Take steps to ensure on-line privacy, advise techies

February 7, 2005

Pharmacists who kick back after work by surfing the Web are sitting ducks waiting to be plucked if they don't act to protect their machines from prying eyes, according to the authors of a new book on cyber security.

Pharmacists who kick back after work by surfing the Web are sitting ducks waiting to be plucked if they don't act to protect their machines from prying eyes, according to the authors of a new book on cyber security.

Hosts of Internet interlopers are out to swipe information from unprotected computers or even to hijack them for their own nefarious purposes. The security research group SANS Institute estimates that an unprotected Windows-based computer will last just 16 minutes before it's found and infected. So said Doug Partridge, coauthor, with Kevin Ryan, of the electronic book "How To Secure Your Computer Using Free Tools and Smart Strategies." Written for non-techies, the how-to guide outlines ways to build a security shield around PCs.

"The threat depends on how much or how often you go on-line," said Partridge, a 15-year IT veteran. "If you have an 'always-on' connection, you're really in trouble. Programs scan the Internet looking for vulnerable systems just waiting to be infected. You really have to worry about spyware. It ranges from advertisers trying to target marketing to the criminal element trying to steal accounts and passwords and identities."

•Install a personal firewall to make your computer virtually invisible to the on-line sharks. In addition to an antivirus program, a firewall is mandatory in order to block unwanted attempts to connect to your computer. The authors recommend the free Sygate Personal Firewall, which is at http:// http://smb.sygate.com/products/spf_standard.htm.

•Install a spyware removal program and run a scan at least once a week. Commercial spyware scrubbers start at about $30 annually but there are free programs for personal use, including Lavasoft's Ad-Aware, downloadable from http://www.lavasoft.com/.

•Consider dumping Internet Explorer and switching to a more secure Web browser. Mozilla's free browser Firefox is getting a lot of positive play. Not only is it more secure than IE, it comes with a built-in pop-up blocker and Google search tool. It's available for Windows, the Apple Macintosh, and the Linux operating system. Check it out at http://www.mozilla.org/.

•Never provide personal or financial information to a nonsecure Web site. Secure sites have a small padlock icon in the lower right-hand corner of the browser window and the letters HTTPS in the address bar. The S stands for secure. Check your browser's security capability for free at http:// http://www.verisign.com/advisor/check.html.

•Never provide confidential or financial information in response to an e-mail request. Legitimate companies never ask for such information over an insecure medium such as e-mail. To thwart these practitioners of "phishing," do not click any links in the suspect e-mail. They lead to phony Web sites designed to mimic the real company's home page and steal your personal information.

•Read the fine print before supplying personal information. Always read a Web site's privacy policy to find out if the sponsor will share or sell your information. Be suspicious if there is no privacy policy posted.

•Never download or accept any file or program from a source you don't know or trust. Spyware is often bundled with "free" programs, which can infect your computer.

•Virus check all e-mail attachments. Never open an unexpected attachment, even from friends or business senders. Their computers may be infected and spread the problem to everyone in your e-address book.