Protect your Black Monday shopping with a quick tune-up

I cannot stress enough the need for every PC user to have a healthy, working, properly configured anti-virus program running on their computer at all times.

[updated December 1, 2012]
Before embarking on online shopping trips, it’s worth the few minutes required to make sure your computer does not enable the theft of your identity.

Tens of thousands will have their identities stolen in the next few weeks, because malware was able to help steal valuable information from you such as credit card numbers, online userids and passwords. A few minutes work will go a long way towards preventing this.

That, or you can do nothing, and potentially have to take days off of work to cancel credit cards, write letters, get credit monitoring, and get back to where you are right now with perhaps forty hours’ work.

It’s up to you.

Ready?

1. On your PC, connect to http://update.microsoft.com/ .  Go through the steps required to check that all necessary security patches are installed.

Note: If you are able to connect to Internet sites but are unable to successfully install updates at update.microsoft.com, your PC may already be compromised. If so, it is important that you seek professional help immediately to rid your computer of malware. Delays may be very costly in the long run.

2. To eliminate the need to periodically visit update.microsoft.com, confirm that Automatic Updates are properly set. Use one of the following links for detailed instructions (all are Microsoft articles that open in a new window):

Windows XP | Windows Vista | Windows 7 | Windows 8 (automatic updates are turned on by default)

If you are unable to successfully turn on Automatic Updates, your PC may already be compromised. If so, it is important that you seek professional help immediately to rid your computer of malware. Delays may be very costly in the long run.

3. Ensure that your PC has working anti-virus software. If you know how to find it, make sure that it has downloaded updates in the last few days. Try doing an update now – your anti-virus software should be able to successfully connect and check for new updates. If your Internet connection is working but your anti-virus software is unable to check for updates, it is likely that your PC is already compromised.

Note: if any of the following conditions are true, it is important that you seek professional help immediately to make sure your computer is protected from malware.

a. You cannot find your anti-virus program

b. Your anti-virus program cannot successfully check for updates

c. Your anti-virus program does not seem to be working properly

If you are not sure whether your anti-virus software is working (or if you computer even has anti-virus software), you may wish to download and run Microsoft Security Essentials. This is a free anti-virus program from Microsoft. While some professionals may argue that this is not as effective as any of the commercial brands of anti-virus software (Sophos, Symantec, McAfee, Trend Micro, Panda, etc), it’s better than having nothing at all.

December 1, 2012 Update: Microsoft Security Essentials has lost its certification as being an effective anti-virus program. Full test results available here in an easy to read chart. Note the absence of the “AVTest Certified” logo next to Microsoft Security Essentials.

Several free anti-virus programs are worthy of consideration: AVG, Avast, Zone Alarm Free Antivirus + Firewall, Panda Cloud Anti-Virus. I cannot stress enough the need for every PC user to have a healthy, working, properly configured anti-virus program on their computer at all times.

Social media safety during the holidays

The late-year holidays (Thanksgiving, Hanukkah, Christmas) are known for travel, visiting with friends and family, and gift giving and receiving. Any time of year is a time for sharing some details of our lives with others through social media outlets such as FaceBook, Twitter, MySpace, and personal blogs.

During this time of year, it is especially important that you protect yourself from online threats, some of which are caused by others, and some of which are caused by you! Follow these steps to keep your property and your online presence safe during the holidays:

Don’t announce your travel in advance. If you post something like, “leaving home for Philadelphia for five days”, you are announcing to the world that your home may be vacant for extended periods of time, inviting burglaries.  Make your posts more vague, such as “spending Christmas with brothers and parents”, which might be where you live, or not.

Don’t gloat about your gifts. Similarly, if you talk about your new Kinect,  Wii, or iPad online, you may be sharing news of your loot with too many outsiders. Instead, be more discrete and share news about your new things more privately.

Limit FaceBook exposure. Check your privacy settings in FaceBook. Consider setting up one or more groups of family and friends, to limit how wide your announcements are sent. My wife and I have “immediate family”, “family”, and other groups of highly-trusted individuals with whom we may share things about travel, gifts, and other personal matters, so that the entire world doesn’t know that we might not be home at the moment.  Similarly, limit the FaceBook applications that you allow to access your personal data. Some FaceBook applications are malevolent and are designed to steal your information and use it against you.

Get a security tune-up. Follow easy steps to ensure that your anti-virus and firewall are working, and that your patches and browser are up to date. Do this before you shop online, to limit the chances that your credit cards will be compromised.

Secure your home Wi-Fi. Find the instructions to improve the security of your home router or Wi-Fi access point. Change from no security to WEP, or better yet, WPA.  While WEP is not as secure these days, it’s better than nothing. WPA or WPA2 are far better, and most PCs (and even gaming consoles) supports WPA and WPA2 these days.

Limit use of public Wi-Fi hotspots. From road warriors to housewives, we roam with our laptops from hotspot to hotspot at our favorite coffee shops and other public venues.  While it’s okay to check the news and get shopping information, it is not okay to check e-mail, log on to FaceBook or Twitter, or perform high-value activities such as online shopping from an open WiFi hotspot. Easy to use tools are widely available that permit even the unskilled to hijack your session and compromise your personal information.

Check your credit. U.S. consumers can check their credit three times per year for free (once per year for each of the three credit bureaus). Check your credit report carefully, looking for any accounts that you may not have opened, or for changes in accounts you may not have authorized.

Use a separate online shopping credit card. Rather than using your primary credit/debit card for online shopping, open a second account and use only that one. Keep a low balance to minimize your exposures.

Choose “credit” when using debit/credit cards. Whenever you are making purchases with your debit/credit card, choose “Credit”. Then, if your credit card number is later compromised, you may enjoy additional protection (such as the $50 liability limit) on your account. Many banks do not offer the same protection for compromised debit card numbers.

Prediction about consumer online confidence comes true, a little late

I was a panelist at the annual WSA Predictions dinner event in December 2005. Each panelist was asked to make technology-related predictions for the coming year, 2006. My prediction: one or more significant security events would result in a downturn (or, at least, a slowdown in the rate of growth) in consumer online shopping.

Little did I know that the perpetrators of the TJX breach had already been busy at work skimming millions of credit card numbers out of TJX’s computers.

Well, well. I read an article yesterday that reads, “Holiday shoppers are in stores and online again this year — but they don’t feel too safe doing it, according to a report scheduled to be published Monday by security vendor Utimaco.” Consumers are shopping online, but nervous, as they recall the colossal TJX security breach earlier this year.

Link to full article:

http://www.darkreading.com/document.asp?doc_id=141436