   |
Private Affairs
This is refractory brick - used to build firewalls |
* = live links
Privacy is a personal matter. Just how private you will be whilst surfing depends on your preferences and your ability to effect them. A trustworthy internet company will always state its Privacy Policy up-front and in clear language. For good examples, read the 'About Windows Update' at the WU site, and Google's terms here* when you download and install their toolbar (see #4.18). Others have no such scruples and will go to inordinate lengths to get your information using fair means or foul. This Table puts forward a few suggestions on how to hit back, and not give away personal details inadvertently.
|
Table 4 Privacy Protection Procedures |
||
|
4.1 |
DO |
when presented with a End-User Licence Agreement page during an installation read it. They tend to go on and on, but there are often permissions in there that you are granting to the vendor. This applies to all EULA, Registration, Subscription and Privacy forms. Don't sign away your rights by clicking 'yes' out of hand. However, unlike paper forms, you cannot strike out those clauses that offend - it's all or nothing. You could, of course, make a note of anything you do not want to agree to and contact the supplier before clicking. I doubt it would bring any joy though. Go through the small print with a fine-toothed magnifying glass |
| 4.2 | DON'T |
thoughtlessly disclose personal information that would allow you to be contacted. You should be suspicious of why they want to know. Remember that your postcode can pinpoint you. Be like Dad - Keep Mum |
| 4.3 | DO |
consider carefully what information you are disclosing. Details that only your bank should know should be restricted to them alone and not to any other website asking for it. Be wary of such, and ask yourself why they should want to know the name of your favourite film-star or your place of birth. Who's asking? |
| 4.4 | DO | consider
the possibility of setting up a free email account to be used only for
subscriptions, software registrations and website forms. A cosy little hideaway |
| 4.5 | DO | set
up your usual email client (such as Outlook) to screen out messages from
known spammers (see
Table 3*).
Good Email is like good coffee - best filtered |
| 4.6 | DO |
provide false information where the truth might be used against you : nobody will ever be prosecuted for telling dodgywebsite.con you are B.L.Zebub, No. 666, The Pit, Hades-by-the-Styx. You will not be damned for all eternity (or even a small slice of it) for telling them you are unemployed with a handful of CCJs and you don't own so much as a pitchfork. ...but not if the people asking are in dark blue and call you 'Sir' |
| 4.7 | DO |
regularly, frequently and unfailingly clean out Cookies and Temporary Internet Files. (See Table 2*). This information can be mined (searched through and collected) by an intruder. Would that 'mined' meant you'd booby-trapped it with an explosive device. |
| 4.8 | DON'T |
forget that other countries have different laws. Not 'may have' but 'do have'. The Internet is international in extent but the laws under which it operates differ from place to place. My chemical formulas, your firework recipes, his terrorist bomb. Politicians have an invidious habit of moulding the meanings of words to suit their (party's) purposes. 'Privacy' is one such; 'prevention of terrorism' and 'pornography' are others. You don't need to be on the receiving end of such chicanery. Some states are considerably more nanny than Mary Poppins |
| 4.9 | DON'T | have
your email client set up to receive
HTML
(rich text) messages. Embedded
images you choose to view can reveal contact information, as well as
leaving you open to script attacks. (Web
Bugs*)
If you want fancy stationery, write on wallpaper |
| 4.10 | DON'T |
use your regular
email address when posting to Newsgroups or Message Boards, or when using
a public access terminal.
There is at least one exception to this... |
| 4.11 | DO |
if you use AOL Chat Rooms, use a dedicated screen name for chat rooms and block email to that screen name. From the master screen name, enter the keywords 'mail controls', select your chat-room screen name from the list, and check off either Block All Email or Customize Mail Controls.
Their customers are the only ones that really need it. Probably. |
| 4.12 | DO |
get used to using a secure or encrypting email account * when sending messages with sensitive information. Web based schemes do not even require software to be downloaded. However, when setting up these accounts you have to supply your real email address, which means you have to trust the organisers with the sort of information you are trying to keep confidential - which goes some way to defeating the object. Who will guard the guardians? |
| 4.13 |
DO |
reply to precisely targeted email (provided you recognise it as such). Put 'remove' or 'unsubscribe' in the subject header, or follow any instructions within the actual message. Real business email invariably supplies a functioning remove link. But beware of hoaxes that look like the real thing. Any in poor or broken English or which are very short, obscure or meaningless to you, are highly suspect. Look out if you are asked to click 'here' rather than on an explicit URL. A company that is able to cross-reference records with a domain registry is smart enough to describe the removal procedure in perfect English. |
| 4.14 | DON'T |
use easily guessed
words or numbers for passwords or leave them lying
around in open files where they can be read. Use a secure password manager
such as
Whisper32*
Nail it down or somebody will have it away |
| 4.15 | DO |
get into the habit of securely logging on to your own machine. The Windows method alone is not safe. You can enhance it with something like JBoot* for Win 9x systems. Key of the door for any age |
| 4.16 | DO |
install a good
firewall*
which will prevent both incoming and outgoing calls unless
specifically allowed.
Mediaeval fortifications were built high, deep and thick - no way over, under or through except via the portcullis or privy |
| 4.17 | DO |
use an additional email client, such as Ultrafunk Popcorn* or Mailwasher* to read the headers of messages waiting in your mailbox. Get rid of unwanted ones before the body is downloaded to your Inbox. (see also Table 1). They can't hurt you if they don't get close |
| 4.18 | DO |
run System File Checker
(from the Command Line in XP, type SFC /Scannow; in 98SE it's in System
Tools\System Information) This tells you if anything has altered a .dll file.
Routine maintenance should be er...routine |
| 4.19 | DON'T |
have anything to do with software that doesn't tell you anything about the author, the vendor or its development. They're ashamed of something |
| 4.20 | DO |
use a pop-up stopper. Sometimes your firewall will reduce the nuisance from these ads, but you can get stand-alone applications. A convenient free one is the Google 2.0* tool bar. Not so much a search-engine more a way of life |
| 4.21 | DO |
use your eyes and ears,
watching out for strangers and changes : different error messages from the
usual, unexplained slowing down or frequent crashes. Keep your modem tones audible
(raucous I know) but you want to know if anything is trying to dial out.
You are the mainstay of your system's defence strategy |
|
...and this is ordinary brick, used to keep yourself to yourself. |
||
|
|
Worms
|
|
Say
No to Worms - Just Don't Let Anyone Hear You 
Once they've breached your defences through security holes, they need no further action from you to wreak their particular brand of havoc. Remember they're trying to enslave you, and once in, a ticket is no longer necessary. Slam the door in their faces.
|
Table 5 Avoiding Worms |
||
|
Fact |
Action |
|
| 5.1 | MS Office Outlook is the application most vulnerable to email worm attack. Outlook Express is a close second. | Make sure you have the latest patches, and downloaded them only from an official site. They will be digitally signed. |
| 5.2 | Email attachments are the commonest way worms are passed around |
Avoid sending and receiving email attachments. If you must, then Save to disc, and virus scan before opening |
| 5.3 | Script worms can masquerade as harmless files |
Configure Windows always to show file extensions. Watch out particularly for .vbs .shs .pif .scr - all commonly used by worms but almost never by genuine attachments. |
| 5.4 | Files or attachments with a double extension are potentially dangerous | eg. dodgy.bmp.vbs - don't open them |
| 5.5 | File sharing is another common way worms are disseminated |
Do not join file-sharing (P2P) schemes. If really must, ensure that you do not authorise the sharing of your Windows Directory or a whole drive. |
| 5.6 | Things sneak in when you're not looking |
Power down or disconnect the network/modem cable, though you should be able to trust your firewall to lock up tight. |
| 5.7 | Weird looking emails probably are |
Don't click anything in them or open their attachments. Examine before previewing using a 'safe' email client that shows headers only. |
| 5.8 | Commercial emails could be agents of infection |
Don't click links or images in unsolicited email. They're more than likely to give you things you would rather not have. |
| 5.9 | Sex is often used as an enticement, as it is in real life |
Delete out of hand any email with sexual title or content. Never try to run executables with sexual titles. |
| 5.10 | Dangerous attachments often use familiar looking icons |
Beware of attachments that try to look innocuous. They aren't. To fool the user, worms often send executable files which have an icon resembling those of picture, text or archive files. |
| 5.11 | Chat Rooms are notorious for passing on infection |
Never accept attachments from strangers in online chat systems such as IRC, ICQ or AOL Instant Messenger. |
| 5.12 | Newsgroups are often used by virus writers to disseminate their poison | Avoid downloading files from public newsgroups (Usenet news). |
| 5.13 | Most Firewalls and Virus Scanners can be set to scan email and warn you of anything suspicious |
Get and install one of each. Freeware examples elsewhere on this page. The firewall will also close your vulnerable ports. |
| 5.14 | Worms are rogue script and often spread because of user carelessness |
When surfing have your Internet Zone set to Restricted. This means that 'Download Unsigned Active X Controls should be disabled, as should 'Initialize and Script Active X Not Marked as Safe'. See Table 7*
|
|
|
Carpware
|
|
Install any of the applications listed below, and you'll get a lot more than you bargained for. It also includes ISP Clients, well-known for Browser Hijacking and Makeover. I coined the expression because users who install it, will from then on, be always carping about its behaviour. At least that's my story and I'm sticking to it. Note that some titles here are known Spyware, many are Resource Hogs, and all are involved with some form of advertising or sponsorship. They are not known for tamely allowing their junk to be removed once it's in place.
See below Table 6 :
to discover What They Do, How They Do It and Who They Are.
For information on how common pestware is proliferating.
to get the Evaluation (free) version of Pest Patrol : it identifies pests but does not automatically remove them.
to get Spyware Blaster, which protects you from most spyware and keeps a comprehensive list on your system. This can be searched and detailed descriptions produced.
This list will be added to only sporadically. There's about half a million of them out there.
Table 6 Problematic Software
Title and Description
Vendor
Notes
6.1 ISP Content Providers : their software, usually provided on CD, is intended to be used on a home system with a DUC. Provides a web interface to allow clients to check mail from their website. Also hijacks and makesover your browser to their specs. Their home-pages are the 'content' which, deprived of its ads can be rather uninspiring. Still, the user willingly buys-in to their offerings.
America On Line AOL
Tiscali
Freeserve
They nearly always change browser appearance or your default home-page. Can be difficult to get rid of. Some even put themselves into your IE Trusted Zones, thus by-passing security measures. They will often interfere with other internet connections you have.
6.2 Toolbar/ Searchbar Menaces : try to get you to install their bar, at which point your browser is compromised, often by trackers.
Xupiter, CJB Management, Nester Smart Browse, Popular Enterprises, EZ Search, Huntbar, Hotbar,TinyBar and many others, Not all toolbars are badly behaved : Google for instance, is worth having.
6.3 Go!Zilla : Download Manager. Has a core of useful aspects but the free version is cluttered with ads. When installing, the program sneaks in a bundle of adware. This will not uninstall and has to be cleaned out of the Registry manually. If you try this, the program stops working. The commercial version does not have the parasites.
DigitalCandle Includes additional applications bundled within the software's installer file, some of which may be provided by third parties. These may deliver ads, collect information, overlay content or graphics on the Web site you are viewing, or they may modify your system settings. Pay close attention to the options presented to you during installation.
Known third-party applications bundled with this download include Weatherbug and eZula TopText.
6.4 Comet Cursor : Newer versions have grown, and now encompass features unrelated to mouse pointers. They seem to have dropped some of their more dubious practices.
Comet Systems Changes the mouse pointer when hovering over partner sites. Notorious for being one of the first programs to install with another, (piggy-backing) and for tracking viewing of partner pages.
6.5 Resource Hogs and Conflictors : Many of the programs listed elsewhere in this Table take up a sizable part of your system resources and can conflict with serious applications. They also run at boot-up and slow down your starting.
Running in the background, their behaviour is not always obvious
Felix : author Unknown Screen Mates (Indimi Inc)
Big Cats (Screen Craft)
BonziBuddy
Spinner (AOL)
Webshots
RealPlayer
Don't have anything to do with anonymous software.
Are screen-savers really necessary nowadays?
Large, high definition images can slow things to a halt, and can even cause your system to crash.
6.6 Gator eWallet & Offer Companion : Security problem : stores authentication data - yours. Employs Drive-by Downloading techniques. As it gathers and stores your personal surfing habits, you are also a probably unwitting contributor to the Gator Advertising and Information Network (GAIN).
Gator Corporation 6.7 Peer-to-peer (P2P) File Sharing : Files are shared between all users of the network. This poses a security hazard and has bandwidth implications. They use piggy-back applications riding on their ostensible purpose which will try to install automatically.
Kazaa (Sharman Networks), iMesh, WMX (no additional hidden progs), GAIN, Bonzi Buddy, XoloX, Grokster File sharing generally rides rough-shod over copyright. Many of these apps are Resource Hogs and tend to cause system crashes. Can slow down or block network traffic.
6.8 Browser Accelerators : Make (mostly false) claims to increase speeds by impossible amounts. They are usually proxy servers which claim to accelerate your internet connection. They can't and don't. They run at start up to ensure all your web connections are routed through their proxies. Every web connection you make, including 'secure' connections, goes through the proxies and is logged and analysed on behalf of the customer companies.
NetSetter (Market Score)
You will not notice any significant speed-up from using the service. There is a 'required update' feature. Will not work through a different proxy. Will kill your internet connection if you try to delete the csloa.dll component manually in Market Score's offering.
6.9 RealPlayer : A useful application hidden under a welter of ads and importunate begging. All this, of course, disappears if you buy the precious metal version.
Real Networks When in the System Tray this program eats up system resources and directly conflicts with business-related software.
6.10 Diallers : connect you to Premium rate phone lines without your knowledge. Can be installed as drive-by downloads by visiting websites if you have the Access Plug-In spyware on board.
Interfun , Master, Star, X-Dialler, Eroskop and many others. Often involved with porn. 6.11 CoolWebSearch : as with much other spyware, this pretends to be useful to the user, whereas it is mining data and subverting your system. It has a considerable number of aliases : CoolWwwSearch, YouFindAll, White-Pages.ws, drxcount.biz, real-yellow-page.com, list2004.com, linklist.cc etc. It is so difficult to clean manually a special tool is needed. Also some spyware removers ignore it or leave traces of it. Use CWShredder* to remove it properly, or simply to confirm you are not infected.
NB : A new variation of the parasite includes CWS Killer, which prevents you from reaching anti-spyware sites, and keeps Spybot from working. In order to clean your system, you must first download and run a special cleaning tool *
6.12 BCWipe 3.03 : Like earlier versions this wipes files making data irretrievable. To do this it has to turn off System Restore in XP. It warns it is doing this, but does not remind you that switching it off deletes all your System Restore Points.
Jetico Claims to be free, but is actually an expired demo version that nags you for registration. Version 2.28 was freeware - they no longer supply it but I do. See 6a*.
Beware of geeks bearing gifs
What else to do :
Parasites Pest Encyclopedia Emerging Pests What, How, Who Counterexploitation Pest Patrol Still Stuck with It ? Spyware Blaster
Safety in Internet Explorer 6
Note : these settings are pre-XP SP2
You need not accept the Default settings. To reset options in IE 6 that can affect safety, open it, then :
Route 1 : Tools\Internet Options\Security\Internet Zone\ Custom Level \ Active X Controls and Plug-Ins
Route 2 : Tools\Internet Options\Privacy then Advanced.
Table 7 Zone Settings in IE 6 (XP SP1 and before)
Parameter
Internet Zone
Trusted Zone Secure Setting Safe Setting Download Signed Active X Controls Disable
Prompt Enable
Download Unsigned Active X Controls Disable Disable Prompt
Initialize and Script Active X Controls Not Marked as Safe Disable Disable Prompt
Run Active X Controls and Plug Ins Disable Prompt Enable
Script Active X Controls Marked Safe for Scripting Disable Prompt Enable
Active Scripting Disable Prompt Enable
Scripting of Java Applets Disable Prompt Enable
Others Disable Prompt Enable
Java Permissions High Safety High Safety Low Safety Privacy (Automatic Cookie Control) Medium High Medium Privacy Advanced (Override Auto Cookie Control) 1st Party Cookies Prompt Prompt 3rd Party Cookies Block Prompt Session Cookies Prompt Allow
Most of your surfing will be done in the Internet Zone. You will need to strike a balance between safety and accessibility.
The Secure Setting is the same as for Restricted Zone - some sites will not load or will not work properly.
The Trusted Zone settings could be used for the Internet Zone, but you will then have little or no protection.
In the Restricted Zone you place named sites you know or suspect are dangerous.
The Trusted Zone is for named sites you know will not smack you.
Rule of Thumb : Disable by default; Enable by choice.
The conservative setting is Prompt, but like most fence-sitting, this becomes uncomfortable after a while
In Privacy / Edit you can name sites where Cookies are either Never or Always allowed.
Use these suggestions in conjunction with the Privacy and Program Control settings in your firewall.
Never rely on IE alone for security. There are issues Microsoft has not even begun to address.
Cookies : 1st Party - come from the webmaster of the site you're visiting. Could be trackers.
3rd Party - come from a source other than the webmaster of the site you're on. Could be anything.
Session - should disappear from your system when you leave the site. Don't bank on it.
What else to do :
Description Link
Active Content and Security : Read or Print 
Browser Security Tests
IE Buttons to swap sites from Zone to Zone
FIN
