Basic Internet Self-Defense

Allen Faulton

May 25, 2018·10 min read

The Modern Survival Guide #33

This is the Modern Survival Guide, a guidebook I’m writing for things I think people need to know about living in the modern world. The views expressed here are mine, and mine alone. Fortunately for you, I’ve been around the internet for a while, and in this edition I’m going to be sharing some (very) basic tips for surviving online.

Let’s get one thing straight first — the internet is amazing! It’s a glorious assembly of information, entertainment, and opportunity. It is one of the major accomplishments of humanity, and without it you wouldn’t be reading this, which would just be awful. It’s fair to say that the modern world is built around an internet backbone, and it’s good to recognize that, for all its power and majesty, the internet is still very much growing up. There’s no telling what it will turn into... but it’ll probably be pretty cool.

Now for the bad news: because the internet is so attractive, it’s basically a gold mine for criminals and ne’er-do-wells who want to steal and/or break stuff. Possibly even your stuff. Let’s take a look at what to do about that.

Internet Threats

First off, let’s talk threats. Don’t worry so much about the Hollywood archetype of black-hat hackers sitting in high tech rooms with six monitors, breaking into your computer with rapid keystrokes. It’s not that these people don’t exist, it’s just that they don’t care about you. They’re after bigger fish. You’re not that important in the grand scheme of things, and that’s really good for your security.

No, mostly you’re just going to get malware: autonomous software containing malicious code that is used to access your computer, extract information, or make changes.

Malware comes in two basic varieties: bloatware and viruses.

“Bloatware” refers to programs that come pre-installed on most computer devices (including your phone) that don’t actually do anything useful, but take up space, slow down your device, or harvest your data. They’re not usually illegal, but they’re annoying. Getting rid of bloatware is as simple as uninstalling it.

Viruses, on the other hand, are very much illegal and very dangerous. A “virus” is a catch-all term for any computer program that is capable of reproducing itself on the target system, infecting other systems, and that has some sort of bad effect on its host. You might also hear of specialized viruses called “Trojan Horses” or “Worms.” For the purposes of this article, just know that none of them are good, and some of them will require expert attention to remove.

Like real-life viruses, most computer viruses spread in a particular pattern or using particular resources — these are called vectors. Major threat vectors include the following:

• Downloads: Be careful on websites that ask you or allow you to download files. Trojan Horses are so named because they are files that are voluntarily downloaded and opened by a user, after which they infect the user’s computer.
• Ads: It’s virtually impossible to police all the advertisers online, so a fair percentage of ads are actually attempts to install bloatware or malware. Be careful when clicking on any ad banner.
• Approval Pup-Ups: Always read any approval form that pops up on a website. Unless you are absolutely sure you know what you’re agreeing to and what it does, do not click “ok.” For the most part, the best action is to close the browser — ctrl/alt/delete to get to the task bar if necessary — particularly if a site won’t let you do anything other than click “ok.”
• Email Attachments: Always be careful with email attachments; this is a very common vector for Trojan Horse viruses. Ideally, you should get verbal confirmation that files are legitimate before you open them (especially from family members). Alternately it’s usually a good idea to check an email address for authenticity and get a written confirmation on the attachment, particularly in any instance where you’re not expecting a file.
• Email or Phone Requests for Info: The most effective way to hack a computer is still to simply ask people for login information. Be careful with emails or phone calls that request info. If you did not contact them first, they are probably not legitimate.
• Porn: Although the industry as a whole has gotten a LOT better about this, porn sites (particularly weird ones) are still a major vector for viruses. The bigger and more legitimate the company, the less likely they are to have a virus-infested site — that actually holds true across all industries on the internet.
• Fringe Sites: Weird religious or political sites are also common vectors for viruses, possibly due to the age bracket of most of their users (i.e., old people — older users are more vulnerable to online threats, and tend to fall for scams more easily).
• Fake Tech Support: A major vector for scammers are fake calls from “tech support” or “Microsoft.” Remember, if you didn’t contact them first, they aren’t on the level. Hang up and report their number to the company they claim to be representing, if you want to be proactive about things.

All of these threats are after at least one of the following goals:

1. Grabbing your data — Personal data is worth money to advertisers, spammers, telemarketers, criminals, and big companies. There’s more money in knowing your consumer history and browser history than there is in stealing your social security number, but personal info like your SSN, birth date, and password info are all fodder for identity thieves.
2. Stealing your money — Scams and ransomware (malware that locks your files and holds them hostage) are all about stealing your money. This is a major motivating force for a lot of the viruses and malware manufacturers.
3. Breaking stuff — Some people just want to see the world burn, and release really nasty bugs on the web just to break shit.

The good news, if it can be called such, is that stealing data and money are the main goals of most hackers these days. Very few people want to just break computers anymore — probably because there’s no money in it.

Internet Defense

Self defense on the internet comes down to three big points:

• Education
• Avoidance
• Active Defense

Education

Remember that very few problems on the internet can exist in isolation — viruses are recorded and countered as fast as they are released, and it’s pretty easy to get up to speed on the latest online threats. Reading the “tech” sections of most newspapers can give you a good idea of when something new and nasty is stalking the interwebs. There are also many tech-specific websites that cover cyber threats and scams — I personally use Arstechnica to keep up to speed.

When in doubt, also remember that a quick Google search can identify most problems, give you context on error messages, and can often verify whether a sales offer or telemarketer is legit or a scam.

Avoidance

Once you know what threats look like, you can easily avoid most of them. Here are some quick, general tips:

• Don’t open attachments without verifying that someone you know actually sent them to you.
• Don’t click “accept” on agreements you didn’t initiate.
• Don’t click “ok” to any download you didn’t prompt.
• Don’t post personal information online.
• Don’t believe anyone who calls you claiming to have discovered a virus on your computer.
• Don’t give people your personal information without a good reason, and make sure you’re the one who prompts the exchange.
• Don’t click on spam.
• Don’t click on ad banners.
• Don’t go back to sites you know are infected.
• Always check to make sure you’re on the right website by looking at the URL (some scam sites are just a letter off from legitimate websites).
• Establish a list of sites you know and trust.

Active Defense

You are not helpless in the face of online threats. You actually have quite a large toolkit available to keep you safe from malware and viruses. In this section we’ll look at five defenses you can use: antivirus software, Windows Firewall, security updates, good passwords, and (no substitute for it) your brain.

Antivirus Software: There is a thriving industry in defense against viruses and other malware. Windows also comes with a built-in antivirus program, Windows Defender, which is active by default, and many companies offer very reputable virus defense programs for free. You should always install antivirus software on any computer you are responsible for. Even the most basic program will defend against better than 90% of the threats out there.

Here’s a quick list of free, reliable antivirus programs:

• Avast Free Antivirus
• AVG Antivirus Free Version
• Bitdefender Antivirus Free Edition
• ZoneAlarm Free Antivirus
• Avira Free Version

Once installed, you should always make sure your virus protection is up to date, and you should set the program to run regular (preferably daily) scans of your system. All virus protection programs will prompt you if they need an update, and you should always click “ok” to these prompts.

A quick note: it doesn’t help to install multiple virus protection programs; this will actually just clog up your computer. One in addition to Windows Defender is enough.

Windows Firewall: In real life, a firewall is a structure that separates and isolates two spaces in case of fire. Cars, for example, have a firewall between the engine compartment and the passenger compartment. In computer terms, a firewall is a program that blocks access to your computer from unauthorized sources.

Operating systems almost always come with a firewall pre-installed, and no further action is required by the user to enable them. Installing an antivirus program will usually add another firewall. While you don’t have to do anything else to enable these programs, you should be very, very careful about turning them off. There are very few good reasons to do so — be wary of any person or program who asks you to disable your firewall!

Security Updates: Computer manufacturers and software providers constantly provide security updates for their products. When using Windows 10, you can access the update functionality by going to System Settings from the Start Menu, clicking “Update and Security,” and then clicking “Windows Updates.” On older machines, from the Start Menu go to the Control Panel and find the icon for “Windows Updates.” This will bring up a series of menus which will tell you whether your system is up to date, and offer the options to scan for available updates.

You should always make sure your system is up to date — manufacturers use system updates to patch potential weaknesses in the software, and since computer software is very complex and new weaknesses are frequently found, they do this quite often. Most of the time computers will automatically run updates, but if it has been turned off for a long time you may need to run an update manually.

Several other programs will prompt you for updates from time to time. These include, but are not limited to:

• Java
• Adobe Acrobat
• Your antivirus software

You should make sure that these programs are updated whenever you see one of these prompts — these are safe programs and are performing as advertised when they prompt you for action.

Good Passwords: Making sure your passwords are tough to crack is an easy, but often overlooked, component of online defenses. You should always set your own, personalized password for any computer or website that requires one. There are five cardinal sins of passwords:

1. NEVER USE YOUR BIRTH DATE
2. NEVER USE YOUR PHONE NUMBER
3. NEVER USE YOUR SOCIAL SECURITY NUMBER
4. NEVER USE YOUR NAME OR THE NAMES OF FAMILY MEMBERS
5. NEVER LEAVE THE DEFAULT PASSWORD IN PLACE

Look at it this way: What’s the easiest number you can remember? Probably your birthday or phone number, right? But what is the easiest thing for anyone to find out about you? Also probably your birthday or phone number. Same thing for words, avoid the names of people who can be easily traced to you. Make it hard for someone to crack your password by picking something they can’t just guess.

Always change the password when you first log on to a new device. Manufacturers often leave passwords as “guest,” “default,” or “user.” Guess what the most often-cracked passwords in the world are? If you guessed “guest,” “default,” or “user,” you are correct.

Here are some good password tips:

• Use a phrase. The longer the password is, the harder it is to guess. And once you get beyond a dozen or so characters, they become very nearly impossible to crack using brute force algorithms. But longer passwords are hard to remember, so use a phrase instead of random characters. Peterpiperpickedapeckofpickledpeppers, for example, is pretty much unhackable.
• Use a combination of upper and lower case letters. This increases the solution space for a password, making it even harder to crack. This is secondary to making your password longer, though.
• Unless you absolutely have to use them, ignore special characters. Using special characters is one of those things that has crept into password design without actually being helpful. They’re hard to remember and don’t serve a purpose; in any situation where you might be tempted to use a special character, just make your password longer instead.
• If you have to write your passwords down, do so on paper — you can’t hack paper. Then hide the paper.

Use Your Brain: Think before you click. Before you open a new link, click a banner, or download a file, you should run through the threat avoidance tips. Make sure you’re clicking the right thing.

If a program asks for your permission to do something, or asks any variation on the theme of “are you sure?” make sure you’re sure.

Be patient, and understand what you are authorizing a computer to do when you install a new program — a lot of software comes bundled with bloatware you probably don’t want. Do not rapid-click through menu prompts.

And remember that anytime you’re not sure what’s going on, Google is just a click away.

Only You Can Prevent Online Threats

To wrap up, it’s important to recognize that an awful lot of internet threats exist, and it’s on all of us to spot them, avoid them, report them, and negate them. Viruses and scams aren’t going away; they’re too attractive to awful people, not to mention too easy to make money on. But with the right mindset (paranoia), training, and proper attention, it’s not all that hard to avoid most of them.

Last but not least, understand that at some point you are going to get hacked. You will get a virus. You will fall for a scam. This isn’t a reflection on your intelligence or character, it’s just the end product of a risk calculation. Conduct your business online accordingly. Keep backups of important data. Limit your exposure by limiting the data you keep on a computer. Understand your risk profile — and be prepared to take action if your identity is compromised. I’m sorry to say it, but we all probably need to learn how to freeze our credit, for example.

Be careful, my friends. The internet is glorious, but it’s a minefield.