Ten Commandments for safe and sane connectivity - Brief Article

Black Enterprise, March, 2000 by Rebecca Rohan

Rules to live by to help protect your computer

The World Wide Web is becoming not unlike the real world. It has its share of vandals, criminals, hucksters and hoaxers who prey on the unsuspecting or ill-informed. You can protect yourself while online by following these rules. While they may not come from on high, or be written in stone, these are 10 Commandments for safe and sane connectivity:

1. Never click on an executable file sent in e-mail. An executable file has an extension such as EXE, COM or BAT, and runs an actual program when you start it, even if it appears to be just a picture or animation. It's likely to be a "Trojan horse," even if it comes from a friend.

By contrast, most document files are safe because they're created to be viewed rather than do anything in your computer. Document file extensions include those for pictures (GIF, JPG, BMP, etc.), sounds (WAV, AU, etc.), text-based messages (TXT) and other passive data. Office-type files that can run macros, especially Microsoft Word DOC files, are another story.

2. Protect yourself from Microsoft Office (Word, etc.) macro viruses. Most document files are passive, but some can contain macros, and your colleagues may not know that their system is infected with a macro virus. To protect your system, turn on your built-in anti-macro-virus protection programs in Office 97: In the Tools menu, click Options. On the General tab, check the box marked "Macro virus protection." From then on, when you start to open a document that has a macro in it, you can choose whether to disable the macro or not. Another way to protect yourself is to open Word files in WordPad and ignore the gobbledygook at the top and bottom. For more antivirus resources, visit www.officeupdate. microsoft.com/Articles/antivirus.htm.

3. Don't take URLs from strangers. When you click a hot link sent in e-mail, your browser goes to that address. You might be sent to a site that exploits vulnerabilities in your browser or truly violates your security. Clicking on links in junk e-mail also encourages spammers to keep sending it because you responded. If the link looks like something of interest from a reputable source, examine the URL carefully to see if the company, com part of it is what you'd expect from the information given, and look closely at the headers on the e-mail you received.

4. Always get downloadable programs from the horse's mouth. Go directly to the vendor's site or to a large, established shareware site such as Jumbo (www.jumbo.com) or CNET (http://shareware.cnet.com).

5. Keep up with alerts, and download and install patches for security holes. Stay on top of problems by checking frequently at these sites: CIAC (www.ciac.org), ICSA.Net (www.icsa.net) and Microsoft (www.microsoft.com/downloads/ search.asp?).

6. Stop hoaxes and chain letters in their tracks. If a friend forwards you an e-mail that asks you to "forward this letter to everyone you know," don't do it. It's almost guaranteed to be a hoax, and the resulting mail clogs the Internet. Hoaxes like the "modem tax" or "Microsoft will pay you for each person you send this letter to" are pure rubbish. Refuse to pass on e-mail chain letters too. Visit the Internet hoax page at www.ciac.org/ciac/ CIACHoaxes.html.

7. Report spam e-mail or UCE. Stop unsolicited commercial e-mail (UCE) by tracking down a letter's origin and reporting the sender to his/her Internet service provider (ISP). To find the culprit, turn on full headers in your e-mail program and locate the very first place in the header that gives an IP address in brackets in the form [000.000.000.000]. (The zeros will be numbers, and some numbers may be two digits instead of three.) Then copy and paste the string of numbers (without brackets) into the RWhois Web interface at www.rwhois. net/rwhois/products/web/index.html to find the ISP. Forward the entire spam, including full headers, to the ISP's abuse department. Most can be reached at "abuse@ISPnamehere.com." where you fill in the ISP's name in the slot shown.

8. Use server less messaging. When you send instant messages on most systems, such as AOL or ICQ, your message goes through a third party's message server. There have been security problems on some services, but PeerChat 2.0 ($17.50) from Claudin Lambert (www.peerchat.com) doesn't send your messages through a message server. It hooks you up directly to your friend.

9. Put a firewall on your machine. A firewall is software that sits between your machine and the Internet and checks incoming traffic for attacks. Some ISPs provide free firewall software to their customers, or visit the Website www.fwl.dfn.de/eng/fwl/ fw/fw-prod.html for a variety of firewall providers.

10. Put a lock on your credit information. You want to make sure the small lock icon in the bottom corner of your browser is closed before sending address or credit card information over the Web.