Internet is a world. In this world, there are good guys and there are bad guys. In this world, most of the
time, trouble does not come after people; people come after trouble.
Today, Internet is an inseparable part of our lives (at least in some parts of the world). We use it to
communicate with friends and strangely-blond strangers, we use it to send messages to friends in form of
electronic letters (called emails), we use it to browse for information, to conduct business, to check out news
headlines and weather reports, to play games, to download music and movies, and much more. At each step of the
way, we are faced with the choice of a trouble.
Of course, we are not entirely on our own here. The bad guys are trying to help us step into their traps by
luring us with gifts and sweet offers of empty air, by trickstery and illusion, by trying to take advantage of
our mental and physical disadvantages (our own intelligence and our AI intelligence - the PC). The good guys
help us by providing us with programs that help us fight the bad guys. These are the firewall, anti-virii,
anti-spam programs, and whatnot.
But there's a problem here. The dark side of the Internet is rapidly growing. And so, alarmed by the threat on
our virtual existence, we pile up on more and more of the security products to keep ourselves safe from harm.
And this is the wrong way to handle the situation.
If you have a burglar in your neighborhood, it would be wise to buy a gun to defend yourself in case he barges
in in the middle of the night, right? Now, if there were 2 burglars in the neighborhood, would you buy 3 guns?
Let me raise some more tricky points. Let's say you're a good shot. You can hopefully hit the burglar with one
of the bullets in your clip. So if two burglars showed up, what is the best choice:
- Buy a second gun.
- Buy a second clip.
- Learn how to shoot more accurately.
The correct answer is 3. It's called education.
So here I am, about to dispel the myth of Internet security and make you breathe more easily. Of course, this
article is meant for Windows users. Linux geeks have always been safe.
Security experts will tell you horrid stories about identity theft (which only happens in USA, for some reason).
They will talk about things that begin with ph - phishing, pharming. They will tell you that the cybercrime has
gone up 1,000% since the last time they reported it. They will tell you that an average PC gets hacked within 10
microseconds from the moment you plug it into the wall. Most likely, the facts are true. But not the reasons.
The reason - they say the criminals are getting better and better and more aggressive. Not true. The reason is -
you decided to let them fool you.
I'll come to the reasons soon. The experts will warn you that in order to survive the Internet today as a Windows
user, you must have at least 9 firewalls, 12 anti-virii, 4 anti-trojans, 8 anti-spyware programs, 3 anti-scripting
programs, 4 anti-worms programs, 5 registry monitors, 27 hardening tools, and 4,333 HIPS programs. Negative.
P.S. Trojan is pronounced tro-yan, not tro-jan. The legendary city where Brad Pitt gets owned by Legolas is called
Troy, not Troje. The j here is like the Dutch j.
Now, another analogy. Bear with me. Try to follow the story. Private Dick has just finished the boot camp, he's
fresh and young. Rambo is a hardcore veteran of many battles with millions of hours of combat behind his belt. We
send them both to war. We equip Dick with the best of the best weapons that can be had, scoped rifles, laser
RPGs, automatic mortars, BFG-9000. On the other hand, we give Rambo only a knife. Unsurprisingly, Dick gets pwned.
Rambo survives to tell the story.
Why? And how?
Dick was not taught to handle the weapons. So in his hands, they are pretty much useless. Rambo knows how to
utilize the situation to the best of his needs. And this is exactly what happens on the Internet today.
Your average user has the money to buy a nice PC. He does. He wants to try the Internet. He plugs the PC into the
wall. He gets hacked. The second time, he listens to the advice and buys an expensive security suite that protects
him from evildoers. After a few weeks he gets owned. He buys more and more and more software. But nothing seems to
help. What's going on?
Patience is not the human greatest virtue. Furthermore, Fermat's theorem says that a body moving from A to B will
try to minimize the action of its movement (not the actual distance but the energy state). This means that your
average human will shortcut through logic and common sense to satisfy his primal urges. In other words, if there's
something on the net that he wants, he'll get it, no matter the price or the consequence.
Our average guy is armed like hell with security softwares, his PC takes 30 minutes just to boot. He decided to try
out one of the Internet's greatest things - porn. After getting his inbox spammed for registering at dubious sites,
the guy realizes he's still not getting the movies he wanted to see. So he falls for the promises of 500% increase
in Internet speed, the download boosters, the search helpers, and similar concepts.
At first, his security programs are warning him that he's doing something wrong. But the multitude of alarming and
conflicting messages (often popups) are only contributing to the growing frustration at things not getting done
like he expected them. One by one, our average guy shuts his guardians down. And finally, gets cankered again.
To clarify the concept of a security warning, here's a screenshot:
Charming, isn't it? Unless you know what the above means, you could as well be prompted in other languages.
So, what our guy needed was not programs - it was the knowledge he lacked.
So, if you do not have any, you might as well follow my advice how to keep yourself safe, because no amount of
programs will help you.
Here it is:
What do we do on the Internet?
We browse various sites - this includes downloading pictures and programs.
We chat - this happens either through dedicated programs or through browsers at dedicated sites.
We mail - this can happen through browsers or dedicated programs.
We share files - most likely, people do this by using P2P programs.
We game - using online game servers through client software on our machines.
The above summarizes about 99% of average online activity.
Let me invent some statistics.
Let say a person spends 4 hours a day in front of his PC. During that time:
He spends 5-10 minutes reading and writing mails.
He spends 3 hours browsing (including 40 minutes chat somewhere and 2 hours 20 minutes of porn).
He talks with his friends using Instant Messaging (30 minutes while browsing boring porn sites).
He downloads music and movies for exactly 4 hours.
He plays a game online (only 15 minutes because his ping is bad due to all the downloads in the background).
What are the dangers he faces?
For the duration of 4 hours, he's visible on the Internet (with a sort of a long number ID called IP). His PC has
lots of doors (65,000 and some). If he does not close these doors, someone might try coming in.
The mails that he reads might be fitted with malware that might try to execute locally on his PC.
While chatting, some strangely-blond stranger might send him his (her) photo or links to a photo, and the user
might be tempted to click and see.
While browsing, he visits lots of sites, all of which are loaded with content, and some of this content might try
to trigger things locally on his PC.
While gaming and sharing files, his PC is communicating with remote servers and other users worldwide.
How to handle the potential dangers?
Everything we do is a conscious, deliberate choice. We make most of the choices while browsing. Every site we visit
is a choice. We do that hundreds or thousands of times a day. Ultimately, this is the biggest avenue of danger we
face. And if we cut down here, we increase our security instantly.
So, to keep safe, we need to follow a number of simple rules:
Overall exposure
Just use a firewall. I would recommend
ZoneAlarm or
Sygate, as freebies. Once you
install a firewall, make sure it stealthes or closes all the ports. A popular site for testing firewalls is Steve
Gibson's
ShieldsUp!!. If you pass the test, you're most likely OK
against routine port scans that happen all the time.
Email
Do not open email attachments (even from friends and known contacts) unless you are sure that the content is
safe.
Instant Messaging
Do not click links or download photos from strangers. Keep the programs up to date.
P2P
Use clean, unbundled software, keep it up to date. Do not download programs (executables) and cracks to programs,
because you cannot be sure they are not well-crafted malware. There is a general misconception that P2P is
extremely dangerous. It's partially true. Some programs are bundled with malware. Just don't use them. Second,
downloading malware through P2P does not make it any different than downloading malware through a web browser.
Often, the availability of programs (and dangers) is much greater through P2P than web sites.
Gaming
Make sure the software is up to date.
Finally, the web
Web browser is the machine that communicates with sites. Some browsers are more prone to vulnerabilities than
others. It comes down to how the browsers handle active content and how deeply enmeshed they are into the operating
system. Active contents comes in a variety of guises, mainly ActiveX and javascript. If you cut down on the active
content, you significantly reduce the exposure.
And the simplest choice is the Firefox browser, by Mozilla Corporation.
First, inherently, the browser does not support ActiveX. It supports javascript, but it can be turned off. True, it
can be turned off in most browsers. But Firefox gives the user the greatest flexibility in toggling it on and off
between different sites. Javascript is sometimes necessary for sites to work.
Noscript extension for Firefox allows you to enable / disable javascript per site basis with a simple right-click
anywhere on the browsed page. It's very convenient and safe. For the sites you love and trust, enable it. For the
ones you don't, don't.
And that's it. Head out there with impregnated Firefox, and you'll be safe no matter what site you go to. Of
course, some sites will not work. But that's the whole idea. You don't want them to work.
If you're interested, download
Firefox and the
Noscript extension.
You can
test if your browser has javascript enabled at the bottom of the page. If you click the
little box, it will popup a message saying "Javascript enabled." if you have javascript enabled, and it will not if
you don't.
Theoretically, the code behind the little box can be configured to do lots of useful stuff. It could be configured
to display heart-warming messages of greeting with different content at different hours of the day, or to calculate
the entropy of a glass of blueberry juice. On the other hand, if my site were to be hacked, for instance, someone
could replace benign code with malicious code. Therefore, if you do not absolutely 100% trust the site, do not
click things on it.
Firefox has hundreds of useful extensions. It's probably the most customizable browser available. You can find
about all the possible extensions at
Mozilla Firefox Add-Ons.
I recommend
Adblock for ad-blocking,
Cookie Button for cookie control/blocking and
Tab Mix Plus for enhanced tabbed browsing.
And that's it.
Careful use of programs, a firewall and Firefox with Noscript should keep you rather safe. However, nothing at all
will protect you if you decide to run destructive programs on your computer. So ... do not run them.
But how can you tell the difference?
Yes, it can be tricky. But it's simple really.
Before you download or run a program of interest, head to a security forum and post a question there. People with
vastly more experience will try to help you decide. A general good rule is to avoid too much shiny freeware,
download from vendor's sites and do a bit of research before double-clicking. Search engines like
Google will provide more than enough sources to read from. Just type something along
"program's name, malware" and see what comes up.
Some great security forums are:
Wilders Security Forums
CastleCops
More than enough to get you started with.
Of course, if you really must, an anti-virus scanner can be useful.
Firefox can be useful here, because it has an extension, called
Dr.Web anti-virus link checker, which uses the Dr.Web online
anti-virus engine and allows you to scan files before you download them.
Furthermore, Kaspersky has a
Free Online Anti-Virus Scanner
(ActiveX) for Internet Explorer.
ClamWin anti-virus can be a nice on-demand
addition, used only when needed, without hogging resources. And finally, you can always upload a suspect file to
Jotti's
Online malware scan, where the uploaded file will be scanned by
some 15 different anti-virii.
All of the above can be had for precisely 0 money. It will give you a nice solid start, from which you can slowly
and carefully build your knowledge and experience. Do not be tempted to cram your hard disks with unnecessary
content. Invest in your education and you will benefit many times over, financially and security-wise.
Peace.
Test if javascript is currently enabled in your browser (click below):
