Mon, 31 May 2004

Internet security is up to us

Vishnu K. Mahmud, vmahmud@yahoo.com

There have been an alarming number of Internet security concerns over the past few months. Annoying spam, virus attacks, Internet worms and virtual identity theft is becoming more common as the world embraces technology.

IT has become not only the buzzword in corporate circles but also a means for cutting costs while expanding services.

As such, it is becoming more common for people to use ATMs, Internet banking and e-mail in their day-to-day lives. Unfortunately, as the technology progresses, so do the problems.

Unlike other industries, computer companies (both hardware and software) can disclaim any responsibility for their products' operations by users, as shown in the extremely lengthy end-user licensing agreements.

In essence, faulty coding that leads to security holes or file corruption is usually the risk of individual users. In contrast, defects in a automobiles that result in casualties could lead to serious consequences for the manufacturer.

Thus, neophyte computer users must defend themselves against the increasingly serious problems the virtual economy is facing. Despite various articles written about security, very few people are taking it seriously.

One should be reminded that a chain is only as strong as its weakest link; no matter how expensive and sophisticated your equipment, not having a password to secure computer access may open doors to loss or stolen data. What is most important is that users must be aware of the dangers and be prepared.

Phishing is the latest scam to hit the Internet. Users get an e-mail supposedly from their bank to confirm the details of their account, requesting clarification of their name, address, password and others.

Even though the message looks legitimate and is pointed back to the bank's official website, it is simply a ruse by criminals to obtain information from users to drain their accounts dry.

Another scam is mirroring, where an unauthorized person creates a website that looked precisely like an official one, usually a financial institution, hoping to trick users into entering their user names and passwords.

A major Indonesian bank was the victim of mirroring a few years back when a local hacker wanted to demonstrate how easy it would be to collect user data. This occurred when the hacker obtained a Web address that was similar to the bank's, justly slightly misspelled.

Amazingly, he managed to harvest a good number of user account numbers and passwords.

Internet worms are also becoming more dangerous. No longer do you have to double click anything, as a worm (like a virus) can simply enter your computer and send copies of itself to others for whatever evil purpose.

This is usually possible due to flaws in the operating system or a particular computer program. Data can be erased, or worse, private information gathered for future use.

Here are some tips to ensure that your computer is ready to face the rocky waves of the Web. 1. Install and continually update an antivirus program:

It's not free but it is a worthwhile investment. You can easily get the McAfee Anti-Virus (www.mcafee.com) or Norton Anti- Virus (www.norton.com) and their data files off the Net. Keep these programs running! 2. Update your computer system:

If you are using Windows, Microsoft (www.microsoft.com) will issue security patches to plug any security holes. Mac and Linux users should also keep up with the latest news on impending patches by keeping an eye out for software updates. 3. Install a personal firewall:

This program will ensure that you and only you have complete control of your computer and allows traffic in and out according to specifications that you alone set. Black Ice (www.networkice.com) is one of many popular desktop firewall solutions that can log any attempt of access your computer from an outside source and help trace its origins. 4. Never open e-mail attachments from strangers or even friends:

Would you suck on a lollipop given to you by a stranger in Times Square? Too many people eagerly open a binary file in the hopes of seeing a little something funny or naughty. Scan them first with an antivirus program and double check with the sender to make sure. 5. Be careful when downloading and installing software:

Always be wary of installing software from dubious sites (especially from sites that insist you install their program in order to view their library of "special" images). These programs may be viruses or spyware that can steal or erase private data, or worse, offer a backdoor for hackers to exploit. 6. Keep your passwords secure and long:

The longer the password the more unlikely it is for a hacker to crack your e-mail, files or Internet accounts. Never use a birth date or any other number/name that can be easily associated to you. 7. Trust no one:

No matter who e-mails you to request information, never trust e-mail. It is not safe to transmit sensitive data (unless you use encryption). Businesses and financial institutions will NEVER ask for information over the Internet. Always use trusted and traditional methods to convey important data (such as a publicly listed call center phone number).

To get an idea on how secure your computer really is, check out SHIELDS UP! at www.grc.com. This site will safely scan a computer and inform users what information their computer is giving away.

It will then provide suggestions on what to do about their security vulnerabilities. The service is free and is an excellent starting point of getting the latest news about security threats on the Internet.