Let's pretend: You just found out that your PC is infected with at least two or three different viruses. Your second or third thought is: Who did this to me? Well, by golly, this won't happen again! You'll install the lastest anti-virus software that the club president discussed at the last meeting or you read some reporter extolling the virtues of in yesterday's paper. (No research of your own? What about regular and frequent virus definition file updates?)
Let's pretend: You just sent off for some free software; all you have to pay is shipping and handling charges. But when you check your credit card statement, you find that those shipping and handling charges are absolutely enormous! And then next month, and the month after, and the month after, and so on. (As a reference, see http://www.gripe2ed.com/scoop/story/2005/8/16/0519/41222)
Let's pretend: You have an account on a popular service, and you get some email from them telling you that you need to revalidate your account. And they were so nice, they put a direct link in the email message to the validation Web page. To revalidate your account, of course, you have to give them your name, mailing address, phone number, email account, and your credit card number - purely to validate your identity. Of course, they don't need your Social Security number; that would be a security violation, and they have your best interests at heart. Late the next week, you start getting strange phone calls from companies, claiming you owe them money. Then you find that your bank balance is zero, your credit cards are frozen, and there are charges on your accounts that are absolutely huge!
If any of these scenarios sound familiar, it may be because you were the victim, or it may be because you have been reading the papers over the past few years, or it may be because you have been paying attention to what your club officers and guest speakers have been saying since before you joined.
In the three scenarios I outlined above, everyone is inclined to blame the perpatrator: the evil virus writer, the credit card thief, or the person(s) who stole your identity.
Guess what? They are only half the problem. Who is the missing half? Look in the mirror: You are. It is your responsibility. Now, let's see how to fix it,or better yet - prevent it from happening to you.
While all three of these scenarios start with someone propositioning you, you had to take some action: you had to click on a link, open a file enclosed in an email, fill out data on a Web page and submit it. So, you are the other person to blame for your getting infected, or having your credit card or even your identity stolen. These evil people did not do it on their own.
Of course, I'm assuming that no one else touches your computer but you. What? Your wife and daughter have accounts on your PC? And you haven't educated them about these dangers? Of course, you are up on all this stuff - but if all of the users on your machine are not as knowledgeable as you.... Imagine you have a fortress, and you are protecting it. With one or more users on your PC not aware about the need for security, you just dropped the drawbridge and opened the gate for the enemy to come on in.
Unfortunately, this is your problem. No one can help protect you, not Congress, not the FBI or Secret Service, not the police and not even your ISP. You are it, your only line of defense. If you are like most other users on the Internet, reading this article - well, by this time, you realize you are in deep kempshi (Korean for doo-doo [Well - it smell like it.]) What can you do?
Computer experts have been shouting this advice from the rooftops for years - and I'm going to go over it again. One of these days, someone will listen, pay attention, and save themselves a lot of trouble.
As the Hitchhiker's Guide to the Galaxy said on the front cover: Don't Panic. All is NOT lost, and you can recover. It may end up being pretty painful though.
First, if you use Windows (and about 85% or more of you do), make sure you have the latest version. Make sure you have the latest Service Pack. Make sure you have all of the latest patches. If you need to, take your PC to your local computer store - they are in the phone book - and have them do it. It won't necessarily be cheap - but they will respect you in the morning because you had the sense to do the right thing. (Ask them to lock your system down.)
Second, purchase a good anti-virus program. McAfee and Symantec are adequate, though there are a lot of others out there. Again, make sure you have the latest version with all of the latest patches. Be sure to update and continue to update the definitions file - it is necessarily an on-going effort, and like mowing your lawn, not necessarily pleasant.
Third, install and use a good personal firewall. Lot of them out there. Do not use Microsoft's firewall on Windows XP - the thought about eggs and baskets comes immediately to mind.
Fourth, talk with club members and officers to find out what you don't know. They will, for the most part, be more than happy to help you, or you can join together to learn more about computer security. Do your homework. If you know something someone else doesn't, pass along your information. (Please don't be a jerk about it though.) Teach your spouse(s), your children, and any other users of your machine about how to protect yourself. Education is the single most important, and frequently overlooked, way of fighting all these crimes.
Fifth, learn about the many scams, cons, and other frauds being perpetrated on the Internet. Also, learn the easy and painless counters to those crimes. Think about those emails you get: If they came to you in your mailbox, would you respond? Do you really need to make that body part larger, smaller, firmer, looser? Why answer the email - junk it.
Sixth, take all this information you've been amasing, and use it on your own system! What good does it do you to learn all about securing your PC, when you don't actually do it?
It is your responsibility to protect yourself. And along the way, you may help others protect themselves. Be safe, be secure, protect yourself, and have fun.
Now, let's take another look at these scenarios:
Let's pretend: You have an effective anti-virus software package on your machine, one you checked out and determined it was the best program for your purposes - not all anti-virus solutions are equal. You keep the virus definitions up-to-date by downloading the definitions file faithfully every week. You also make sure to update your operating system each time you hear a new patch is available, or you use Windows Update. You never open files that are included in email messages from people you don't know, and you are very leery about those files from people you do know, especially when the basic message makes no sense.
Let's pretend: You read your emails and reputable Web pages that warn against cons, scams, and other fraudulent activities, and you pay attention. You deal only with reputable dealers who have street addresses, who have been in business for a while, and who have good reputations. You also go to their sites directly by typing in their URLs, not depending on links in email messages.
Let's pretend: You look at those emails that supposedly come from your service, and you note that they all start with "Dear Valued Customer". What, they don't even know your name? Hmmm - let's take a look at that link they so kindly provide. A little copy of the URL, open a text editor (TextEdit or NotePad), paste that sucker in there. Whoa! That isn't the URL of the service - and if you knew enough to check, you'd find that the link went out to Korea, South Africa, Romania, or somewhere else that has weak laws against Internet fraud.
- 30 -
© 2005 James M. Emmons. All rights reserved. Used with permission. A scary thought: Jim has been working with and on computers of all sizes and operating systems since roughly 1979 - but he really isn't that old; just ask, he'll tell you. He started out as a keyboard entry operator-type, learned enough to be dangerous, then he went to school. He has been a software developer, systems analyst, Internet researcher - back when the Web was still shiny new - and a computer security engineer. He actually has inflicted himself upon the MVCUG since 1987, and with a fellow member, barely escaped lynching by members of the MVCUG in 1993. Oddly enough, he has stayed with the User Group, mostly to harass the President.
Date Revised: 18 August 2005
