September 2006
Minimize online risks
9 steps you can take right now to protect yourself
Protection software isn't perfect, so you should take additional precautions to reduce your vulnerability to online dangers.
Here are the measures our experts consider most effective:
1. Upgrade your operating system. If you use Windows XP, enable the automatic Windows Update feature, if you haven't already done so. Go to www.microsoft.com/protect and download and install Service Pack 2, which offers enhanced security. For earlier versions of Windows, run Windows Update from the Start menu.
Consider upgrading to the next version of Windows, called Vista, when it comes out in early 2007. It will offer enhanced security features like a two-way firewall that is turned on by default; advanced encryption software; and 64-bit architecture that makes it harder for rootkits and other malware to attack your system.
The vast majority of viruses and spyware programs have targeted Windows-based PCs, which far outnumber Macintosh computers. So using a Mac can minimize your risk. Even so, keep your Mac up to date via the Software Update Control Panel. Also regularly update your Web browser and other major software, using the manufacturers' update instructions or features.
2. Run updates for Microsoft Office. Office applications have lately become targets for phishing attacks, so you should check for Office updates as well as running Windows Update automatically. To do so, check http://office.microsoft.com/en-us/officeupdate/default.aspx.
3. Make the firewall in your home network safer. If you have a home network, your router most likely has a built-in firewall. Change its default password and disable "remote administration" to prevent hackers from seizing control of the router.
4. Get your browser up to speed. If you use Internet Explorer 6, keep its security level at medium or higher to block Web sites from downloading programs without your authorization or automatically running Windows active scripts.
You might also want to consider switching to another browser, such as Firefox, Safari (Mac-only), or Opera.
Microsoft is promising stronger security features for Internet Explorer 7, currently available in a beta version. Those include a status bar that's color-coded based on degrees of security, a phishing filter that can block fraudulent sites, and, when running with Vista, the ability to run in isolation from other applications as a protective measure against malicious software.
5. Regularly back up personal files. This safeguards your data in case of a security problem. Consider using a plug-in external hard drive (ConsumerReports.org subscribers can read our reviews of some recent models here [link to report from Sept. issue]) as your main or backup storage, so that if the computer becomes disabled, you'll already have your files off the machine.
6. Avoid short passwords. To foil password-cracking software, use passwords that are at least eight characters long, including at least a numeral and a symbol, such as #. Avoid common words, and never disclose a password online. With a broadband connection, shut off the computer or modem when you aren't using it. Don't post your e-mail address in its normal form on a publicly accessible Web page. Use a form, such as "Jane AT isp DOT com," that spammers' address-harvesting software can't easily read.
7. Use e-mail cautiously. Never open an attachment that you weren't expecting, even from someone you know. Never respond to e-mail asking for personal information. Forward fraudulent spam to the Anti-Phishing Working Group at reportphishing@antiphishing.org. Don't reply to spam or click on its "unsubscribe" link. That tells the sender that your e-mail address is valid.
8. Use multiple e-mail addresses. Use one e-mail address for family and friends, another for everyone else. You can get a free address from Hotmail Hotmail, Yahoo, or a disposable-forwarding-address service such as SpamMotel. When an address attracts too much spam, drop it. Instead of an e-mail address like janedoe@isp.com, select one with embedded digits, like jane8doe2@isp.com. Report spam to your ISP to improve its filtering.
9. Take a stand. Don't buy anything promoted in a spam message. Even if the offer isn't a scam, you are helping to finance and encourage spam. If you receive spam that promotes a brand, complain to the company behind the brand.
See our Cybersecurity hub for more information.
1. Upgrade your operating system. If you use Windows XP, enable the automatic Windows Update feature, if you haven't already done so. Go to www.microsoft.com/protect and download and install Service Pack 2, which offers enhanced security. For earlier versions of Windows, run Windows Update from the Start menu.
Consider upgrading to the next version of Windows, called Vista, when it comes out in early 2007. It will offer enhanced security features like a two-way firewall that is turned on by default; advanced encryption software; and 64-bit architecture that makes it harder for rootkits and other malware to attack your system.
The vast majority of viruses and spyware programs have targeted Windows-based PCs, which far outnumber Macintosh computers. So using a Mac can minimize your risk. Even so, keep your Mac up to date via the Software Update Control Panel. Also regularly update your Web browser and other major software, using the manufacturers' update instructions or features.
2. Run updates for Microsoft Office. Office applications have lately become targets for phishing attacks, so you should check for Office updates as well as running Windows Update automatically. To do so, check http://office.microsoft.com/en-us/officeupdate/default.aspx.
3. Make the firewall in your home network safer. If you have a home network, your router most likely has a built-in firewall. Change its default password and disable "remote administration" to prevent hackers from seizing control of the router.
4. Get your browser up to speed. If you use Internet Explorer 6, keep its security level at medium or higher to block Web sites from downloading programs without your authorization or automatically running Windows active scripts.
You might also want to consider switching to another browser, such as Firefox, Safari (Mac-only), or Opera.
Microsoft is promising stronger security features for Internet Explorer 7, currently available in a beta version. Those include a status bar that's color-coded based on degrees of security, a phishing filter that can block fraudulent sites, and, when running with Vista, the ability to run in isolation from other applications as a protective measure against malicious software.
5. Regularly back up personal files. This safeguards your data in case of a security problem. Consider using a plug-in external hard drive (ConsumerReports.org subscribers can read our reviews of some recent models here [link to report from Sept. issue]) as your main or backup storage, so that if the computer becomes disabled, you'll already have your files off the machine.
6. Avoid short passwords. To foil password-cracking software, use passwords that are at least eight characters long, including at least a numeral and a symbol, such as #. Avoid common words, and never disclose a password online. With a broadband connection, shut off the computer or modem when you aren't using it. Don't post your e-mail address in its normal form on a publicly accessible Web page. Use a form, such as "Jane AT isp DOT com," that spammers' address-harvesting software can't easily read.
7. Use e-mail cautiously. Never open an attachment that you weren't expecting, even from someone you know. Never respond to e-mail asking for personal information. Forward fraudulent spam to the Anti-Phishing Working Group at reportphishing@antiphishing.org. Don't reply to spam or click on its "unsubscribe" link. That tells the sender that your e-mail address is valid.
8. Use multiple e-mail addresses. Use one e-mail address for family and friends, another for everyone else. You can get a free address from Hotmail Hotmail, Yahoo, or a disposable-forwarding-address service such as SpamMotel. When an address attracts too much spam, drop it. Instead of an e-mail address like janedoe@isp.com, select one with embedded digits, like jane8doe2@isp.com. Report spam to your ISP to improve its filtering.
9. Take a stand. Don't buy anything promoted in a spam message. Even if the offer isn't a scam, you are helping to finance and encourage spam. If you receive spam that promotes a brand, complain to the company behind the brand.
See our Cybersecurity hub for more information.
