The lazy person's guide to internet hoaxes, myths and legends

CHIPS, April-June, 2005 by Dale J. Long

1. Don't touch that--you don't know where it's been. Or in the case of embedded links in unsolicited e-mails, where it is going. Never click on an embedded link in spam e-mail. At best, it tells the spammer that your address is "live." At worst, it loads some type of malware (malicious software) on your PC that burrows in and does ugly things. If you get a message saying you need to go to your online bank, eBay account or credit card company, type the URL in yourself.

2. Don't mess around with things you don't know anything about. This one is good advice for any e-mail attachment, particularly since clever, inventive people have found ways to embed viral code in everything from word processing documents to graphics .les.

3. Lock your doors. In this case, turn off or restrict anything that could be used to allow unauthorized code into your system. That includes ActiveX controls, the Windows Scripting Host and HTML rendering in e-mail.

If you are really concerned about Web vulnerabilities, you may wish to replace MS Internet Explorer with another browser. In Zippy's case, he is only safe because his wife restricts him to an old Macintosh IIsi running Mac OS version 6.7 and an ancient version of Netscape. Many people would consider that security overkill, but you were not there when Zippy tried to buy into a fake scam for Millennium Bug Insurance a few years ago (see http://www.chips.navy.mil/archives/99_jul/dale.htm for the details). His wife has not let him play on the Web by himself since.

4. Don't talk to strangers. Particularly strangers offering you free candy, money, beer or lunch online. This also applies to chat rooms, as malicious software can apparently be spread via chat software.

I got a first-hand look at this a couple of years ago when my martial arts instructor, a man with eight black belts, who owns more handheld weapons than he has ball-point pens, got cyber-mugged in a chat room by someone who hacked his computer remotely through the chat software and took control of the PC.

The only sure way to regain control after an attack like that is to physically disconnect the power, unplug the Internet connection, exorcise the offending malware by backing up the data files, reformatting the hard drive, and reloading the operating system and applications from scratch. Chat rooms are the cyberspace equivalent of hanging out in bars. If you want to be safe, go with people you know, and do not play games for money with strangers.

5. Wear your raincoat. A properly configured firewall or Web proxy (or both) can save you a lot of grief. In particular, you should have something set up to prevent unwanted intrusion and restrict what your computer might try to send out without your knowledge. Some phishing scammers do not care if you voluntarily provide them with your ID and password as long as they can download, install and activate a keystroke logger on your computer. While it may be useful to set your computer to automatically check for and download updates for your operating system or applications, you should control any activity that transmits data from your computer.