[Vision2020] Stay out of jail - beware of spyware

[Paul Rumelhart]

In the news lately, there have been two articles within a few days which 
are very worrisome.  Both articles describe a situation in which someone 
is facing jail time or other punishment for having spyware, adware, 
malware, or trojans on their computers.

The first article can be found here: 
http://www.norwichbulletin.com/apps/pbcs.dll/article?AID=/20070106/NEWS01/701060312/1002/NEWS17

A substitute teacher apparently navigated to some dating sites outside 
of class time on the classroom computer, which installed spyware on the 
system.  In class, the computer started serving popup advertisements for 
porn sites.  She was convicted of risking injury to a minor or impairing 
the morals of a minor.  She faces a sentence of up to 40 years in 
prison.  Let me say that again, up to *40 years* in *prison*.  It's 
possible that if she gets the maximum sentence that she would have 
served less time in the end if she had murdered the teacher she was 
substituting for in a jealous rage.

The second article: http://www.networkworld.com/community/?q=node/10460
An interview with the DA involved: 
http://abcnews.go.com/2020/story?id=2791529&page=1

In this one, a 16-year old young man very nearly got jailtime and an 
entry on the sex-offenders list because he had child porn on his 
computer that was very likely put there by spyware, adware, or trojans.  
He has passed two lie-detector tests about the facts of this case.  It 
does look like he did go to some porn sites of the adult (not child) 
variety.  These sites have been known to be heavily infested with 
spyware and trojans.  In the end, he copped to a lesser charge of 
solicitation, if you can believe it, because he bought a Playboy 
magazine and showed it to some friends of his which were his own age.

So, if the thought of going to jail because some bozo a world away has 
made a zombie out of your machine scares the crap out of you, I 
recommend the following to minimize the spyware threat:

1) Get a hardware firewall/router.  I use a Linksys brand, but I'm sure 
the others are just fine.  These devices stand between you and the 
internet and block most port requests (incoming and outgoing).  They 
also have the added benefit of letting you connect more than one 
computer to the same internet connection.  They can usually be purchased 
for around 50$.

2) Stop using Internet Explorer, Outlook, and Outlook Express.  These 
products have a horrible history of being exploitable through security 
holes.  Microsoft, who makes these products, has a bad history generally 
when it comes to computer security.  They've been known to not fix 
dangerous security holes for months at a time.  They also are bundled 
with the computer operating system and have higher-than-usual 
permissions in that system, meaning that security flaws can have a large 
impact.  Supposedly, IE7 is better about security now, but I haven't 
used that program and can't comment on it.

3) Use a standards-compliant web browser (this ties into point 2).  I 
use Firefox, and won't go back.  Firefox blocks most popups 
automatically, and (better yet) doesn't allow ActiveX to run.  ActiveX 
is where most of the security problems lie.  Firefox is both 
free-as-in-beer and free-as-in-speech.  If you do use Firefox, try out 
the NoScript extension which blocks javascript initially unless you 
whitelist the site.  This means you will have to add the sites you use 
regularly that you trust to the list, but it is much safer.  Using this 
extension stops the bad sites from launching another browser window when 
you close them, and various other unsavory tricks.  I also recommend the 
Adblock extension, so that you can cut out most of the annoying 
advertising that you see on the web.  This may also help if spyware does 
get on your system and serves you popups as it's possible you will have 
already blocked those ad sites.  Once you get used to tabbed browsing 
and some of the more popular extensions like ForecastFox and FasterFox, 
you won't go back.  You can download Firefox here: 
http://www.mozilla.com/en-US/

4) Use a standards-compliant email application.  I use Thunderbird, 
which is made by the same people Firefox is (Mozilla).  It is also free, 
and is generally safer than Outlook or Outlook Express.  Of course, if 
your place of business uses a Microsoft Exchange Server for your email, 
Thunderbird may not be able to connect.  It's also saner about when to 
allow programs to be run from it, and it's spam filtering is really good 
too.  You can download Thunderbird here: http://www.mozilla.com/en-US/

5) Use an anti-spyware program to search your system regularly for 
spyware, adware, malware, and trojans.  Two of my favorites are Spybot 
Search and Destroy and Adaware.  Here are the URLs: 
http://www.spybot.info/en/index.html for spybot and 
http://www.spybot.info/en/index.html for adaware.  Buried on their sites 
somewhere are links to the free versions of these programs.  If you like 
them and can afford it, I'd suggest buying a copy of their premium products.

6) Run an antivirus program regularly.  AVG (found here: 
http://free.grisoft.com/doc/1) is a nice free program.  There are many 
commercial programs on the market as well.

7) Change your internet habits.  Don't run things on your system that 
someone sends to you through email, even if it's sent by a friend.  Many 
of the programs that have cute cursors or show you a funny video also 
put spyware on your system.  Learn about your most basic software, such 
as your web browser and your email client.  Try to run them with the 
most secure settings that you can stand.

8) If you have children, get a program like NetNanny to help you keep 
them from visiting sites you don't want them to visit.  I don't have 
kids, so I'm not an expert on any of these programs so I can't help much 
here.

9) Completely separate your computer habits at home from those at work.  
Most workplaces of any size by now have a computer use policy.  Read 
it.  You are generally safest if you don't access your home email, don't 
shop for vacation packages or manufactured goods, and don't post to 
listservs or forums from your work computer.  This way, the only spyware 
that will get on your work computer will have gotten there from a 
work-related activity and you won't be to blame.

10) Always keep your software up-to-date.  Even following all the 
previous pieces of advice won't save you from all spyware, adware, etc. 
because much of it can be placed on your system remotely if you have not 
downloaded the latest updates for your operating system and other 
programs you use on a daily basis.  Some products will automatically 
download updates, but others have to be done manually.  It's especially 
important to keep up on your anti-virus signatures and anti-spyware 
signatures.

... and as an added bonus ...

11) Run a different operating system.  Try out a Mac, or download a 
Linux distribution such as Ubuntu.  Almost all of the spyware, if not 
all of it, will not run on these systems.  Of course, this is not 
practical for most people, as Macs are more expensive and don't run 
their favorite games and Linux requires a certain minimum level of 
geekiness, but I'd feel remiss if I didn't add it as an option.

I'm sure others on here have other advice that will help.  One 
by-product of doing these things is that your system (if it's currently 
infested) should run much snappier than previously.

Paul
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.fsr.com/pipermail/vision2020/attachments/20070115/7a829312/attachment-0001.html