The Dangerous Internet, Part 3

The Dangerous Internet, Part 3

The content on this page is contributed by our member families. Opinions do not represent those of Inglemoor Cooperative Preschool. Due to the continuously changing nature of the web and of life in general, we cannot guarantee the accuracy of the page.

I've written this article to help parents understand the dangers inherent in allowing children to use the Internet. Please feel free to contact me with any additional questions or comments. The ICP Webmaster

What should I do to keep my computer safe?

The first thing to know about computer security and Internet safety is that security is not a product, it is a process. Just like we wish good parenting (or patience) could be bought at a store, computer security can't be bought and installed. Security must be learned, practiced and followed through every day. And children must follow these rules. Sure there are some products which we must buy to help keep us secure, none of these products will do much good without discipline and process.

Here are just a few basic principles to observe for now. This will be followed by a list of things to do on your machine to keep yourself safe.

It seems that everyone wants you to login by using your email address and a password. One of the worst things you can do is to use the same password on every site. Once one of the websites gets compromised, all your websites, emails and computers are compromised. Use different passwords on all these websites and keep a list of your passwords on a piece of paper. Does this sound insecure? If you store it on your computer, anybody over the Internet who breaks into your computer can read all these usernames and passwords. If you write them on a piece of paper, the only person who can masquerade as you are your family and perhaps a thief who breaks into your house.

Don’t download "just any" software (free or not) because it can be malware. Who should you trust? In the end, I tend to read reviews and trust Open Source software, but I don’t trust Free Software (it’s free, but you can’t see how it’s written). Would you trust a big company like Microsoft or a small single man software company with no valid address? You have to make your own decisions, but don’t be the first to try out software, make sure other people who know about software think that it’s not malware.

Always remember that your computer can’t be totally secure if it’s connected to the Internet. Networking on computers is always susceptible to security vulnerabilities. And the hackers are always getting smarter. So if you aren’t interested in being vigilant about computer security now, then good bye and good luck. Don’t buy into the myth that Linux or Apple Macintosh computers are more secure. They have had many software patches based on found vulnerabilities and a recent hacking test found somebody who hacked a fully patched Mac Mini within 30 minutes. Now that Macintosh computers are getting more popular (up slightly from 3% of the market), more hackers will start paying attention to them.

It really is very hard to be a consumer these days. It turns out that when you buy software, you actually don't own it. You only license to use the software. Not only that, you actually sign a legally binding contract to use the software (the Licensing Terms). Actually, you just check a box and are supposed to read pages and pages of legalese to see what you can and can't do with the thing you just bought. You really should read it because licensing terms often tell you that the software you are installing will violate your privacy, send your private information to their website, slow down your computer, force pop-up windows while you are working and even misdirects your browsers to someplace you don't want. They bury these disclosures deep in the middle of pages and pages of legalese fine print. The worst part is that the software that acts like malware is legal (because you installed it and agreed to the licensing terms), so sometimes security software won't remove it. Life is really not fair. Not only do you practically need a college degree to use a computer, you need to be a lawyer just to buy software.

Keep your software up to date

Secure your operating system and applications with the latest updates. Use Windows Update (Start Button -> All Programs -> Windows Update) to keep your Windows XP operating system up to date. Or, go to http://windowsupdate.microsoft.com with Internet Explorer (other browsers don't work as well). Because Microsoft has stopped updating older versions of the Windows operating system (2000, ME, 98, 95, NT) you should not connect to the Internet with these versions.

If you have Microsoft Office, try going to http://officeupdate.microsoft.com and follow the directions.

If you run Macintosh OS or Linux, be sure to run updates on them regularly (at least weekly). No matter what people say about no serious viruses having been released for these Operating Systems, both of them do have Critical Updates where viruses "could have" taken over the machine and installed malware. Once these operating systems represent more than 10% of the Internet machines, people will start targeting these computers with viruses. It's only a matter of time.

Never access the Internet from a computer using any Operating System which isn't being regularly updated. That means you shouldn't use Windows 2000, Windows ME, Windows  98, Windows  95, Windows  NT, Macintosh OS versions 8 or 9, obsolete versions of Linux or Unix. It's OK to use old Operating Systems on your computer, just don't hook it up to the Internet. I have a computer running Windows 98 to run old children's software, but I disconnected it from the Internet. My kids get to play these CD-ROM games but don't get any access to the Internet.

Don’t use Outlook Express for email. And think twice before using Internet Explorer for web surfing either. Absolutely update to Internet Explorer 7 because Microsoft has enhanced security and even added anti-phishing protection (be sure you turn it on). These programs are OK, but hackers love to break into them because EVERY Windows computer has them for free. And that market share (95% of all personal computers) means a lot of people will use them. So they target those programs a lot. Try using Mozilla Firefox and Thunderbird (both Open Source and free) for browsing and email.

Buy some security and antivirus software. Everybody should have some antivirus software. This is absolutely worth paying $40 per computer per year. I've known many people who have bought new computers because their old one "got too slow." It's usually downloaded adware, viruses and malware which makes these computers slow. Also, remember that many viruses will erase your software and use your disk space. If you need to pay somebody to "fix" these problems, it's going to cost a whole lot more than the cost of security software.

Secure your network. If you use a wireless network, learn how to turn on your encryption. Any encryption is better than no encryption. More encryption is better than less encryption. No encryption means that anybody within 300 feet of your house can use your network to launch viruses, break into your computers, watch where you go, steal your passwords, infringe copyrights (just be sharing music or movies via Peer to Peer networking), etc.

Read more about computer security

The best place to read about security is the Computer Emergency Readiness Team. These guys are the foremost experts in the field. The downside is that reading some of this stuff is highly technical. At least try to read their section aimed at home users.

http://www.cert.org/homeusers/HomeComputerSecurity/

Working hand in hand with CERT is the US Government's own CERT team. Their responsibility is the protection of the nation's networks from attack. They have a very similar home user section (very similar).

http://www.us-cert.gov/nav//nt01/

Steve Gibson of www.grc.com is a security specialist who has lots of free information on his website as well as a NetCast (PodCast) at www.grc.com/securitynow. Fantastic information if you want to learn about security.

There is a lot of good information out there on the web. Use your favorite search engine to search for "Computer Security Guide" and you'll find a lot of great information. Just be careful who you trust.

Recommended software

Eventually people will ask me what software I recommend on Windows PCs. I chose many of these based on recommendations on other enthusiast and review websites. I use them and I like them. I can't guarantee they will work well for you. And these are my personal choices, these are not endorsed or recommended by Inglemoor Cooperative Preschool.

Lavasoft’s Ad-Aware SE will help track down and remove adware and tracking cookies. It's very easy to use. Best of all, it’s free. Another great, free product is Spybot - Search and Destroy. I've read many people use both every day. Personally, I just use Ad-Aware.

ZoneAlarm has a free software firewall which is absolutely best of breed. You can buy their Pro version or their Antivirus version but the basic firewall is free. You have to “train” ZoneAlarm by telling it which programs can use the Internet, but it is free and it works very well. Even the free version is updated at least once a month for increased security.

My current first choice for computer security is Trend Micro PC-Cillin. They have antivirus labs around the world so somebody is always updating for the latest viruses around the world. It’s slightly easier to use than Norton’s Antivirus and Internet Security. Norton has been around longer and is always a great product. I've read that activating their software has been problematic, so that's why I've chosen PC-Cillin. Recently, they've taken the Editors Choice back again from over at www.pcmag.com

If somebody told me that they couldn’t afford to buy an antivirus program, I’d tell them to download Avast Anti-virus for free. I’ve used it on occasion and while it doesn’t have the reputation of Norton or Trend Micro, it’s better than nothing. Microsoft's very own Windows Defender is currently free and will help battle malware.

I love to recommend Mozilla Firefox and Thunderbird because they are free, they are best of breed and they are open source. The programmers are super responsive to security alerts and problems. And they are less of a target than Internet Explorer or Outlook Express. Don't be fooled into thinking either of these are bulletproof. As of September 2006, Symantec, a maker of antivirus software, counted the number of high severity security flaws found on Firefox and Internet Explorer and determined that Firefox had more security flaws than IE. The article goes on to state that Symantec still believes that because Firefox has got smaller market share, you're slightly safer than using IE (partly because IE allows more access into Windows code via ActiveX).

Who should you trust for reviews of software that you want to buy or download and use (shareware, freeware, open source software)? I tend to trust enthusiast websites or print magazines with a long history. I read PC magazine, www.cnet.com, www.anandtech.com, www.hardocp.com and sometimes things like The New York Times Technology section, The Wall Street Journal columnist Walt Mossberg and a bunch of others. I tend to trust and use free, open source software from www.sourceforge.org, but I try to only use software recommended by other users.

In the end, realize that Caveat Emptor applies (buyer beware). My wife just installed a children's game on our computer and suddenly iTunes stopped working. Uninstalling the game doesn't fix iTunes and reinstalling iTunes doesn't work either. No review site was going to be able to tell me that one application will break another one. Yet this happens with regularity (it's called DLL hell), so always beware that nobody can tell you how great an application is written, whether it will even work on your computer, or whether it will break other applications on your computer. Whether you pay a little for software or whether you pay a lot for your software, there is no guarantee that it won't break some other program on your computer.

Should I buy a hardware firewall?

First let me explain what a firewall is supposed to do. Traditionally, it's a physical barrier which keeps fire on one side of the barrier so the other side is safe. In computer networking, a firewall is something that keeps intruders outside of your network. Think of it like a castle wall protecting your network from intruders. In most real life cases, there are holes through the firewall that allow you to get to the other side in controlled circumstances. Controlling access through these holes is what separates the good products from the not so good.

If you bought a Wi-Fi router for your home (so you can use wireless networking), you already have a NAT firewall (assuming you turn on the firewall). It does make a small speed bump for people trying to break into your network.

In short, having a hardware firewall does make it trickier to hack into your computer. In this world, making it harder to break into your computer is all you can do. So if you can afford it or can build it, it’s worth it, especially if you are going to install a wireless network anyway.

Can you really build your own firewall from an old computer? Yes and it can be done for free. It’s not very difficult either. You do have to have 2 network adapters and it’s best to use Linux or FreeBSD (both of which can be tricky to install and use). Instructions to set up the firewall are available on the Internet. You’ll be in good company because most hardware firewalls run Linux or FreeBSD as their operating system. Does this really save you money? It might not because your old computer may use more electricity than a standalone router or firewall. Since a firewall runs 24 hours a day, standalone routers and firewalls are built to use as little energy as possible. Your old computer probably was designed for expandability and speed. So your cost for electricity for a year can exceed the cost to just buy and power a router and firewall.

You need to install all the security features that come with these devices. Turn on Wi-Fi encryption. WPA2 is the latest and greatest wireless encryption. WPA is slightly older, but still effective. WEP is old and can be broken within 10 minutes so it's not secure, but it is better than no encryption. It's just like having locks on your doors: it keeps honest people honest but it's not much protection against anyone who can pick locks.

In Conclusion

This is just a very brief introduction to computer security practices and a basic primer on dangers with using the Internet. I hope you've learned a few nuggets about computer security and I hope that your children will be safer as a result. Feel free to send mail to me if you have suggestions or if you have questions about what I've written. All opinions in this article are mine and are not endorsed or recommended by Inglemoor Cooperative Preschool.

Summary of security practices

Print this section out and keep it near your computer. Make sure every member of your family understands these rules and abides by them. Remember, security is a process and must be followed by every user on every computer in your network.

  • Trust No One
  • Don't allow your children to send pictures over the Internet.
  • Do educate your children on being Net smart.
  • Don't download or buy any software from a company that you can't trust. Read reviews on software from reputable sources.
  • Don't visit any Internet websites you don't trust.
  • Don't let your children use the Internet without a thorough education about talking to strangers. And that everyone on the Internet should be considered a stranger. Warn them to never give out any personal or confidential information out to anyone.
  • Do teach your children to be suspicious of everything they see on the Internet and to ask you before they do anything out of the ordinary. Because it's so easy to get accidentally moved to an "obscene" website, you should discuss what your family considers "obscene," untruthful or just plain mean spirited and invite them to discuss websites they see with you. If your children aren't old enough for this conversation, consider your children too young to use the Internet.
  • Don't write anything into an email that you wouldn't send on a postcard. I had to tell my accountant that he should never email me a copy of my taxes.
  • Do purchase Internet security software for all your computers. You need a firewall, anti-virus, and anti-spyware at an absolute minimum.
  • Don't view pictures in any emails you don't trust.
  • Regularly delete your cookies or use a spyware remover to delete adware cookies.
  • Never believe that email is coming from who it claims to be coming from. It's very easy to falsify that information.
  • Never click on any hyperlinks (like www.anywhere.com) in any emails sent to you. Click on the link above and it'll take you back to our home page.
  • Discuss obscenity, untruths and unkindness with your children. Talk about why you don't feel obscene content is appropriate for them. You must decide what obscenity means for your family.
  • Discuss confidentiality and how not all information is meant to be told. Discuss how insecure communications is and how outsiders would love to listen in on conversations with their real friends.
  • Understand that social engineering is essentially interrogation. Trained professionals will use these techniques on you and your children. And your helpful and trusting children are only too willing to help people. Teach your children not to give out "too much information."
  • A discussion about trust and who is trustworthy is probably a good idea as well.
  • Email addresses should be treated as confidential. Don't let your children enter their email addresses for contests or sweepstakes.
  • Use different passwords for each website and write down your passwords on a piece of paper instead of using the same password or keeping them on your computer.
  • Keep your computer software up to date with "patches." If you software company no longer supplies security patches for your version of the software, you probably shouldn't be connected to the Internet anymore.
  • Buy security software for each machine that connects to the Internet. It's worth the cost.
  • Secure your home network.
  • Actually read the Licensing terms when you install any program. Sometimes, malware will tell you what nefarious things it will do.

Back to Part 1

Back to Part 2

Glossary

Spam

Spam is a common name for unwanted commercial email. Typical spam can be pornography, illegal prescription drugs, advertisements for questionable medical procedures and supplements to solve "sexual performance" problems.

Identity Theft

The process that allows criminals to pretend to be you so they can charge purchases on your credit cards.

Phishing

The process by which unwanted email is used to defraud people to send money or secret information which may lead to identity theft or actual theft, burglary or other crimes.

Viruses, worms, trojan horses, spyware, adware and malware

These are various names for rogue programs which try to take over your computer and do bad things unbeknownst to you. Viruses can trigger your computer to erase itself or even destroy itself. Worms send themselves around in emails sent from your machine. A Trojan horse allows somebody else to take control of your machine from anywhere on the Internet. Spyware will tell their creator what you do on your computer. Adware forces advertising to show up on your computer without your knowledge. Malware is the general term to describe any program that does anything described above.

Rootkit Virus

A Rootkit is a virus which hides itself from anti-virus programs as well as us humans. When you look for it where it is installed, it disappears like magic. It's very difficult to detect.

Keystroke loggers

These programs keep track of every key that you press as you type. The program records your keystrokes in special files that somebody will read at a later date. It's a very efficient way to read documents, email, instant messages and especially accounts, social security numbers and passwords. Formerly used by computer owners to eavesdrop on their spouses or children. Now used by cyber thieves.

Tracking Cookies

A file installed by a website, which identifies you as a specific shopper. Other websites check for this same file and suddenly they know that shopper XYZ238 shops at mybabytoys.com and banks at yourhomebank.com.

Tracking Pictures

Commercial email often sends pretty email with pictures. Except the pictures don't get sent in the email at all. The email includes the web address of where to find the picture. When you display the pictures, the person who sent the email finds out that you actually read the email.

Website hijacking

If you misspell a website address at all, you can get whisked off to some undesirable site (fraudulent, malware, pornographic or maybe worse).

Social Engineering

The art of convincing people to tell you their secrets. Interrogation can use social engineering techniques. "Con" men use these techniques as well.

Freeware

This is software that is free. No charge. But there is no warranty. No promises. And nobody to blame when it destroys your computer.

Shareware

This is software that you can try for a limited time for free. After that time, you are supposed to pay a fee to use it. Some of the time, the application will keep working after that trial period, but if you still use it, you are legally obligated to pay for it. 

Open Source Software

This is software that is free to download and the source code is free as well. You can change the software by rewriting the source code if you've got a degree in Computer Science. Because you can look at the source code, Open Source Software is less likely to be malware than freeware.

Licensing Terms

It turns out that when you buy software, you don't own it. You buy a license to use the software. Every software license is different but they are all devilishly complicated. Even Open source software has many different licenses (Gnu, BSD, etc). Sadly, you should actually read the licensing terms that show up in the installation program. Granted, these licenses are super long with filled with legalese, but many terrible, invasive malware programs will actually tell you in the fine print that they send your private information to the company who wrote the program or subject you to enless popup windows anytime you surf the Internet. With a cruel twist of irony, if the program divulges that it will steal your privacy, the program makers have claimed that they are not malware and sued antivirus makers to stop removing them.