You do it almost everyday. You login into your computer, send e-mails, open attachments from friends and strangers, shop online, transfer money using your banks secured payment gateway, chat with friends and upload personal information on social networking sites.
But have you ever given a thought to someone who is keeping a close watch on all your online activities. Someone, somewhere in some corner of this planet trying to get inside your computer and filch one of the most important resources of information age: personal data.
Data that can be abused to make purchases online, send malicious programmes to all those on your contact list and many such things to harm you. Welcome to the age of hackers (these are people who try to gain access to your computer using various hacking tools and misuse your personal data) and spies lurking on the vast Internet highway.
But don't worry. There are ways in which you can beat the hackers.However, when it comes to security nothing is 100 per cent secure. Loads of exploits are developed everyday. Updating the knowledgebase should be a regular process. Following could be few of the many measures that could be taken to protect your computer and all things that you do online:
~ Install the latest antivirus software (I recommend Kaspersky, Eset Nod32, Quickheal, F-Secure) on the computer and never ever disable or turn it off. Install a personal firewall (www.sygate.com and www.zonelabs.com offer free versions) and Spyware Checker (I recommend Spybot Search & Destroy).
~ Keep updating antivirus/anti spywares at least every 15 days. Use separate Trojan removers like anti Trojan shield if possible. Full system scan with your anti virus at least once in a week or better set it to scan periodically and give a small interval say every Friday (the day may vary according to your choice).
~ There are a few free online scanners available at http://housecall.trendmicro.com or http://www.kaspersky.com/kos/eng/partner/us/kavwebscan.html, and http://support.f-secure.com/enu/home/ols.shtml.
~ Get System's health checked regularly at http://www.pcpitstop.com/. The site checks the overall system health, tunes up the system and finds out the vulnerabilities. It's a free service.
~ Don't ever download or open attachments whose source you are not certain about. Even if the source is trusted, see if the content is relevant. Even non-executable files like *.Doc files can contain macro viruses and Trojans. There are some special sort of programmes called worms, which don't need human interaction. You just open a mail or visit any website and that's it. So always stay alert. Avoid opening e-mail attachments that contain '.vbs', '.scr', '.exe', or '.pif' file extensions. Files that end in these extensions are most likely to contain some sort of virus.
~ Web browsers like Fire Fox, IE 7 & Opera offer good security features. Test your Web Browser for Vulnerability at http://bcheck.scanit.be/bcheck/.
~ Never download any files specially executables over P2P (peer-to-peer) sharing networks, because you cannot be absolutely certain what they are. P2P file sharing programmes can lead to the installation of a lot of adware and spyware. Try downloading executables from authentic and well-known sites; don't just download files from anywhere.
~ Try not to visit porn sites, Warez, sites of cracks and serials because most of them have hell lot of latest spywares, Trojans and viruses .One visit and you are gone if your virus definitions are not up to date.
~ Be familiar with the installed programmes on your computer. If you notice a new programme installed, which you didn't in the first place, possibilities are that it might be something malicious.
~ Read the installation agreements carefully when you download something from the Internet. Pay attention to the terms and conditions or EULA (end-user license agreements) of the program being installed. Reference to third party installation should be given more attention. Some EULA's tell you that, if you install the program, you have also agreed to install some spyware with the software. Do check the independent sources as some EULA's do not mention about the Spywares.
~ Back up your computer data on a regular basis, at least weekly. Copy your important documents and files onto a floppy disk, removable drives, CD or a DVD for safekeeping. Don't wait for the disaster to happen, take the precaution before hand. Create system restore points periodically
~ Use e-mail encryption like PGP to send important information via emails. Don't send important information in plain text.
~ Never respond to unsolicited e-mail. To those who send spam, one response or 'hit' from thousands of e-mails is enough to justify the practice. Additionally, it validates your email address as active, which makes it more valuable, and therefore opens the door to more spam.
~ Beware of phishing attacks. Sites like www.antiphishing.org offer latest updates on phishing along with good security tips
~Don't chat with strangers just for fun. Don't ever accept any file, especially executables from an unknown person on chat. Don't click on any links given by someone you don't know.
~ Do not accept links or downloads from strangers even if it is tempting. There have been cases where spywares like Trojans, keyloggers etc. have been hidden in simple picture files with '.jpg' extensions. You never really know what is contained inside a file which looks attractive.
Today people use binders to club two different files and send you the mixture. Once you click on the file both file gets executed.
~ Be cautious while displaying your profile, especially your personal details, photographs, videos and contacts on social networking sites. Your profiles and contacts may be misused by other people.
~ Install parental control softwares like netnanny that helps you choose what the kids see on the Internet and monitor the activities of children. For more details visit http://www.microsoft.com/athome/security/children.
Wireless security
~ If you have a wireless network, turn on the security features: Use MAC filtering, turn off SSID broadcast, and even use WEP/WPA/WPA2 with the biggest key you can get.
Online shopping safety tips
~ While purchasing online, look for signs that online purchases are secure (SSL secured sites or 128 bit encryption) like Ebay.co.in. At the point that you are providing your payment information a golden coloured lock appears (for SSL secured sites) or the beginning of the Web site address should change from http to shttp or https, indicating that the information is being encrypted -- turned into code that can only be read by the seller.
Your browser may also signal that the information is secure with a symbol, such as a broken key that becomes whole or a padlock that closes.
~ Carefully use credit card and online banking for online shopping. Check your credit card and bank statements at regular intervals. Notify the bank immediately if there are unauthorised charges or debits. Avoid using credit card details and online banking on public computers and in cyber cafes. It is very unsafe because most of them are infected with viruses, Trojans and key stroke loggers.
Banks such as HDFC have launched their services like Net Safe to create temporary credit cards with a limited value to transact online. This way, in the worst case scenario, your damages are limited.
Password security
~ Use two different passwords. One for mail, work and other important access and other for routine purposes like subscribing to websites or public viewing. But remember to switch between them when you start doing transactions after mere browsing. Create another e-mail ID providing false information and crazy usernames like 'whitecat_4u', 'kkk320' etc. which you use exclusively for subscription to sites. That will prevent spam from coming to your main ID.
~ Create a difficult-to-guess password by taking the first alphabet from each word of a phrase. What is a good password? It is a password which is at least 8 characters long, not easily guessable, contains mixture of uppercase and lowercase letters as well as numbers, and preferably contains special characters like $, *, %, !, * etc. Some examples of a good password are: &(^.1234*cRack&.^).
~ Always use alphanumeric passwordwith special characters and try to adopt phrasing technique to construct passwords which are easy to remember, hard to guess and impossible to crack. Create a unique acronym. Never use a dictionary based password like guest, home etc. It takes little time for a good cracker to crack the password.
Vineet Kumar is the founder and CEO of National anti-Hacking Group.