Home Page

Critical Alerts

Commercial Services

Internet Security




  Contact Us:





Internet Security

Recommended Best Practices for Internet Safety

1. General Background to Malware: Criminals are everywhere on the internet. They are based primarily in Eastern Europe and China and are generally beyond the reach of global law enforcement. The software they install on computers is referred to as malware (including spyware, and scareware). Internet crime is all about money; this is not kids having fun hacking your computer. The criminals want: 1. Identity information (name, address, telephone numbers, social security number, driver's license number, credit card information) from your computer via correspondence, resumes, tax returns and other documents to be used in identity theft and credit card fraud; 2. Bank and investment account usernames and passwords; 3. Corporate log-on usernames and passwords for employees using some type of remote access to a corporate network; 4. To scare you with fake antivirus and utility software into purchasing software to be downloaded and paid by credit card (scareware scams); 5. Your email address and access to your email address book which can then be used for spamming or further scareware attacks; 6. To enlist your computer into a "botnet" which is a grouping of tens of thousands to millions of computers controlled remotely and then rented out for further criminal activities; 7. Your Facebook password that then can be used to access your Friends list for further malicious attacks.

2. Adware: In addition to criminal activities on the internet, there is malicious advertising related software, known as adware, which tracks your activities on the web; websites you visit; purchases you make; physical location for directed advertising; preferences and so on. Adware is an invasion of privacy and it may or may not be illegal under specific circumstances depending on Federal and State laws. However, a related problem is that these databases collected by advertising related companies may be hacked or breached by criminals who then may obtain useful information for identity theft and scareware attacks.

3. Viruses: Today, there are almost no true viruses on the internet. Viruses, in general, spread from computer to computer via networks and media devices and are principally attempting to damage the computer's file structure and/or operating system. A computer virus is destructive; it has no further point other than to spread to other computers. Criminals are not interested in making your computer inoperable; rather they need your computer running well for their own purposes. This is a primary reason that traditional "anti-virus" software does not detect or stop most criminal attacks.

4. Methods of Attack: There are only a handful of ways, in general, a computer can be attacked by malicious software; 1. Opening forwarded mail attachments; 2. Clicking on links in emails; 3. Downloading free music or free videos; 4. Clicking on message links in Facebook or downloading malicious apps in Facebook; 5. Surfing onto a poisoned website or a poisoned image; 6. Clicking on poisoned advertising links on both legitimate and malicious websites. 6. Downloading malicious software hidden in free games, toolbars, and free applications/software.

5. Anti-Virus Products: All "anti-virus"/"anti-malware" products are of only limited utility because the criminals own all of the software and have fully paid subscriptions to them. The criminals routinely test their malware attack software against consumer security products to insure they will not be detected. Do not believe what they tell you in computer retail stores about how effective this or that product is. However, these products are useful and have a role in detecting medium and lower range threats, older attack vectors and copycat type of attacks.


7. Email Attachments: Do not open email attachments that have been forwarded to you. Forwarded generally appears as "FWD" or "FW" on the description line of the email. It does not matter from whom the email is from; family, friends or co-workers. It is obvious that if you not know the sender the email should be deleted immediately. The subject of the email will be jokes, funny stories, funny videos, greeting cards, "breaking" news stories, political commentary or cartoons, religious stories and so on. Email scanners will not identify attachments with hidden malicious software because the criminals own all of the software and have already tested the email to insure it gets by the scanners.

8. Email Links: Do not click on links in email unless you are absolutely sure it is safe. For example, if you open a Twitter account, you will receive an email asking for you to click on the link to complete the registration process. Phishing attacks are where the sender of the email is impersonating a company to trick you into clicking on a link and then providing personal information. Examples of this are fake emails from the IRS, U.S. Postal Service, United Parcel Service, Federal Express, PayPal and financial institutions. Because of database hacks of email marketing companies, you may also receive phishing attacks related to accounts you have set up with companies, such as Disney, cruise lines and banks. In these cases the email may contain identifying information about you or your account that makes it look legitimate. Always use the telephone first to verify such emails (and don't use the telephone number in the email because the criminals are very smart).

9. Junk Email: Immediately delete any email from a sender that you do not know.

10. Free Music and Free Videos: Do not download free music or free videos. A large percentage of these are infected with malicious software. Absolutely do not use P2P software such as Limewire, Frostwire, AresLite, Bearshare and MP3 Rocket. Do not torrent unless you can get yourself invited into a private torrent channel, which is fairly unlikely. Beyond the risk of infecting your computer, by downloading copyrighted material illegally you are exposing yourself to a potential lawsuit that are increasingly being brought against consumers and which cost $2,500 to $3,500 to settle out-of-court. An exception to the above comments is downloads from Youtube, which should be safe.

11. Facebook: Do not click on links in messages in your news feed or that have been placed on your wall unless you are absolutely sure you know what you are clicking on (like Blackhawk Computer at www.blackhawkcs.com). Again, as with email, it does not matter who sent the message because user profiles are easily hacked in Facebook. Never click on links to see videos, to take surveys, to see strange stories, or to get free items such as an iTunes gift card. Do not install any apps as these are a direct way to install malicious software on your computer.

12. Browser: Use Mozilla's Firefox or Google's Chrome as your default browser. While Internet Explorer 9 for Windows Vista and Windows 7 is much improved from a security viewpoint, it still uses ActiveX which can be avoided with Firefox or Chrome. Always use Web of Trust with your browser and only access websites or images that are rated dark or light green. Do not click on unrated images and do not click on an unrated website unless you are absolutely sure the site is safe. Always allow the browser and its add-ons/extensions/apps to update themselves when requested.

13. Flashcookies and Regular Cookies: Flashcookies and regular cookies represent a security and privacy risk. Due to the difficulty in removing flashcookies for the normal user, we recommend using the software utility CCLeaner from Piriform after every browsing session as it can remove them together with regular cookies and a multitude of junk files every computer generates.

14. Passwords: It is essential that all passwords be scrambled and include number and letters. If you can handle using upper and lowercase letters that is even better. Never use a word, phrase or name in any language. All passwords should be at least 8 characters long. Do not reuse passwords between websites and applications. One of the reasons the criminals are so successful is because of password reuse; once they have your password they can break into all of your websites and apps. Do not store your passwords in a document on your computer. Absolutely, always maintain separate and unique passwords for online banking and investment accounts. Never share your passwords with anyone and never provide them in an email response or to anyone over the telephone. The criminals have many ways into tricking you to provide usernames and passwords, so be on your guard.

15. Email Providers: No matter who is your email provider, change to Google's Gmail as it is the most secure.

16. Facebook Privacy: If you do not want the entire world to know something about you, then don't put it in Facebook, regardless of how your privacy settings are set.

17. Online Banking on a home computer: Only use online banking on a home computer where every user of that computer is thoroughly educated in internet risks and follows safe practices (as set forth in this document). If that is not the case, either buy another computer or do not bank online.

18. Windows Updates: Always install your Windows operating system updates as soon as they are available. Those updates are necessary to fix security vulnerabilities.

19. Adobe Products: Always have the latest Adobe Reader installed (for reading PDF files) and Flash Player for video.

20. Free Games and Software: The safest way to approach the risk in free games and free software on the internet is just to never download anything. This might be too extreme so another approach is to review via Google the name of the game or software you are interested in and check to see if the Web of Trust rating is green and whether there have been any online complaints about malware or adware associated with the download. It is better to do a bit of research so as to prevent possible problems.

21. Use a Router: Even if you only have a single desktop computer, you should always use a router in your network between the computer and the DSL or cable modem. A router acts as a firewall behind which the home network can reside safely. This will prevent port scanning and open port types of attacks on your computer. Always set a password on the router (that is, always change it from its default password to a password of your choice).

22. Wireless Security: All wireless routers should be configured to encrypt their wireless signal to prevent unauthorized use of your network by neighbors and strangers. The encryption type used should be either WPA or WPA2 but not WEP. WEP is easily broken in minutes even by a novice hacker.