Chris & Naomi Hathaway Home

This morning in my operating systems class, we talked about security.  After several very scary stories, I decided that perhaps I should put down everything I know about staying safe on the web.  It definitely isn't much, and for some probably pretty obvious or basic, but here it is, in a "Dos and Don'ts" format:

DOs:

• Get Firefox.  Besides the fact that its just a better browser, it stays more secure and is less targeted by evil-doers.  For instance, with IE, there's currently a security vulnerability, to where if you go to the wrong site, they can take control of your computer.  Also, because FireFox is open source, bugs get fixed quicker.
• Install something to remove adware and spyware.  Click on that link to find some decent instructions.

DON'Ts:

• Don't use stupid passwords.  If you're password can be found in a dictionary, it's not good.  If it can be found somewhere in your personal information (names, zipcodes, etc.), it's not good.  The easiest way to make a bad password better is by adding numbers or symbols, either at the end of the password (bingo43) or in place of letters that are similar (b1ng0).  Whatever you do, don't use "password" or any from this list.
• Don't use the same password for everything.  If someone ever finds it out, you're toast.  Use different passwords for different levels of security.  If you still want an easy password just so you know you won't forget it, have that password for things you don't care about, then a more complicated version for things that are important, like banks, e-mail, etc. 
• Don't open attachments to email from unknown sources.  This is pretty obvious, but it's still one of the most common ways to get viruses on your computer.  A lot of email clients check your attachments for you, but it's not failsafe.
• Don't enter any personal information from a link you clicked on from inside of an email.  This form of exploit is called phishing, and it can be very deceiving.  How it usually works is that a phisher will send you an email, claiming they are from a bank or credit card company or anything else, saying you need to update your personal information and giving you a link to do so.  The address that it came from might even look like it's from the company.  Anyway, when you click on the link, you'll come to a page that looks almost identical to the company page that you're used to.  It's actually a fake, and when you enter in your personal information or password, they now have it for their personal pleasure.  If you need to go to a site like that, go to it like you normally would, through a bookmark or by typing in the web address.
• Don't enter your credit card information unless you see that the web address starts with "https://".  That 's' stands for secure and means the information sent can't be seen by anyone else.  In fact, don't enter your credit card information unless you're fairly sure about the reliability of the company.  Just because a website does e-commerce doesn't mean they are completely secure and reliable.  It's better to pay a few extra bucks to buy from a reliable source, like Amazon, than risk giving personal information that can fall into the wrong hands.

Well, it's a start, and I'll add more later as I think of them.