Internet Security Advice

Security on the internet falls mainly into two related categories:

• Preventing your computer from becoming infected;
• Preventing your financial details from falling into the wrong hands.

Computer Infections

There is a lot of nasty software on the internet. Sadly, the only foolproof way to prevent your computer becoming infected is never to connect your computer to the internet and never to install any software!

So there’s no absolute guarantee that you won’t get struck by lightning in this way, but there are several online equivalents of playing golf in a thunderstorm, which you can easily avoid. Good habits come in two parts:

• Safe online behaviour will keep attacks to a minimum.
• Protecting your computer will minimise the effect of any attacks.

Safe Online Behaviour

If your computer gets infected by malicious software, it’s almost certain that you installed it yourself, either wittingly or unwittingly.

The Dangers of Email

All sorts of documents are able to contain code that will install itself on your computer and do nasty things. The most frequently infected formats are Word documents (anything ending in .doc), spreadsheets (.xls), and PDFs (.pdf). The most common method of spreading these infected documents is by email. So take precautions when using email:

• Never open an email attachment, even from someone you know, without first downloading it to your hard drive and running a virus check on it. Downloading a document, i.e. copying it and storing that copy on your computer, is not the same thing as opening a document. As long as you don’t open an email attachment, it won’t do any harm. If your email program opens attachments automatically, change the settings or get a new email program.
• Don’t even bother downloading an attachment unless you are convinced it is likely to be safe.
• Be very wary of email attachments from strangers. In fact, get into the habit of deleting emails unread from people or organisations you do not know and trust. The moral is: if you doubt it, delete it.

Dangerous Websites

Certain types of websites are more likely than others to contain infections:

• File–sharing sites are notoriously risky. Be very careful about anything you deliberately download, and run a virus check before opening any downloaded document.
• Pornographic or otherwise suspicious websites are best avoided. If you really must visit them, do it at work. You’ll probably get sacked, but at least your own computer won’t become infected. Actually, go to an internet café (and try to sit with your back to the wall).
• Websites linked to within emails. A link may not take you to the web page you anticipate. Do not click on links, especially in unsolicited emails, without hovering over the link and checking the actual address, which will usually be displayed at the bottom of your browser window. For example, try hovering over this link to see where it might take you: http://www.nice-safe-website.com!

The Dangers of Flash and JavaScript

Flash and JavaScript files are often used on websites to provide animations and other inessential features. Unfortunately, they are also sometimes used to sneak malicious software onto the computers of those visiting infected websites. By using web browser plug–ins such as NoScript and AdBlock Plus, you will eliminate these threats, not to mention all of those irritating advertisements that rely on Flash and JavaScript. See our How to Remove Advertisements from Websites page for details.

Reputable Software

Never deliberately install any software on your computer unless you are sure it comes from a reputable source:

• A lot of pirated software is infected.
• Even non–pirated software can introduce vulnerabilities, so watch out for reputable companies trying to force unnecessary software onto your computer, such as useless toolbars.
• If a website asks you to install an update to allow you to watch this week’s celebrity scandal video clip, don’t! You may think that no–one would be stupid enough to fall for that trick, but plenty of naïve people do, every day.
• If a stranger phones you and tries to persuade you to install software on your computer, don’t. This is a well–known scam.

Protect Your Computer

Most malicious software has to be tailored to a particular operating system. Windows operating systems are the target of the vast majority of attacks — more than 99%, according to this report.

Safer Operating Systems

So use a different system: Macintosh and Linux are attacked far, far less often than Windows, and are harder, though not impossible, to break into. Macintosh can only be obtained by buying very expensive hardware, but Linux is free and can be easily installed on any personal computer without affecting the existing operating system. Just buy a Linux magazine, such as Linux Format or Linux User, both of which normally include a cover disc containing one or more versions of the operating system.

Essential Precautions for Windows Users

If you must use a Windows operating system:

• Accept and install all authentic Windows security updates. There is some risk in doing this, but much more risk in not doing it.
• Don’t use Internet Explorer; it is full of security holes. Use a safer web browser instead, and always install the latest version.
• Make sure that a firewall is installed on your computer. Internet service providers will usually include a firewall, but having another does no harm. Wireless routers normally incorporate a firewall.
• Anti–virus software is less effective than a firewall, but it is essential for all Windows computers. If you install it you must keep it up to date.
• Some anti–virus programs incorporate anti–spyware protection, and will prevent standalone anti–spyware programs working. If you do install anti–spyware software, keep it up to date and run it frequently.
• Be very careful about attaching any physical device to your computer. USB memory sticks, optical discs, and digital photograph frames have all been used to spread infections. The Windows Auto Play or Auto Run function helpfully allows infected devices to install nasty stuff on your computer automatically. So switch it off. The location varies on different versions of Windows: click the Windows button in the bottom left–hand corner of your computer screen, click ‘Control Panel’, and in the search box, type ‘auto run’ or ‘auto play’. Run an anti–virus scan on any new device.

General Advice

You should create external copies of all your important documents frequently, just in case your computer does get seriously infected and crashes. Once a virus wipes your computer’s hard drive, the information is usually gone for good.

Before you get too paranoid, it’s worth noting that even Windows computers can be perfectly safe to use, as long as you are sensible.

Security Software

We recommend AVG anti–virus software, which is free for private, non–commercial users.

Two reliable, free anti–spyware programs which we can recommend are:

• SpyBot Search & Destroy, which can be downloaded from www.safer–networking.org;
• Lavasoft’s AdAware, which can be downloaded from www.lavasoft.com.

Both of these programs are completely free of charge when obtained from the websites mentioned above. If you are asked to pay, you are on the wrong website and you may be about to download something entirely different.

Some programs which are claimed to be anti–spyware are either useless or actually sources of spyware. Check out www.spywarewarrior.com/rogue_anti–spyware.htm.

Financial Fraud

All reputable online shops use software that encrypts credit card numbers before they are sent over the internet, and keeps them encrypted on the shop’s server.

It is much safer to give your credit card details to a properly secure online shop than over the telephone or to a waiter in a restaurant who takes your card away to process it.

Nevertheless, there are several ways to avoid problems:

• Use a secure password for any account that contains personal or financial information.
• Take extra precautions when using a computer other than your own. Public computers, such as those in internet cafés, are more likely to be infected than the average PC, so you should avoid using any secure log–in details on a shared computer unless you absolutely have to. This applies not only to online financial transactions but also to email accounts and updating a website. If you really must use a public computer for anything sensitive:
  • Make sure no–one is looking over your shoulder as you type your password.
  • change your password as soon as possible afterwards, using a trusted computer.
  • When leaving a website to which you have logged in, don’t forget to log out properly. Simply closing the browser will not normally log you out, and the next user will be able to go straight into your account.
  • When leaving a public computer, remove as many traces of your online activity as possible, such as cookies and your browsing history, by using the controls at the top of the browser. See our Internet Privacy page for more information.
• Give out financial details only on websites with a secure and encrypted internet connection. There are two signs to look out for:
  1. A web address beginning with ‘https’ instead of ‘http’.
  2. A picture of an unopened padlock, usually near the bottom of your browser window but sometimes also in the address bar at the top of the window, depending on the browser you are using.
  The Opera web browser in this example shows both of these features:
• As in a bricks–and–mortar shop, only give your credit card number when you are actually buying something.
• An email asking you to confirm your bank account or credit card details is always a fraud. No reputable financial organisation will do this.
• Never hand over any personal financial details by email. Always use a form on a secure website. In fact, never use email to send any sensitive information. Email is a very insecure means of communication.
• Again, get into the habit of deleting emails unread from people or organisations you do not know and trust, just in case you find yourself tempted by that get–rich–quick scheme!