Internet Security

[Joe Zop]

"Just a warning, the spy removal programs are even more dangerous than the spywares."

This is a misleading blanket statement that is patently untrue -- there are any number of spyware removal tools which are very much on the up-and-up. It's true that the stuff you'll find spamming your mailbox or advertised in pop-ups is bad news, but Lavasoft's Ad-Aware, for example, is not only above reproach but a must-have.

[Ciccio]

Suna is correct: if you enter www.*************.org you receive the automatic proposal of installing DashBar/Precison time, that is, as far as I know, something like a spyware (or data miner, according to Ad-Aware).

Just say NO and nothing happens.

If you go directly to www.wsgforum.com, you do not receive the above proposal.
In any case, we all are at least 18 yo, and we must know when to say yes or no.... :-)

[James D 2004]

If you want to cover your tracks in XP, just copy the 3 lines into notepad and save it as cleanup.bat. If your XP is setup with multiusers, replace username with yours, otherwise there is a directory for all users. Put your bat file anywhere and double click on it to execute whenever you want to clean.

del /f /s "C:\Documents and Settings\username\Cookies\*"
del /f /s "C:\Documents and Settings\username\Local Settings\History\*"
del /f /s "C:\Documents and Settings\username\Local Settings\Temporary Internet Files\*"

Firstly, I don't advice depending your life on it as I said below. Think of it as an arm race. It all depends on how much is the strength of your opponent. Either it can be an overkill, or what if your wife ship the whole computer to an expert and prepare filing for divorce? As simple as auto complete, the addresses are not included in these areas. So you have to disable auto complete in IE also, otherwise when your wife type www.w, the wsgforum address appear instantly. This you can see, but maybe there are others you can't.

If you admin the computer, it's a good idea to setup an account for each user in Windows, as simple as setting up family email accounts in your ISP. There's good reason that only one person can see and edit the system files, and that only one person can download and install programs. So you can password your account and leave it up to the others to use password or not. There's good reason to use password, to avoid accidents created by any user on other user's files. With these setup, others really can't see what you are doing so you don't need to cleanup.

If your father is the admin (hehe), it's a good idea to cleanup if you have a multiuser setup. You just setup your own IE options, cleanup your own tracks and nobody will notice. But it's painful. You are going back in time to use IE 1 instead of 6.

If Windows is used as default, where no user names are setup, cleanup isn't a good idea. How do you explain that the PC is squeaky clean every time after you use it? Even your kids will think that you are watching porn. Do you expect your wife to remember and retype every password she registered?

I only cleanup at work when I expect someone coming for my PC like IT support. Just to avoid embarrassment, or that the guy is nosy. If they really want to target you, there's little you can do about it. They don't even need to come close to your PC. However, there are ethics and privacy issues that will keep their mouth shut.

Surfing at work is a big no no even if you can surf wherever you want. I use my home PC as the proxy. Anything between my work PC and home PC is encrypted, a private tunnel. Network monitoring software cannot know where I've been to.

I can't resisting humoring (good or bad) guys like Suna. He talk the talk, like an Internet junky, or even a Guru. But he is clueless. You cannot 'pickup' spyware, only install it. Either you download some software and install it. Or IE ask you permission to install something when you are surfing. Anything from weather monitoring to internet tool bars. Just a warning, the spy removal programs are even more dangerous than the spywares.

[Lover Boy]

Go thru a proxy server if you are worried.

Need a list of proxy let me know.

[Freeler]

NY Monger,

"but I'd suggest for the casual pc-user its too hard to remember all the techno-jive."

Casual runners have to watch traffic too or they get hurt, not just the pros. Remembering three folders can't be that hard: cookies, history and tempoary internetfiles (dos name tempor~1).

BTW, if you use the MYie shell on top of your M$ie, you have a tool that will remove all but the index.dat files when you close the browser. I've been using this shell for almost a year now and it's great! It kills pop-ups too.

Suna,

This site never got me infected with spyware or anything like that. But if you surf the web without caution, you are bound to pick up more than you bargained for.
Even ISP's that ought to be reliable try to put stuff on my machine that I don't want. Caution and knowing what to look for helps to make them fail in their attempts.
If you want to know more about the spyware you contracted, do a Google search and start reading. Spend an hour on that now, safe hours of unwanted program removal time later!

[James D 2004]

Suna, are you Russian?

[Suna]

Has anyone ever picked up spy from coming to this site. I have myself along with a friend that I turned on to this site has also. His first time opening the board he pick up Gator, Gain and other spy programs total 30. Just wondering if anyone else has seen this.

[James D 2004]

I just verified that XP won't allow other non-admin users to open any folders inside My Documents, using the command prompt or not. Of course my account is password protected. I think this OS protection is finally comparable to that of Unix and NT users since many years ago. All your private data are under some system folders similar to My Doc. As for which system, the built in Microsoft or others, is easier to crack, I have no comment. I still have a hard disk mostly not accessible to me. The multi-user setup in XP should be the easiest.

As for favorite list, I sometimes use the bookmark in the yahoo companion bar. So I have the same list on every computer I use. And the yahoo account is of course password protected. You need a tool bar somehow, if only for the pop-up blockers.

[NY Monger]

A lot of good ideas, but I'd suggest for the casual pc-user its too hard to remember all the techno-jive. Personally, I think its good to know, but people get lazy and then get caught.

A program many use is Window Washer, which can run whenever you want it to, including on startup, so you washout that nasty Index file. It cleans out all those pesky files that Windows may create as backup, that can catch you.

You can find the software at www.webroot.com and it costs around $20 or $30. IMHO, well worth it. I think there is a nagware version too.

[Rush 2112]

I purchased from webroot software, a program called "Privacy Maker", a couple of years ago. It is a program that allowed you to set up a secure browser and secure document folders that could only be opened with a password. This simplified the issue of not having to clean up the browser or delete files if the computer is shared with others. If you use a cleanup program to delete unwanted clutter, you could delete the information that others would see, but keep the secure information intact. I can set up a favorites list in Internet Explorer that no one else who didn't know the password would be able to see. I have been to the webroot website recently, but the "Privacy Maker" program has been replaced with a different program that may not be the same. Either way, they have free downloads that you could try to see if they perform the security functions you would need. The purchase prices are not very high if you wish to keep the programs on your computer.

BM

[James D 2004]

I think you cleaning up the computer every now and then isn't practical, even if you buy some cleanup program to do it rather than manually.

Since window 95 (!), I have been setting up one account for each user of the shared computer. For microsoft programs, each user has it's own space. For example, for IE, each user's history, auto adress completion, cookies, are different. I've been doing this for years. Unless the other parties actually goes in my user area to dig up my history and cookie files, I'm pretty safe.

Now with XP, which is a NT type multi-user OS, if you setup the user as non-admin, they can't read you files and can't install programs. When I reinstall another OS in a new drive, I can't even access my old files in another disk. But don't rely on this info if your life depends on it, test it yourself.

Another sure way is to buy an additional cheap laptop just for your own surfing.

[Freeler]

NC Hunter,

(This is a repetition/ addition to my post of 02-09-03 07:16 below)

Ever looked at your index.dat files in History and Temprorary internet folders?
To view the data in them, copy the files and paste them to any folder outside the windows folder and change .dat in .doc and open.
Cry if you want to...

To get rid of the index.dat files:
Reboot in dos, go to Windows (c:\windows>) and type:
deltree cookies, enter and confirm delete.

Do the same for history and tempor~1.
This cleans your c drive of your complete internet history.
(To do this in e'XP'eriment you have to have W98 - which includes DOS - installed.)

[NC Hunter]

I posted the message below on the Charlotte, NC board on 3/12/04 to assist Lurkers who used the excuse of being "found out" as a reason for not posting. Jackson pointed out that this is the section where it should have been posted.

I am now copying my post to where it should have initially been placed.

Lurkers,

It has come to my attention that some lurkers may not post because of the fear of detection. There are some who has only one computer in the household and are not very computer savy to cover their tracks.

Well Lurkers, fear no more. You can now post to your hearts content. Follow my steps below and you can become valuable contributors to the WSG family and will easily find others to provide you valuable info.

To cover your tracks:

1. In the Explorer bar select Tools
2. Then select Internet Options
3. On the General tab select "Delete Cookie" and then select Okay
4. Then select "Delete Files" (if you desire, you can alos select to delete offline content) and then select Okay
5. Finally select Delete History (This is very important to prevent anyone from tracking that you have visited WSG. This will clear all your history
6. Then click Okay to close the Internet Options page (You have just removed traces that you have visited WSG

This deletes all sites visited at anytime.

Now if you only want to delete your visits to WSG or anywhere else you would love to keep discrete, in the Explorer bar. select History and in the left pane delete the particular URL that you have visited. This maintains all the sites but the ones that you don't want anyone else to know about.

As an added option security option for those that are still a teeny bit cautious, open an email account with one of the many free email entities such as hotmail. Make up a fake name, location, etc and open your WSG account with that so that it cannot be traced to you. If you are concerned about having your IP address traced, post from a public library using the method I describe above.

Now Lurkers, what excuse do you now have for not posting?

NC Hunter

[Blair]

For those who are really concerned about security an excellent solution is to use one of the 'Virtual PC' programs such as VMWare or Connectix Virtual PC (Now Microsoft Virtual PC 2004). There are also a couple of open source offerings : Boch and Plex86.

These programs emulate a completely isolated PC on your machine with its own operating system and files. This PC's data is stored in a single file and is easy to identify, delete or reset to a known state if necessary.

Not cheap, though there may be 'informal' copies around, and you have to setup the OS yourself.

Very simple to use and very secure.

Blair

[Freeler]

One Great Man,

You made a BIG mistake in trying to 'unsubscribe' to unwanted services.
This only tells the provider of such services that your email is active!

What you should do/have done:
-Report ANY unwanted email to your provider, Yahoo for instance have a Report Spam button to make this very easy.
-If you block emailaddresses, make sure the email isn't returned to sender! Sender will know that your addy is active and simply use another emailaddress to send from.
Better not to block at all!