Workers' Edge

Microsoft has made great strides in educating Windows users about the need to keep their systems secure by downloading and installing the most recent updates. (I still recommend that you set Windows' Automatic Updates to download but don't install, as I described in a blog post from last July.)

The irony of the heightened awareness of Windows updates is that malware is less likely to target vulnerabilities in Windows--or other PC operating systems, for that matter. These days, most viruses and Trojans use holes in your browsers, media players, or Web applications to breach your system's security. That's why it's imperative to keep these programs up-to-date, which is a subject I covered in a post from last April.

Google pushes updates to its Chrome browser automatically--without bothering to let you know about it (the current version is 2.0.172.30). You may think I'm a hypocrite for preventing Microsoft from loading its updates automatically and applauding Google for doing the same thing with its browser. Here's the difference: if a Chrome update causes the program to malfunction, I can simply use another browser, but if a Windows update screws up, my entire system's hosed until I fix it.

If you want to use Chrome to browse without leaving any tracks on your system, press Ctrl-Shift-N to open a new browser window in Chrome's incognito mode. The sites you visit subsequently will not appear in your browser history nor will terms you search for stay in your search history. You won't pick up any new cookies, either.

You'll find plenty of add-ons in the Privacy & Security section of the Firefox Add-ons page that give Firefox a similar stealth mode. You can also choose Tools > Clear Private Data to wipe your tracks in Firefox, but this setting erases all your history in the various categories. Chrome's incognito mode lets you retain the history you want and delete the history you don't want.

Google's Chrome browser lets you surf without leaving tracks on your system via its incognito mode.

(Credit: Google)

I've been spending a lot more time browsing with Chrome lately, and not just because of its incognito mode. Chrome seems faster to me than Firefox or Internet Explorer, and I'm getting used to Chrome's streamlined interface. Firefox remains my default browser, however. The one Firefox security add-on I won't browse without is InformAction's NoScript (donationware), which lets you block JavaScript, Flash, and other scripts on a site-by-site and source-by-source basis.

The best way to enhance your privacy while using Firefox is to set the browser to delete cookies each time you close the program. To do so, click Tools > Options > Privacy, select "Always clear my private data when I close Firefox," and click OK.

Check "Always clear my private data when I close Firefox" in the browser's Privacy settings to maintain your Web privacy.

(Credit: Mozilla Foundation)

So what about Internet Explorer? IE 8 is said to be more secure than IE 7, which in turn was said to be more secure than IE 6. Two facts remain: Internet Explorer uses ActiveX, which in my opinion is inherently insecure; and IE 8's security options are way too complicated. What do those slider controls mean, really? (Press Alt, click Tools > Internet Options, and choose either the Security or Privacy tab to see what I mean.)

Bonus tip: Encrypt Gmail
I've been using Gmail as my primary e-mail service for several years, but it wasn't until a couple of months ago that I started encrypting my Gmail correspondences. (In fact, encryption wasn't available in Gmail until a couple of months ago.) To use encryption in Gmail, click Settings in the top-right corner of the main window, scroll to the bottom of the General tab, select "Always use https," and click Save Changes. Note that this setting prevents the iGoogle Gmail widget from working, but that's a small price to pay for the added security.

Web privacy resources
For more information on the privacy options in Google services, visit the Google Privacy Center. Along with an FAQ and overview, you'll find privacy videos and specific privacy options for YouTube, Orkut, Blogger, Docs, and other Google services.

The SANS Institute's Internet Storm Center offers a daily Internet threat level (green, the last time I checked) as well as information on the sources of recent Internet-based attacks and extensive links to other Internet security sources.

For a soup-to-nuts look at browser security, read the United States Computer Emergency Response Team's article Securing Your Web Browser. The information was last updated more than a year ago but remains relevant. Some of US-CERT's browser-setting recommendations are overkill for regular, everyday browsing, so take the advice with the proverbial grain of salt.

I keep waiting for the day I can view my Google Calendar entries while I'm offline--without having to export the entries to Outlook or another standalone calendar program. Until that day, here are five ways to get make better use of Google's free calendar service.

Lock out unwanted viewers
To make sure your calendar entries are private, click the down arrow next to the calendar under My Calendars on the left side of the screen. Choose "Share this calendar" to open that tab in your settings. Uncheck "Make this calendar public," and be sure there are no names but your own listed under "Share with specific people." When you're done, click Save to return to your calendar.

Uncheck "Make this calendar public" in Google Calendar's "Share this calendar" settings.

(Credit: Google)

You can also check the privacy of an individual calendar entry by clicking it and choosing "edit event details" in the pop-up window. Make sure that either Default or Private is selected on the left side of the window under Options, and click Save.

Make sure that others can't view a calendar event by choosing either Default or Private in the event details dialog.

(Credit: Google)

Lock in your favorite calendar view
Seeing only one day's worth or even one week's worth of events at a time doesn't give me the scheduling information I need at a glance. That's why I prefer Google Calendar's monthly view, which I made my default by clicking Settings > General, choosing "month" on the drop-down menu next to "Default view," and clicking Save.

Place a weather forecast in your calendar
One of my favorite iGoogle gadgets is the one that puts a four-day weather forecast on my home page. Now I get a mini-version of that forecast in my Google Calendar. To add a weather report to your calendar entries, click Settings > General, add your city and state or ZIP code in the text box next to Location, choose either Celsius or Fahrenheit next to "Show weather based on my location," and click Save.

Navigate your calendar via keyboard shortcuts
Make fast work of your calendar tasks by skipping the mouse and using Google Calendar's keyboard shortcuts instead. Among my favorites are C to create an event, M to change the view to monthly (see above to reset your default calendar view), W to change to the weekly view, D to see only that day's entries, and Q to open the Quick Add pop-up window. Google provides a complete list of keyboard shortcuts for calendars and for event details.

Add a specialty calendar
Football season is right around the corner, and now I'm ready with all my alma mater's games listed on my Google Calendar. And all I had to do to add them was download one of the public calendars that Google collects in its calendar gallery.

To view the gallery, click the down arrow next to Add on the left side of the screen and choose "Add a public calendar." You can either browse the categories on the left side of the window or enter a term in the search box at the top of the screen.

Along with calendars for TV shows, sports teams, presidential candidates, and movie and DVD releases are entries listing celebrity birthdays, phases of the moon, and the holidays celebrated in various countries. What's missing is a calendar of events for the upcoming Beijing Olympics. C'mon, NBC! I don't want to miss the rhythmic gymnastics finals!

I can't say for certain that ISPs, online advertising networks, and other big Web companies are already tracking our Web use and sending us ads and other information based on conclusions they draw from our unique browsing history.

But it wouldn't surprise me one bit if they were. And if they aren't already, I know it's only a matter of time.

Web sites have been using persistent cookies to remember you from session to session for a long time. Usually, sites know only the site you arrived from and the site you go to when you leave.

ISPs and other organizations use deep packet inspection and other techniques to keep a history of your browsing. They claim the browsing histories are anonymous. But when your privacy is at stake, it doesn't pay to trust any commercial operation to do what's in your best interest rather than what will make them the most money.

You can take various steps to thwart the efforts of Web spies, including using products and services that promise anonymous surfing. This week, a group of "programmers, artists, and designers" posted the full release of a program called AntiPhorm Lite, which attempts to obfuscate your browsing tracks by visiting sites at random. The make-believe browsing renders the collection of your Web history meaningless from the trackers' perspective.

The AntiPhorm random browser is intended to prevent Web trackers from knowing what you're up to online.

(Credit: AntiPhorm)

That's the theory, at least. The program's creators claim it is safe to use and consumes very little processing or bandwidth because it examines only the HTML of the sites it visits, so no images, videos, Javascript, or Flash are ever downloaded when the program runs in its hidden or text-only console view. (Note that in hidden view, the only way to deactivate the program short of shutting down your PC is to open Task Manager and kill its process.)

The program's name is derived from the Phorm behavioral advertising company that recently entered into an agreement with the U.K. ISPs Virgin Media, BT, and TalkTalk to tap into their customers' browsing history. As you can imagine, the plan has met with resistance from privacy advocates.

AntiPhorm also features a console view that lets you see the random sites the program opens. When I tried this mode, AntiPhorm opened a new Firefox tab every 20 or so seconds. My imaginary personality jumped from IT sites to Yahoo's search page to Amazon to IMDB back to Amazon, then over to eBay, back to Amazon, and 'round and 'round.

It was a little disconcerting to see the "Welcome, Dennis!" greeting when an Amazon page opened, and the program would've kept opening two or three new sites a minute if left unattended. The designers promise that AntiPhorm won't visit any potentially embarrassing sites, but I quickly switched back to the program's text-only mode, which merely lists the sites it is visiting.

What do you gain by using a program such as AntiPhorm to make your Web activities more difficult to track? Individually, probably not much, especially if you don't care what ads the online networks serve up when you browse. Collectively, you might play a small role in preserving the privacy of everyone's browsing history by making behavioral advertising less profitable.

That's the theory, anyway.

Modern browsers are much better than their predecessors at keeping your Web activity private and your data safe. Still, you may not have your browser configured to provide optimum security. Take a few minutes to give Internet Explorer 7 and Firefox 2 a safety check.

Batten down IE7's hatches
The version of IE7 for Vista adds the Protected Mode, which allows Web sites to access only the Temporary Internet Files folder on your PC. According to Microsoft, this feature is on by default for the Internet, Intranet, and Restricted zones, but disabled for the Trusted Sites and Local Machine zones. On my machine it was enabled for all zones. You'll see "Protected Mode: On" in the status bar when it's active, or click Tools > Internet Options > Security, and make sure "Enable Protected Mode (requires restarting Internet Explorer)" is checked at the bottom of each zone.

Maximize security in IE7 for Vista by making sure Protected Mode is enabled.

(Credit: Microsoft)

There have been some reports of Protected Mode causing problems, so if a particular page won't load or run correctly, disabling this feature may solve the glitch, though I don't recommend keeping Protected Mode off. The Web's not getting any safer, and you need all the protection you can get.

Another great new feature in IE7--for XP and Vista alike--is the Phishing Filter. Why the filter is off by default I'll never know. To activate it, click Tools > Phishing Filter > Turn On Automatic Website Checking > OK. Unfortunately, choosing Tools > Phishing Filter > Phishing Filter Settings merely opens the Advanced Internet Options dialog box, where you can scroll down to the Phishing Filter section under Security, only to find that your only two options are to disable the filter, and to "turn off automatic website checking." But while you're in the Advanced Options settings, make sure "Automatically check for Internet Explorer updates" is checked in the Browsing section. Click OK when you're done.

Get into the habit of covering your browsing tracks on a regular basis. In IE7 you can wipe out your browser history, Temporary Internet Files, cookies, saved form data, and saved passwords at one time by clicking Tools > Delete Browsing History > Delete All. Or erase each category separately by clicking the appropriate button in the Delete Browsing History dialog box.

Wipe your browser's history clean by clicking Delete All in IE7's Delete Browsing History dialog, or clear each category separately.

(Credit: Microsoft)

Stay safe while browsing with Firefox
Just because Mozilla's open-source browser has a reputation for security doesn't mean you can use it to visit any site on the Web without a care in the world. Last month I described NoScript, a free Firefox add-on (donationware, actually) that lets you decide which scripts can run on which Web pages on a case-by-case basis. If you use Firefox regularly and you haven't added NoScript, download and install it, and in no time you'll wonder how you ever browsed without it.

There's another simple step you can take to improve Firefox's security: Make sure you have the browser set to update automatically. The current version is 2.0.0.12; to check your copy's version, click Help > About Mozilla Firefox, and look for the version number under the product's name. To verify that the program updates automatically, click Tools > Options > Advanced > Updates, and make sure Firefox is checked under "Automatically check for updates to." You may also want to check "Automatically download and install the update" under "When updates to Firefox are found." I also check "Installed Add-ons" under the former, and "Warn me if this will disable any of my add-ons" under the latter.

Set Firefox to check for updates automatically via the Advanced Options dialog box.

(Credit: Mozilla Foundation)

Not long ago an attempt was made to spoof Firefox's address bar to fool people into thinking they were on a site other than the one they were actually visiting when a link opened in a new window. The simplest way to avoid this is by setting Firefox to open links in a new tab rather than a new window: Click Tools > Options > Tabs, and make sure "A new tab" is selected under "New pages should be opened in." You can also disable this feature by typing about:config in the address bar, pressing Enter, navigating to dom.disable_window_open_feature.location, and double-clicking it to change it to "true".

Web sites often know the page you were on before you opened one of their pages. To block this referrer header, type about:config in the address bar, press Enter, navigate to network.http.sendRefererHeader, double-click it, and set the integer value to 0.

Tomorrow: Get your Office docs online with Office Live Workspace.

A recent decision by the National Labor Relations Board allows companies to restrict the use of their e-mail systems for union activities by their employees. The case dates back to 2000, at which time a union official for the Register-Guard newspaper in Eugene, Oregon, sent three union-related messages. The NLRB found that since the newspaper had a policy in place that restricted use of e-mail for "non-job-related solicitations" for outside organizations, it was within its rights to ban such messages.

What a surprise!

If your work entails use of your employer's e-mail system--whether or not the company has published an official policy on use of the system by its workers--you better assume that your bosses have the right to monitor your incoming and outgoing messages, and restrict use of the systems for purposes not directly related to your job.

I've been poking around the Internet trying to find a definitive answer to the question of e-mail privacy in the workplace, and it appears that there is none. The Privacy Rights Clearinghouse includes e-mail along with telephone conversations and computer use as workplace technologies that can be monitored by employers.

If you want to stay on the right side of your organization's e-mail policy, the first thing you have to do is find out what it is. If your employer hasn't published such a policy and made it available to you, ask them to formalize the matter. Next, no matter what the stated policy, assume you have no right to use your work e-mail for non-work purposes. Even signing up for an account at Gmail, Yahoo Mail, or some other Web mail system won't protect you because the PC and Internet link you'll use to access the mail will likely be owned by your employer.

So when your brother-in-law sends the latest list of Darwin Award winners or dumb-blonde jokes to your work e-mail address, reply by asking him to send future vital correspondences to your personal e-mail account, and get your giggle on in the privacy of your own home. Your home is still private, right?

Monday: Diagnose and repair the most common Windows glitches.

A friend took me to task for recommending that people use Gmail as a central repository for all their e-mail. (The fact that he works for Yahoo is purely coincidental.)

"Sure, let Google read all your mail and serve up ads based on the content," he said. "Nothing wrong with that." The fact is, I consider everything I do online--searching, browsing, shopping, e-mail, video-viewing, you name it--as public as anything I do on Main Street in midday. That doesn't mean I don't take precautions to protect my credit card numbers and other private information while online, just as I do my best to keep the information secure everywhere else. Here are my Online Privacy Rules.

#1: Paranoia pays. Don't trust anything or anyone. Just because the URL in the address bar begins "https://" and there's a little lock icon in the bottom corner of the browser doesn't mean you can enter your bank-account number, PIN, mother's maiden name, passwords, and the combination to your high school locker without a care. Phishers can spoof just about any indicator the browser makers and security protectors come up with. As much as possible, share your personal information only with those sites you know and trust.

#2: Don't use Internet Explorer. It's the most popular browser, which means it's the target for most data thieves. That's not saying you're 100 percent protected when you use Mozilla Firefox or some other open-source browser, but at least you're not putting the fate of your personal information in the hands of a single company. (I won't even mention Microsoft's spotty security track record.) Hundreds of volunteer programmers poke and prod Firefox (and to a lesser extent, other open-source software) to identify and patch security vulnerabilities.

#3: Use a temporary credit card number. If you know you'll be making a lot of online purchases, contact your credit card provider and ask about getting a temporary number with a preset spending limit and an impending expiration date. (Thanks to my personal tech guru, Steve Bass, for this useful advice.)

#4: Use an anonymizer. Anonymous proxy servers mask your computer's IP address, which allows you to browse without the sites you visit knowing who you are. Web pages will likely take longer to open when you filter them through a proxy server, and the services are not a privacy panacea because they won't stop you from volunteering personal information on a site you shouldn't trust, but they do provide an added layer of protection. There are plenty of free anonymizing proxy servers available, though I've never used any of these, or any other anonymizers. As I mentioned above, the best way to protect your online privacy is to assume you have none, and modify your online behavior accordingly. But I believe I am in the minority opinion on this matter.

#5: Don't use Google. This one's harder to do than it may seem. Not only has "google" become synonymous with Web searching, you can't always tell when you're on a site or using a service with ties to the company's enormous data stores. For example, Ask.com recently launched its AskEraser service that lets you wipe out your search history, but Ask serves up Google ads in its search results, and Google keeps track of who views its ads. Google makes no bones about its reliance on a history of your online activity to offer its various services. For example, you can't encrypt your messages in Gmail without using an add-in such as the $10 ZipMail for Gmail from MK Net.Work. So once again we're back where we started: The only way to ensure your privacy on the Web is to keep out.

Tomorrow: The fastest way (I know of, at least) to paste plain text in Word.