Updated: June 29, 2006
Internet is a world. In this world, there are good guys and there are bad guys. In this world, most of the
time, trouble does not come after people; people come after trouble.
Today, Internet is an inseparable part of our lives (at least in some parts of the world). We use it to
communicate with friends and strangely-blond strangers, we use it to send messages to friends in form of
electronic letters (called emails), we use it to browse for information, to conduct business, to check out news
headlines and weather reports, to play games, to download music and movies, and much more. At each step of the
way, we are faced with the choice of a trouble.
Of course, we are not entirely on our own here. The bad guys are trying to help us step into their traps by
luring us with gifts and sweet offers of empty air, by trickstery and illusion, by trying to take advantage of
our mental and physical disadvantages (our own intelligence and our AI intelligence - the PC). The good guys
help us by providing us with programs that help us fight the bad guys. These are the firewall, anti-virii,
anti-spam programs, and whatnot.
But there's a problem here. The dark side of the Internet is rapidly growing. And so, alarmed by the threat on
our virtual existence, we pile up on more and more of the security products to keep ourselves safe from harm.
And this is the wrong way to handle the situation.
If you have a burglar in your neighborhood, it would be wise to buy a gun to defend yourself in case he barges
in in the middle of the night, right? Now, if there were 2 burglars in the neighborhood, would you buy 3 guns?
Let me raise some more tricky points. Let's say you're a good shot. You can hopefully hit the burglar with one
of the bullets in your clip. So if two burglars showed up, what is the best choice: 1) Buy a second gun. 2) Buy
a second clip. 3) Learn how to shoot more accurately.
The correct answer is 3. It's called education. So here I am, about to dispel the myth of Internet security and
make you breathe more easily. Of course, this article is meant for Windows users. Linux geeks have always been
Security experts will tell you horrid stories about identity theft - which only happens in USA, for some reason.
They will talk about things that begin with ph - phishing, pharming. They will tell you that the cybercrime has
gone up 1,000% since the last time they reported it. They will tell you that an average PC gets hacked within 10
microseconds from the moment you plug it into the wall. Most likely, the facts are true. But not the reason. The
reason - they say the criminals are getting better and better and more aggressive. Not true. The reason is - you
decided to let them fool you.
I'll come to the reasons soon. The experts will warn you that in order to survive the Internet today as a Windows
user, you must have at least 9 firewalls, 12 anti-virii, 4 anti-trojans, 8 anti-spyware programs, 3
anti-scripting programs, 4 anti-worms programs, 5 registry monitors, 27 hardening tools, and 4,333 HIPS programs.
P.S. Trojan is pronounced tro-yan, not tro-jan. The legendary city where Brad Pitt gets owned by Legolas is
called Troy, not Troje. The j here is like the Dutch j.
Now, another analogy. Bear with me. Try to follow the story. Private Dick has just finished the boot camp, he's
fresh and young. Rambo is a hardcore veteran of many battles with millions of hours of combat behind his belt. We
send them both to war. We equip Dick with the best of the best weapons that can be had, scoped rifles, laser
RPGs, automatic mortars, BFG-9000. On the other hand, we give Rambo only a knife. Unsurprisingly, Dick gets
pwned. Rambo survives to tell the story.
Why? And how?
Dick was not taught to handle the weapons. So in his hands, they are pretty much useless. Rambo knows how to
utilize the situation to the best of his needs. And this is exactly what happens on the Internet today.
Your average user has the money to buy a nice PC. He does. He wants to try the Internet. He plugs the PC into the
wall. He gets hacked. The second time, he listens to the advice and buys an expensive security suite that
protects him from evildoers. After a few weeks he gets owned. He buys more and more and more software. But
nothing seems to help. What's going on?
Patience is not the human greatest virtue. Furthermore, Fermat's theorem says that a body moving from A to B will
try to minimize the action of its movement (not the actual distance but the energy state). This means that your
average human will shortcut through logic and common sense to satisfy his primal urges. In other words, if
there's something on the net that he wants, he'll get it, no matter the price or the consequence.
Our average guy is armed like hell with security softwares, his PC takes 30 minutes just to boot. He decided to
try out one of the Internet's greatest things - porn. After getting his inbox spammed for registering at dubious
sites, the guy realizes he's still not getting the movies he wanted to see. So he falls for the promises of 500%
increase in Internet speed, the download boosters, the search helpers, and similar concepts.
At first, his security programs are warning him that he's doing something wrong. But the multitude of alarming
and conflicting messages (often popups) are only contributing to the growing frustration at things not getting
done like he expected them. One by one, our average guy shuts his guardians down. And finally, gets cankered
To clarify the concept of a security warning, here's a screenshot:
Charming, isn't it? Unless you know what the above means, you could as well be prompted in other languages. So,
what our guy needed was not programs - it was the knowledge he lacked. So, if you do not have any, you might as
well follow my advice how to keep yourself safe, because no amount of programs will help you.
Here it is:
What do we do on the Internet?
We browse various sites - this includes downloading pictures and programs. We chat - this happens either
through dedicated programs or through browsers at dedicated sites. We mail - this can happen through browsers or
dedicated programs. We share files - most likely, people do this by using P2P programs. We game - using online
game servers through client software on our machines. And this summarizes about 99% of average online
Let me invent some statistics
Let say a person spends 4 hours a day in front of his PC. During that time: He spends 5-10 minutes reading
and writing mails. He spends 3 hours browsing, including 40 minutes chat somewhere and 2 hours 20 minutes of
porn. He talks with his friends using Instant Messaging - 30 minutes while browsing boring porn sites. He
downloads music and movies for exactly 4 hours. He plays a game online; only 15 minutes because his ping is bad
due to all the downloads in the background.
What are the dangers he faces?
For the duration of 4 hours, he's visible on the Internet, with a sort of a long number ID called IP. His PC
has lots of doors (65,000 and some). If he does not close these doors, someone might try coming in.
The mails that he reads might be fitted with malware that might try to execute locally on his PC. While chatting,
some strangely-blond stranger might send him his (her) photo or links to a photo, and the user might be tempted
to click and see. While browsing, he visits lots of sites, all of which are loaded with content, and some of this
content might try to trigger things locally on his PC. While gaming and sharing files, his PC is communicating
with remote servers and other users worldwide.
How to handle the potential dangers?
Everything we do is a conscious, deliberate choice. We make most of the choices while browsing. Every site
we visit is a choice. We do that hundreds or thousands of times a day. Ultimately, this is the biggest avenue of
danger we face. And if we cut down here, we increase our security instantly. So, to keep safe, we need to follow
a number of simple rules:
Just use a firewall. I would recommend ZoneAlarm
, as freebies. Once you
install a firewall, make sure it stealthes or closes all the ports. A popular site for testing firewalls is Steve
. If you pass the test, you're most likely OK
against routine port scans that happen all the time.
Do not open email attachments (even from friends and known contacts) unless you are sure that the content is
Do not click links or download photos from strangers. Keep the programs up to date.
Use clean, unbundled software, keep it up to date. Do not download programs (executables) and cracks to
programs, because you cannot be sure they are not well-crafted malware. There is a general misconception that P2P
is extremely dangerous. It's partially true. Some programs are bundled with malware. Just don't use them. Second,
downloading malware through P2P does not make it any different than downloading malware through a web browser.
Often, the availability of programs (and dangers) is much greater through P2P than web sites.
Make sure the software is up to date.
Finally, the web
Web browser is the machine that communicates with sites. Some browsers are more prone to vulnerabilities
than others. It comes down to how the browsers handle active content and how deeply enmeshed they are into the
the active content, you significantly reduce the exposure. And the simplest choice is the Firefox browser, by
it can be turned off in most browsers. But Firefox gives the user the greatest flexibility in toggling it on and
anywhere on the browsed page. It's very convenient and safe. For the sites you love and trust, enable it. For the
ones you don't, don't.
And that's it. Head out there with impregnated Firefox, and you'll be safe no matter what site you go to. Of
course, some sites will not work. But that's the whole idea. You don't want them to work.
If you're interested, download Firefox
and the Noscript
You can test
not if you don't.
Theoretically, the code behind the little box can be configured to do lots of useful stuff. It could be
configured to display heart-warming messages of greeting with different content at different hours of the day, or
to calculate the entropy of a glass of blueberry juice. On the other hand, if my site were to be hacked, for
instance, someone could replace benign code with malicious code. Therefore, if you do not absolutely 100% trust
the site, do not click things on it.
Firefox has hundreds of useful extensions. It's probably the most customizable browser available. You can find
about all the possible extensions at Mozilla Firefox Add-Ons
I recommend Adblock
for ad-blocking, Cookie Button
for cookie control/blocking and Tab Mix Plus
for enhanced tabbed browsing. And that's it.
Careful use of programs, a firewall and Firefox with Noscript should keep you rather safe. However, nothing at
all will protect you if you decide to run destructive programs on your computer. So ... do not run them. But how
can you tell the difference?
Yes, it can be tricky. But it's simple really. Before you download or run a program of interest, head to a
security forum and post a question there. People with vastly more experience will try to help you decide. A
general good rule is to avoid too much shiny freeware, download from vendor's sites and do a bit of research
before double-clicking. Search engines like Google
will provide more than
enough sources to read from. Just type something along "program's name, malware" and see what comes up.
Some great security forums are:
Wilders Security Forums
More than enough to get you started with. Of course, if you really really must, an anti-virus scanner can be
useful. Firefox can be useful here, too, because it has an extension, called Dr.Web anti-virus link checker
, which uses the Dr.Web online
anti-virus engine and allows you to scan files before you download them.
Furthermore, Kaspersky has a Free Online Anti-Virus Scanner
(ActiveX) for Internet Explorer. ClamWin
anti-virus can be a nice on-demand
addition, used only when needed, without hogging resources. And finally, you can always upload a suspect file to
Jotti's Online malware scan
, where the uploaded file will be scanned by
some 15 different anti-virii.
All of the above can be had for precisely 0 money. It will give you a nice solid start, from which you can slowly
and carefully build your knowledge and experience. Do not be tempted to cram your hard disks with unnecessary
content. Invest in your education and you will benefit many times over, financially and security-wise.