The "Stay Safe Online Campaign" is calling for a combined government - private industry drive to encourage computer users to perform, at a minimum, a twice-yearly comprehensive computer security check. The dates specified for this year are April 7 and October 27, 2002, which are also the dates that Daylight Savings Time changes, and we all have to reset our clocks. The idea is that when we change our clocks, we are also to check our computer security. This semi-annual check is in addition to the use of properly installed, configured, and frequently updated antivirus software, as well as the use of a firewall, and other appropriate safety measures.
To view the list of recommended safety procedures and tools, visit the new website at http://www.staysafeonline.info. As an aside, notice the new "info" domain on this URL.
The first time I ran Opera, I was pleasantly surprised. It loaded much faster than IE6, and web pages also loaded faster. I went to a variety of sites, and could not find any that would not load properly. Since Opera is strictly compliant with all major web standards (and Internet Explorer is not), some web pages may look slightly different than with other browsers, but the differences were not really noticeable. Advanced security features were evident, and easy to customize. I like the cookie control and other privacy features available. The custom configuration of Opera was much easier to understand and perform than it was for IE and Netscape, and options were also available to control some of the common annoyances such as "pop-up" windows. Another interesting feature of Opera was the extensive availability of optional but simple shortcuts and mouse actions to activate features of the program.
If you would like to try a full featured browser, which only lacks the "bloat" of its better-known competitors, but loads pages significantly faster, give Opera a try. I did, and I really enjoy it.
To discuss these products, or any other computing issues, please listen to my two weekly call-in radio shows on KLVI, 560am, Tuesdays from 6-7pm, and Saturdays from 1-3pm. There is also a new website where much of this information will be available at http://www.mycomputershow.com.
This true anecdote is indicative of a problem facing millions of PC and MAC users on a network, or surfing the net. Previously it was thought that the problem only affected network users, and then broadband users such as DSL and cable modem users became prime targets of hackers. Now, even dialup users are prone to hack attack, and a firewall, properly installed and updated, may now be a more important piece of protective software for a computer user than antivirus software. The function of a firewall is to protect unauthorized network or online access to a computer, and to prevent rogue software already on a computer from transmitting information. The reason is that while a virus may possibly destroy the data on your computer, a hacker using a backdoor program can access all of the files on your computer, monitor and interfere with computing activities, track and record web surfing, and capture keystrokes used for usernames and passwords. Identities can be stolen, and existing financial accounts can be accessed and new ones created by the intruder. There are also documented cases of hackers accessing online banking and investment accounts, conducting transactions, and transferring balances to offshore accounts. Incidents have been published about hackers accessing individuals' personal accounting, checkbook, and tax software and then changing critical numbers and balances. Some hackers, have also downloaded personal files, and other vital information, and then deleted the originals on the target computers, making account repair and correction difficult. For businesses, important proprietary information may be accessed, compromised or altered. These destructive acts are not some theoretical happening, but genuine occurrences that happen far more often than many computer users realize. There is also published anecdotal evidence that the majority of users with infected computers are unaware that they are candidates for identity or financial theft, and access and destruction of their files. Personally, I have helped local individuals who thought that their hard drive had "crashed" only to find out that critical files had been purposely deleted or altered by a hacker using a backdoor to access the computers. A selling point of Windows XP has been that it includes an integral firewall, but it generally does not have the protection ability of many third party products.
Cost should not be an issue, because there are several fine firewalls that are free for personal use, and in the free - $50 range for business use. Stopping just one unauthorized access will likely make the small investment the bargain of a lifetime. The reason why several software companies give away their firewalls is to build up a loyal following of users, who will then recommend the paid version of the firewall they use to their employers.
Below are those products available free for personal use. Not listed are the fine commercial products published by McAfee, Norton, BlackIce, and others. It should be noted that in many of the published side-by-side comparisons, some of the "free" firewalls significantly out perform their expensive commercial competitors, and may also include features lacking in their expensive counterparts. Just as antivirus software must be updated frequently, firewall users must also check for periodic updates. According to published reports, the most widely used personal firewall is Zone Alarm, published by Zone Labs, and available from http://www.zonelabs.com. The basic version is free for personal use. A more advanced version, ZoneAlarm Pro, is $40 for all users, but the free version is very adequate for home users. In published reviews, ZoneAlarm has been top rated by many of the computer magazines, including receiving the most awards, and has been adopted as standard equipment by several networking companies, and some internet service providers.
A lesser known, but more comprehensive firewall is Agnitum's Outpost Firewall. Outpost is free for personal, business and educational use. In addition to the typical protection from external hackers, and internal backdoor programs, Outpost also includes ".protection from, and control of, cookies, banner ads, e-mail viruses, backdoors, spyware, crackers, adware, and virtually every other Internet danger." For those concerned about child or employee access to questionable Internet content, Outpost, available for download at http://www.agnitum.com, also includes content filtering. A unique aspect of Outpost is its "open architecture" which encourages developers to create software plug-ins to enhance its capacity. A "Pro" version, with several additional enhanced network features, is available for $40.
Tiny Personal Firewall, available at http://www.tinysoftware.com, is also available free for personal use, and $39 for commercial use. Highly regarded by many of the computer publications, and including some features not included in ZoneAlarm, this product is also capable of protecting a computer from hack attack.
Sygate at http://www.sygate.com publishes both a free personal firewall ($20 for commercial use), and a professional version ($48). While popular and reliable, it lacks many of the features of the products above. According to information on the Sygate website, there are "millions" of users protected by Sygate firewalls.
Lacking many of the "bells and whistles" of other free personal firewalls is "Look 'N' Stop Lite". The free version is available at http://www.looknstop.com. The "Pro" version costs $27-$35, depending on the operating system.
Considering the risks of not having firewall protection are potentially greater than the risks from a virus, and also considering that there are free firewalls available, there is absolutely no reason why all computer users on networks and surfing the net should not have the protection of a firewall.
Cookies fall into a few broadly defined categories. First, is what I call the "necessary" cookies. These are small text files placed on your computer by websites that are explicitly for your personal benefit. Sites that use these types of cookies are My Yahoo, My Netscape, My CNN, etc. These cookies are the ones that tell the website of choice what stocks to follow, news categories to track, sports teams to follow, account numbers, and other information of choice. When connected to the selected site, the cookie is read by the website, and appropriate information is utilized. Since these cookies often contain personal information, they are typically encrypted by the website before they are placed on the user's computer, making it difficult for other sites to read that cookie.
Another type of cookie is the very short term "temporary" or "session only" cookie that is only used once and then deleted, or automatically deleted when the browser is closed. Cookies of this type are commonly used by websites with online address books (Yahoo mail), storing temporary logon information that does not have to be reentered (Ebay), and shopping sites to track shopping cart contents. In order to use such sites, this type of cookie is often required to take advantage of the online conveniences. Some sites, such as many Microsoft sites, require that cookies be accepted. Since these cookies disappear, they are generally considered safe.
The type of cookie that is of most concern to those interested in privacy and security is the "tracking" cookie that complies websites visited and other personal information intended to be collected by marketing companies. Some of these cookies fall in the realm of "spyware" and can be detected and removed by software such as the AD-AWARE mentioned in recent columns. These types of cookies have caught the attention of agencies such as the Federal Trade Commission (FTC), and many privacy groups. In a recent FTC filing it was stated, "...marrying the offline and online behaviors of consumers into one database (merger of Double Click, the major collector of personal information from cookies, and Abacus, a direct mail company) ... (t)he profiles created from information in the new database show a much more detailed view of individual consumer behavior than either of the separate databases could have shown alone. Once consumers become informed of the extensive abilities of corporations to track and profile consumers' online habits, consumers may be less likely to visit particular web sites, engage in e-commerce, or post to newsgroups, particularly if there are negative consequences, such as a potential employer gaining access to that profile and making hiring or firing decisions based on the contents." This type of activity has also attracted the attention of European regulators. Last November, the European Union (EU) voted on legislation to ban the use of cookies that gather personal information. In a report presented to the EU, "...the use of cookies by companies is an infringement on personal privacy and therefore a human rights violation under the European Convention for the Protection of Human Rights and Fundamental Freedoms. So-called cookies, spyware, web bugs, hidden identifiers and other similar devices that enter the users' terminal equipment without their explicit knowledge or explicit consent in order to gain access to information, to store hidden information or to trace the activities of the user may seriously intrude the privacy of these users. The use of such devices should therefore be prohibited unless the explicit, well-informed and freely given consent of the user concerned has been obtained."
It should be noted that Double Click has made it possible for users to opt-out of having their personal information collected by Double Click or any of its clients. Simply click on "privacy" on the doubleclick.com website and follow the links to the opt-out cookie. Double Click will then place an "opt-out" cookie on the hard drive, which will prevent any Double Click client from harvesting personal data from that computer.
It is very easy for web surfers to control the cookies that websites attempt to place on their computers. In some versions of Internet Explorer 5, simply click on TOOLS - INTERNET OPTIONS - SECURITY - INTERNET - CUSTOM LEVEL and set the cookie setting to "Accept" and "Prompt". In IE 6, from INTERNET OPTIONS click on PRIVACY - ADVANCED and click on the desired settings. Personally, I allow "session" cookies, but "prompt" for all others. When a cookie window pops up (using IE6), the choices are "Allow Cookie", "Block Cookie", "More Info", and "Help", with a box to apply the decision to all cookies from that site. The "More Info" button will give the details of the cookie. With this information, the user can decide if he, not the browser default, wants the cookie on the computer. With Netscape, go to EDIT - PREFERENCES - ADVANCED and select "Prompt" to control cookies. The alternative browser "Opera" discussed in a recent column here in the Examiner has what is claimed to be the best cookie management of any browser. It gives much more information about cookies, and has a greater selection of cookie handling options which can be quickly and easily customized for any website using a pull-down cookie management menu.
It is easy to view the cookies stored on a computer. Internet Explorer stores cookies in the "WINDOWS" directory, in a "COOKIES" subdirectory. If viewing IE cookies with Windows Explorer be sure to click on VIEW - DETAILS to see all of the cookie information. Netscape uses a simple text file "cookies.txt" in the Netscape - Users directory. Cookies.txt can be opened and read with Notepad or any other text editor or word processor. To find these files quickly, simply click on START - FIND - FILES AND FOLDERS - and search the hard drive for "cookies".
There is a large variety of cookie management software available, much of it free. From any major download site, such as the local site at tucows.exp.net, or download.com, search for "cookie" or "cookies" and a variety of software will be available. While most of the cookie management software will work with most browsers, there are several fine ones that are specific for Netscape, IE, or AOL.
Many webmasters, knowledgeable about surfer resistance to invasive cookies, have also implemented another device in order to gather personal information from the users' browser, without the users' consent. This is called the "1 Pixel GIF" which is a very tiny graphics file of only 1 pixel in size (each tiny dot on your computer screen is a pixel). This method defeats many of the tools utilized to manage cookies, but some newer versions of cookie management software are able to detect and stop this method of gathering personal information.
Protect your privacy by managing and controlling your cookies. The slight inconvenience of managing, rather than accepting all cookies, may well pay off by restricting someone else from accessing your personal information without your consent.
For more information on the Tulsa Computer Society click here