T180

Acknowledgements

The content contained within this document is sourced from an Open University OpenLearn project labspace unit T180 - Living with the Net: Using Computing to Enrich your Life .

Licensing

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 2.0 Licence.

What this topic is about

The recent huge increases in ownership of home computers and ever-widening access have been obvious boons to many peoples' lives but, as with many things that improve life, there is a downside. The downside with computers is that software crashes, hardware fails and some Internet users want to cause havoc or vandalise your computer. In this topic we will look at a few of the problems that other people may cause you.

Normally when we talk about malicious software we are referring to viruses, worms and Trojans (which are collectively referred to as malware). But there are other items that can arrive in your mailbox that can be equally frustrating or annoying: mail messages that contain unwanted offers or misleading information, which cause loss of time and, in some cases, money. These messages normally come under the collective title of spam. Advertisers and criminals are also trying to use your web browser to deliver misleading pages, or programs that are trying to steal your financial details or even your identity.

You can expect to spend about 10 hours studying this topic.

We'll start off with a look at how the problem of malware is growing.

1: The growth of malware

The figures below show how the problem of malware has increased over the last 30 years.

1974 First self-replicating code (Xerox)
1982 First virus on the Apple platform
1984 First conference papers on viruses presented
1986 First recorded virus infection on the PC
1987 First antivirus software
1990 400 viruses or variants
1996 8700 viruses or variants
1998 20000 viruses or variants
2003 80000 viruses or variants

The term ‘variant’ is used to describe a virus that has been modified from the original in some way but is still basically the same virus. For example, the w32/sobig.a virus discovered in 2003 is the original virus and w32/sobig.f is a variant of the original.

Besides the number of different types of virus, the volume of viruses spread by email has grown enormously, as the following figure shows.

2: Viruses, worms and Trojans

A virus is a piece of computer code – a program – that has been written to gain access to files or programs on your computer. The virus may enter your computer via floppy disk, by email or by your Internet connection. It will look at the files on your computer and infect some of them if it can.

What do we mean by 'infect'?

A virus will attach itself in various ways to a file that already exists on a ‘host’ computer, and when that file is run, the virus activates as well. A computer virus works in a similar way to a biological virus.

Biological virus: an infectious agent of small size and simple composition that can multiply only in living cells of animals, plants or bacteria.

Computer virus: an infectious program of small size that can only multiply in other programs.

(Source: Encyclopaedia Britannica, 2000)

Several computers are shown. A virus, looking like a space invader, arrives at one computer and infects it, corrupting its screen. It replicates and the copies spread to the neighbouring computers and infect them.

Launch in separate player

When the virus is triggered it releases its payload. The payload part of the virus code can be either destructive or intrusive, or possibly both. Some viruses may just display a message, but others corrupt data and delete files.

Most viruses are programmed to hide on the host computer for a period of time before releasing the payload. If the virus shows itself too quickly, alerting the user to the fact that their computer is infected, it is more likely to be detected and hence less likely to be spread to other computers.

What is the difference between a worm and a virus?

Unlike a virus, a worm does not infect files on a host computer. Instead it adds a file to the computer that is malicious code, and runs it ‘in the background’. A computer has many programs running in this way in order for its system to operate. For instance, when you create a document you can see the text editor, such as Microsoft Word, Notepad or Star Office, but in the background the spell checker or the printer program are working even though you do not see them on the screen.

Worms can spread through any medium that is being used to connect to the Internet, whether it be a modem, broadband, wireless connection, or a local area network at work.

The website of the antivirus software vendor Sophos describes W32/Netsky-R, a worm that was first seen in March 2003. This worm is part of a ‘turf war’ that was being waged at the time of writing between the writers of Netsky and another worm called Bagle. You don't need to worry about the technical details included in the description.

The term Trojan comes from the Greek legend about the fall of the city of Troy. The story goes that, during the seige of the city by the Greeks, a huge, hollow wooden horse was left in front of the gates. The inhabitants thought that it was a peace offering from the Greek army and dragged it into the city. Unknown to them, it was being used to conceal Greek soldiers, who were thus able to use this Trojan horse to enter the city and open the gates for the rest of their army.

The Trojan program uses the same tactics to infiltrate a host computer. It purports to be a legitimate program, but in the background it is doing something else. It may be opening a ‘back door’ for a hacker to gain entry, or deleting files, or using a mail program to pass itself on to other computers.

For example, the Happy99 Trojan was very active at the end of 1999 and in 2000-2001. In fact, it is still seen occasionally.

Happy99 (which is sometimes called Win95/Happy99.Worm, SKA or Win32.SKA.A) arrives as an attachment to an email message. When the recipient opens the file the message ‘Happy New Year 1999!!' and a fireworks graphic are displayed.

All this sounds quite harmless, but the Trojan is also doing things that the user can't see. It modifies your computer's network software so that Happy99 is attached to all outgoing email messages.

3: How to protect yourself against viruses, worms and Trojans

In this section we will look at two of the ways in which you can protect yourself from malware:

Ensure that your computer has the latest patch from Microsoft or your operating system vendor.
Install antivirus software that will protect you from these problems, and ensure that you keep it up to date.

(Later in this unit we will discuss firewalls, which you can also use to protect your computer.)

Microsoft Windows is an example of an operating system (OS). These operating systems contain millions of lines of code, and inevitably there will be some errors in that code. Some malware writers set out to find these errors, or holes, in the code and exploit them to their own benefit. Whenever holes are found (by IT security people or groups, malware writers or the software developer) the operating system manufacturer will issue a fix for the particular problem. These fixes are referred to as patches.

To ensure that your computer is safe you need to obtain patches regularly for the software that you use. You can do this by accessing the software company's website, for example Microsoft's Windows Update web page shown below.

You will find that companies like Microsoft classify their patches as ‘critical updates’, ‘service packs’ or driver updates.

The driver updates are upgrades to the hardware drivers that are installed on your computer. This type of software is used to run your hardware (monitors, modems, sound cards etc).

The ‘critical updates’ and ‘service packs’ are the ones that affect the operating system (e.g. Windows XP) installed on your computer. The service packs normally contain a lot of programs, covering many problems that have been found and corrected. These fixes are supplied as a group rather than individually. Critical updates normally consist of only one program, or a small group of programs, specific to a particular problem.

Another option is to look out for monthly magazines, which quite often include the latest patches or service packs on CD-ROMs. Obtaining them in this way avoids long downloads. (Some of these programs or patches can be quite large, and take a long time to download on a 56K modem).

Obtaining patches and updates

Start Internet Explorer.

Choose Tools > Windows update from the drop-down menu at the top of the browser screen.

(Note: if you are using a computer at work that is controlled by an IT group this option may be missing, as it can be disabled in a corporate environment.)

If you are unable to find the ‘update’ option, you could try the Microsoft update site.

Follow the on-screen option to scan your computer and see the number of updates that are available to you.

We suggest that you do not install all of the updates at present, as they would take a long time to download. In addition, some updates have to be installed separately, and this would increase the download time even more. But you should consider getting the critical updates as soon as possible.

Alternatively you can read about security issues, and what you can do to improve your security, at the Microsoft Security at home website.

In conjunction with these patches, you should also install antivirus software. This is because patches and updates are not always issued quickly enough to protect your system from new viral attacks. In addition, patches only stop the types of malware that exploit errors in the program code.

Antivirus software is updated as new malware is found, so it can offer a higher level of protection than just relying on manufacturers’ updates. Antivirus software is specifically designed to catch a very high percentage of the malware being written in the world today.

One of the main drawbacks of antivirus software is that it is reactive rather than proactive. This means that the software can only detect malware that has already been spread and that it knows about, and requires regular updates to detect new malware or variations to existing malware.

There are many antivirus packages available and you will have to make your own choice as to what is suitable for your computer. Searching the Internet can increase your choice, and also offer savings. You may find software that can be used free of charge for home use.

Do find out what antivirus software you have.
Hint: If you have antivirus software installed on your computer you should be able to find it listed via the Start > Programs menu. If it is active you will find it as a small icon on your task bar at the bottom of the screen.
Do find out whether your software is free or licensed.
If it requires a licence, have you paid the fee?
Even if you have your software set to ‘automatically update’, it will fail to obtain the updates if you have not paid the licence fee.
Hint: If you have antivirus software installed on your computer you should be able to find it listed via the Start > Programs menu. If it is active you will find it as a small icon on your task bar at the bottom of the screen.
Do find out when you last updated your software.
I normally update once a day, but if you are unable to do this DO NOT leave it longer than a week. You should also update as soon as possible when you receive reliable information (normally from your antivirus vendor) that a new virus has been detected.
If you have not updated today, find the option to update your software and update it now.
Do find out about the latest new virus reported by your antivirus company.
To do this, locate the Internet address of your antivirus software and go online to view their home page. Normally you will see a box or area that shows the last few viruses added.

You might like to visit the websites of two well-known antivirus vendors:

Sophos

Kaspersky

4: Avoiding viruses, worms and Trojans

Following some simple rules should help you to minimise the risks from malware. The first rule is:

Never ‘double click’ to open a file attached to an email

Instead, what you should do is:

Create a folder called ‘Attachments’ (or something similar) in an accessible location within your file structure. Mine is in ‘My Documents’ and is called ‘My Received Files’.
Save the attachment to this folder – no matter who the source is. Remember that many infections arrive from friends.
Scan the new file in this folder using your antivirus software.
If no alerts are seen then you can open the file.
If you were not expecting an attached file check with the person who sent you the email that they have sent it intentionally.

No software company will send unsolicited email messages using an attachment that claims to be a patch or an update.

Other files

Scan any files you download from the Internet via your web browser or other software before you run them.

Treat files given to you on a floppy disk, CD or memory stick the same way: scan them before you open them.

5: Firewalls

Another tool that you could use, especially if you access the Internet using broadband, is a firewall. Firewalls can be software or hardware, single packages or complete computers.

A firewall in a building is designed to stop the spread of fire; an Internet firewall prevents the spread of harmful files.

A firewall is a filter that has been trained to look for malicious acts that may endanger users’ computers. As with antivirus software it needs to be updated regularly.

In its simplest form, a firewall looks at incoming or outgoing data – its origin, its destination and what type it is – and then makes the decision to allow it in, or out, or block it.

Some people consider ‘firewall’ to be the last word in Internet security, but although they are a useful tool in conjunction with antivirus software they are only part of the picture.

A detailed examination of firewalls is beyond the scope of this course. However, you should be aware that setting up firewalls can be quite time-consuming, and they may require constant tuning to remain effective. If you are not careful when setting up your firewall you may block some applications that you do want to have access to the Internet as well as the ones you don't, and you need to configure the firewall to let them through.

6: Hoaxes

The hoax message relies on the naivety of users in order to mislead them.

Do learn more about hoaxes: follow the links below and examine the messages you find. See how convincing they look.

The Good Times Virus hoax

The JDBGMGR.EXE hoax

Both of these messages come from the Electronic Ephemera website, which allows you to search for hoaxes by name or keyword.

Users who fall for these hoaxes can cause problems, not only to themselves but also to friends, family and work colleagues if they forward the hoaxes to them. Hoaxes can generate spam mail, cause files to be deleted unnecessarily (and potentially harmfully), and generally cause panic.

Most antivirus vendors have information on hoaxes on their websites, so you can always check if you suspect a hoax and verify the message before you act upon it.

It is important to remember that most companies would not send unsolicited email asking you to remove files or delete a piece of software. If you wish to have update information from Microsoft or your antivirus company, you need to sign up for it. Reputable companies will never send unsolicited messages claiming things like ‘New virus’, or ‘No antivirus can detect this’.

If an organisation finds a suspected new virus, it will send a sample to the antivirus vendors to make sure they can detect it. Then the antivirus vendors will issue an update to their antivirus software. They would never send out messages to the public that might frighten them.

Hoax messages are usually received via work colleagues, family or friends. You may also see them if you are on mailing lists or you read messages on newsgroups.

You should ask yourself the following questions:

Do I know the sender?
Is the sender a virus expert?
Should I check with my antivirus company?

You should always carry out the last point on this list before acting on any message you receive about malicious software.

7: Spam

Spam is unsolicited commercial electronic messaging. It can be used to advertise a product, or it could be a hoax message designed to mislead.

No one is sure where the name came from (some say it's from the Monty Python sketch in which a group of Vikings in a cafe sing the merits of that particular brand of tinned ham, and no matter what customers ordered they always got spam).

Spam mail is similar to the mail that drops through your home letterbox from finance companies and others – unwanted mail encouraging you to part with your money, for example by buying a product or taking out a loan. This paper mail is subject to legislation, so the range of services or products offered is tightly controlled.

The equivalent legislation does not exist in the electronic world, although some has been introduced recently. In the US, the ‘Controlling the Assault of Non-Solicited Pornography and Marketing’ (CAN-SPAM) federal law took effect on 1 January 2004, and the EU ‘Directive on Privacy and Electronic Communications’ was required to be implemented by member states by 31 October 2003 (in the UK the revised rules came into force on 11 December 2003).

This legislation is intended to reduce or control the amount of spam mail. But as you may imagine, this is turning out to be a very difficult task because the Internet has no borders. Spam can be sent from one country to another, and those countries that do have legislation will find it hard to enforce their rules in countries that don't.

Many spam messages have a line at the bottom offering to unsubscribe you from a mailing list, but you should be very wary of doing this. Quite often the senders of the spam will use the ‘unsubscribe’ option to verify that your email address is live. They may then sell your address to other people for use in spamming. So using the unsubscribe option can increase your spam rather than reduce it. Our advice is never to use the unsubscribe option unless the mail you receive is from a well-known, reputable organisation.

Some spam mail includes ‘ADV:’ in the title. This indicates that it is part of the system used in the US to allow spam mail but to highlight that it is an advertisement. You can then make an informed choice as to whether to read or delete the message.

ADV: also allows users of email systems that have filtering facilities, such as Outlook, Eudora or Pegasus, to set a rule that will automatically remove the message. The way this works is that some email systems allow you to define a set of rules that are applied to incoming email messages. For example, a message might be automatically routed to a separate folder (perhaps a folder called ‘junk') or automatically deleted. Dedicated software is also available to monitor email and remove unwanted messages.

Here is an example of a special type of spam message; you may have come across this before.

STRICTLY PRIVATE &CONFIDENTIAL

FROM: Mr. Grote Martins

DEPARTMENT OF MINERALS AND ENERGY

PRETORIA, SOUTH AFRICA.

Email: ngofn1@xxxxxxx.net

Sir,

It is my great pleasure to write you this letter on behalf of my colleagues. Your information was given to me by a member of the Economic Society of South African Chambers of Trade and Commerce (ESSACTC) who was with the Government delegation on a trip to your country for a bilateral conference talk to encourage foreign investors. I have decided to seek a confidential co-operation with you in the execution of a deal hereunder for the benefit of all parties and hope you will keep it confidential because of the nature of this business.

Within the Department of Minerals and Energy where I work as a Director of Audit, with the co-operation of four other top officials, we have in our possession an overdue payment in US funds.

The said funds represent certain percentage of the contract value executed on behalf of my Department by a foreign contracting firm, which we the officials over-invoiced to the amount of US$21,100,000 (Twenty-one Million One Hundred Thousand US Dollars).

Since the present elected Government is determined to pay foreign contractors all debts owed, so as to maintain good relations with foreign governments and non-governmental agencies, we included our bills for approvals with the Department of Finance and the Reserve Bank of South Africa (RBSA). We are seeking your assistance to front as the beneficiary of the unclaimed funds, since we are not allowed to operate foreign accounts.

Details and change of beneficiary information upon application for claim to reflect payment and approvals will be secured on behalf of you/your Company.

My colleagues and I are prepared to give you US$4.24m while we take US$14.74m and the balance of US$2.12m for taxes and miscellaneous expenses incurred.

This business is completely safe and secure, provided you treat it with utmost confidentiality. It does not matter whether you/your Company does contract projects, as a transfer of powers will be secured in favour of you/your Company. Your specialization is not a hindrance to the successful execution of this transaction. I have reposed my confidence in you and hope that you will not disappoint us.

Yours Faithfully

This is a well-known spam message that is not attempting to sell a product or a service – it is designed instead to fool the reader into parting with their bank details by tempting them with a very attractive-sounding financial deal. The sender of the spam message then withdraws money from the unfortunate message recipient's bank account.

These ‘scams’ started in Nigeria, but have since spread more widely. The Nigerian government is not very sympathetic to victims of these schemes, since the victim is contravening Nigerian law by conspiring to remove funds from Nigeria. The schemes themselves violate section 419 of the Nigerian criminal code, hence the label 419 fraud.

A staggering 25% of all incoming mail messages to the Open University in February 2004 were marked as spam by our automated spam filter. Is this a problem that is getting worse?

There are companies that act as filtering agents for email; they check and stop viruses, spam and pornography.

Do, using the link below, look at the proportion of messages that one such company, Messagelabs, has blocked in the last 12 months.

Messagelabs

(Hint: Follow links to Threat Statistics > Spam Intercepts.)

On the website you can also choose to look at the proportion of viruses in mail messages.

Do these figures show the problem getting worse or better over the last year?

Remember that Messagelabs has a vested interest in highlighting the spam problem. The graph below shows some results from a different source (possibly equally biased). You can see from this graph that the growth of spam has more than tripled in just over a year.

8: How to protect yourself against spam

People and organisations can only send spam if they have a collection of email addresses to send to. They ‘harvest’ these addresses:

from legitimate company databases;
from web pages;
from chat rooms;
by guesswork;
from people who use an unsubscribe option.

To minimise the spam you receive:

Check whether you can set rules on your email software to filter unwanted messages as they arrive.
Check whether your ISP provides a mail filter. If not, change to one that does.
Don't reveal your email address unless you want to receive mail from that source.
Don't publish your email address on a web page.
Don't use your personal email address when registering on websites, joining chat rooms or using newsgroups. Either create a new address (most ISPs give you more than one address) for these purposes or create a false one (e.g. junkfilter@myaddress.isp.uk).
Don't use the unsubscribe option in response to unrequested mail.
Educate the other users of your computer.

9: Adware and spyware

The previous sections of this topic have been concerned with email, but the Internet provides yet more problems, in the form of adware and spyware on the Web. You may have seen pop-up messages on your browser screen offering services or products. What you may not realise is that if you respond to these messages, extra software may be installed alongside other programs without your knowledge.

Adware

Adware is ‘free’ software that is subsidised by displaying adverts

Adware can do a number of things, including finding out about your online surfing and spending habits and passing that information, without your permission, to a client. It is claimed that this helps to channel appropriate advertisements to your desktop, but you may find the windows that pop up as you use your web browser rather annoying.

Adware is sometimes ‘bundled’ with other software, without the user's knowledge, or included in the fine print of an End User License Agreement. Adware programs can be very difficult to remove from a user's computer.

Spyware

Spyware covertly gathers user information and activity without the user's knowledge.

It is probably more dangerous than adware because it can record your keystrokes, history, passwords, and other confidential and private information. Spyware has been sold as a spouse monitor, child monitor or surveillance tool – or simply as a tool to spy on users in order to gain unauthorised access.

10: How to protect yourself against adware and spyware

Steps you can take to protect yourself against this intrusive software.

If a window appears suddenly, close it using the ‘X’ at the top right of the window.
Never use the ‘close window’ option which is sometimes offered in a pop-up window – you never know what is written in the code ‘behind’ the button or text.
Even clicking on the ‘No’ option to install can have hidden ramifications so the ‘X’ is the safest option.

Protection against adware and spyware is available. A good resource of information on adware, spyware and removal software can be found at SpywareGuide.com.

11: Cookies

When you visit a website the chances are that it will deposit a cookie on your computer. A cookie is a plain text file that cannot pose any threat to your computer and cannot pass on viruses. Therefore, cookies are harmless. Or are they?

The cookie protocol was developed to enhance the experience of using the Web. The cookie that a website deposits on your computer contains information about that website. When you revisit the site it recognises you, or more accurately your computer, and customises its service to you. For example, these websites might greet me with ‘Welcome Dave Phillips’ when I revisit them.

The way in which some websites implement cookies has caused privacy problems. The Internet Engineering Task Force (IETF), formed in 1996, set out to change the way that browsers handled cookies. Initially users were not aware that cookies were being added to their computers, but the IETF advocated that the standard implementation of web browsers should at least warn the user, by default, before accepting a cookie.

Many websites host advertising banners, and these advertisements may place a ‘third-party cookie’ on your computer. This means that the cookie does not come from the website you are viewing but from one of the advertisers. There has been pressure on the browser manufacturers to control third-party cookies.

The website carrying the advertising banners may also set a cookie on your computer. The cookie records which advertisements you see as you view the web page and which advertisements you click on.

Most websites do not keep their advertisements on the website you are visiting. Instead they subscribe to a service that supplies the advertisements for them. This is accomplished via a simple HTML call to the service. When a page is requested, it is assembled through many HTTP requests by the browser. First, there is a request for the HTML itself. Then, everything the HTML needs is requested, including images, sounds, and plug-ins.

The call to the advertisement service is an HTTP request for an image. Once the request is made to the service, it can return more than just an advertisement. It can also return a cookie or, if you have seen this advert before, it can read that first, and check to see what advertisement to send. This enables targeted advertising.

All this information can be used to build up a detailed profile of your likes and dislikes, and the websites you have visited.

Doubleclick and ADSmart are examples of these so-called ‘targeted marketing’ companies. Both of these companies use cookies to target advertisements at the user.

It's important to remember that you have the ability to control cookies.

This exercise will take you through setting a level of security on cookies using Microsoft Internet Explorer version 6, while the next page deals with Mozilla Firefox version 1 (you do not have to be online to do this exercise).

Using Internet Explorer

Open your browser.
On the top menu bar of the browser choose Tools > Internet Options.
Choose the Privacy tab.

The slider on the left has a series of settings, from ‘low’ to ‘high’.

Low allows all cookies.

High blocks all cookies.

You can choose the appropriate level to meet your requirements. As you move the slider the accompanying text explains the level of privacy that each setting provides.

The example above is set to Medium, and this level blocks all third-party cookies and restricts the types of first-party cookie, the ones that come from the website you are visiting.

If you prefer, you can click the Advanced tab. This will allow you to choose your own settings.

Note that the example above is just that; it's up to you to decide the level of privacy that you want.

Open your browser.
On the top menu bar of the browser choose Tools > Options.
Then choose Privacy in the left panel and expand the Cookies heading.

You can choose to allow or disallow all sites from setting cookies or, by clicking on ‘Exceptions’, override this for particular sites. By checking ‘for the originating site only’ you can block third-party cookies .

Whether you use Internet Explorer or Firefox, be aware that you may need to adjust the settings downwards if you use online banking. This is because some websites that require user identification before you can access or move around the site require cookies to be turned on. If you block all the cookies you may be unable to access your online banking facility.

12: Other security issues

A home page hijacker is malicious code, quite often attached to a web page, that resets the home page on your browser to one designated by the writer of the code rather than the one you chose. Although this is a low security threat, at the very least these hijackers cause inconvenience, and may give offence.

Because of the covert way in which the hijackers are installed it is difficult to reset your home page to your original choice. Every time you re-start your computer and open the browser window you will find that the home page has been hijacked.

To restore the original settings it is necessary to know which program has been installed. If this happens to you, seek expert advice, as it is possible to damage your computer setup.

Diallers are a problem which only affects internet users who have a dial-up connection. A dialler is a type of software mostly used by pornography vendors. Once the dialler software is downloaded and run, you are disconnected from your ISP and connected to another phone number. You are then charged for the use of this number. While diallers do not spy on you, they are malevolent in nature because they can run up huge costs for the victim. They usually connect to a premium-rate phone line, and some connect to international lines.

Most antivirus software can now detect diallers, so by keeping yours up to date you stand the best chance of avoiding this problem.

The problems discussed so far can have major implications for users. They may:

slow your PC;
cause the loss of important data;
damage your reputation by sending false information or viruses via email;
access the Internet without permission, and in the process use up bandwidth;
be time-consuming to remove;
cause loss of private information;
have financial implications.

Most of these types of software are targeted at adults. However, the software does not know whether it is an adult or a child who is sitting on the other side of the screen.

13: How do you protect children online?

There is a lot of information available on how to protect younger members of the household, but quite often children know more than their parents and are able to bypass the protection that parents might have installed.

You may view the computer as a major source of information, help, shopping, news, etc. Children like to use it for entertainment, downloading music, accessing chat rooms, playing games (and sometimes even homework). So when considering children's protection the Internet has to be viewed from their perspective.

The Internet is not just an information source. It can be used by paedophiles, by those interested in online sex, politics or gambling, for spreading malicious software, and something that's often overlooked when considering children's use of the computer – bullying.

Putting it all together

This topic has given an overview of some of the less desirable aspects of life on the Internet. We have shown how you can reduce the chance of being a victim of people who are trying to intrude on your life via the Net.

Consider the computer as another door into your home. You need to ensure that the door is locked and that only those with the key can obtain entry.

You are near the end of this topic. Before finishing, make a short ‘bullet point’ list of ‘Safe Computing at Home’ that you can stick by your computer. This will remind all the users to be careful.

Safe computing

Below is my list to compare with yours. Yours may look different but should cover the same points.

Golden rules for children

Be wary – people may not be who they claim to be.
If you are not happy, turn off the computer.
Do not give out personal information.
This can be used to make it look like a friend online rather than a stranger.
Do not give out information about your friends or anyone else.
This can be used against you and upset your friends.
Be cautious about meeting people face to face.
Always take an adult with you if you are meeting someone you talk to on the Internet or any person you have not met before.
YOU are in control.
Let people know if you are uncomfortable with anything.

Rules for parents

Use Internet security software – antivirus software, firewalls etc..
Use the computer's controls to offer security for each person – for example, cookie controls.
Check out the services that your ISP can offer to help protect you and your family.
Many ISPs offer settins on accounts that control the content that can be accessed when online.
Keep the computer in a communal area of the house so that everyone can see what is going on.
This way everyone can see what is going on.
Do not give out personal details.
Protecting your identity can also stop people fooling others into believing that they know you.
Only use moderated chat rooms.
Thes chat rooms have people monitoring the content and users, and offer some protection from people who claim to what they are not.
Talk to your children about their online use.
Talking about and understanding the use of a computer can increase security.
Write your own ‘Family Code’ of acceptable Internet use.
Include the childred so you can all agree on how the computer will be used.
Surf together!
That way you know where you are all surfing.
The key to safe surfing is communications.
Secrecy in the family can be the worst form of security.

14: Where to learn more

GetNetWise provide a good general guide to safety on the Internet.

Antivirus products
A good guide to the quality of an antivirus package can be found at either of the two industry standard websites, both based in the UK.
- Virus Bulletin
- West Coast's Checkmark site
There is also some excellent test work carried out at the University of Magdeburg on antivirus packages that work on several operating systems (Windows, Linux, etc.).
There is a useful set of points for safe computing on the Sophos website. You could use these as part of your safe computing strategy at home.
Firewalls
If you want to investigate firewalls further, Zone Labs offer a free version of their software. Alternatively you could look at Kaspersky's Anti-Hacker firewall product. Other packages can also be found on the Internet.
Hoaxes and scams
Electronic Ephemera is a recognised source of accurate information on hoaxes and scams, both past and present.
Cookies
Cookie Central has lots of information.
Adware and spyware
The websites below offer software to detect and remove spyware and adware. There are many others that offer the same type of service.
- Lavasoft – ‘Ad-aware’ program for removing adware and spyware.
- Bullet Proof Soft – spyware and adware remover.
- Spybot Search and Destroy – Spybot, spyware and adware remover.
Protecting children online
- The Using computers and the Internet section of the ParentsCentre site
- NSPCC site on helping your child surf safely
- BBC Chat guide
- Kidsmart
- Advice for schools
Child-friendly search engines
- Ask for Kids
- Yahooligans!

1974	First self-replicating code (Xerox)
1982	First virus on the Apple platform
1984	First conference papers on viruses presented
1986	First recorded virus infection on the PC
1987	First antivirus software
1990	400 viruses or variants
1996	8700 viruses or variants
1998	20000 viruses or variants
2003	80000 viruses or variants