Monday, January 5, 2009

Favorite On-Line Resources for Photography Products and Services - Part 2 - Safe and Secure

How does one safely shop On-line so that they do not get ripped off and do not but their personal information at risk of being ripped off? Although this discussion will be fairly lengthy, all the steps and measures taken and described here are mostly all things that you should already be doing even if you do not shop on-line.

Wether buying on-line from eBay or shops like Amazon.com, doing personal or business banking, paying bills on-line or even using pay services like iTunes or buying Antivirus on-line, you should always make sure you are completely protected.

Hardware

Part one of this protection is what I call the hardware layer. It starts where your Internet Provider leaves off at the Modem. The modem provided to you is a direct link in and out to and from the Internet. It is the best and easiest way fro someone to hack into your computer. Between your modem and your computer you should have a properly configured Hardware Firewall (most modern day Routers are Firewalls) to protect yourself.

This hardware layer is not the end all be all of protection. Hackers can still get through it if they know what they are doing, but it is a great start. On an average Cable based Internet Connection, you will probably have 20 to 30 hack attempts per day into your computer. Ninety-nine percent of these attempts are merely kids looking for an "open" connection right into your computer.

Software

Software protection is multi faceted and despite you best efforts will also not be complete protection (I'll explain why later). The very first of these facets are the patches or updates and then your Firewall Software, Antivirus Software and Anti Spyware Software round out the other facets.

Updates

Warning on Updates! - Always make sure that you create a backup image of your system or that you at least back up all your data before playing around with your system.

It is imperative that you keep your system fully updated and patched. Yes, even if you have Vista or a MAC! Windows, MACs, Linux and most other Operating systems ALL have flaws and bugs and once discovered by hackers, they will taken advantage of. Keep your system fully updated.

This is a little more complex than it seems however. First you must update you Operating System. Then you must update you Internet Browser as they have their own bugs and flaws, yes, MAC Browsers also. Then you need to update you browser plug-ins like Adobe Acrobat, Adobe Flash Player, Apple iTunes, Apple Quicktime, Sun's JAVA and any other plug-in you use. Chances are that you have most of these on your system even if you do not know it.

Lastly you need to make sure that your software on the computer is up to date. Games and Graphics Programs can also case problems for security. The good part about doing all these updates is that they can also prevent many system crashes.

Exception to Updates: I do not recommend doing ANY Hardware Driver Updates recommended by the Microsoft Site. Actually, I do not recommend doing any Hardware Driver Updates at all unless you are having specific problems. Again, make sure you have backups before doing any updates.

Firewall Software

Your computer probably came with Firewall Software, Windows XP and Vista both do. Use it! Make sure it is turned on if you do not have some other Firewall software like Norton's Internet Security. Make sure you know how to check if it is on and make sure it is on. My recommendation here if you have a good Hardware Firewall is to just stick with the basics but do use your integrated Firewall if you have a full Security Suite of programs like Norton's Internet Security.

Antivirus Software

A big and very important part of your protection is good Antivirus Software. Again, like most levels of security described here even the best AV software is not 100% full proof but some are way better than others. Do a little homework here. Just because you have used one product for the past five years, doesn't mean you shouldn't switch AV vendors.

NortonIS2009

My favorite by far is Symantec's Antivirus Corporate Edition. This is the best Antivirus Program out there, it gets the most frequent AV updates and it does not slow your computer down like many other AV programs. However, this is only available On-line and in Five Packs as it is not meant for home users.

Other great options are as follows; Norton's Internet Security Suite 2009 (http://www.symantec.com/) is exceptional and pretty much full proof for home users. It is highly rated by most Computer Magazines and was just recently (January 2009) given a 9 out of 10 with a "Kick Ass!" award for best overall protection. This great security suite also includes Anti Spyware, a great Firewall, Anti Spam E-mail control and Identity Protection. This product is available at most retailers. It should NOT be confused with their other product called Norton's 360 which I consider to be a mess of a program.

Other good options are Kaspersky's Internet Security 2009 (http://www.kaspersky.com/) also very well rated and ESET's NOD 32 Anti Virus which has been winning awards.

McAfees arsonal of AV and other products are no longer as good as they used to be and I at this time do not recommend them.

Free Antivirus Software has always been available. Programs like Avast 4 Home (http://www.avast.com/) and AVG Free (http://www.grisoft.com/) both very good at one time or another have been loosing ground on the Virus front for the last two years. This is from personal experience from clients of mine that have run into trouble using these products.

I have been keeping an eye on another free product that appears to be pretty good and again the January issues of Maximum PC Magazine concurs with their best Free Antivirus rating going to Avira Antivir. Available at http://www.free-av.com/. I have not used this product but friends have so use this at your own risk.

Microsoft makes their own AV Software called Live One Care but they have already announced they are discontinuing the product. You get what you pay for used to be valid in the Virus world but in recent years, this is no longer the case. Many other programs are available and many far inferior ones cost much more than these programs including the free ones mentioned here. There are also fake Antivirus programs that will hold your computer ransom or turn it into a Bot as part of a Botnet sending Spam all over the world that sell for as much as the ones mentioned above. So, be cautious, do a little research and choose wisely.

Note: Before installing any Antivirus software make sure you un-install your old software first.

It doesn't matter how good your Antivirus software is, if it isn't updated at least once a week (this is usually an automated process) it will give you little protection as many new viruses are created every week. Check for the date or time stamps on your Virus definitions.

Anti Spyware Software

In the ever evolving world of Viruses, the bigger and more recent threats appear to come from Spyware. Spyware can be as bad or worse than a Virus and can introduce even nastier things called Rootkits. This Spyware can steal your "secure" passwords including banking passwords or they can turn your computer into a Node of a very large BotNet.

Many Antivirus programs include Anti Spyware protection but many are not very good at it. Likewise, many Anti Spyware programs include Antivirus protection but they are very bad at that. So get a good Antivirus program and if it has good Anti Spyware, at least get another free Anti Spyware program.

In the corporate world I use and recommend Webroot Anti Spyware (http://www.webroot.com/). It has won many awards and it is usually best or second best rated depending on what versions and when it was rated during the year. They have been at the top for many years now.

WebRoot3User

Webroot Anti Spyware is also available as a stand alone boxed product available at most retailers and is also available in a three license version that can be installed on up to three computers at a much reduced price per computer. I swear by this product. Again like with other security options it is not 100% effective and so I turn to other products.

Years ago the free programs Lavasoft's Ad-Aware 2008 (http://www.lavasoft.com/) and SaferNetworking.Org's Spy-Bot Search & Destroy v1.6 (http://www.safer-networking.org/) were the GO TO programs to use. But like most free products they have not been able to keep up. Two free products that have been very good in the last while are SUPERAntiSpyware (http://www.superantispyware.com/) and a very good new comer that appears to get the nastier stuff, MalwareBytes (http://www.malwarebytes.org/).

If you would like another good commercial option to call upon, PCTool's Spyware Doctor (www.pctools.com/spyware-doctor). Don't let the fact the Dr. Phil recommends this product fool you, it is very good. I use this on some systems.

Again, just like all other software, these need to be updated regularly. The difference between the Free and Paid versions is that the paid versions usually update themselves and are usually on all the time whereas you need to manually update the free ones and need to manually run a scan every once in a while. The upside to the free is that it is not running all the time and so it does not slow your computer down so much. Good if you have al older slower computer.

Quick note on BotNets

If your system is acting funny you should always re-boot and then run a FULL Manual Antivirus AND Anti Spyware scan. If you have a second Anti Spyware program like Malware Bytes run a scan with that also. If any of the programs find Viruses or Spyware, remove the infections and reboot. If your system is still acting funny, it could have a Rootkit or/and could be part of a new BotNet.

If you suspect your system is part of a BotNet, try myNetWatchman SecCheck v2 (www.mynetwatchman.com/tools/sc). Run the single stand alone program (it runs is a DOS window) and let it do its thing.

Shopping On the World Wide Web

Now that your system is protected and free of Spyware and Viruses and hopefully all threats its time to start shopping. Where to go? What to buy? Oh wait, first things first "How to buy?"

Shopping on-line has one big downside, how do you send them your money? This is why we need all the security. The only real option is to use a credit card. Sending Checks is slow and the can be stolen from the mail system. Once received by the retailer they may get held for weeks before a product is shipped.

Giving anyone your Credit Card information is a big security risk. Specially on line where you may trust a big vendor like Amazon.com or Apple.com but what about the person responsible for the transaction once it is received? Most large vendors are reputable and most can be trusted as they have systems in place that keeps your credit card information secure even from their own staff.

Smaller shops and stores however are another whole matter. Their transactions are usually handled manually and so you information is at risk every time you buy something. How can you best protect yourself from very large risk?

Personally I do two things to protect myself and my bank. The first is that the credit card I use is a Card I acquired specifically for Internet Transactions. It is not special in any way except that it is not one of my other cards. It also has a very low limit of $500.00 on it. If it ever gets stolen on-line the thieves will not get very far with it. This then protects my other cards and also, since you are not responsible for the theft purchases, protects your bank from thousands of dollars in losses.

I use this card for ALL my on-line small shop purchases and sometime even for small shops or restaurants in town when I don't trust the staff.

The second thing you can do and something I recommend whole heartedly is using a service called PayPal (http://www.paypal.com/). PayPal is a service that is owned by eBay. Think of it as an on-line credit card. Basically you give PayPal your credit card information (the one with the $500.00 limit) and then when you make eBay purchases and other retailers that have signed onto PayPal you pay for items using a secure on-line transaction process using your PayPal Account. You never need to give your credit card information to the retailer.

There is no cost for using PayPal for purchasing products, all fees are paid for by the retailer. Once setup though, you can use PayPal to accept other peoples payments to you. You would then pay any transaction fees.

There are several benefits in that PayPal insures some transactions with certain limits and transaction types (read the fine print) and it makes it much easier to purchase. Once your account is setup with PayPal and 'verified', future purchases are quick and simple. This is the number one method of payment used on eBay with millions of transactions made everyday.

On Passwords

Before you can purchase anything on-line you usually need to setup an account at that site. This should always be free. In order to make a purchase you need to sign-in to your account and then you would use PayPal or your credit card to make the purchase.

The Password you use for these sites including eBay and your PayPal account password should be secure and kept very private and confidential.

Passwords for Facebook and your Yahoo Mail and other non credit sites should be secure and if they are all the same it is not a huge deal. They should still be kept private as a lot of damage can still be done with those passwords. However, your credit site passwords should all be different and should be more secure than you other passwords. This is what I usually recommend:

Never use the same password, perhaps change it based on the sites name. Keep a secure log in your home of these passwords. Use a completely different and more secure password for any and all commerce sites.

Simple Passwords for sites like – "JamesBondM" for Microsoft and/or "JamesBondF" for FaceBook. Easy to remember.

More Secure Passwords like – "S3cur3B@nk~eBay" or "C@nucks4EveriTunes" are much more secure.

Protect Yourself

The two biggest sources of problems I have been encountering are from people trying to get rid of Spyware or Viruses. They either do a search on Google for Free Anti Spyware Software (Bad idea!) or for Free Antivirus Software (Another Bad Idea).

Many of the programs that you will come across are themselves Spyware, Viruses or Trojans that will cause harm to your system or will hijack your system for ransom or other financial gains. Some of the programs you look up will seem very real and legitimate and you will read good (fake) reviews, but they are trouble. Do not randomly just buy software on-line. Either buy from a very reliable source like the ones I mentioned above (use the links provided to ensure you get to the right site and not a fake site) or go to a store and buy a retail box.

If you think your system is infected, the very last thing you should be doing is buying something on-line anyway! There is a very good change your credit card information WILL be stolen if you are infected.

Another big scam and another source of many infections is the Fake Anti Spyware or Fake Antivirus Pop-Up. What happens here is a Pop-Up will happen when you go to the standard bad sites like Free Game Sites, Free Desktop Wallpaper Sites, Free Cute Cat Screen Saver Sites (remember, nothing is free in this world) and so on. This Pop-Up will look like an Antivirus Program or an Anti Spyware Program and it will tell you that you system is infected. It will look so real that it will even say what viruses you have and how many! It will then ask you if you want to remove the infections.

HERE IS THE CATCH. In order for these sites to infect your computer they require your help. They need you to push a button in the Pop-Up Window. Pushing ANY button in a Window gives them the required security permission to install what ever Virus or Spyware they want. DO NOT PUSH OR CLICK ON ANY BUTTON. The way they program these is that by pushing the YES or the NO buttons, it will install the Virus or Spyware. So, what to do?

Your two options here. The first is to only click on the orange X at the top right hand side of the Pop-Up Window. This should safely close the Pop-Up Window but lately, this does not always work. If it fails to do so, you should save any work you are doing in other programs like Word, Excel or a Graphics Program, close all your open programs except for your Web Browser and then just Power Off the computer or just Pull The Plug.

Then you can restart your computer and run "Your" Anti Spyware or Antivirus program to make sure you have no infections.

What If I Get Infected

Getting rid of Malware (Viruses, Trojans, Spyware, Rootkits) can be very difficult at best of times even when you know what you are doing. In some cases it is like an art. With new emerging Rootkits it can sometimes with today's technology also be impossible to remove the infection. If you are having problems please consult a professional. Everything I talk about here is for preventing problems. If you run into problems, don't cause more damage by trying to do it yourself. Get help or you could loose all your files and data.

Where to Shop

In Part 3 of this blog post I will share the sites I shop at and why I shop at those sites.

Part 3 can be found here: http://eyesonphotography.blogspot.com/2009/01/favorite-on-line-resources-for_08.html

© 2009 Francois Cleroux

(Version 1.03 - January 2009)

Please feel free to leave comments, corrections, ideas, thoughts or suggestions.

No comments:

Post a Comment

I value thoughtful comments and suggestions. If you like or dislike this post, please let me know. If you have any ideas or suggestion, comments or corrections (I do make mistakes) please also let me know. Thanks.

- Francois Cleroux