Hints & tips

Security

How do I get sensible advice?

The getsafeonline site is a good starting point.  Don’t even think of connecting to the internet without first thinking of which anti virus and firewall software you’re going to use from the start.  And read up on the differences between viruses, trojans, spyware, keyloggers and other nasties.  Also remember the paper – identity theft is much easier and more lucrative if you throw away documents that could help criminals to open accounts in your name, falsely tell financial institutions you’ve moved etc. Get a cheap shredder! Security is basically about being sensible and having multiple defences, including data backups somewhere else – not just on or beside the computer.

How do I keep my files private?

You can set up multiple user accounts in Windows XP, Vista or Windows 7, protected by passwords.

It’s a lot simpler having one account used by everyone.  If you have multiple accounts all sorts of things you’d hope would be common to other accounts aren’t. And multiple accounts can give a false sense of security – it's quite easy to boot up a machine from a Linux CD and grab things from the hard disk without needing to run Windows at all.

How do I stop my computer getting infected?

It's not easy because there are lots of nasty people out there trying to steal from you. It's not just Windows you need to keep up to date - browsers and their plugins, music players, pdf readers and so on can also provide infection options, even on Macs and Linux machines.

Make sure you are getting Windows security updates automatically.

Make sure you have security software active and up to date. There is free security software around and Windows has a basic firewall built in but I gave up on the free stuff ages back. I now use Kaspersky, but do read the reviews before deciding which to go for - there are lots of other security suites. And check multiple PC licences and prices - at renewal Kaspersky wanted 3 times more from me than going to amazon and buying the same thing new.

Avoid sites that let you download illegal copies of music tracks, DVDs, software etc.  They tend to leave your computer in a mess with secretly downloaded nasties of various kinds.

Before you download any software, search its name in Google followed by “spyware” or “problem” – if it’s dubious there will be entries from angry people who had to clean up after downloading it. Also stick to reliable download sites such as sourceforge.net.

How do I make sure my passwords aren’t being sent

to criminals in Eastern Europe?

The firewalls built into Windows are quite limited, eg not checking outgoing traffic, so get a proper firewall. The bad guys are always trying to take over your PC. Modem/routers contain a firewall that typically hides the computers connected to them from the outside world and also ignores unsolicited incoming traffic.

It’s also a good idea to run a software firewall on each computer, eg as part of a security suite.

Remember that banks, eBay, PayPal etc would never ever send you an email asking for passwords.  And that strangers asking for your bank details generally want to get money out, not put it in.

It can be hard to tell with some emails but in any case never click on an email link to go anywhere sensitive (eg a bank account). Instead go and log in from your browser in the normal way.

I find an effective way of using lots of different passwords (to confuse the thieves trying to listen in) is to keep a list of them in a text file on your computer. Obviously you don't list the passwords themselves but hints that mean something only to you. Eg if you had a memorable stay at the Hotel Kolping in Linz your password list could show "amazon, main email, linz825", "almeida, gmail, 9732linz" etc. Only you know to substitute kolping for linz when logging itto a site. I have several substitute clues like that and a different password for every site I'm registered with.

Can I trust online banking?

That's a hard one, because potentially it's pretty insecure accessing accounts over the internet and banks are getting tougher about blaming people whose accounts are emptied.

It is absolutely essential that nobody gets access to sign-on passwords so never write them down and make sure your computer is secure.

A practical way of being secure is to jumble up the order in which you type in account numbers etc. For example if you need to type in 011576312, put in the last few numbers first then use your mouse to click at the start and enter the rest of the numbers. This should confuse anybody listening in via a keystroke logger as they are unlikely to be able to interpret the meaning of the mouse click. You should also go to a banking site via a favourites link or icon – don’t key in giveaways such as “natwest.com” followed by a series of numbers and letters as you log in.

An additional way to confuse keyloggers is to keep clicking on random places on the web login page (not in the data boxes) and typing extra characters as well as moving around the boxes on the form. The web page discards those key strokes but the keylogger faithfully records them. Then even a keylogger that takes a screenshot of the page, perhaps when it first appears then as you finish, will find it hard to guess which characters were your password of all those it logged. If you assume there is a keylogger on your PC which records key strokes and mouse clicks and also takes occasional screenshots you should be able to outwit it with this technique.

Do not assume that the Windows on-screen keyboard will confuse keyloggers – apparently they all log that one too.

Banks are getting much better at asking things like "2nd, 5th & 9th characters from your password". Three of our online accounts now also have little card readers used when setting up new payees etc - that's fairly secure, although it does mean banks are passing responsibility for online fraud to their customers. Eg if you don't have decent security measures in place they'll feel quite happy saying "your fault, nothing to do with us" if your account gets emptied.

How do I stop people sharing my wifi connection?

To stop malicious intrusions change the router system password (the one that starts out as “admin”, “password” etc).

To stop a neighbour using your connection enable encryption in the router (WPA is much more secure than WEP, which is relatively easily bypassed) and use a passkey with mixed letters, numbers etc.