It starts out innocently enough. You’re browsing the Web, dreaming of the weekend and your next golf game, and you happen across a great-looking site that promises to drop your handicap in three easy lessons. Sounds good, but you’ve got a meeting in five minutes, so you hastily sign up for the site’s weekly newsletter and dash off.
When the newsletter arrives several days later, however, it’s not alone. Every day, more and more new spam crams your in-box, hawking Caviar Quarterly subscriptions or pitching wild weekends in Las Vegas.
Who knew one newsletter would have so many pushy friends — and who invited them in the first place?
Companies that collect facts about you often have obscure data-handling practices, so your name, address, and account numbers could end up spreading disturbingly quickly across the Web. Your problems don’t stop there — you also have to guard against ever more sophisticated scammers and hackers who are out to steal your identity or your company’s data. And studies show that these problems keep getting worse both for individuals and for businesses.
How can you tell which information is really necessary to complete a transaction and which is collected for marketing? Which utilities can safeguard your PC from prying eyes and invading worms? Once you’ve given out your credit card number or your mother’s maiden name, how can you tell where the information is going, or who is watching it?
No wonder even shrewd Internet users are confused. We at PC World wanted to find out how deep the problem ran, so we put together a survey and gave it to 1500 Internet users. We asked questions about their habits and concerns, as well as what they do to protect themselves online, and then we rated the answers to come up with a Privacy Quotient (PQ) score. (Take a condensed version of the test on page 38 of PC World March 2004 edition.)
Our goal? To use what we learned about the vulnerabilities in users’ security practices and offer practical, easy-to-follow advice to help you keep your personal information private and lead a safer life online.
Overall, we discovered from answers to the quiz that privacy slips occur most often in three key areas: password management, use of security tools such as antivirus software and firewalls, and habitual online behaviour. Read on for privacy tips specific to these areas in order to improve your ability to keep your private life secret.
Take control of passwords
Use memory tricks to craft better passwords. Start with, say, the title of a favourite book or movie. Take the first letter of each word and stick a meaningful number, such as the year you started your current job, in the middle. You can update your passwords with each new book or movie. For less-critical accounts like news and movie sites, you might use a scheme with a number — perhaps the month and year you left high school — followed by the site’s initials. Don’t use the same password at every site.
Try a password-management tool to reduce hassles. Choose one that encrypts and stores your data on your PC (we like Roman Lab’s free Any Password at www.romanlab.com and Siber Systems’ free AI Roboform at www.roboform.com).
Be careful about letting Windows store passwords. Don’t do it at all if your PC could be used by others. And always enter passwords at sites with sensitive information, such as banks and retailers.
Change your passwords frequently. Revise your news and entertainment site passwords once a year, but change your passwords for sensitive sites monthly.
At least skim privacy policies. Scan for words such as use, distribute, or share, which should refer to how the site will use the data it collects. Look for references to those with whom it shares information: internally, with affiliates, or with third parties. And check whether the policy can change without notice to you — and if it does, whether you’ll have the chance to delete your data.
Be wary of e-mail asking for account information. Contact the company via phone or e-mail (but not by reply) to confirm it sent the request. The practice of sending scam e-mails which pretend to be from legitimate sites, known as phishing, is becoming increasingly common.
Create different online identities. For example, reserve one e-mail address for friends and family, another for business associates, and a third (perhaps a free account, like one from Yahoo or Hotmail) for activities like shopping and chatting, which can make you a spam target.
Don’t automatically give a site everything it asks for. Aside from a delivery address, most online transactions don’t need more data than a regular store.
Perform due-diligence checks on companies. Check the site’s policies and security features: is there an s following the http in the URL, or an SSL Secured lock icon to ensure safe transmissions? Does it store your data on its servers; if so, is it encrypted?
Review your financial statements monthly. Look for unauthorised charges and money transfers.
Lock down your PC
Set automatic updates for your sentinel apps. If you have a weekly meeting, for example, set your antivirus or firewall software to grab updates then. If your schedule is less predictable, have the software check for updates first thing in the morning, while you get your coffee.
Customise your Windows security settings. (Go to Tools-Internet Options and select the Security, Privacy or Advanced tab, depending on what you want to set.) This step isn’t a replacement for the tools discussed in “Top utilities for your toolbox”, above, but you can beef up the basics by disabling file downloads (a good idea if others can access your PC), setting passwords, blocking cookies, and the like. It’s generally a good idea to raise your Privacy settings to High, which will block cookies that use personally identifiable information without your consent, among other things.
Periodically purge your Web history. Don’t forget to clear cookies and stored temp files from your browser’s cache, too. Not only will that keep you more secure, it will keep your PC running more smoothly. (Open IE, select Tools-Internet Options, and use the buttons on the General tab.) Some utilities, such as Webroot’s Window Washer (www.webroot.com), make this cleanup a snap. Try to make these periodic purges part of your PC maintenance routine; perform them whenever you back up data or run a virus sweep, for example.
Configure your firewall to start automatically. Most firewalls let you select a protection level; we advise setting yours to High, though you may need to flag benign apps so you don’t get constant alerts.
Top utilities for your toolbox
To keep your online security simple and low-cost, check out this list of tried-and-true products that can help you cover your bases.
1. Antivirus: everyone should have an up-to-date antivirus application. Symantec’s Norton AntiVirus Pro 2004 (about $77) is a consistently good performer. If you object to Symantec’s product activation, try McAfee Security VirusScan 2004 Home Edition (about $66).
2. Spam fighter: keep yourself out of harm’s way by culling e-mail that may try to infiltrate your PC or your wallet. Sunbelt Software’s $US20 IHateSpam is a good choice for Outlook users (www.sunbelt-software.com). Other options for people with Outlook and other e-mail clients: Symantec’s Norton AntiSpam ($64) and McAfee’s SpamKiller 2004 ($62).
3. Firewall: for anyone with a broadband connection, firewalls are a must. For the rest of us, they’re a very good idea, especially as worms and spyware proliferate. Zone Labs’ ZoneAlarm 4 remains our top choice; the free version supplies a basic firewall, and the $99 Pro version adds a comprehensive security tool kit (www.zonealarm.com.au).
4.Adware/spyware remover: these utilities can help keep pop-up ads from multiplying and prevent your surfing habits from becoming public knowledge. PepiMK’s free Spybot Search & Destroy does a terrific job (http://spybot.eon.net.au); the free Lavasoft Ad-aware 6.1 has fewer features but is also a good choice (www.lavasoftusa.com).