Do you practice safe Internet computing

Willie (IBM Senior Certified Consulting IT Software Specialist)

Let's start out the new year with some advice that shouldn't be necessary for most of my readers. However, as you read today's post, you may discover that even the best amongst us mess up sometimes and may not be as security conscience as we should.

What inspired me to document my issues with using the Internet this fine 24 degree (Fahrenheit) morning? Well, a few weeks ago I was reading Jim Rapoza's blog "Comment Here". He did a little thing based on a few of his previous blog entries called "12 Ways to Be a Security Idiot: The Calendar!". Mr. Rapoza states in this blog entry "And that's people who don't put any thought into how they use their computers and the Internet, and who through their actions expose themselves and others to potentially dangerous security threats." A few months ago my reaction to this statement would have been "Thank goodness I'm not one of them". It turns out though, that I am. And because I am, I believe my family is also. I'm going to explain in just a second. To quote Mr Rapoza's blog entry again "In some ways, security idiots are the gift that keeps on giving.".

To get things started, you need to first go out and download Mr. Rapoza's calendar and you can pair up which months match up with my "events".

What does the Favero family do to contribute to Mr Rapoza's blog entry.

Enter the Christmas holiday season. Flying around the Internet are all sort of e-mail greeting cards wishing well and merriment. Unfortunately, hidden in a few of those holiday greetings is something sinister and very Scrooge like; a virus. Open the card and instead of a friendly Christmas greeting, you get to spend the next few hours cleaning you machine. I know because it happened to me. I get a lot of those e-mail greeting cards. It seems that most of my friends are remote or think they are remote and use e-mail for everything. A eCard arrived from a very reputable electron greeting card site from an e-mail address that at first looked familiar. Being in the holiday spirit, I opened it. Not a good idea because it was infected. All the warning signs were there, I just chose on this occasion to ignore them. In retrospect, the e-mail was not address to me, it was generic. The first give-away that it was phony. On further examination, the FROM e-mail address was also bogus. It was tagged with "Dorothy". I have a good friend named Dorothy that loves to send eCards so I made a bad assumption. Fortunately, I know how to clean up after being stupid.

Let's leave my office and venture into other rooms in my house.

My youngest daughter uses an Apple MacBook Pro. I mention youngest because the oldest uses an IBM ThinkPad. One of the interesting things about Mac uses, they think they are virus impervious. People just don't hack Macs. Well that used to be true. Although she runs Apple's virus protection software and Norton (yes, we installed both on her Mac), she was still nailed with "something". Unfortunately, in her case, her hard drive took the brount of the pain and she ended up reformatting to fix whatever happened. Details are sketchy at best, after all she is a teenager and we she's not trained to document her problems and resolutions. We can only hope it doesn't happen again.

If you are into Mac, you need to read the article "End of innocence for Mac fans".

Moving upstairs to my desktop. This thing also has firewalls and virus protection. The virus protection is set for automatic updates to insure it is always up to date. However, this machine doesn't get used that often so it is possible that you can get on it, start to do something, have a virus update start, and manage to get into to trouble before the update completes. Because it is automatic, it is kind of out of sight, out of mind. we lost a machine this way a few years ago.

Work is notorious for this kind of stuff. At least once a month I will get an e-mail at my IBM address (Lotus Notes) from someone internally that has a virus attached. My virus software catches it so I'm safe. But it does make you wonder how someone at IBM could (would) forward an virus infected e-mail. What really breaks me up is when they send out a note apologizing for sending out the virus and the apology note has the same virus attached to it also.

I have seen stuff like this actually shut down an entire e-mail system for days in an effort to clean it up completely.

Phishing is another story. My favorite e-mail pastime, when I have the time, is forwarding weird looking e-mails to the organization they are attempting to impersonate. In my address book I have the spam/phishing e-mail addresses for most banks, E-Bay, Amazon, PayPal, and dozens of other online companies. When I get something that looks suspicious, I expand all headers and forward to the appropriate corporate spam/phishing e-mail address copying a federal spamming e-mail address (I have two: reportphishing@antiphishing.org and spam@uce.gov). What you NEVER EVER want to do is reply or click on the REMOVE link. That's just a sure fire way of validating your e-mail address for them, making your e-mail address even more valuable to the spammer market. (BTW, I still find it hard to believe that people fall for the the e-mail were someone in another country wants to share their $500 million with you just for a small investment on your part.)

A word about spam also. I have some pretty sophisticated spam software that detects and eliminates spam. It works so well, that I discovered ti was also getting rid of real mail for me also. For example, about twice a year, it flags my mail from DB2-L as spam. I do get a lot of it on occasion and it des seem to fit its criteria for spam. So now, I still use the software, I just don';t turn on the automatic portion. I examine what it flags as spam and I decide if it should be deleted or not. That works out to be so much safer for me.. LOL

Even just plain safe computing in general is a big issue in my opinion. Look at me. I'm supposed to be very knowledgeable about thing like backup and recovery. However, you may remember a few months back I had an issue with my notebook that could have been easily circumvented IF I had a backup of my hard drive. I didn't and had to play all kinds of games to solve my problem. Should I have know better? Absolutely. Have I since remedied the basis for my problem? Again, absolutely. But it should have never happened in the first place. I was complacent and sure it could (would) never happen to me. It did, I paid the price, and now I backup my entire machine at least once a week, sometimes even more often.

And just to tie this all back to the title of my blog, the stuff discussed here just doesn't happen on the mainframe. We fixed most of these issues 30 years ago to create maybe the most secure processing platform available. Have there been data issues recently. Yes,but they occur AFTER the data has been removed from the mainframe and moved to some other platform or media.