Minimizing Online Risks © 2006 Consumer Jungle

15 Steps to Minimizing Online Risks Update your operating system Use a firewall Adjust browser security settings Consider an ISP or e-mail provider that offers security Use antivirus software Use antispam software Use at least one antispyware program Good online practices Regularly back up personal files Be on the alert while browsing Create strong passwords Don’t post your e-mail address Use e-mail cautiously Use multiple e-mail addresses Don’t buy from spammers Look for secure Web sites Source: “Minimize Online Risks,” Consumer Reports, September 2005. © 2006 Consumer Jungle

Update your operating system Windows XP users Enable Automatic Windows Update feature Download & install Service Pack 2 @ www.microsoft.com/protect Keep your computer updated with the latest security measures. If you use Windows XP, enable the automatic Windows Update feature if you haven’t already done so. Go to www.microsoft.com/protect and download and install Service Pack 2, which offers enhanced security. Consider upgrading to the next version of Windows when it comes out to get more security features. For earlier versions of Windows, run Windows Update from the Start menu. The vast majority of viruses and spyware programs have targeted Windows-based PCs, which far outnumber Macintosh computers. So using a Mac can reduce your risk. Even so, keep your Mac up to date via the Software Update Control Panel. Also regularly update your Web browser and other major software, using the manufacturers’ update instructions or features. Source: “Minimize Online Risks,” Consumer Reports, September 2005. © 2006 Consumer Jungle

Use a firewall Enable built-in firewall on Windows XP and Mac OS With older systems, install firewall Software (protection for incoming and outgoing) Hardware (most routers have firewalls) Firewall: A piece of hardware or software that controls traffic between different zones of trust like the Internet and an internal network. Windows XP and Mac OS have a built-in firewall, so be sure to enable it. With older operating systems, install a software or hardware firewall, especially if you use a high-speed Internet connection. A software firewall costs $30 to $40. The firewall should provide both incoming and outgoing protection. If you have a home network, your router most likely has a built-in firewall. Change its default password and disable “remote administration” to prevent hackers from seizing control of the router. Source: “Minimize Online Risks,” Consumer Reports, September 2005. © 2006 Consumer Jungle

Adjust browser security settings On Internet Explorer 6 Set security level to medium or high. This will prevent many security issues. If you use Internet Explorer 6, keep its security level at medium or higher to block Web sites from downloading programs without your authorization or automatically running Windows active scripts. Source: “Minimize Online Risks,” Consumer Reports, September 2005. © 2006 Consumer Jungle

Consider an ISP or E-Mail Provider that Offers Security E-mail providers that offer spam filtering, virus scanning at no extra charge: AOL Earthlink MSN Yahoo Gmail (offered by Google) Use as first layer of defense. Internet Service Provider: A company that provides an internet connection. ISP for short. AOL, EarthLink, MSN, and Yahoo offer spam filtering and virus scanning for e-mail at no extra charge for users. Use them as one layer of a multilayer defense. Check other ISPs’ sites to find out what they provide. Source: “Minimize Online Risks,” Consumer Reports, September 2005. © 2006 Consumer Jungle

Use Antivirus Software Will detect viruses or worms that have been in circulation for at least a couple of days. May fail to detect brand-new viruses. Enable Auto-protect Automatic update features Keep your subscription current Keep your guard up! Where you can get antivirus software: ISPs Manufacturer’s sites Retail stores Enable the auto-protect and automatic update features and keep your subscription current. Properly updated, most products will detect viruses or worms that have been circulating for more than a few days. But they may fail to detect new ones until remedies are distributed. Don’t be lulled into a false sense of security simply because you use an antivirus program Source: “Minimize Online Risks,” Consumer Reports, September 2005. © 2006 Consumer Jungle

Use Antispam Software Enable spam blocking from your ISP. Buy antispam software On web-based e-mail services like Hotmail or Yahoo: enable built-in blockers. If your Internet provider offers spam blocking, enable it as a first line of defense. If spam remains excessive, consider antispam software. Search online reviews for recommended software. Source: “Net threat rising,” Consumer Reports, September 2005. © 2006 Consumer Jungle

Use at Least One Antispyware Program No product will catch every spyware variant Good combo: Free spyware Purchased spyware Use real-time protection on one product. Use the automatic update feature Keep your subscription current Download at official sites Mac users at less risk No single antispyware catches all spyware. Check online reviews to find good solutions and consider using more than one program. Be cautious when determining what antispyware to use as some are actually spyware in disguise. Obtain software only from the official sites listed because similar software offered at other sites may actually be spyware. If you use a Mac, it’s apt to be less of a target for spyware than a Windows PC. Source: “Minimize Online Risks,” Consumer Reports, September 2005. © 2006 Consumer Jungle

Regularly Back Up Personal Files Safegaurds data Use a plug-in external hard drive as: Backup storage or Main storage If the computer crashes, your files are already off the machine Regularly back up personal files. This safeguards your data in case of a security problem. Consider using a plug-in external hard drive as your main or backup storage, so that if the computer becomes disabled, you’ll already have your files off the machine. Source: “Minimize Online Risks,” Consumer Reports, September 2005. © 2006 Consumer Jungle

Be on The Alert While Browsing Be wary of ad-sponsored or “free”: screen savers Games Videos Toolbars Music Movie file-sharing programs Other giveaways They probably have spyware Download only from online sources you trust. Be wary of ad-sponsored or “free” screen savers, games, videos, toolbars, music and movie file-sharing programs, and other purported giveaways; they probably include spyware that may damage your PC if it gets through your security. Children who share and download files should do so on a PC that doesn’t contain confidential information or valuable data, such as financial records. Source: “Minimize Online Risks,” Consumer Reports, September 2005. © 2006 Consumer Jungle

Create strong passwords To foil password-cracking software, use passwords that are at least eight characters long, including at least a numeral and a symbol, such as #. Avoid common words, and never disclose a password online. Source: “Minimize Online Risks,” Consumer Reports, September 2005. A good password is at least 8 characters, includes a number and a symbol, and is not a common word © 2006 Consumer Jungle

Don’t post your e-mail Don’t post your e-mail in its normal form on a public website No: info@consumerjungle.org Yes: info at consumerjungle DOT org. Don’t post your e-mail address in its normal form on a publicly accessible Web page. Use a form, such as “Jane AT isp DOT com,” that spammers’ address-harvesting software can’t easily read. Source: “Minimize Online Risks,” Consumer Reports, September 2005. © 2006 Consumer Jungle

Use E-Mail Cautiously Never: Open an attachment that you weren’t expecting Respond to e-mail asking for personal information Reply to spam or click on its “unsubscribe” link Report phishing to companies that are being misrepresented Never open an attachment that you weren’t expecting, even from someone you know. Their e-mail box might be infected and may have automatically sent out a virus to all of their contacts. Never respond to e-mail asking for personal information.. Don’t reply to spam or click on its “unsubscribe” link. That tells the sender that your e-mail address is valid. Forward fraudulent spam to the Anti-Phishing Working Group at reportphishing@antiphishing.org Source: “Minimize Online Risks,” Consumer Reports, September 2005. © 2006 Consumer Jungle

Use Multiple E-Mail Addresses Primary e-mail for family and friends Secondary e-mail for: Online purchases Sending e-cards Everything else Create e-mails with embedded digits info4u@consumerjungle.org Use one e-mail address for family and friends, another for everyone else. You can get a free address from Hotmail, Yahoo, or a disposable-forwarding-address service such as SpamMotel. When an address attracts too much spam, drop it. Instead of an e-mail address like janedoe@isp.com, select one with embedded digits, like jane8doe2@isp.com. Report spam to your ISP to improve its filtering. Source: “Minimize Online Risks,” Consumer Reports, September 2005. © 2006 Consumer Jungle

Don’t Buy From Spammers Don’t buy anything promoted in a spam message Even if it isn’t a scam If you do, you are financing & encouraging spam Don’t buy anything promoted in a spam message. Even if the offer isn’t a scam, you are helping to finance and encourage spam. If you receive spam that promotes a brand, complain to the company behind the brand. Source: “Minimize Online Risks,” Consumer Reports, September 2005. © 2006 Consumer Jungle

Look for Secure Websites Look for an icon in the bottom right of your browser of: An unbroken key or A lock that’s: Closed Golden Glowing Make sure the site’s address begins with “https:” Secured Site: A site that uses encryption to secure personal information entered on the Internet so that others can not access the information. With most browsers, to check whether a site is secure, look for an icon of an unbroken key or a lock that’s closed, golden, or glowing. It will be in your browser’s window (usually at the bottom), not within the Web page itself. Double-click on the lock to display the site’s certificate, and be sure it matches the company you think you’re connected to. Also make sure the site’s address begins with “https:” Source: “Minimize Online Risks,” Consumer Reports, September 2005. © 2006 Consumer Jungle