Protecting Yourself on the Web


There are a number of problems to look out for on the web:

  • Viruses, which are programs or scripts that get into your computer and cause damage in a myriad of ways

  • Worms, which are like viruses that replicate independently over a network without any human intervention

  • Trojan horses, which are programs that appear to be innocuous but that cause damage to your system when you run them

There's some overlap between these definitions. A worm may not have been designed to do harm but, owing to the number of instances on your computer, it could clog up your file system or damage your email files, which might classify it as a virus. Is a program that releases a worm but that doesn't cause damage to your system a worm or a trojan horse? While the distinctions are sometimes blurry, all of these are Bad Things from Bad People. You don't want them on your computer. Using a good anti-virus program (with up-to-date virus definitions) is essential. The biggest vector for viruses is any email program that automatically loads and runs scripts. Thunderbird, described later in this book, is much safer because, among other things, it doesn't load and run scripts unless you actively tell it to.

One of the most recent computer plagues is spyware. Spyware is programs or scripts that are installed without your explicit permission that sit quietly in the background and do things to your system that you don't want to be done. What kinds of things? Here are some of the basic types of spyware:

  • Ad ware (also known as "popupware") is certainly the most common type of spyware. When you go online, the adware displays ads in popup windows (aka "popubs") about all kinds of products: hair loss remedies, herbal Viagra substitutes, cheap car rentals, you name it. Adware usually also transmits information about your web surfing habits and preferences to someone collecting information about you, who then sells it to spammers and marketers so that you get hit with targeted spam and probably more popups. (This process is known as "data mining," and there are pieces of adware that are just data miners.)

  • Search hijackers (also known as "browser hijackers" or just "hijackers") change your browser's home page and your preferred search engine to something you didn't plan on (usually porn sites or some cheesy web scam). Search hijackers are also frequently data miners, just like many versions of adware.

  • Keystroke loggers are particularly nasty. While all the other types of spyware are busy trying to sell you stuffstuff you really don't want, but stillor gather information about you so that other people can try to sell you stuff, keystroke loggers are tracking the actual keystrokes you enter on the computer. Anytime you log in to your email account to pay websites you patronize or (worst of all!) to your credit card site to make a payment, the keystroke logger records everything and then sends it to someone.

Note

Popups and how to suppress them are discussed in Chapter 3, aptly titled "Ridding Yourself of the Annoyances of the Web."


There are a few other classes of spywaredialers that look for a phone line via a modem and then dial long distance 900 numbers to rack up bills on your account, for instance, or programs that look for Quicken on your computer and then have Quicken transfer money to someone else's bank account (as demonstrated by Germany's Computer Chaos Club in 1997)but the bottom line is that spyware and the people who create or use it have no reason for continued existence on any planet that's discovered penicillin.

Fortunately, you can do a number of things to detect and remove spyware and to avoid it in the future. Some of the best detection tools for Windows are free: Ad-Aware SE Personal Edition from Lavasoft (www.lavasoftusa.com) and Spybot Search & Destroy (http://www.safer-networking.org) are my personal favorites. I use both of them, because each tends to catch some things that the other doesn't. I also use ZoneAlarm (www.zonealarm.com) as a software firewall so that I can see if something on my computer is trying to send information elsewhere. It's also free and cheap at twice the price.

Spyware is primarily a problem for Windows computers, but Mac users may want to try a product like MacScan (http://macscan.securemac.com). You might also want to look at general Mac security sites, such as MacSecurity.org (http://www.macsecurity.org) and SecureMac (http://www.securemac.com), for information on how best to protect your Mac. Linux users have nothing to fear: spyware is not an issue for Linux computers at this time.

Warning

Some spyware detection and removal programs actually don't do much of anything. Some of them are even loaded with spyware themselves. Before you install just any old spyware checker on your system, look around and see what people are saying about its effectiveness.


To avoid getting spyware in the future, first use Firefox (you knew that was coming, didn't you?). Here's why: Microsoft's approach to designing Internet Explorer was an optimistic view of security. Internet Explorer provided the maxiumum amount of capability with the hope of providing mechanisms that could and would be used to avoid risks. Unfortunately, it didn't quite work that way: ActiveX lets people silently access the operating system, the browser itself, and applications, and the Security Zone Model can allow the silent downloading, installation, and execution of programs without your knowledge. Powerful stuff that you can use to do great things? Sure! But sadly, it doesn't have enough safeguards, and as a result, ActiveX and the Security Zone model are used together as the primary mechanism to deploy spyware.

To be fair, Microsoft has recently addressed some of the issues in SP2 for Windows XP, but only a couple years after the dangers of Internet Explorer and its architecture were discussed in an article entitled "The Most Dangerous Software Ever Written" (www.networkmagazine.com/article/NMG20020701S0007). Worse, because Microsoft is focusing on Windows XP, over 200 million users of Windows 95, Windows 98, and Windows 2000 are being left out in the cold.

In contrast, Firefox takes a pessimistic, Murphyistic view of vulnerability: "Anything that can go wrong, will go wrong." Firefox attempts to create a firewall around the browser and remote content and other applications that might be available on the PC. In every case where potentially dangerous actions can happen, Firefox attempts to warn users about the risk. Furthermore, because Firefox doesn't support ActiveX and the security zone architecture, Firefox doesn't allow websites to install software automatically. Without the ability for websites to silently download and install spyware, Firefox has some immediate security advantages over Internet Explorer.

For further safety, don't put yourself in harm's way. Avoid software and websites that are likely to be infested with spyware. As you might expect, websites focusing on warez, porn, illicit mp3s, and file sharing are all likely to have spyware (you all look like nice people and would never go to places like these, but you need to know). Unfortunately, lots of sites that even a nice person like you might go to that also have spyware: online games, dating sites, contests, free software, and even some major companies' websites can all try to download spyware on your computer. The trick is to be cautious, use Firefox to filter out a lot of the spyware, use Ad-Aware and Spybot to check for spyware regularly (daily's not too often to check if you surf a lot), and use ZoneAlarm to watch what's trying to talk from your computer to elsewhere without your knowledge.

FRIDGE

Spyware can be bundled as part of another program so that the spyware installs when you install the program, but it's most commonly downloaded from websites. But just to be on the safe side, consider checking your system by running Spybot or Ad-Aware immediately after installing a new program. You should routinely check the Add/Remove applet in the Control Panel as well as checking your system's Pogram Files directory for things you don't recollect. (This is sort of like walking through your house and saying, "Where'd that vase come from?")


TOOL KIT: Dealing with the Windows Registry

If you're using Windows, you should also use a registry cleaner periodically to check for spyware as well as to clean up stray registry entries. Several good registry cleaners are available, the Norton Utilities version being one of the best-known, but you can find a variety of shareware registry cleaners through www.shareware.com. If you're really technically savvy, you may want to take a tour through your registry every so often using RegEdit. This is a really tedious job and it's not for the faint of heart, but it can help you find traces of buried spyware. Be sure to back up your registry before you touch anything in it.




    Firefox and Thunderbird Garage (Garage Series)
    Firefox and Thunderbird Garage
    ISBN: 0131870041
    EAN: 2147483647
    Year: 2003
    Pages: 185

    flylib.com © 2008-2017.
    If you may any questions please contact us: flylib@qtcs.net