In This Issue:
Virus News
The virus world has been fairly quiet over the last month. No new major outbreaks have been reported and no significant new hoaxes have surfaced. Hopefully, the virus and hoax writers are taking their vacation.
If you happen to be in the San Luis Obispo area at 4pm on the 11th of September you might want to tune in to KVEC at AM 920 on the dial. I’m scheduled to discuss computer viruses on a technology show run on that station.
Privacy
Last issue we told you about AOL selling name/address personal information. This month a report surfaced which indicated they planned to add telephone numbers to that. As this is being written the news media report that AOL has now backed away from including telephone numbers due to what is described as very negative feedback from customers. Good work to whomever complained.
You might wonder why AOL has been featured when few on this mailing list have AOL addresses. It’s simple: if one ISP can do these things, others can as well. If privacy is a concern to you then you might want to check with your ISP to see what their policies are. Just a word to the wise.
On another topic, an E-mail request came in relative to various techniques one can use to help with privacy concerns while browsing the web. Two particular techniques were mentioned (anonymous browsing and use of a proxy server). I answered in E-mail but thought that the topic would be interesting in the newsletter.
The idea behind anonymous browsing and, to some extent a proxy server, is that the browser (i.e., you) are better protected from web sites you are visiting finding out about you and your browsing habits. Basically, you request a web page from the anonymous service or proxy server and that site then goes out and gets the information you requested. It then forwards it to you. The result is that the web site with the information knows it’s been visited by the anonymous service or proxy server but has no knowledge of you. The proxy server also advertises that it can speed up your access to the web because, unlike the anonymous browsing service, if the proxy server already has the page you are interested in viewing in its local storage it will serve up that copy to you instead of going out to get a fresh copy. The chances are that your connection to the proxy server is faster overall as that’s typically why you would use one.
While these techniques work to help protect privacy from the web in general, it should be fairly obvious that the anonymous service and/or proxy server can track your requests and compile data about you if they so desire. It’s up to you to decide if you trust the service you use or not.
The other thing to consider with either service is that they can serve as a censor. Some countries, for example, only allow connection to the internet via proxy servers controlled by the government. So, they can not only track your movements on the web, but they can also control what you see by blocking sites or pages that the government thinks you should not see. The same could be applied to private proxy servers you might connect to (and some national internet providers connect you to theirs by default).
This is not to say you should not use these services; they can be valuable and helpful. Just be aware that there are risks as well as benefits.
General Security
The web has much information and many sites. We’ve discussed some protection techniques in past issues but there is one technique that only you can apply, and technology can’t help you. That technique is use of common sense and critical analysis.
There are many web sites you will encounter that purport to give you the whole truth and, for all intents and purposes, look very much like they do. But looks are not sufficient. Just because a site looks like it has valid and useful information does not necessarily mean it does. It’s important to know the source of the information. It’s also important to validate the information as correct.
One example of the type of site where you might want to question what you see would be one of the so-called “hate group” sites (we’re not going to reference any specific site but they are easy to find). These sites present their case in strong terms that often sound reasonable. But, they often share features, no matter who might be the hate target:
- Paranoia seems to be a main theme. Look for the word “conspiracy.”
- Often God or religion is cited as justification for whatever is being put forth as truth. (Don’t get me wrong, religion should be an important part of life, but we’ve all seen throughout history how it can be used to justify some fairly nasty things.)
- Many times some sort of social or economic collapse is predicted. Of course, the target of the hate group will be the cause of the collapse.
Not all sites with bad information will be so obvious. I’ve come upon a number of sites that claim to have virus information and present brief tutorials or articles. Some of these are accurate but most have one or more errors that could get you into trouble. One, for example, indicated that to recover from a virus attack the best thing to do is format your hard disk and restore from backup. While necessary for a very few viruses, it is rare that you have to do this. Taking such advice can lead you to unnecessary work at best and actually do damage at worst.
Bottom line: Use common sense and validate information before trusting anything you find on the web (I’ll add that this goes for books in the library and news from the media as well!).
For an interesting paper on this topic go to the Virus Myths site and look for the paper on False Authority Syndrome. Check at: http://www.kumite.com/myths/ [Reproduced with permission in the CKnow Virus Tutorial]
Another technique being advertised as protection for the user is something called digital certificates. Individuals and companies apply to a central source for a certificate and, when issued, the certificate is supposed to make certain whatever you accept that’s signed is from the person to whom the certificate is issued.
It works, but to put it bluntly, so what? You know the item came from a particular person but that gives you no idea about the security of that item. In short, the certificate doesn’t tell you anything about the person except that s/he presented some sort of identification to the issuing authority. It doesn’t answer the question you want answered: “Can I trust this person with my credit card info (or medical records, or whatever)?”
Look for an eventual move away from certificates identifying a person or company and a move toward certification of types of transactions (i.e., the certificate will guarantee the safety of a particular transaction no matter who is involved in that transaction). The method is still not decided, but the move toward transaction certification and decentralization of the process is already underway in concept.
In closing: Safe computing to everyone.
