Securing Your Browser
The way that your Web browser is configured provides a
front line to secure Web surfing. Though many of the
security features that relate to your browser are described
in other tutorials, these tutorials step you through a
complete assessment of your browser’s security settings.

Important Note:
Make sure you back-up your system or create a Restore
Point before making any changes

Checking IE Connection Types

Step 1:  Open Internet Options
Many of the security features of the Internet Explorer
browser can be set from the Internet Options window. To
open the Internet Options window, click on Tools, Internet
Options from the Internet Explorer window.

Step 2:  Select Advanced Tab
The different types of secure connections that can be used
with Internet Explorer are configured on the Advanced tab
of the Internet Options window. Click on the Advanced tab,
then scroll down to the Security heading.

Step 3:  Check Fortezza Connections
On the Internet Options, Advanced tab, if the Use Fortezza
box is checked it means that Internet Explorer is
configured to allow secure connections to Web sites that
support Fortezza cryptography connections. Fortezza is used
by the U.S. Department of Defense a Fortezza Crypto Card
reader, a Fortezza Crypto Card, and related software
drivers. Needless to say, this is a rather specialized type
of connection, though it doesn’t hurt to have it turned on.

Step 4:  Check PCT Connections
The Private Communications Technology (PCT) protocol is
developed by Microsoft to provide secure connections to
sites that support that protocol. SSL is much more widely
used than PCT, so there is generally no reason to select
this protocol. Click on the Use PCT 1.0 box if you want to
allow secure PCT connections from Internet Explorer.

Step 5:  Check SSL Connections
Because most secure connections on the Web rely on Secure
Socket Layer (SSL) protocols, you should select both Use
SSL 2.0 and Use SSL 3.0 options on the Advanced tab of the
Internet Options window. SSL was a protocol that was
developed by Netscape Communications.

Step 6:  Check TLS Connections
The Transport Layer Security protocol is an open standard
that is much like the SSL protocol. To allow connections
using TLS, click on the Use TLS 1.0 button.

Step 7:  Apply Changes
After you have selected the secure connection types that
your browser supports, click on the Apply button to have
the changes applied to your browser.

Checking IE Cache Settings

Step 1:  Open Internet Options
As you browse the Web, your browser will typically store
the pages you have visited on your hard disk. This can
speed up your browsing by having data ready immediately
when you step backward and forward among the pages you
visit. The potential security risk is that if others are
using your browser they may be able to see the stored
content later. You can clear stored pages by setting an
option on the Internet Options page. From IE, click on
Tools, Internet Options.

Step 2:  Select Advanced Tab
Options for deleting stored Web surfing content in
Internet Explorer are configured on the Advanced tab of the
Internet Options window. Click on the Advanced tab, then
scroll down to the Security heading

Step 3:  Check Save Encrypted Pages
Presumably, data that has been encrypted during
communication between your browser and a Web site will tend
to be more sensitive. For example, data is encrypted during
online shopping and other financial transactions. To
prevent any encrypted data from being saved to your disk,
select the “Do not save encrypted pages to disk” check box
on the Advanced tab of the Internet Options window.

Step 4:  Check Empty Temporary Files
You can have all the Web content that is temporarily
stored on your hard disk be removed when you close your
browser. Click on the “Empty Temporary Internet Files
folder when browser is closed” check box to enable that
feature.

Step 5:  Apply Changes
After you have selected the secure connection types that
your browser supports, click on the Apply button to have
the changes applied to your browser.

Setting IE Security Zones

Step 1:  Open Internet Options
Internet Explorer allows you to set groups of Web sites to
have similar levels of security. These groups are referred
to as “Web Content Zones.” You can set up these content
zones from the Internet Options page. From IE, click on
Tools, Internet Options.

Step 2:  Select Security Tab
Options for setting content zones in Internet Explorer are
configured on the Security tab of the Internet Options
window. Click on the Security tab to begin setting these
options.

Step 3:  Select Web Content Zone
There are four pre-defined Web content zones: Local
Intranet (for sites within your organization), Trusted
Sites (for sites you know are secure), Restricted sites
(for sites that are not secure) and Internet (for all other
Web sites). Click on one of those sites to set the level
and define the sites for that zone.

Step 4:  Select a Security Level
Click on the slider bar on the Security tab to set the
security level for zone you have selected. You can set the
security zone to Low, Medium-low, Medium, or High. Each
level is described when you select that level on the slider
bar. If you try to change to a less secure level than the
default for the zone, you will be warned.

Step 5:  Customize Security Level
If you want to fine tune any of the four preset security
levels, you can do so by clicking on the Custom Level
button. The Security Settings window appears. From that
window, you can select how different types of content are
handled (such as ActiveX controls, plug-ins, cookies, file
downloads, Java, etc.) when you try to download or start
that type of content. Click on OK when you are satisfied
with your settings.

Step 6:  Apply Changes
Click on the Apply button to apply the changes you made to
the Web content zones.

Enabling Content in Netscape

Step 1:  Open Preferences
Some types of content can pose a potential security risk
as you browse the Web. You can allow or disallow certain
types of content from the Netscape Preferences window. To
access this window, click on Edit, Preferences from the
Netscape window.

Step 2:  Select Advanced Preferences
From the Preferences window, click on the Advanced title
in the left column. Preferences that relate to the kinds of
content that can be displayed in Netscape and the ways that
cookies may (or may not) be accepted are displayed

Step 3:  Allow Java/JavaScript
By default, Java applets (small programs) and JavaScripts
(a series of commands) run in your browser when they are
encountered on the Web. Because these scripts can pose some
small security threat (and can also slow your browser), you
can choose to disallow these types of programs. Click on
the associated check boxes to turn off those features.
(Warning: some Web sites will not work with Java disabled.)

Step 4:  Enabling Cookies
Cookies are small files that a Web site stores on your
hard disk so it can identify you (and possibly your
personal information) the next time you visit the site.
Some people dislike Web sites knowing too much about them
and choose to turn cookies off (click on Disable Cookies).
Rather than accept all cookies, however, you can limit a
cookie’s use to the originating server or to be warned
before a cookie is accepted. (Warning: some sites won’t
work with cookies off.)

Step 5:  Applying Changes
Once you have changed the setting the way you want, click
on OK to have the changes take effect.

Setting Netscape Security

Step 1:  Open the Security Window
From the Netscape window, you can open a Security Info
window to find security information about the current Web
page. It can also be used to define how Netscape behaves
when it encounters potentially insecure situations. To open
the Security Info window from Netscape, click on the
Security icon in the toolbar (it looks like a small padlock).

Step 2:  Verify Web Page Security
When the Security Info page first appears, it tells you
two pieces of information about the current Web page. First
it tells you weather or not the page was encrypted and
second it verifies the Web address of the page you have
opened. To view details about the page, click on the Open
Page Info button.

Step 3:  View Page Information
When the Page Info page appears, you can view detailed
security information relating to the current Web page. If
it is a secure Web page, you can see the type of security
that is used with the page and who owns the certificate
that verifies the authenticity of the page. When you are
done viewing this information, close the page by clicking
on the X in the upper right corner of the window.

Step 4:  Set Security Warnings
If you are about to enter information about yourself into
a Web site, you probably want to make sure that the site is
secure. From the Security Info page, you can set Netscape
to warn when you enter or leave a secure site, as well as
when you view a page with some encrypted data or send
unencrypted information. (These features are on by
default.) To check these settings, click on Navigator in
the left column, then check how the values are set.

Step 5:  Apply Changes
To apply any changes you made to the Security Info page,
click on the OK button.

This video tutorial will show you how to install AVG Anti-Virus.
If you have Norton or McAfee I personally wouldn’t pay their
fees especially when you can have this protection for free.
If you have any other Anti-Virus and intend to install AVG,
please uninstall any other Anti-Virus program that you may
have.
AVG Anti-Virus Free Edition is one of the most popular
solutions to provide basic security protection on home and
non-commercial PCs and is used by millions of people worldwide.

Important

Create a backup of your system or a restore Point before making any changes

Can also be viewed in Windows Media Player by clicking:
AVG Installation

Identity theft is an very real problem and you need to actively protect yourself from it!
 
If your identity is ever stolen, it can be used in Fraudulent or Criminal activities, to obtain a job where you end up liable for the taxes, to make purchases of products and services that you WILL end up having to pay for, can completely devastate and destroy your credit, and take literally many years for you get it all straightened out.
 
Never give out personal information on the phone, through Postal Services, through e-mail or over the Internet in any other way, unless you’ve initiated the contact and you are sure you know who you’re dealing with.
 
Identity thieves can be skilled liars, and may pose as representatives of banks, government agencies, owners of a company, and yes, they can even pose as Internet service providers (ISPs) to get you to reveal identifying information. Before you divulge any personal information, confirm that you’re dealing with a legitimate representative of a legitimate organization. Double check by calling customer service using the number on your account statement, listed in the telephone book, or obtained via a Telephone Operator.
 
Your computer can be a goldmine of personal information to an identity thief. Here are some points on how you can safeguard your computer and the personal information it stores:

· Update your virus protection software regularly. Computer viruses can have damaging effects, including introducing program code that causes your computer to send out files or other stored information.
 
· Regularly check for security repairs and patches you can download from your operating system’s Web site.
 
· Don’t download files from strangers or click on hyperlinks from people you don’t know, especially when it comes to e-mail where the e-mail contains an attachment. Clicking a link or opening a file could expose your system to a computer virus or a program that could hijack your modem like a Trojan.
 
· Use a firewall, especially if you have a high-speed or “always on” connection to the Internet. A firewall allows you to limit uninvited access to your computer. Without a firewall, hackers can enter your computer remotely from anywhere in the world and even take over your computer and access sensitive information without you even knowing it.
I recommend the use of ZoneAlarm free firewall which can be found at  http://www.zonealarm.com/store/content/company/products/znalm/freeDownload.jsp

· To guard the safety of your online transactions always be sure the Web site you are on uses a secure browser software that encrypts or scrambles information you send over the Internet. When you’re submitting information, the address of the Web page should start with “https://” (apposed to the normal surfing address of http://), and also look for the “lock” icon on the status bar. It’s a symbol that your information is secure during transmission.
 
· Try not to store financial information on your PC or laptop unless absolutely necessary. If you do, use a “strong” password that is a combination of letters (upper and lower case) and numbers.
 
· Avoid using an automatic login feature that saves your user name and password; and always log off when you’re finished working in a password protected entry area. If your PC or laptop ever gets stolen, the thief will have a hard time accessing sensitive information if they need to enter usernames and passwords to access something.
 
· Delete any personal information stored on your computer before you dispose of it. Use a “wipe” utility program, which overwrites the entire hard drive and makes the files unrecoverable.  Use Ccleaner available for free at http://www.filehippo.com/download_ccleaner/ and when installed select ‘Options’ then select ‘Settings.  Under the heading ‘Secure Deletion’ click the ‘Secure file deletion (Slower)’ radio button and change the setting to NSA (7 passes).
 
· Read Web site privacy policies. They should answer questions about the access to and accuracy, security, and control of personal information the site collects, as well as how sensitive information will be used, and whether it will be provided to third parties.
 
· Never provide personally identifiable information like a username and password, a government issued number that identifies you, financial details, e-mail addresses, phone numbers, or your home address in areas like chat rooms, forums, instant messengers, e-mail, or any other area over the Internet that gives others access to the information.

Remember, always back-up your system before making any changes.  If using ccleaner make sure you know your passwords.  I suggest you open a spreadheet or word processor, enter the site url, username and password and save it to floppy.  Do NOT save this information on your hard drive.

To your privacy and safer surfing

cotojo 

How prevalent is Spam?  According to Scott McAdams, OMA Public Affairs and Communications Department (www.oma.org):

“Studies show unsolicited or “junk” e-mail, known as spam, accounts for roughly half of all e-mail messages received. Although once regarded as little more than a nuisance, the prevalence of spam has increased to the point where many users have begun to express a general lack of confidence in the effectiveness of e-mail transmissions, and increased concern over the spread of computer viruses via unsolicited messages.”

In 2003, President Bush signed the  “Can Spam” bill, in December of 2003 which is the first national standards around bulk unsolicited commercial e-mail.  The bill, approved by the Senate by a vote of 97 to 0, prohibits senders of unsolicited commercial e-mail from using false return addresses to disguise their identity (spoofing) and the use of dictionaries to generate such mailers. In addition, it prohibits the use of misleading subject lines and requires that emails include and opt-out mechanism. The legislation also prohibits senders from harvesting addresses off Web sites. Violations constitute a misdemeanour crime subject to up to one year in jail. 

One major point that needs to be discussed about this: 

Spam is now coming from other countries in ever-greater numbers. These emails are harder to fight, because they come from outside our country’s laws and regulations.  Because the Internet opens borders and thinks globally, these laws are fine and good, but do not stop the problem.

So what do you do about this? 

Here are the top 5 Rules to do to protect from spam.

Number 1: 
Do what you can to avoid giving your email address out on
the net.  

There are products called “spam spiders” that search the Internet for email addresses to send email to.  If you are interested, do a search on “spam spider” and you will be amazed at what you get back.

Interestingly, there is a site, WebPoison.org, which is an open
source project geared to fight Internet “spambots” and “spam
spiders”, by giving them bogus HTML web pages, which contain bogus email addresses

A couple of suggestions for you: 

a) use form emails, which can hide addresses or also b) use addresses like sales@company.com instead of
your full address to help battle the problem. c) There are also
programs that encode your email, like jsGuard, which encodes your email address on web pages so that while spam spiders find it, it is difficult or impossible to read your email address.

Number 2: 
Get spam blocking software.  There are many programs out
there for this.  (go to www.cloudmark.com or www.mailwasher.net for example).  You may also buy a professional version.  Whatever you do, get the software. It will save you time.  The software is not foolproof, but they really do help.  You usually have to do some manual set up to block certain types of email.

Number 3:
Use the multiple email address approach.

There are a lot of free email addresses to be had.  If you must
subscribe to newsletters, then have a “back-up” email address. It would be like giving your cell phone number to your best friends and the business number to everyone else.

Number 4: 
Attachments from people you don’t know are BAD, BAD, BAD.

A common problem with spam is that they have attachments and attachments can have viruses.  Corporations often have filters that don’t let such things pass to you.  Personal email is far more “open country” for spammers. 

General rule of thumb:  if you do not know who is sending you something, DO NOT OPEN THE ATTACHMENT.  Secondly, look for services that offer filtering. Firewall vendors offer this type of service as well.

Number 5: 
Email services now have “bulk-mail” baskets.  If what you
use currently does not support this, think about moving to a new
vendor.  The concept is simple.  If you know someone, they can send you emails.  If you don’t know them, put them in the bulk email pile and then “choose” to allow them into your circle.  Spam Blocking software has this concept as well, but having extra layers seems critical these days, so it is worth looking into.

 Bob Matharoo has also written an interesting article on Spam,  check it out here

Every day new computer viruses are created to annoy us and to wreck havoc on our computer systems. Below are ten viruses currently cited as being the most prevalent in terms of being seen the most or in their ability to potentially cause damage. New viruses are created daily. This is by no means an all inclusive list. The best thing you can do is to remain vigilant, keep your anti-virus software updated, and stay aware of the current computer virus threats.

Virus: Trojan.Lodear
A Trojan horse that attempts to download remote files. It will
inject a .dll file into the EXPLORER.EXE process causing system
instability.

Virus: W32.Beagle.CO@mm
A mass-mailing worm that lowers security settings. It can delete
security-related registry sub keys and may block access to security-related websites.

Virus: Backdoor.Zagaban
A Trojan horse that allows the compromised computer to be used as a covert proxy and which may degrade network performance.

Virus: W32/Netsky-P
A mass-mailing worm which spreads by emailing itself to addresses produced from files on the local drives.

Virus: W32/Mytob-GH
A mass-mailing worm and IRC backdoor Trojan for the Windows
platform. Messages sent by this worm will have the subject chosen randomly from a list including titles such as: Notice of account limitation, Email Account Suspension, Security measures, Members Support, Important Notification.

Virus: W32/Mytob-EX
A mass-mailing worm and IRC backdoor Trojan similar in nature to W32-Mytob-GH. W32/Mytob-EX runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels. This virus spreads by sending itself to email attachments harvested from your email addresses.

Virus: W32/Mytob-AS, Mytob-BE, Mytob-C, and Mytob-ER
This family of worm variations possesses similar characteristics in terms of what they can do. They are mass-mailing worms with backdoor functionality that can be controlled through the Internet Relay Chat (IRC) network. Additionally, they can spread through email and through various operating system vulnerabilities such as the LSASS (MS04-011).

Virus: Zafi-D
A mass mailing worm and a peer-to-peer worm which copies itself to the Windows system folder with the filename Norton Update.exe. It can then create a number of files in the Windows system folder with filenames consisting of 8 random characters and a DLL extension.

W32/Zafi-D copies itself to folders with names containing share,
upload, or music as ICQ 2005a new!.exe or winamp 5.7 ew!.exe.
W32/Zafi-D will also display a fake error message box with the
caption “CRC: 04F6Bh” and the text “Error in packed file!”.

Virus: W32/Netsky-D
A mass-mailing worm with IRC backdoor functionality which can also infect computers vulnerable to the LSASS (MS04-011) exploit.

Virus: W32/Zafi-B
A peer-to-peer (P2P) and email worm that will copy itself to the
Windows system folder as a randomly named EXE file. This worm will test for the presence of an internet connection by attempting to connect to www.google.com or  www.microsoft.com. A bilingual, worm with an attached Hungarian political text message box which translates to “We demand that the government accommodates the homeless, tightens up the penal code and VOTES FOR THE DEATH PENALTY to cut down the increasing crime. Jun. 2004, Pécs (SNAF Team)”