Maggie's Farm

Gringo made an important point in the comments the other day that deserves to be both repeated and elaborated upon.

Here's the quote:

"Check the net for your stolen ID"

While this purports to be a site that will inform you if your ID has been stolen, it could also be a site constructed with the goal of stealing your ID.

Exactly.  I'd even go so far as to change his "also" to "often or "usually".  This is becoming a huge problem on the 'Net and is one of the driving forces behind both personal identity theft and 'botnet' attacks.

Most malevolent programs running around these days aren't "viruses" — meaning some program that does something nasty like suddenly delete your C Drive — because viruses don't ultimately do the instigator any good.  Outside of the satisfaction of being mean, of course.  The worst programs are the 'keyloggers', which send a record of your keystrokes to the bad guy.  All he has to do is look for 19 numbers in a row (your credit card number plus the 3-digit number off the back that you just entered in some online order form) and bingo.  Now all he has to do is try a few expiration dates and your bank account is toast.

Second-worst is the 'botnet' program that lies dormant in your computer until the bad guys launch an attack on some corporation, usually in the form of blackmail.  They'll tell the company to either cough up the dough or the 20,000 computers on their botnet (of which you're one) will 'ping' their web site 10 times a second from now until Doomsday, thereby overloading the server and keeping legitimate customers from getting to the site.  Obviously, for an online company, this is serious business.

And you, yourself, will never even know you were part of the attack.

That's why everyone from God on down recommends installing a quality anti-virus/spyware program, and don't forget a good firewall program.  You cannot rely on the stock Windows programs, such as Windows Firewall and Windows Defender.  I have a post on the subject here.

Back to Gringo's warning, it isn't just web sites and email where the damage is being done.  There's an area of the Internet called 'Usenet' which has a large section of programs, pirated and otherwise.  I got curious and did a study on this a few months ago and I'd estimate that three-fourths of the anti-virus/spyware programs available for downloading have some spyware buried deep in the install files.  That is, it'll actually install the anti-virus program, but it'll have been tweaked so it overlooks the keylogger.  While you're thinking your computer is finally safe, your bank account is being drained.

The same is true with P2P (peer-to-peer) file-sharing sites (eDonkey, BitTorrent, etc), and sophisticated chat lines, like the IRC, that allow for file transfers.  Some chat buddy says, "Hey, I just downloaded the latest Norton Anti-Virus from Usenet!  I installed it and it's working perfectly!  Want a copy?"  You reply "Sure!", and now both of you are unknowing partners in a gang of Internet blackmailers.  Or simultaneously having your bank accounts drained.

So be safe, be cautious, use common sense, don't trust renegade downloads, and please spend the money on quality protection.  Some program suggestions are in the above link.

General security rules-of-thumb:

1.  Never open a file-attachment in an email unless you're 101% sure of the sender.  Remember, one of the ploys of the clever virus or spyware is using the names in a person's address book to send itself on.

2.  Never click on a link in (what appears to be) a commercial email, like from a bank or loan agency, much less input anything personal like a password.  The reason phishing emails look so real is because they are real.  Everything you see is probably coming directly from the bank's actual site.  It's when you click on something that the trouble begins.

3.  Never click 'OK' in any box that pops up while you're on a web site unless it's something you've initiated, like installing a program.  Plus, you know the little click-box in the upper-right corner that closes the intrusive box?  Well, if you wanted the person to click the 'OK' button to install your keylogger or netbot file, wouldn't you make the little 'close box' do the same thing?  And, for that matter, the 'Cancel' button?  When I see one of those things pop up, I open Task Manager and shut it down that way.

4.  Always right-click on a download from a possibly suspicious source and have your anti-virus/spyware program scan the file directly.  It'll give the file a quick scan when it's downloaded, but often only a deep scan will detect the really nasty stuff.

This doesn't apply to songs, pics and videos, but it definitely applies to compressed files such as Zip and Rar, and you should never, ever, download an EXE file unless you're positive of the source.

The real danger today is spyware, and it's on your shoulders to use a quality program to fend it off.  Not only could an easy argument be made that it's the most important money you can spend on your computer, but it could even be argued that it's the only money that you actually need to spend on your computer.  One can get by with a lot of great freebie programs in the computer world, but not in this area.

Any specific questions, as always, just ask in the comments.