Home Site Map

Security               

Call the Senior Geek for Smooth Sailing Information Technology and Guaranteed Response
News Security Services Testimonials Secrets of the Techie Musings FAQ

 

Spyware/Adware (updated 4/21/2005)

Okay, it's time I added my 2 cents. 

I'm truly becoming paranoid. I don't know whom to trust. There are scads of commercial products about to deal with this scourge. I'm sure that some of them are very good and completely reliable. But which ones? How do we know and whom do we trust.

Here is what I do. 

I avoid using Internet Explorer (IE). Most sites run fine with Firefox.
I reset a switch in IE (Tools>Internet Options>Advanced>Browsing 'Enable third Party Browser extensions').
I replace Microsoft's Java Virtual Machine with the latest one available from Sun's site.
I keep my Anti-virus current.
I keep Windows current with Automatic updates.
I update and run Ad-aware about once a month.
I avoid opening attachments to e-mail, unnecessarily.
I turn off the 'Hide extensions for known file types' for all folders in Windows Explorer
I stay away from scurrilous sites, esp. free games, porn and doubtful free software/music downloads.
I am very cautious about clicking web links from e-mails I receive.

Everything I've listed is available for free and can be found easily with a Google search.

I often recommend the above steps and sometimes do the setup for clients who are having problems with spyware/adware. Nothing is perfect, but this seems to be sufficient. 

On the other extreme, I've rebuilt more than one system (format and reinstall everything) because the pesky stuff was taking too much time to try to expunge. Avoiding these problems is much less expensive in time and money than correcting them. Do it now.

If you are looking for authoritative information on dealing with this problem I recommend http://spywarewarrior.com/asw-test-guide.htm

Passwords

If you are anything like me, you are swimming in passwords. You really should be thoughtful about them as they are the primary method of security for the on-line world. I'm not going to lecture you about them. Better I should offer some practical advice.

There are passwords that I use multiple times in a day, still I found I could forget them over vacation. Thus, I long ago gave up and kept a written record of my passwords. Others, I have to look up every time I need to use them, because it is infrequent.

Time was when all my passwords could be written on a small piece of paper (about the size of a credit card). I had one that I carried in my wallet with my credit cards. Simple enough and much better security than something posted on my computer monitor. When necessary, I'd rewrite the list and destroy the old one. If that works for you, I recommend it.

But today I have so many userids and passwords that the list runs to four pages. So, I keep the list in a file on my computer and print it out occasionally. Where to keep the printout? Well, what do you keep with you and look after (rarely out of sight)? Wallet, purse, day-timer, notebook...  Or, if you use a PDA, put a copy there. Whatever you decide, consider the risk of losing the purse/PDA and someone finding the list and using it. Are you comfortable taking that risk. It could mean going back and changing all your important passwords if the list is lost. And the file, how to secure it? Well, one way is to give it a completely unlikely name. Even better is to encrypt it. It really depends on the environment your computer lives in and how backups are taken and stored. Can you trust the IT person who services your machine? Encryption is probably a very good idea if you are security conscious and have important accounts to protect.

And there is the question of what to use for a password. Most of us who have been taking this seriously have learned to divide our accounts into ones requiring either a 'weak' or a 'strong' password. I find that most of the accounts that I have set up with a password don't worry me. I don't really care if someone gets into one of them. There is no great loss potential. So I use my 'weak' password, or some variant of it that gets past their rules. But, some of my accounts, I really do want protected. These get a 'strong' password.

A password that you can pronounce is easier to remember than one you can't. But using real words or names is really not adequate security for a 'strong' password. What I recommend to people is to make a couple of pseudo words. Grab a book, thumb to a page and put your finger down randomly on the page. Extract a single syllable from a nearby word. Repeat this procedure a couple of times and stick the syllables together with a single numeric digit between them. Now you have an easily remembered password that is reasonably strong. Actually I have two such passwords and I mix and match syllables from them, moving digits around. 

Practical advice for practical people. True security experts won't tell you how they manage their passwords. It makes me nervous to post my approach. But, people have to live in the e-world and my job is to help them do it.

Where to go

A good place to start is the Microsoft web site. SANS is a reputable source of the latest information. And there are many others.

I generally don't provide links to other sites. Mostly it's that I'm to busy to spend time obtaining permission, which I'm supposed to do. Most sites can be found just as quickly with a good search engine (which is why I use the Google toolbar). There is one that  I will provide you because it seems to me quite excellent but not so easily found. Check out Microsoft Security FAQ

 

Send mail to gordon@corzine.com with questions or comments about this web site.
Last modified: January 11, 2008