| The same Internet connection that lets
| |
| | experts think the Opera browser is safer
|
| you reach out and touch millions of Web
| |
| | than either IE or Firefox.
|
| servers, e-mail addresses, and other
| |
| | Threat 2: Phishing and Identity Theft
|
| digital entities across the globe also
| |
| | You have probably seen your share of
|
| endangers your PC and the information it
| |
| | phishing attacks, which look like
|
| contains about you. Here's how to stymie
| |
| | communications from your bank, PayPal,
|
| the three gravest Internet risks.
| |
| | eBay, or another online account. The
|
| Threat1: IE
| |
| | message may ask you to click a link that
|
| Internet Explorer heads the list of top
| |
| | leads to a bogus Web page, complete with
|
| Internet security attack targets in the
| |
| | realistic user-name and password log-in
|
| most recent joint report of the FBI and
| |
| | fields, or it might ask for a credit-card
|
| security organization SANS Institute.
| |
| | number.
|
| One reason: As the most widely used
| |
| | The fake address often resembles the real
|
| browser, IE provides the biggest payoff
| |
| | institution URL--'citibank.fakesite.com'
|
| for malicious hackers who set out to
| |
| | in place of 'citibank.com', for example.
|
| exploit its flaws. The biggest problem
| |
| | The phishers site and e-mail message may
|
| with IE is its reliance on Microsoft
| |
| | even load images from your bank, or have
|
| ActiveX technology, which allows Web
| |
| | links to the institution own Web site.
|
| sites to run executable programs on your
| |
| | When you take the bait, the phisher
|
| PC via your browser.
| |
| | harvests your data, and either sells it
|
| Security patches and upgrades, including
| |
| | to someone else, or uses it to drain your
|
| Windows XP Service Pack 2 and the
| |
| | account right away. A variant called
|
| recently released IE 7, make ActiveX
| |
| | spear phishing identifies you by name in
|
| safer, but the inevitable flaws that
| |
| | the lure message or Web site, making the
|
| allow malware to circumvent those
| |
| | sham even harder to spot.
|
| security measures--combined with the
| |
| | You may have read that your bank will
|
| reality that we computer users are often
| |
| | never send you an e-mail asking you to
|
| a credulous lot--make ActiveX a risk not
| |
| | log in to your account, and it should
|
| worth taking.
| |
| | not, though it does happen on occasion.
|
| Happily, with very few exceptions (such
| |
| | The vast majority of messages that appear
|
| as Microsoft Windows Update site), you
| |
| | to come from financial institutions are
|
| can browse the Internet effectively
| |
| | phishing attacks, so assume that such
|
| without ActiveX.
| |
| | messages are bogus and avoid opening them
|
| To disable ActiveX in IE 6 and 7, choose
| |
| | at all, let alone clicking any links they
|
| Tools, Internet Options, Security, Custom
| |
| | contain.
|
| Level, scroll to 'Run ActiveX controls
| |
| | If you are concerned that the bank or
|
| and plug-ins, and select Disable.
| |
| | other service is really trying to notify
|
| Click OK, Yes, and OK to close the dialog
| |
| | you of a problem with your account, open
|
| boxes. To enable ActiveX on a known and
| |
| | your browser manually and log in to the
|
| trusted site, click Tools, Internet
| |
| | site directly, or better yet, pick up the
|
| Options, Security, choose Trusted Sites,
| |
| | phone and call a customer service agent
|
| click Sites, enter the site address in
| |
| | (if you can find one via the bank
|
| the text box, and click Add. Uncheck
| |
| | automated phone system).
|
| Require server verification (https:) for
| |
| | The place you are most likely to notice
|
| all sites in this zone, and click Close
| |
| | that your credit card or bank account has
|
| and OK.
| |
| | been compromised by a phishing attack or
|
| If you leave ActiveX enabled, you may
| |
| | identity theft is on the statement you
|
| quickly encounter malware-harboring sites
| |
| | receive from them via mail. Check it
|
| and e-mail attachments that ask you to
| |
| | carefully for unauthorized charges, and
|
| let them install their ActiveX controls
| |
| | report any to the institution
|
| on your system. Unless you are 100
| |
| | immediately.
|
| percent certain that the control is safe
| |
| | IE 7 asks you a couple of times if you
|
| and legitimate, do not allow it.
| |
| | had like to enable its phishing filter
|
| Regardless of which browser is set as the
| |
| | during installation; say yes. To enable
|
| default on your system, always keep
| |
| | this feature, choose Tools, Phishing
|
| Windows (and IE) updated to minimize your
| |
| | Filter, Turn On Automatic Website
|
| risk.
| |
| | Checking, and click OK.
|
| To keep Windows XP up-to-date, visit (you
| |
| | Firefox 2 phishing filter is enabled by
|
| will have to use Internet Explorer) and
| |
| | default, but it uses a static downloaded
|
| install Service Pack 2, if you have not
| |
| | list of known phishing sites. Many
|
| already. Next, choose Start, Control
| |
| | firewalls and other security programs
|
| Panel, System, and click the Automatic
| |
| | include identity-protection features that
|
| Updates tab.
| |
| | scan the stream of data leaving your PC
|
| Select Automatic (recommended) If you
| |
| | for sensitive information, such as
|
| trust Microsoft implicitly, Download
| |
| | passwords or social security and credit
|
| updates for me, but let me choose when to
| |
| | card numbers, and then block the
|
| install them if you trust the company a
| |
| | unauthorized transfers.
|
| little bit, or Notify me but do not
| |
| | Resist the temptation to post personal
|
| automatically download or install them to
| |
| | information on your Web page, blog, or
|
| play it safest. (Click "Do not Let a
| |
| | social site (Facebook/MySpace) account.
|
| Windows Update Bring You Down" for more
| |
| | Identity thieves, spammers, and online
|
| on Windows updates.)
| |
| | predators are always on the lookout for
|
| Whichever option you choose, click OK to
| |
| | such data. Browse to "Safeguard Your
|
| download and install the most recent
| |
| | Reputation While Socially Networking" for
|
| security patches.
| |
| | an explanation of the risks to both
|
| If you stick with IE, upgrade to version
| |
| | adults and children, and for tips on what
|
| 7, which improves ActiveX security.
| |
| | you can do to avoid the dangers.
|
| Still, the best way to reduce your PC
| |
| | Threat 3: Malware
|
| vulnerability to ActiveX exploits is to
| |
| | Every day, virus, spyware, and adware
|
| download and install another browser, and
| |
| | creators come up with new, ingenious ways
|
| set it as your default browser.
| |
| | to gain access to your PC.
|
| Mozilla Firefox is the most popular IE
| |
| | These steps will help keep you safe:
|
| alternative. Unfortunately, Firefox
| |
| | Think before you click.Use a spam filter.
|
| growing popularity has enticed malware
| |
| | Update your antivirus software.Download
|
| authors to exploit its own flaws. While
| |
| | with discretion.Use a bidirectional
|
| no software is perfectly secure, many
| |
| | firewall.Use antispyware.
|
