[Vision2020] Stay out of jail - beware of spyware

Art Deco deco at moscow.com
Mon Jan 15 20:21:15 PST 2007


Excellent advice from Paul.

One additional recommendation:

Get a program that removes traces of internet browsing and erases all the data from all deleted files.  Deleting a file only removes the entry from the disc directory.  To be safe, the data in the file needs to be erased also.  It is also important to periodically erase all data from a disc that is not in a file.  I use Windows Washer, but there are other programs which do the same.  Set the program to keep all discs on your system clean.

W.
----- Original Message ----- 
From: Paul Rumelhart 
To: Vision2020 
Sent: Monday, January 15, 2007 7:41 PM
Subject: [Vision2020] Stay out of jail - beware of spyware


In the news lately, there have been two articles within a few days which are very worrisome.  Both articles describe a situation in which someone is facing jail time or other punishment for having spyware, adware, malware, or trojans on their computers.

The first article can be found here: http://www.norwichbulletin.com/apps/pbcs.dll/article?AID=/20070106/NEWS01/701060312/1002/NEWS17

A substitute teacher apparently navigated to some dating sites outside of class time on the classroom computer, which installed spyware on the system.  In class, the computer started serving popup advertisements for porn sites.  She was convicted of risking injury to a minor or impairing the morals of a minor.  She faces a sentence of up to 40 years in prison.  Let me say that again, up to 40 years in prison.  It's possible that if she gets the maximum sentence that she would have served less time in the end if she had murdered the teacher she was substituting for in a jealous rage.

The second article: http://www.networkworld.com/community/?q=node/10460
An interview with the DA involved: http://abcnews.go.com/2020/story?id=2791529&page=1

In this one, a 16-year old young man very nearly got jailtime and an entry on the sex-offenders list because he had child porn on his computer that was very likely put there by spyware, adware, or trojans.  He has passed two lie-detector tests about the facts of this case.  It does look like he did go to some porn sites of the adult (not child) variety.  These sites have been known to be heavily infested with spyware and trojans.  In the end, he copped to a lesser charge of solicitation, if you can believe it, because he bought a Playboy magazine and showed it to some friends of his which were his own age.

So, if the thought of going to jail because some bozo a world away has made a zombie out of your machine scares the crap out of you, I recommend the following to minimize the spyware threat:

1) Get a hardware firewall/router.  I use a Linksys brand, but I'm sure the others are just fine.  These devices stand between you and the internet and block most port requests (incoming and outgoing).  They also have the added benefit of letting you connect more than one computer to the same internet connection.  They can usually be purchased for around 50$.

2) Stop using Internet Explorer, Outlook, and Outlook Express.  These products have a horrible history of being exploitable through security holes.  Microsoft, who makes these products, has a bad history generally when it comes to computer security.  They've been known to not fix dangerous security holes for months at a time.  They also are bundled with the computer operating system and have higher-than-usual permissions in that system, meaning that security flaws can have a large impact.  Supposedly, IE7 is better about security now, but I haven't used that program and can't comment on it.

3) Use a standards-compliant web browser (this ties into point 2).  I use Firefox, and won't go back.  Firefox blocks most popups automatically, and (better yet) doesn't allow ActiveX to run.  ActiveX is where most of the security problems lie.  Firefox is both free-as-in-beer and free-as-in-speech.  If you do use Firefox, try out the NoScript extension which blocks javascript initially unless you whitelist the site.  This means you will have to add the sites you use regularly that you trust to the list, but it is much safer.  Using this extension stops the bad sites from launching another browser window when you close them, and various other unsavory tricks.  I also recommend the Adblock extension, so that you can cut out most of the annoying advertising that you see on the web.  This may also help if spyware does get on your system and serves you popups as it's possible you will have already blocked those ad sites.  Once you get used to tabbed browsing and some of the more popular extensions like ForecastFox and FasterFox, you won't go back.  You can download Firefox here: http://www.mozilla.com/en-US/

4) Use a standards-compliant email application.  I use Thunderbird, which is made by the same people Firefox is (Mozilla).  It is also free, and is generally safer than Outlook or Outlook Express.  Of course, if your place of business uses a Microsoft Exchange Server for your email, Thunderbird may not be able to connect.  It's also saner about when to allow programs to be run from it, and it's spam filtering is really good too.  You can download Thunderbird here: http://www.mozilla.com/en-US/

5) Use an anti-spyware program to search your system regularly for spyware, adware, malware, and trojans.  Two of my favorites are Spybot Search and Destroy and Adaware.  Here are the URLs: http://www.spybot.info/en/index.html for spybot and http://www.spybot.info/en/index.html for adaware.  Buried on their sites somewhere are links to the free versions of these programs.  If you like them and can afford it, I'd suggest buying a copy of their premium products.

6) Run an antivirus program regularly.  AVG (found here: http://free.grisoft.com/doc/1) is a nice free program.  There are many commercial programs on the market as well.

7) Change your internet habits.  Don't run things on your system that someone sends to you through email, even if it's sent by a friend.  Many of the programs that have cute cursors or show you a funny video also put spyware on your system.  Learn about your most basic software, such as your web browser and your email client.  Try to run them with the most secure settings that you can stand.

8) If you have children, get a program like NetNanny to help you keep them from visiting sites you don't want them to visit.  I don't have kids, so I'm not an expert on any of these programs so I can't help much here.

9) Completely separate your computer habits at home from those at work.  Most workplaces of any size by now have a computer use policy.  Read it.  You are generally safest if you don't access your home email, don't shop for vacation packages or manufactured goods, and don't post to listservs or forums from your work computer.  This way, the only spyware that will get on your work computer will have gotten there from a work-related activity and you won't be to blame.

10) Always keep your software up-to-date.  Even following all the previous pieces of advice won't save you from all spyware, adware, etc. because much of it can be placed on your system remotely if you have not downloaded the latest updates for your operating system and other programs you use on a daily basis.  Some products will automatically download updates, but others have to be done manually.  It's especially important to keep up on your anti-virus signatures and anti-spyware signatures.

... and as an added bonus ...

11) Run a different operating system.  Try out a Mac, or download a Linux distribution such as Ubuntu.  Almost all of the spyware, if not all of it, will not run on these systems.  Of course, this is not practical for most people, as Macs are more expensive and don't run their favorite games and Linux requires a certain minimum level of geekiness, but I'd feel remiss if I didn't add it as an option.

I'm sure others on here have other advice that will help.  One by-product of doing these things is that your system (if it's currently infested) should run much snappier than previously.

Paul



--------------------------------------------------------------------------------


=======================================================
 List services made available by First Step Internet, 
 serving the communities of the Palouse since 1994.   
               http://www.fsr.net                       
          mailto:Vision2020 at moscow.com
=======================================================
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.fsr.com/pipermail/vision2020/attachments/20070115/76f3d45b/attachment.html 


More information about the Vision2020 mailing list