Tuesday, April 24, 2007

Keeping yourself safe online

If you spot any personally identifiable information in this please report this so I can delete this, this is converted from an internal publication and should have had all personally or corporate identifiable information removed before online publication. According to my own rules.

I am going to start from the bottom and work upwards.

First, if you can use your own computer, only then can you know it is safe without keyloggers or spyware hidden on them.

Second, if you can stand the hassle (I can't) use a BIOS password[3] if you forget this you are stuffed but without one anyone can with physical access to your computer access any of your files change your password etc. without knowing anything about your computer.

Third if you can don't use Windows , unfortunately with the some networks that means you have to use mac (which is expensive) or use Windows (which is slightly less so) and the more secure Linux is not allowed the internet :-( Things are looking up here linux can get internet now. [4]

Fourth, if you must use Windows using anything before XP on the internet should be a criminal offence within, minutes it will be turned into a spam bot. Only use a fully patched XP computer on the internet (or don't use windows) and preferably from behind a firewalled router. (XP gets taken over in an average of 16 minutes if connected directly to the internet after just being installed). Vista well I won't go there but it is unstable.

Fifth, don't use any programs that come by default with Windows to access the internet[5], Internet explorer 6 which comes by default with Windows XP spent 280+ days of 2006 with unpatched security holes that would let viruses etc. in (it is still used by most computers). Internet explorer 7 is better but I would still advise against it. Firefox is probably the best it only spent 6 days of 2006 with unpatched security holes.

This goes for email as well don't use Outlook, use Thunderbird or some other email client, or use web mail.

On Windows you must always use the most up to date antivirus and antispyware software.[8]

Sixth, never use your real name online. Unless, you trust the site you are connecting to completely and when you are using it there is always a padlock sign (https:// will be at the beginning of the URL) somewhere on your internet browser (Firefox changes the colour of the address bar as well) and only those on your contact list are allowed to view the page. e.g. If you set your msn space page to be only viewable to people on your contact list then only the people on your contact list, Microsoft (M$) (and any of its subcontractors it allows) the US secret service, anyone spying on your internet connection and anyone who hacks any of the above will be able to view it. (So only a few thousand people (If they could be bothered)).

Seventh, encrypt your connection when on an untrusted network, if you are using a network you don't trust or are using a wireless network[1] and you have information you are accessing that is not encrypted (remember padlock sign). If you don't want to share what you are doing with anyone who feels like listening then you need to get yourself an encrypted connection to a proxy. For real anonymity (rather than security of the actual information) I would recommend the TOR network. (Warning you must trust the proxy you are connecting to completely it can be being used by a hacker to steal your information).

Eighth, Use as little personal information as possible (this includes photos of people).

Ninth, format your computers hard drive before selling it or giving it away. [2]

Tenth, Trust no one and go to a mental institution suffering from Paranoia.

Really I don't expect you to do everything on this list, I personally don't. But remember if you connect to any site (including hotmail) that does not encrypt its traffic then what you read can be read by other people so...


Keyloggers: programs or devices that record which keys you press in order to extract information such as passwords, user names and credit card details.

Spyware: programs that spy on you and your files to make money out of you somehow (or just to be evil).
Firewall: a firewall prevents connections coming into a computer or network unless they were asked for by a computer behind the the firewall or have been otherwise allowed.
Router: a router is a device (can be a computer) that takes all the connections to it from one network and funnels them into another network (e.g. The internet). Simpler than a proxy.
Proxy: something that does something on behalf of someone else in the context of computers it takes requests for webpages from one computer and makes them itself to the site in question and then passes them to the computer that asked for them.
Unstable: in the context of computers this means that it has errors, crashes and otherwise does weird annoying stuff that it should not do.


  1. If you are using wireless then anyone who knows the network key can listen to your connection. If it is WEP encrypted (rather than WAP (which with a good password can take a very long time to crack)) then it can be cracked in 15 minutes. If it is open then anybody can listen.

  2. Some criminals make a living by stealing personal information off old computer hard drives, formatting will remove everything but you will need a disk of some sort to do it with as windows will break if you try to format the disk or partition it is on. You will need to fill it with random junk and then delete and reformat 9 times to be sure that all the data has been actually removed (deleting a file does not actually remove it, the computer just forgets where it put it.)

  3. A BIOS password can be set by entering the BIOS settings (how to do this will be displayed the moment your computer starts up) then poke around until you find it, If you forget this you are stuffed completely. Alternatively a physical lock works quite well :-). Note that fingerprint scanners offer no extra security with the right disk your computer can still be cracked within 20 minutes.

  4. Tests carried out to determine the security of different operating systems found that it was easy to hack into a newly installed Windows computer, slightly harder to hack into a newly installed Mac OS X computer and much much harder to hack into a Linux computer. (search on slashdot)

  5. The reason you should not use windows programs to access the internet is that the bad guys specifically target flaws in these programs to break into your computer (and there are a lot of flaws). I would also advise that using M$ office is probably a bad idea, though not to the same extent and you should probably use OpenOffice (this is free) instead.

  6. Social networking sites are sites that allow you to connect socially with people on the internet through commenting on each others sites and chatting online and numerous other things.

  7. Blogs (origin web log) are many and diverse in what they do but generally they involve people writing things (these can be like articles) and putting them on their blog (usually they are ordered chronologically) they are used to provide information about anything from news to the movement of ants.

  8. At least one person I know is going to have to have their hard drive formatted and windows reinstalled after getting viruses over easter. However users of other operating systems may not need antivirus programs e.g. I used Linux all Easter which does not need antivirus and consequently I was safe. I did not use windows once.

Note: people who know enough about computers and windows computers in particular become slightly paranoid about them or know what to do if they were paranoid but cannot be bothered to do it. (I don't even have a password set or use Ctrl+Alt+Del to enter an administrator account on windows :-)(On Linux I have a password but it logs in automatically the password is only required if I want to do something dangerous))

Oh and the only reason people could hack the pentagon was that people there were really stupid and could not be bothered to change their password from the default of “password” this same flaw allowed lots of hackers in over a long period of time, it might have been fixed by now. Bebo is just as secure as the weakest user that is allowed to view the page (probably quite weak but who could be bothered to hack a silly social networking site?). Then again thousands of people had their Myspace passwords stolen (someone hacked the crackers and told the world) but the Myspace passwords were stronger than those used by employees of companies (who were cracked by the same people).


Anonymous said...

"the more secure Linux is not allowed the internet"

Who said that Linux isn't allowed on the internet? I use it daily online. 80% of all the Internet servers run on Linux. It works just fine with Windows networks. Your corporate network administrator doesn't have any idea what he/she is talking about. Using Linux for your office's desktop is not really that much more secure than using Windows - the number one reason network security is compromised in corporate networks is employees giving their passwords away.


Max Randor said...

I has a misunderstanding with one of our admin, who said that Linux would be blocked, however our *nix (OS X) admin had great fun when provided with a live boot disk and so things should be going much better now, as soon as I get my laptop back once it is fixed I should be able to go onto the internet from here.
Of course the weakest point in any computer system is usually the users, except for in really bad computer systems :-).

Max Randor said...

There we go fixed. :-)