See page 2 for my thoughts on Firewalls, Java / JavaScript and Cookies

Key Actions

1. Apply Windows patches
   • Microsoft Windows update - highly recommended
   • Microsoft Office Updates - highly recommended
   • Microsoft Baseline Security Analyzer - highly recommended for IT Professionals
   • Malicious Software Removal Tool - highly recommended
2. Apply Application patches
   • Macromedia Flash Player - version tester
   • Test Macromedia Shockwave & Flash Players
   • Macromedia Flash Player - download
   • Macromedia Shockwave - download
3. Read Microsoft notes
   • Microsoft security - recommended
   • Security At Home - recommended
   • Microsoft UK security - recommended
   • Microsoft TechNet - recommended
4. Buy, use and keep updated
   • Firewall
     • Cisco PIX or Cisco ASA 5500 - recommended for multiple PC sites
     • ZoneLabs ZoneAlarm - recommended
     • BlackIce
     • Kerio WinRoute Firewall
     • McAfee Firewall / VirusScan / SpamKiller - recommended
     • Norton/Symantec Personal Firewall / AntiVirus - recommended
     • Microsoft Windows XP - firewall, not recommended
       • Windows XP SP2 - when available will turn the firewall on by default, and potentially 'break' some current programs
   • AntiVirus
     • McAfee Firewall / VirusScan / SpamKiller - recommended
       • McAfee AVERT Stinger - stand-alone utility used to detect and remove specific viruses - recommended, but does not replace having AntiVirus
       • Housecall - Trend Micro scan of your PC for viruses and spyware - recommended, but does not replace having AntiVirus
       • Online Scanner - Scan of your PC for viruses - does not replace having AntiVirus
       • BitDefender Online Scanner - BitDefender scan of your PC for viruses - does not replace having AntiVirus
       • Symantec Online Security/Virus Scanner - does not replace having AntiVirus
       • Kaspersky Online Virus Scanner - does not replace having AntiVirus
     • Norton/Symantec Personal Firewall / AntiVirus - recommended
   • Optionally URL Filter
     • Cyberpatrol
     • Net Nanny
5. Periodically check for Cookies & Spyware
   • CounterSpy - highly recommended
   • Spybot-S&D - highly recommended
   • LavaSoft Ad-Aware - recommended
6. Stop Pop-ups/unders
   • From normal browsing
     • ZoneLabs ZoneAlarm - recommended
     • Google Toolbar - recommended if you can't do it in your firewall
   • From having ports open
     • Close these with a 'Firewall', see above
   • From Spyware
     • See 'Periodically check for Cookies & Spyware' above
   • From Instant messenger
     • How to Remove Windows Messenger on Windows XP
   • General info on pop-ups/unders
     • How to block Pop-ups?
     • Are pop-up ads allowed on Google?
7. Spam
   • Use 2 email addresses
     • a 'permanent' one from friends and a 'changeable' one for on-line use
     • Only give your email if you really need to, and then use the 'changeable' one
     • If you want to only have one place to get your email from simply set up your 'permanent' email address to forward everything to the 'changeable' one
   • Never use an email address that is the same as your home page URL
     • e.g. if your website is http://www.my_isp.com/~my_address it's fair to assume your email address is my_address@my_isp.com
   • If you have your own domain, http://www.my_domain.com, consider turning off the catch_all
     • without a catch_all you will have to specify all valid email addresses: joseph@www.my_domain.com, mary@www.my_domain.com etc
     • with a catch_all you will get email sent to absolutely_anything_you_like@www.my_domain.com, eg sales@www.my_domain.com, marketing@www.my_domain.com, webmaster@www.my_domain.com etc
     • Whilst useful if you're a business and want to get all emails, even if people can't spell your name, it does allow people to send you email just by knowing your domain
   • Be wary about leaving your email address of a bulletin board, chat room, or web page; if you must leave your address then disguise it
     • if you want the email address to 'work' use my_address@my_isp.com instead of my_address@my_isp.com
     • if you just want a human to understand it then use something my_address at my_isp dot com instead of my_address@my_isp.com
   • Be wary about giving your email address to a third party. Even more so please think very carefully about each of your 'friends' personal email addresses that you're giving away too.
     • Plaxo is very, very bad
     • Plaxo annoys me
     • Plaxo evil?...
     • Death to Plaxo
     • Why do really smart people hate Plaxo so much?
     • Get thee behind me, Plaxo
   • When filling in on-line forms never permit your address to be used/shared for other purposes
     • you may need to check or un-check a box
     • Always double check these 'tick' boxes before you hit submit
   • Do not reply to spam
     • especially DO NOT asked to be removed from a mailing list from a Spam email
     • in an office environment consider not using an 'Out of Office' message
   • Never buy anything from a Spam email - even if it's a bargain and you really, really want it
     • It encourages people to think Spam works - and so fuels the Spam industry
     • If the deal appears too good to be true then it probably is: drugs may not be pure, software may be counterfeit, especially if it's 'from' a know brand
   • If available use filtering offered by your ISP
   • Consider using a Spam filter - available as an extra purchase by most firewall and antivirus vendors as well as on its own
     • MailWasher
     • McAfee SpamKiller
     • Norton/Symantec Internet Security (Spam Alert)
   • If you are offended by the spam send it (complete with its headers) to your ISP. Most have an address like abuse@YOUR_ISP.com for just this purpose, e.g. abuse@btinternet.com, abuse@ntlworld.com, abuse@hotmail.com, abuse@yahoo.com, tosemail1@aol.com etc.
   • If you believe that the contents of the email may be illegal, child pornography etc, notify your local police and/or the Internet Watch Foundation
   • Use a PC based firewall, like ZoneLabs ZoneAlarm Pro version, that can restrict your email software so that it doesn't give away the fact that the Spam has reached a real person by downloading web images to your PC. When you read or preview an email that's written in HTML, as lots are, then they imbed pictures into the email just like you do on a webpage. However some of the pictures have a URL that resolves directly to the email address they sent the email to. Even by previewing the email you're telling them that you've received the email Restrict your email software to
     • DNS Servers - UDP port 53, TCP port 53
     • Mail Servers, POP - TCP port 110
     • Mail Servers, SMTP - TCP port 25
8. Make sure your children are
   • Visible when using the computer
   • Are OK about mails/text/chat they are receiving
   • Know about dangers appropriate to their age
9. If you use wireless
   • Do use 128 bit WEP (Wired Equivalency Privacy)
   • Do turn transmit power down
   • Do enable proprietary 'extensions'
   • Don't allow encryption/security to be negotiable
   • Don't Allow Association To Mixed Cells
   • Don't 'Broadcast' SSID (Service Set Identifier)
   • Don't enable 'World Mode' multi-domain operation
   • Don't scan for a better Access Point
   • Consider turning on MAC address filtering
10. Make regular backups of all crucial data and consider keeping the backup in a firesafe
11. Look after and regularly change passwords

General Protection & Advice

• WiredPatrol, Internet Safety, Help & Education
• SafeSurf
• ICRA - Internet Content Rating Association
• There4me
• Web Scams

• McAfee Firewall / VirusScan / SpamKiller - recommended
• How to stop Messenger SPAM: Disable Windows Messenger Service
• Stop Messenger Spam

• Google
  • preferences
• Ask Jeeves Kids
• Yahooligans

• Children
• Online child safety drive launched - 6 January 2003
• Q&A : Keeping safe on the net - 6 January 2003
• Fears for children's internet safety - 9 August 2002
• Home of The Missing Persons Register - April News - 2 April 2002
• Net creates new breed of paedophile - 5 April 2002
• In Memory of Sarah Payne
• for Sarah Campaign

• SPAM
• Fun with Spam
• Software Scams on Internet Time - Counterfeit Symantec s/w

• Banks / Scams
• Internet Dragnet Goes After Scam Artists
• Run Money Through Your Account For a Foreigner and Get Millions of Dollars-Fiction!
• A con-artist's lure
• Citibank e-mail looks phishy: Consultants - 9 November 2006

• Identity Theft
• Identity Theft
• Gervais account fraudsters jailed - 23 March, 2005
• McAfee warns of mounting online identity attacks - 17 January 2007

• Hackers / Trojans / Bots
• Back Orifice profile
• Back Orifice
• Thousands 'trojaned' through net shares: CERT - 12 March 2003
• Trojan defence clears man on child porn charges - 24 April 2003
• Britain the bot capital of the world - 3 October 2005
• Betting websites blackmailed with child pornography - 27 October 2004
• Online Extortion Works - 13 December 2004
• Trojan sex offender jailed for 10 years - 13 November 2006

• Hoaxes
• Internet Loo
• Microsoft's iLoo Project A Hoax

• General
• SOCA - Serious Organised Crime Agency
• National Infrastructure Security Co-ordination Centre
• National Vulnerability Database
• ITsafe
• Talisker Computer Network Defense Operational Picture
• Airport PCs stuffed with meaty goodness - 21 September 2005
• Forgetful staff leave businesses exposed - 28 November 2006
• NHS security dilemma as smartcards shared - 30 January 2007
• How Does The Hacker Economy Work? - 10 February 2007

• SamSpade.org - excellent resource
• InterNIC
  • Whois
• RIPE - Réseaux IP Européens
• ARIN - American Registry for Internet Numbers
• IANA - Internet Assigned Numbers Authority
  • Top-Level Domains - Generic and country code

• How to Minimize Metadata in Microsoft Word Documents
• Office 2003/XP Add-in: Remove Hidden Data
• The hidden dangers of documents
• The hidden dangers of Microsoft Word

• Family/Relationship Books
• Computers, the Internet, WWW and Controls