| The same Internet connection that lets you reach out | | | | Opera browser is safer than either IE or Firefox. |
| and touch millions of Web servers, e-mail addresses, | | | | Threat 2: Phishing and Identity Theft |
| and other digital entities across the globe also | | | | You have probably seen your share of phishing |
| endangers your PC and the information it contains | | | | attacks, which look like communications from your |
| about you. Here's how to stymie the three gravest | | | | bank, PayPal, eBay, or another online account. The |
| Internet risks. | | | | message may ask you to click a link that leads to a |
| Threat1: IE | | | | bogus Web page, complete with realistic user-name |
| Internet Explorer heads the list of top Internet security | | | | and password log-in fields, or it might ask for a |
| attack targets in the most recent joint report of the FBI | | | | credit-card number. |
| and security organization SANS Institute. | | | | The fake address often resembles the real institution |
| One reason: As the most widely used browser, IE | | | | URL--'citibank.fakesite.com' in place of 'citibank.com', for |
| provides the biggest payoff for malicious hackers who | | | | example. The phishers site and e-mail message may |
| set out to exploit its flaws. The biggest problem with IE | | | | even load images from your bank, or have links to the |
| is its reliance on Microsoft ActiveX technology, which | | | | institution own Web site. |
| allows Web sites to run executable programs on your | | | | When you take the bait, the phisher harvests your |
| PC via your browser. | | | | data, and either sells it to someone else, or uses it to |
| Security patches and upgrades, including Windows XP | | | | drain your account right away. A variant called spear |
| Service Pack 2 and the recently released IE 7, make | | | | phishing identifies you by name in the lure message or |
| ActiveX safer, but the inevitable flaws that allow | | | | Web site, making the sham even harder to spot. |
| malware to circumvent those security | | | | You may have read that your bank will never send |
| measures--combined with the reality that we computer | | | | you an e-mail asking you to log in to your account, and |
| users are often a credulous lot--make ActiveX a risk | | | | it should not, though it does happen on occasion. The |
| not worth taking. | | | | vast majority of messages that appear to come from |
| Happily, with very few exceptions (such as Microsoft | | | | financial institutions are phishing attacks, so assume |
| Windows Update site), you can browse the Internet | | | | that such messages are bogus and avoid opening |
| effectively without ActiveX. | | | | them at all, let alone clicking any links they contain. |
| To disable ActiveX in IE 6 and 7, choose Tools, | | | | If you are concerned that the bank or other service is |
| Internet Options, Security, Custom Level, scroll to 'Run | | | | really trying to notify you of a problem with your |
| ActiveX controls and plug-ins, and select Disable. | | | | account, open your browser manually and log in to the |
| Click OK, Yes, and OK to close the dialog boxes. To | | | | site directly, or better yet, pick up the phone and call a |
| enable ActiveX on a known and trusted site, click | | | | customer service agent (if you can find one via the |
| Tools, Internet Options, Security, choose Trusted Sites, | | | | bank automated phone system). |
| click Sites, enter the site address in the text box, and | | | | The place you are most likely to notice that your credit |
| click Add. Uncheck Require server verification (https:) | | | | card or bank account has been compromised by a |
| for all sites in this zone, and click Close and OK. | | | | phishing attack or identity theft is on the statement you |
| If you leave ActiveX enabled, you may quickly | | | | receive from them via mail. Check it carefully for |
| encounter malware-harboring sites and e-mail | | | | unauthorized charges, and report any to the institution |
| attachments that ask you to let them install their | | | | immediately. |
| ActiveX controls on your system. Unless you are 100 | | | | IE 7 asks you a couple of times if you had like to |
| percent certain that the control is safe and legitimate, | | | | enable its phishing filter during installation; say yes. To |
| do not allow it. | | | | enable this feature, choose Tools, Phishing Filter, Turn |
| Regardless of which browser is set as the default on | | | | On Automatic Website Checking, and click OK. |
| your system, always keep Windows (and IE) updated | | | | Firefox 2 phishing filter is enabled by default, but it uses |
| to minimize your risk. | | | | a static downloaded list of known phishing sites. Many |
| To keep Windows XP up-to-date, visit (you will have | | | | firewalls and other security programs include |
| to use Internet Explorer) and install Service Pack 2, if | | | | identity-protection features that scan the stream of |
| you have not already. Next, choose Start, Control | | | | data leaving your PC for sensitive information, such as |
| Panel, System, and click the Automatic Updates tab. | | | | passwords or social security and credit card numbers, |
| Select Automatic (recommended) If you trust | | | | and then block the unauthorized transfers. |
| Microsoft implicitly, Download updates for me, but let | | | | Resist the temptation to post personal information on |
| me choose when to install them if you trust the | | | | your Web page, blog, or social site (Facebook |
| company a little bit, or Notify me but do not | | | | MySpace) account. Identity thieves, spammers, and |
| automatically download or install them to play it safest. | | | | online predators are always on the lookout for such |
| (Click "Do not Let a Windows Update Bring You | | | | data. Browse to "Safeguard Your Reputation While |
| Down" for more on Windows updates.) | | | | Socially Networking" for an explanation of the risks to |
| Whichever option you choose, click OK to download | | | | both adults and children, and for tips on what you can |
| and install the most recent security patches. | | | | do to avoid the dangers. |
| If you stick with IE, upgrade to version 7, which | | | | Threat 3: Malware |
| improves ActiveX security. Still, the best way to | | | | Every day, virus, spyware, and adware creators come |
| reduce your PC vulnerability to ActiveX exploits is to | | | | up with new, ingenious ways to gain access to your |
| download and install another browser, and set it as | | | | PC. |
| your default browser. | | | | These steps will help keep you safe: |
| Mozilla Firefox is the most popular IE alternative. | | | | Think before you click.Use a spam filter. Update your |
| Unfortunately, Firefox growing popularity has enticed | | | | antivirus software.Download with discretion.Use a |
| malware authors to exploit its own flaws. While no | | | | bidirectional firewall.Use antispyware. |
| software is perfectly secure, many experts think the | | | | |