Privacy or security is your choice

Should your ISP be monitoring your connection? According to this story, that’s what’s starting to happen in Australia, where the government has mandated that computers spewing spam or malware must be shut off from the Internet. And the only way to do that is for your ISP to invest in some pretty heavy-duty gear to peer into every packet their customers send and receive, in order to ensure that there’s nothing nasty lurking inside.

The pluses are that it helps make for a safer Internet. The downside is that your ISP is spending more money that it’ll have to recoup somehow — guess how — and that it’s looking at your data. Right now, it’s only interested in malware – but what happens if government policy changes?

You can hear the conversation now: “Well Mr ISP, you already have the mechanism to look at everyone’s data, how much harder can it be to check for dissidents, or those with a criminal record?” The answer will be: not very. And that’s the top of a very slippery slope.

So it’s a choice: be secure or be private – you can’t have both. The best protection we can all have is the protection we ourselves provide, so that the government does not feel the need to step in with legislation. It’s illegal for them to look into your mail or listen into your phone calls, so why should your email not be subject to the same privacy?

Keep AV free!
Free anti-virus is here to stay – and it works. As someone who’s been using free AV tools for over 10 years and never had a problem, I can testify to that. And about one in four UK PC users uses Avast to protect themselves, with about 42 percent using free AV software worldwide, according to security experts at OPSWAT.

So how does it work? Companies such as Avast give away free AV software in the hope that you and I will find it so compelling that we need to upgrade to a paid-for version. Many do. Those who don’t get exactly the same level of protection but don’t get added features, such as a firewall, anti-spyware and other security measures. If you’re covered already, that’s fine.

And long may it continue.

Security: time to spread the word

There’s no shortage of information online about how to keep your computer safe. The problem is that I suspect most of those who need it are not the kinds of people who would go out and look for it; I’ll get back to this point.

As an example of the kinds of helpful instruction that’s now available, Google has just put up a page that shows you, step by step, how to make your computer as safe as possible. The first three steps consist of making sure the machine is free of viruses and malware (using Avast, naturally – end of plug); making sure your operating system is up to date; and making sure to perform regular software updates. It then provides steps for your browser and email client.

A key suggestion from Google’s list is that you change your password twice a year. Passwords provide notoriously weak protection. People use passwords that are easy to remember, such as their name and birth year. That’s information you could find on someone’s Facebook page. You wouldn’t have to look too far to find answers to other questions such as someone’s mother’s maiden name, or their favourite food.

So you need to make your passwords hard to guess. That’s tough because it makes them hard to remember too – but there are programs that can help. The simplest way is to write them down somewhere but in a safe way. That’s not on a sticky note on your desktop but in a safe, encrypted manner. It could be in your browser or, since not everything goes via the browser, in using a package such as the well-regarded KeePass, for example. This means you need only remember one master password, and the others can be pulled out of the safe as required.

Less fashionable but a method I’ve been using for years is a password generator. While some software may have limitations, such as an inability to generate passwords to meet specific criteria demanded by some websites, such as password length, a fixed number of non-alphabetic characters and so on, it’s a method that’s worked well for me for years. As before, I need only remember a master password, while the service passwords are generated using a combination of the service name I’m trying to access and other data that I’m not going to reveal.

But back to my original point: if you’re reading this you’re already in a category of people who are interested enough to have searched out a security-focused blog. This is both good for you and good for all of us — the more people who compute safely, the safer we all are because of the phenomenon of herd immunity.

What we need to do is to reach those who don’t make it this far. So perhaps we should all make it our mission to get at least one other person interested enough to do likewise, and they can then go on and infect someone else with the security bug.

How about it?

Beware the typo

Do you ever play games on your PC? If so, you may be easy meat for the malware writers.

What does this mean? We all rely on technology to get things done. Whether it’s writing a letter, playing a game, or hammering out a project that must be finished today, there are times when we’re concentrating on just one thing almost to the exclusion of everything else. It’s at this point that we’re most likely to to fall foul of the nasties.

For example, you may be researching on the web for a particular piece of information that you need to finish a project. You rattle away through Google’s search results — and then you realise that the result is on a page you’ve visited before. So you type in the web address but, in the haste to get at the details you need, you spell the URL incorrectly.

This is what they’re waiting for. There’s a web address for almost everything you type in. most are legitimate but a huge number are not. They sit at the margins of what we want, but expect a percentage of us to make a mistake when typing in the address. When that happens, you don’t go where you expect but to another page entirely. Almost any typo will take you somewhere you probably don’t want to go.

The page might announce that you’ve typed in the wrong address, or it might look very like what you think you typed in. but there’s a high chance that the page could attempt to install software on your PC that you surely do not want installed. For example, it might be a keylogger that can track your passwords and transmit them elsewhere, or a piece of malware that turns your machine into a zombie, the name used for members of a botnet — a network designed for mass spamming or denial of service attacks. And you won’t know it’s happening.

So why mention games? Because of the intensity with which you’re playing and the concentration levels required, you’re at your most vulnerable when you zap off to a site to download a utility or grab advice from a forum. That’s when the mis-typed URL grabs you and can pull your machine over to the dark side.

There are some simple steps you can take to prevent this, including leaving your anti-virus software switched on, turning on silent/gaming mode, and beware of downloading games through warez sites. You can also configure your machine to use OpenDNS, which can help trap malware sites and is a fast, free alternative to your ISP’s automatically configured DNS (domain name server). DNS is the Internet’s mechanism for converting the URL you type into a universally recognised Internet protocol address — www.bbc.co.uk translates to 212.58.246.95, for example.

There’s lots of ways to catch an infection but fortunately, awareness as well as the right technology can help prevent that. So whether you’re working or having fun, be aware and be safe!