6.4 Online Safety You May Not Have Considered
Installing a firewall and controlling your cookies are smart ways to protect yourself when you're online, but they're not the only security measures you should consider. This section gives you several additional strategies for safeguarding your computer and your personal information as you surf the Web.
6.4.1 Controlling Your Internet Security Levels
In the real world, it's usually obvious which are the seedier, more dangerous parts of town. But that isn't always true on the Web. An attractive, respectable-looking home page may actually be disguising a site intent on harm.
To help protect you from potential menaces, Internet Explorer categorizes Web sites and other places you may visit online (for example, an intranet) and places them into a handful of different security zones , each of which applies different levels of protection to your computer. The four security zone levels are as follows :
Internet (medium security)
Local Intranet (medium-low security)
Trusted Sites (low security)
Restricted Sites (high security)
Table 6-3 explains which security settings are applied for each zone. Any sites on your company's network or intranet are automatically added to the Local Intranet zone. All other Web sites are automatically added to the Internet zone. You can move sites from the Internet zone to the Trusted Sites or Restricted Sites zones manually. For example, if you know from experience that you can unequivocally trust http://www.catster.com, go ahead and put it in the Trusted Sites zone.
To assign a Web site to a particular zone, open Internet Explorer and choose Tools Internet Options Security. The Internet Options screen appears; Figure 6-14 tells you how to use it.
Table 6-3. Internet Explorer's Security Settings
Security Zone Level
How the Setting Affects Security
Disables many of Explorer's features, including ActiveX controls, Java and Java applets, and downloads.
Asks whether you want to run an ActiveX control before running signed ActiveX controls; disables unsigned ActiveX controls and certain other ActiveX controls; enables downloads and Java applets; prompts before downloading potentially unsafe content. (Note: Unsigned ActiveX Controls are those that have not been digitally "signed" by a site, so you can't know for certain who created the control.)
Most settings are the same as Medium, except Medium-Low runs certain content such as ActiveX controls without first displaying a message asking your permission.
Runs all content, such as ActiveX controls; offers the minimum number of safeguards and prompts, so, for example, you won't be asked whether you want to run an ActiveX control.
Note: Java applets and ActiveX controls are two kinds of programs that you can download to your PC and run inside your Web browser. They're frequently used to add interactivity to Web sites and are usually safe, but sometimes they're programmed to do your computer harm.
| || |
Figure 6-14. Use this screen to assign Web sites to different security zones. For example, to assign a Web site to the "Trusted sites" zone, select "Trusted sites" and then click the Sites button. Enter the Web site's address in the dialog box that launches.
220.127.116.11 Adjusting the security level of each zone
If you're not happy with the security level that Microsoft has assigned to a particular zone, you can pick a different level. To change a zone's security level, open Explorer and choose Tools Internet Options Security. Click the zone whose security setting you want to change and then select Default Level. A dialog box appears; move the slider to the security level you want that zone to have, and click OK.
For even greater control, Internet Explorer lets you customize the settings within each security level. For example, you can enable Java applets in the High setting, or disallow ActiveX Controls in the Low setting. To customize the settings for any level, choose Tools Internet Options Security. Click to select a zone, and then click Custom Level. In the Security Settings dialog box that appears, you can enable, disable, or customize up to two dozen security settings for that level.
6.4.2 Beware of AutoComplete
Internet Explorer's AutoComplete can be a great time-saver. It remembers things like Web sites you've visited, passwords and user names you've entered, and your shipping address, and then it recalls that information the next time you start entering the same data. For example, AutoComplete might automatically fill in the rest of a form once you've entered your first name or even prompt you with a list of words it knows will be helpful to you.
AutoComplete's convenience does, however, come with some privacy and security downsides. Namely, anyone using your computer can easily gain access to things like password-protected Web sites because AutoComplete can automatically input user name and password information.
To protect your privacy, you can turn off AutoComplete altogether, or you can use it to remember only certain information. For example, you can tell it not to remember passwords. To make these changes, open Internet Explorer and choose Tools Internet Options Content AutoComplete. The AutoComplete Settings dialog box appears (Figure 6-15).
| || |
Figure 6-15. The AutoComplete Settings dialog box lets you decide which items AutoComplete should remember, and which it should forget. For absolute safety, turn off all boxes, which means it won't remember anything. Of course, this now means you have to remember all the information you're telling Internet Explorer to forget.
Turn on the items you want AutoComplete to keep track of, and turn off the settings you'd prefer it didn't remember. Your passwords are the most sensitive information AutoComplete remembers, so you should strongly consider turning this option off.
To delete all the entries AutoComplete already has in its database, click Clear Forms to delete all forms-based information, such as your name and address. Then click Clear Passwords to delete your passwords.
Note: AutoComplete works in conjunction with Windows XP's user accounts feature ‚ in which information is kept separate for each person who uses your PC. So, for example, if you've logged out of your XP account and your sister is logged in, she won't be able to use your AutoComplete information ‚ and vice versa. Therefore, another way to protect yourself, even while using all of AutoComplete's functions, is to log out of XP whenever you're not at your PC.
6.4.3 Don't Let the Web Bugs Bite
Web bugs are invisible bits of data (sometimes called clear GIFs ) that follow you around on a Web site and track what you do. Unfortunately, they're surprisingly common.
You can avoid these spies by using a free program called Bugnosis, which identifies Web bugs on any site you visit, and alerts you whenever you encounter one. It doesn't, however, possess the ability to eliminate the bug. But, hey, at least you'll know when you're being bugged , so you can leave the site before you're spied on.
To download Bugnosis, visit http://www.bugnosis.org. After you install the program, a small "bug" image appears whenever you visit a site that has a Web bug.
6.4.4 Protecting Yourself Against Spyware
Spyware is software that watches your Internet activity without telling you, and reports back to an ad server about where you've been and what you've done. It frequently piggybacks on other free programs, such as the file-sharing software Kazaa. Companies then use the information they've gleaned about you to deliver advertising to your PC, frequently through the free program you downloaded. Even when you delete the program the spyware piggybacked on, the snooping software may still remain on your PC, watching your every step. It may also continue to deliver ads to you whenever you're online.
Some spyware's even more intrusive , doing things like changing your browser's home page without telling you or redirecting you to a competitor's site when you're about to make a purchase. Fortunately, you can eliminate spyware with a program called AdAware.
AdAware is a free anti-spyware program available from Lavasoft at http://www.lavasoftusa.com. It scans your PC for spyware, gives you a report on what it finds, and offers to delete any of the spyware it uncovered. As a safety precaution, AdAware backs up everything you delete through it, so if you ever nix something you later need, you can easily restore the copy ‚ and your sanity . Figure 6-16 shows AdAware in action.
Note: When deleting spyware, you may also disable software you still want to use. For example, if you find and remove the Cydoor spyware program from your PC, Kazaa's file-sharing stops working. So consider creating a Restore point before deleting any spyware, in case you change your mind. (See Section 13.1 for the scoop on Restore points.)
| || |
Figure 6-16. AdAware lets you review each piece of potential spyware it finds before it deletes anything. It also keeps backups of the spyware it deletes, so you can restore any file that you might decide you want. For good measure, you can also delete those backups .
6.4.5 Protecting a Public Wireless Connection
If you wirelessly connect your laptop to a hotspot at a coffee shop, airport, hotel, or similar public location, you face a serious security risk. (A hotspot is a public location that offers WiFi access to the Internet; WiFi is just a fancy term for wireless Internet access.)
Typically, hotspots offer virtually no security. That means other people using the same hotspot can easily snoop on your Internet activity, possibly stealing your passwords as you type them. What's more, others can even gain access to your computer if you have file sharing turned on.
To keep yourself secure, it's a good idea to use a Virtual Private Network (VPN) specifically designed for hotspots. A VPN is a piece of software that lets you make secure connections over the Internet by encrypting your data. VPNs are most commonly used by businesses with employees who are not all in the same location. But they're useful ‚ and advisable ‚ for hotspots, too.
If you're surfing the public airwaves, HotSpotVPN, available at http://www.hotspotvpn.com, is an excellent option. It's simple to set up and use, and costs only $8.88 a month. To use it, simply go to the Web site, sign up, and follow the instructions. The service runs over the Internet, so you don't need to download any software to use it.
Note: For information about how to find and connect to hotspots, see Section 9.1.2.
6.4.6 Surfing Anonymously
You might be surprised learn how much a Web site can glean about you each time you stop in for a quick visit. Web sites can figure out what operating system and browser you use, determine the last Web site you visited, grab the contents of your Windows XP clipboard, decipher your IP address, and in many cases even determine your general geographic location.
For a better understanding of just what Web sites can unearth about you, visit http://www.anonymizer.com/privacytest, as shown in Figure 6-17. The site's privacy test is a real eye- opener .
| || |
Figure 6-17. Any Web site can grab the contents of your clipboard, as you can see here. But that's just for starters. They can find out much more as well, such as your geographic location and the Web site you previously visited.
The best way to ensure that Web sites can't gather personal information about you and your computer is to surf anonymously ‚ by using an anonymous proxy server , which acts as a kind of cloak by sitting between you and the Web sites you visit. When you use an anonymous proxy server, your browser doesn't contact any Web sites directly; instead, it tells the proxy server which sites you want to visit. The proxy server then contacts the Web site, accesses the page you want, and displays it for you. Sites you're viewing don't get any information about you because the proxy server ‚ not the Web site itself ‚ delivers the pages to you.
Note: When you use anonymous proxies, your surfing will be slower than usual. Still, many security experts believe the trade-off in speed is worthwhile.
Several Web sites provide this service for free, including Anonymizer (http://www.anonymizer.com), the Cloak (http://www.the-cloak.com) and Surfola (http://www.surfola.com). Some charge extra fees if you want other services, such as blocking pop-up ads or deleting cookies.
Tip: Many shareware programs let you surf the Web with anonymity. See Section 6.6.2.