Web shoppers are a suspicious lot. That's the conclusion of a recent poll conducted by Zogby International and funded by Symantec and the National Cyber Security Alliance. The survey found that 63 percent of online shoppers abandoned a purchase due to security concerns.
Among the reasons given for failing to complete the transaction were sites that asked for too much information, uncertainty about how their personal data would be used by the site, and lack of faith in the site's security. These are all valid concerns.
CNET News reporter Greg Sandoval describes recent Congressional hearings on bogus online loyalty programs that sucker Web shoppers into offers that are loaded with fine print. Sandoval's follow-up report indicates that few of the big-name sites profiting from these programs intend to end their relationships with the companies being scrutinized.
Even if you've been making Web purchases for years, it pays to review the top five tips for avoiding unpleasant online-shopping surprises.
Know who you're dealing with
You can get an indication of a site's trustworthiness by using a site-rating browser add-on such as the Web of Trust, LinkExtend, and McAfee SiteAdvisor. I described these and other security add-ons for Firefox in a post on Nov. 17, but these and similar site-rating services are available for Internet Explorer and other browsers as well.
The BBB Online's shopping tips suggest that if you're not sure about completing a Web purchase, look for a toll-free phone number you can call to place your order. Just remember not to volunteer more information than necessary, whether you make your purchase via a Web form or telephone.
Know exactly what you're getting—and when and how you're getting it
Document as many specs as possible about the products you're purchasing, including model numbers, dimensions, item numbers, and guarantees of authenticity. Know beforehand all delivery and handling charges, warranties, and return/refund policies. Get the tracking number of the delivery service the vendor will use.
In my experience, the ability of Amazon and other reputable Web sites to deliver products when they promise goes down as the heart of holiday shopping season approaches. To avoid Christmas morning disappointments, shop very early or stick to brick and mortar for your most important purchases.
Watch for prechecked or disguised 'offers'
Just as you can find your browser sporting a new toolbar if you rush through an update of your media player or PDF reader, being in a hurry when you make a Web purchase can cause you to "sign up" for unwanted offers. Technologizer blogger Harry McCracken found himself an inadvertent enrollee in the SavingsAce affinity program run by Vertrue, which is one of the companies under investigation by Congress.
Maintain a complete paper trail
Print out all transaction records, invoices, order-confirmation e-mails, warranties, return and refund policies, and anything else that documents the transaction. The BBB Online recommends printing Web pages showing the vendor's name, physical address, and telephone number. Also print pages with information about the product you're purchasing and the seller's privacy policy and legal terms.
Watch for unexpected charges after the fact
Some of the most unpleasant surprises may not manifest themselves until you receive your next credit-card statement. Be ready to challenge any unauthorized fees or other added charges. Watch out for mystery charges from third-party vendors such as Harry's experience with SavingsAce.
If you're unable to work out any problems with the vendor, the BBB Online recommends using the Better Business Bureau's complaint form, the Federal Trade Commission's Bureau of Consumer Protection complaint form, or the equivalent complaint form on the site of your state's attorney general.
Unfortunately, when I went this route with the faulty notebook computer HP sold me, I got nowhere fast. Still, you might have better luck with your complaints than I had with mine.
Internet Explorer 8, Firefox 3, Google Chrome 4, Apple's Safari 4, and Opera 10 include features that block sites known to host malware and malicious downloads. All but Opera also let you browse without leaving any tracks. But just as important as these protections is ensuring that whichever browser you use is thoroughly patched.
Filtering out bad sites
Firefox's built-in antiphishing tool claims to update its bad-site database 48 times a day, according to Mozilla's Firefox security page. Firefox 3 uses Google's Safe Browsing service to automatically block sites that are known to host malware. The Google Code site describes how Safe Browsing works in Firefox.
To verify that attack-site blocking is enabled in Firefox, click Tools > Options > Security and make sure "Block reported attack sites" is checked.
Firefox will prevent known-bad sites from opening when "Block reported attack sites" is checked.
(Credit: Mozilla Foundation)The same feature is built into Google's own Chrome browser. You can ensure that malware-site filtering is on in Chrome by clicking the wrench icon in the top-right corner, choosing Options, and selecting Under the Hood. "Enable phishing and malware filtering" should be checked. The Google Chrome Help site describes the feature. (Hint: This page looks very similar to the description on the Google Code site.)
Google's Chrome browser blocks known-bad sites when "Enable phishing and malware protection" is checked.
(Credit: Google)The SmartScreen technology in version 8 of Internet Explorer blocks known-malicious downloads as well as bad URLs. Other new security features in IE 8 include automatic blocking of click-jacking and cross-site scripting attacks, automatic crash recovery, and highlighting of the actual domain name in the address bar. The Microsoft Security site describes the SmartScreen Filter and includes links to a SmartScreen FAQ and information for site managers.
Apple's Safari browser added phishing and malware blocking in version 3.2, which was released in late 2008; read about this and other security features in Safari 4 on the Apple Safari site. Likewise, Opera's Fraud Protection predates the phishing and malware filters in IE and Firefox and is enhanced in the latest version 10. But attack-site blocking is only one of Opera's many security features, which you can read about on the Opera site.
Browsing in private
To activate private browsing in Firefox 3, click Tools > Start Private Browsing, or simply press Ctrl-Shift-P. You can set Firefox to start in private-browsing mode by clicking Tools > Options > Privacy and check "Automatically start Firefox in a private browsing session." The Mozilla support site provides more information about this feature. Likewise, put IE 8 in private-browsing mode by clicking Safety > InPrivate Browsing, or by pressing Ctrl-Shift-P. You can also open a new tab and click either Browse with InPrivate or Open an InPrivate Window.
IE 8 also lets you control the information about your browsing habits that's shared with Web tracking services. To activate this feature, click Tools > InPrivate Filtering Settings and choose "Let me choose which providers receive my information." This opens the InPrivate Filtering settings dialog, where you can turn filtering off, choose which services to block from tracking you, or automatically block all trackers.
Internet Explorer 8's InPrivate Filtering lets you block some or all Web tracking services.
(Credit: Microsoft)You can open an incognito window in Google Chrome by clicking the wrench icon in the top-right corner and choosing "New incognito window," or simply press Ctrl-Shift-N. The incognito icon (a shadow figure in a fedora and glasses) appears in the top-left corner of the browser window. The Chrome support site offers a more detailed description of this feature.
Opera lacks an equivalent private-browsing capability but does offer private searching and other identity-blocking features, as described on the Opera site. To activate private browsing in Safari, simply click Safari Settings Menu > Private Browsing.
Automatic and not-so-automatic browser updates
Patching is a way of life with nearly all software, but especially with browsers and the media players associated with them: Adobe Reader, the Flash Player, Apple's QuickTime, and Sun's Java, among others. All of a browser's security features can be rendered useless by a piece of malware that takes advantage of an unpatched hole in the program.
Firefox 3 alerts users to the presence of an update and now also notifies you when your Flash Player is out-of-date. Internet Explorer 8 updates via the Windows Update/Microsoft Update services. Google Chrome made a splash by being the first browser to update itself in the background without requiring any prompting from users. Safari updates automatically via Apple's update service, which also serves up patches automatically for QuickTime, iTunes, and other Apple software. Opera also notifies you automatically when a new version is available.
But updating is too important to leave to others. Back in April, I described Secunia's Online Software Inspector and downloadable Personal Software Inspector, which identify out-of-date programs on your PC. The programs mentioned in that post have all been updated since, but Secunia's services should point you to the most recent versions.
(Note that Secunia sometimes reports a program as being out-of-date when in fact you have the latest version. On my PC, it continually reports my up-to-date Flash Player as being in need of an update, for example. But the free service Secunia provides is worth putting up with this and similar minor annoyances.)
There's no way to reduce to zero your risk of picking up some piece of malware while browsing. You need layers of security to keep viruses, Trojans, and botnets at bay—the more layers, the safer your browsing. (Of course, the more layers, the slower your browsing, too, so don't get carried away.)
Much emphasis has been placed on the enhanced security features of the latest versions of the popular browsers. Whether one is any safer than another is anybody's guess, but no browser gives you more ways to thwart a Web-based attack than Firefox via its wealth of security add-ons.
Link checkers add warnings to search results
Search results are often difficult to trust, even when the URL looks familiar. Phishers are adept at planting dangerous links that look like harmless ones. Link checkers provide you with an indication of the trustworthiness of sites before you click their links. (Note that several of the products are available for Internet Explorer as well.)
Some of the programs, such as McAfee's SiteAdvisor, give the thumbs-up or thumbs-down based on a single company's research. Web of Trust (WOT) bases its recommendations on the collective intelligence of a network of volunteers. LinkExtend is a link-check aggregator that combines the analyses of eight different services.
McAfee SiteAdvisor adds a safety indicator to Web search results.
(Credit: McAfee)While the recommendations of link checkers are helpful in identifying safe sites, you can't take their yeas and nays as gospel. For example, sites that offer downloads of system utilities may be flagged as dangerous because the programs require access to the operating system and thus could do major damage in the wrong hands.
Track the trackers
You know popular Web sites download software that tracks your activities on their sites, but do you know who's doing the tracking? Find out with the Ghostery add-on that pops up the names of the trackers as the page opens. The program puts a small "ghost" icon in the bottom-right corner of the Firefox window that turns orange when trackers are present. Click the link that appears to the right of the icon to find out more about the trackers and block them individually or entirely.
The Ghostery Firefox add-on lets you know who's tracking your activities on the site.
(Credit: Ghostery)
View encryption specs
When you open an encrypted Web page, a lock icon appears in the bottom-right corner of the Firefox window and the URL in the address bar begins with "https." But there's more than one form of encryption, and knowing which type and strength of encryption in use can be handy.
The CipherFox add-on puts in the bottom-right of the Firefox status bar the Secure Sockets Layer/Transport Layer Security (SSL/TLS) cipher and keysize currently in use. Double-clicking the entry opens the CipherFox dialog box, where you can disable RC4 encryption and display partial SSL/TLS. (Note that the developer accepts donations to support the product.)
Take charge of Web password management
Firefox's built-in password manager lets you create a master password and remember passwords for specific sites, but if you want to get serious about managing your passwords, get LastPass, a password manager that provides much more granular control over your sign-ins.
After you download and install the add-on, an icon is placed in the top-right corner of the Firefox window. Click it to open the LastPass menu, which lets you manage your identities, open the LastPass Vault, jump to favorite sites, and generate secure passwords. You can also import or export sign-in IDs, compose and print secure notes, and assign keyboard shortcuts for specific actions.
In addition to Firefox and IE, LastPass is available for Google Chrome and Apple's Safari browsers. LastPass backs up your passwords by storing an encrypted copy on its own servers. And because you can access your passwords via the Internet, you can use LastPass on any Web-connected device, although use of LastPass on an iPhone or other smart phone requires a Premium membership, which costs $1 a month. (You can also put LastPass on a USB thumbdrive for use with Firefox Portable and other portable apps.)
Web ads aren't just annoying, they can also be the source of a malware infection that attempts to steal your identity. In her September 15, 2009 InSecurity Complex blog, Elinor Mills describes how ads are being used by criminals to trick people into buying fake antivirus software, among other nefarious purposes.
Technology to block the ads that appear on Web pages has been around for almost as long as the ads themselves. No doubt someone will point out the irony of a blog that relies on ads for its livelihood explaining how to prevent them from appearing. For better or worse, few people will actually take the time to use an ad blocker when they browse. I don't think online advertisers are losing much sleep over the technology—yet.
Skip the ads when viewing pages in Firefox
One of the most popular Firefox add-ons is Adblock Plus, which puts an "ABP" icon on the far right of the main menu. Click it (or press Ctrl-Shift-V) to view the blockable items on the current page. Choose the down arrow next to the icon to open the program's Preferences dialog, disable ads on the page or site, or select other options.
Click the Adblock Plus icon to view blockable items on the current page.
(Credit: Wladimir Palant)Hovering over the Adblock Plus icon shows the add-on's status and the number of blocked and blockable items on the current page. You can also open the program's Preferences dialog by clicking Tools > Adblock Plus Preferences. There you can subscribe to an ad filter, import and export blocklists, view and reset your "hit" list, and change your view. Another option lets you remove the block tabs that appear by default on Flash and Java items.
Block ads in Internet Explorer
Back in January 2008, I called the free IE7Pro "(t)he only Internet Explorer 7 add-on you'll ever need." Well, the name's the same, but the program now works with IE 8 as well. Blocking ads in IE is as easy as downloading and installing IE7Pro, clicking Tools > IE7Pro Preferences, and checking Ad Blocker on the main Modules tab. The program blocks Flash, Java, pop-ups, pop-unders, and other types of Web ads.
Activate ad blocking in Internet Explorer by choosing the Ad Blocker option in IE7Pro's Preferences dialog.
(Credit: IE7Pro Team)To put a finer point on your IE ad blocking, select the AD Blocker option on the left side of the Preferences window. There you can enable the program's Flash blocker, which is off by default. You can also make changes to the IE7Pro filters, but you can't import or export filters as easily as you can using Firefox's Adblock Plus.
Use a proxy to squash ads in Chrome
It isn't surprising that Google decided not to include an ad blocker in its Chrome browser. After all, the company makes quite a bit of money from serving up those ads, so helping people to block them would be self-defeating. I found a couple of ad-blocking extensions for Chrome, but after taking a look at them, I just didn't trust them.
In one case, the home page of the extension's provider was crowded with ads itself. And another Chrome ad blocker I looked at had an unfinished appearance. The best solution I could find for blocking ads in Chrome is the Privoxy Web proxy, which is available on Source Forge. Configuring the add-on is a challenge, but a post on the GeekZone tech community boils it down nicely to seven steps.
Block ads in Opera, no add-ons required
The best way I found to block ads in the Opera browser is to use the program's built-in content blocker. To activate it, right-click anywhere on the page and choose Block Content. Only the blockable content on the page will be highlighted, and a toolbar appears at the top of the page. Choose an item to block it, and then click Done on the toolbar to reload the page minus the elements you selected.
To unblock an item, just reopen the Block Content toolbar and click the "Blocked Image" indicator. You can also view the URLs of all blocked items on a page, edit the entries, and add or delete items. There's no option to import or export a list of blocked URLs, however.
Bonus tip: Block ads and malicious sites via the free OpenDNS proxy service
Perhaps the greatest security resource on the Web is the free OpenDNS proxy service, which sends all your Internet traffic through a well-maintained set of filters to screen out ads as well as sites known to host malicious content. You can use the OpenDNS service to block gambling, adult, and other specific types of sites. For instructions on using OpenDNS, see Becky Waring's article "Use OpenDNS to surf safely with these tricks" on the Windows Secrets site.
Someone told me recently that they had 22 different log-in IDs. My first thought was, you must get out more. My second thought was, how do you remember 22 different Web services, let alone log-in IDs and passwords?
The answer, of course, is a password manager. These days, I see PC security as a form of insurance. The more you have to risk, the more you should spend to protect it. Anyone who banks or otherwise transacts online will find the investment in a password and personal-data manager worthwhile. Fortunately, if your password-management needs are meager, the protection doesn't have to cost you anything.
Siber Systems recently announced the beta version of RoboForm Online that lets RoboForm users store their log-in data securely online. Just log into the service from any browser and get fast access to the IDs you've saved on your PC. With just one you're logged into your favorite Web sites.
Log into the RoboForm Online service to access your favorite Web services with a single click.
(Credit: Siber Systems)The first time you use the program, you're prompted to enter a master password. You can change the master password via the program's Options drop-down menu and selecting Security settings, but if you forget a master password, you have to delete all the password-protected files and start over.
... Read more
CNET has been the premier technology-news site since there have been technology-news sites. It's great to be even a small part of it. But lately I've been spending more and more of my time on one-person tech sites run by people who are among the sharpest on the Web.
The sites themselves couldn't be more different, and one specializes on Windows XP, so it's anything but a "news" site, but each one offers something of value that you won't find anywhere else.
Before I describe these tech sole proprietorships, let me plug two of my favorite CNET reporters. Elinor Mills' InSecurity Complex blog keeps me up-to-date on the latest in tech security. And I get a fresh perspective on Microsoft and its products, among other interesting tech topics, in Ina Fried's Beyond Binary blog.
The guy with his finger on the technology pulse
I get winded just reading about all the events and product announcements Harry McCracken writes about on his Technologizer site. The former PC World editor-in-chief covers topics so diverse that about the only thing they have in common is that they're all so interesting. Harry cuts through the hype and gives you the low-down quickly and simply.
By the way, Harry will be tweeting during Chris Anderson's videocast about disruptive technology on Sept. 30 at 3 p.m. Pacific time. I'll be working, but I hope to catch at least a couple of his tweets during my afternoon break.
The first word on computer security
Bruce Schneier writes about more than just security on his Schneier on Security blog, which is a good thing because you really have to read about the discovery of giant squid and the nonrandomness of coin-flipping to get a break from all the bad news. And unfortunately, there's no shortage of bad news when it comes to computer security.
Granted, many of Schneier's stories don't affect everyday PC users directly, but scan Schneier's blog whenever you need a reminder of why we need to take security so seriously.
Nobody knows more about PC annoyances than the Bassmaster
There's a lot to enjoy about computers, but for every source of PC joy there are 10 sources of PC aggravation. And when your tech hardware and software starts getting on your nerves, head over to the newsletter archive on Steve Bass's TechBite site for solutions with a touch of wry.
Along with great Windows troubleshooting tips, you'll find money-saving tricks and freeware recommendations. But my favorites are Steve's Time Wasters: deceptively difficult puzzles and games, optical illusions, stunts gone askew, and other Web wonders. The Internet the way it was and the way it should be!
A site for the operating system that wouldn't die
You have to hand it to Windows XP. The software has been around since wireless networks were young and cell phones had only 15 buttons. The fact is, XP continues to be the most widely used operating system in the world. And when your XP machine starts acting up, make Kelly Theriot's Kelly's Korner one of your first stops.
Troubleshooting's topic number one on this site, but you'll also find plenty of XP interface tweaks and links to other resources, particularly Microsoft Knowledge Base articles. This site is never going to win any design awards—some of its pages are text links in long, unbroken tables—but if it can go wrong in XP, it's probably described on Kelly's site.
Sometimes you just have to laugh
More malware, more defective hardware, more privacy breaches. Reading the daily technology news makes it easy to lose your sense of humor. Sure, you can browse over to The Onion or another humor site, but you get a whole different sensibility—or nonsensibility—from Dan Tynan and his cronies JR Raphael and "Dr. Smartass" on the ESarcasm site.
I'd like to report that I found some redeeming value on this site, but I'm still looking. (You'll find Dan's more serious take on matters technological on his Tynan on Tech blog.) If you're at all inclined to take technology—or yourself—seriously, avoid this site like the H1N1 virus!
Some longtime PC users have never bothered with antivirus software, see no need for such programs, and have never encountered a virus. Some of these people even use Windows.
The cold, hard reality of the computer world dictates that most of us require multiple layers of protection from malware. Last week, I described how I removed dozens of Trojans and viruses from the family PC. The free program I used, Malwarebytes' Anti-Malware, is intended to be used in conjunction with a real-time antivirus program. Based on several comments, this point wasn't clear in the original post.
One of the "Five simple PC security tips" I wrote about last June was to use antivirus software. The two freebies I cited in that post are Avast Home Edition and Avira AntiVir.
Another commenter suggested I write about online virus-scan services. I did that very thing back in May 2008 in "Your one-stop shop for online virus scans." I was glad to see that most of the services I linked to in that post are still available and still free. Unfortunately, you now have to register to view the results of Virus Bulletin's most recent tests of antivirus apps.
More disappointing was that the PC Flank scanning service I described appears to have gone belly up last month. When I returned to the site, Norton Safe Search identified it as dangerous. According to discussions on various forums, such as one on DSLReports.com, PC Flank went dark sometime this summer.
Still, nearly every major antivirus vendor offers a free online malware scan. It's best to stick with well-known brands in this regard because the scanner will access many sensitive areas of your PC. Some such scans are more intrusive than others, and most will detect but not necessarily remove malware.
Maybe if I didn't have to use Windows I wouldn't have to bother with all this security stuff—maybe. But I do have to use Windows, and I do have to use the Internet, so taking precautions is just part of the workday. Fortunately, if you do it right, it doesn't have to be a big part of it.
Our family PC gets quite a workout. It's a five-year-old machine that runs Windows XP and is used primarily by my daughter and teenage grandson for instant messaging, e-mail, social networking, and downloading audio and video files. Since I rarely use the system, I didn't notice that its antivirus subscription had expired.
Which explains why I was a bit surprised when my grandson called when I was out of town to tell me that the PC was acting strangely. Ads appeared on the desktop as soon as Windows started and Firefox and other programs would occasionally close without warning or fail to open at all.
I immediately suspected a virus and instructed my grandson to perform a virus scan. Unfortunately, the machine's antivirus app had gone AWOL. I talked him through the process of using System Restore to revert the PC to an earlier time. This improved matters somewhat, but the system continued to act flaky.
When I returned from the trip, I started the troublesome machine and attempted to open the Microsoft Update site to make sure its copy of XP was up-to-date. But the malware had managed to disable several Windows services intermittently, including Services.msc, so Internet Explorer would shut down repeatedly.
At this point, I was seriously considering a hard-disk reformat and XP reinstall. I even had the XP installation CD in the drive and was ready to begin the process. But even though my daughter and grandson assured me that they had backup copies of all their personal files, I decided to try one more time to salvage the existing setup.
I'm very glad I did, because it turns out there were lots of vacation and holiday images and videos on the machine that hadn't been backed up. First, I installed a free copy of Malwarebytes' Anti-Malware antivirus program on the infected PC, updated the app's virus definitions, and ran a complete scan.
The initial Malwarebytes Anti-Malware scan detected 104 separate infected files and folders.
(Credit: Malwarebytes)That first scan turned up a mere 104 infected files and folders. Here's a list of the nasties the machine had picked up:
• Trojan.Vundo
• Troja.Vundo.H
• Trojan.FakeAlert
• Rogue.Installer
• Trojan.Downloader
• Trojan. Dropper
• Trojan.Agent
• Worm.KoobFace
• Rogue.AdvancedVirusRemover
• Rogue.SystemSecurity
• Adware.BHO
• Rootkit.Agent
• Spyware.Agent
• Trojan.BHO
• Hijack.LSP
• Rogue.Multiple
• Disabled.Security
After viewing the report, I rebooted the PC and ran another malware scan. This time, Malwarebytes' app found only nine infected files.
The second Malwarebytes Anti-Malware scan detected only nine infected items.
(Credit: Malwarebytes)I rebooted once more and ran yet another scan, which indicated that the PC came up clean.
The third Malwarebytes Anti-Malware scan indicated that all viruses and other malware had been removed from the infected PC.
(Credit: Malwarebytes)Once I was assured that the PC was malware-free, I revisited the Microsoft Update site to download and install all the XP security patches the machine required. Then I sprang for the $25 version of Anti-Malware to get the program's real-time virus scanning and automatic updates.
I knew all attempts to alter the user behavior that led to the infections would be futile, so instead, I instructed my daughter and grandson to run Malwarebyte's scanner each time they start the system and just before each shutdown. That was a little over two weeks ago, and so far, the PC remains free of infection. Still, you can bet I'll be paying much closer attention to that machine from now on.
Earlier this month, an 82-year-old man in Auburn, Calif., was scammed out of $5,200 because his Facebook profile was too forthcoming. The first thing I did after reading his tale of woe on the Auburn Journal site was to examine my own Facebook profile from a stranger's perspective.
I didn't like what I saw.
What I saw was too much, so the second thing I did was edit my Facebook profile to remove some personal information and further restrict access to it. Unfortunately, the process took longer than I expected.
A Facebook privacy makeover begins by hovering the cursor over Settings and choosing Account Settings. The Settings tab shows your name, contact e-mail address, and other basic information. The Networks, Notifications, Mobile, Language, and Payments tabs are self-explanatory, although I unchecked several of the Notifications options that were selected by default.
The real work begins when you rework Facebook's privacy settings. Hover the cursor over Settings and choose Privacy Settings to open the service's Privacy Overview. Your privacy options are presented in four categories: Profile, Search, News Feed and Wall, and Applications. You can also add someone to your Block List by entering his or her name in the text box near the bottom of the page and clicking Block.
Facebook's Privacy Settings are listed in four categories along with a tool for adding names to your Block List.
(Credit: Facebook)Click Profile to view your personal and contact information. Your options in each category are everyone, people in your networks and friends, friends of friends, only friends, and a Customize dialog box, which provides a bit more granularity to your options. Click the Save Changes button at the bottom of the page once you've finished making your selections.
The custom options in the Facebook privacy settings let you limit access to your personal info.
(Credit: Facebook)I reset each privacy option to Only Friends, with the exception of the Basic Info category, which is viewable by everyone. To see your profile as your friends do, enter the name of a friend in the text box at the top of this page. (You can view and edit the entries in your Basic Info by clicking Info on your profile page and choosing Edit Information.)
You might be surprised by the amount of information about you that Facebook's search function makes available. To change Facebook's search settings, click Search on the Privacy Overview page. The default option under Search Visibility is Everyone, but you can change this to Friends of Friends, Only Friends, or a custom setting for people in your networks.
I chose to show in search results only a link to send me a message. I also unchecked the option at the bottom of the screen to create a public search listing for me to submit to Web search engines. When you're done, click Save Changes.
Uncheck options on the Facebook Search Privacy page to restrict your personal information shown in search results.
(Credit: Facebook)The default selections in Facebook's privacy settings for News Feed and Wall are similarly too open for my liking. It wasn't so much the options under Actions within Facebook, although I did uncheck several of these. The settings under Facebook Ads were a bigger concern to me.
There are two options on this page: "Allow ads on platform pages to show my information to" and "Show my social actions in Facebook Ads to." You can choose either "Only my friends" or "No one." Opting for the latter choice was a no-brainer for me.
More unpleasant surprises awaited on the Applications Privacy page. What your friends do affects how far afield your personal information travels. You can read about it under the Overview tab, which concludes by promising that Facebook won't sell your personal information and that "(y)our contact information is not exposed by the Facebook Platform."
I'm sure the Facebook Platform offers some real benefits, but until I have a better understanding of those benefits and their potential risks to my privacy, I'm opting out. To do so, choose "Do not share any information about me through the Facebook API." Take that a step further by selecting the other two options on this page, which block friends from viewing memberships in Facebook Connect sites and prevent Beacon sites from posting stories to your profile.
These days, I spend more time in Facebook than any other Web service except Gmail, and Facebook is gaining fast on that top spot. Of course, the bad guys are spending a lot more time there, too. Minimize your chances of catching their eye by lowering your profile.
Imagine allowing anyone to use your PC without supervision: your children, nephews and nieces, spouse's second cousin, or even your babysitter's boyfriend.
That's the promise of virtualization software such as the $25 Returnil Virtual System. The program creates a virtual PC for you or anyone else to operate in that's sealed off from your system files and personal data. I tried the beta of Returnil Virtual System 2010, which includes the Virtual Guard on-demand malware scanner.
Returnil is another security layer on top of your hardware and software firewall, real-time malware detector, and other security programs. Once enabled, no permanent changes will be made to your hard drive, except to the files and folders you specify beforehand.
The program's installation routine offers to perform a malware scan prior to loading the program onto your hard drive. The option to send to the company anonymous information about the malware it detects is selected by default, but you can choose to be prompted before any information is sent or to prevent any information from being collected or transmitted to the company.
The beta of Returnil Virtual System 2010 offers to perform a malware scan prior to installing.
(Credit: Returnil)After the installation completes, a toolbar is added to the desktop and an icon is placed in the notification area. Right-click the icon to hide the toolbar or the icon, enable or exit the program, or check for updates. Double-click the icon to open the main Returnil window. Here you can access the Virtual Guard antivirus scanner, System Safe virtual environment, and the program's other features.
The main Returnil window lets you access the program's security tools.
(Credit: Returnil)After you register the beta—or the trial version of Returnil Virtual System 2008--you can specify files and folders that you can change while operating in a virtual environment. Otherwise, any changes you attempt to make to your hard drive while Returnil is enabled will disappear when you restart Windows. This includes the files you open, programs you use, Web sites you visit, and any other activity that would normally place or change data on your drive.
By default, Returnil uses half the available space on your hard drive to create its virtual environment. You can change this setting by clicking System Safe in the main Returnil window, choosing the advanced settings link, and selecting the System Safe tab. Use the slider control to reset the percentage of free hard-disk space allotted for the virtual environment, and click OK.
Change the percentage of free hard-disk space available for Returnil's virtual environment via the program's advanced settings.
(Credit: Returnil)Other options let you password-protect the program, wipe all disk changes whenever you shut down Windows, enable protection when Windows starts, and assign a keyboard combination to open the program. I noticed a slight degradation in performance when Returnil's System Safe is enabled, but the slowdown was barely discernable on my 64-bit Windows Vista PC with 4GB of RAM and nearly 100GB of unused hard-drive space.
I experienced no problems using the beta, which is a 7.5MB download. Whether or not the addition of a malware scanner improves your PC's overall security, there's comfort in knowing that anyone—yourself included—can do just about anything on your PC without lasting effect. That's the peace of mind a virtual environment such as Returnil provides, and for little cost and only a modest performance hit.
