware, viruses … all can contribute to the loss of your identity
What do I do to protect my identity?Purchase protective software (antivirus, adware, spyware, spam …) and use common sense. Do not give out passwords, do not give out private information and do not do anything that you wouldn’t do offline.
After writing this I wonder why anyone would go online. Well, no need to get too concerned but you need to do what you do in the offline world, use common sense. You pay for car insurance, you change your tires and oil and when you valet park, you give your keys to someone that works there instead of just getting out of your car and leaving it running … why wouldn’t you use the same common sense online.
You spend hundreds of dollars on your computer, $20 a month to get online and hours browsing around, you can spend $50-$75 a year (and less next year) in purchasing the appropriate software. But no matter what you pay, use common sense, if you wouldn’t do something offline, don’t do it online.
A special note: This document is written for the Joe Computer User who is confused and overwhelmed by all the various threats online today. I have simplified and omitted more complex and detailed topics but have given a good understanding of issues along with links to credible and more in depth websites on each individual topic.
