Monday 20 June 2011

Computer and Related Security.

This blog uses active hyperlinks.  Left click on any link to open it in a new tab.

NZ has two web sites devoted to safe computing.  There is SecurityCentral, where you will find much, but not all, of what follows and in one or two areas more.  There is also NetSafe, where you will find the answers to many common questions.  For those of us who prefer text to pictures both the US Government and the Australian Government provide excellent information covering all forms of scams and frauds and in the case of the Australian site much more.

What follows is general advice, mostly computer related and particularly applicable to Microsoft Windows operating systems although much of it is also relevant to Apple Mac operating systems.  It is intended as a practical guide and a reference resource. At the very least get to grips with the Summary.  If you have a tablet or smart 'phone with some other operating system then different considerations arise.  You need to make sure you are protected in respect of the operating system you are using.  I deal specifically with some aspects of Apple Macs and mobile security later.  

A recent survey reports that one in five New Zealanders are affected by cyber crime. The figure is said to be higher in the USA.  Cybercrime is said to have affected 668 million people from 21 countries last year and to have cost US$126 billion (NZ$180b) world wide last year.

A global survey, reported by Microsoft, found 2 out of 3 people had experienced a tech support scam in the last 12 months.

Emails from at least one of our major banks begin:

"Security advice: Before accessing emails or the internet, always update your anti-virus, firewall and operating software. [Bank] emails do not include links to banking sign-in pages, or ask for your personal security information. For more information on online security, visit the [Bank's] Security homepage."

All this and more illustrates the importance of taking the security of your computer or other electronic equipment seriously.   

CONTENT

  • Summary - minimum, other and disaster protection;
  • Malware - what is it and how to avoid it;  
  • Minimum Protection for Malware Expanded;
  • Scams and Scare-ware;
  • Identity theft;
  • Spam;
  • Wireless network security;
  • Mobile Malware;
  • Apple Macs;
  • Are you a victim?
  • Other.

SUMMARY

All security requires you to be well informed and alert.  No technology can protect you from yourself.  You have to learn to protect yourself. If nothing else adopt the five points stressed by the Security Central web site:

  1. Think before you click
  2. Update everything
  3. Backup your files
  4. Secure your wireless network
  5. Use strong passwords
Minimum computer protection:
  • An active firewall -  Unless you have an old computer this won't be a concern as you should have one as part of your operating system and another in your broadband router.
  • A single anti-virus program or security suite - If you have Windows 8, 8.1 or 10 you have an in-built anti-virus program already. 
  • An anti-spyware or anti-malware program to run passively at least from time to time.  This is not a default in any Windows or Apple system.
  • Make sure your security and other software and operating system updates are up-to-date.  These days most automatically up-date or tell you of the latest up-date.  Don't ignore information that there is an up-date.
  • Make sure your wireless router is set up for maximum internet security.

Other Protection:
  • Use strong passwords or a password manager.
  • Use flash drives cautiously.
  • Don't open files that you do not recognise and are not expecting.
  • Don't be tricked into downloading malware.
  • If you’re faced with something suspicious or that you do not understand on your web browser shut it down. Do not click “No” or “Cancel,” or even the “x” at the top right corner of the screen.  Instead, press ALT + F4 on your keyboard to close the browser.  If asked, close all tabs and don’t save any tabs for the next time you start the browser.
  • Never respond to unsolicited emails or phone calls. Don't reply to any email or pop-up message that asks for personal or financial information, and don't click on links in the message.
  • If you need to reach an organization you do business with, call the number on your financial statements or on the back of your credit card, not that in an email.
  • Don't email personal or financial information or give it to any stranger over a phone.
  • Never give someone unknown to you remote access to your computer.

Disaster Protection:  
Ensure you have recovery disks or drives for your operating system and back-ups of all your essential data. 

Make sure you have a set of instructions on what to do if your computer crashes.  Before you do anything extreme stop and walk away from the computer for a little while.  Get your set of instructions and read them through before you do anything.

If you are inexperienced in computer repair follow these rules:

  • Keep your cool. It may not be as bad as it seems.
  • Don't fiddle with anything you don't understand.
  • Call your technical support number or your knowledgeable computer nerd friend.
  • If the computer won't start up, turn it off.  Otherwise leave it on until you know what to do.
  • If the computer is asking you for a decision, do not turn it off. Also, don't guess at the answer.
  • Always read everything on the screen, especially if being asked a Yes/No or Yes/No/Cancel question.

If you are experienced in computer repair but have no set of instructions on what to do look at H2G2  and, perhaps, PC Tech Notes.

END OF SUMMARY


MALWARE 

- What is it and how to avoid it

Malware includes all forms of malicious and unwanted intrusions into our computers for a wide variety of improper purposes. As Wikipedia says:

“Malware, short for malicious software,  is any software used to disrupt computer operations, gather sensitive information, gain access to private computer systems, or display unwanted advertising..... [It can] be ... intended to steal information or spy on computer users ... or it may be designed to cause harm, often as sabotage ... or to extort payment..... [It] is an umbrella term used to refer to a variety of forms of hostile or intrusive software, including computer viruses, worms, trojan horses, ransom ware, spyware, adware, scare ware, and other malicious programs. It ... is often disguised as, or embedded in, non-malicious files.” 
The objective of nearly all this malware is data stealing for profit by direct or indirect dishonesty.  For a fuller overview read the Wikipedia entry.

What can we do about malware? 
Here's an edited version of what Microsoft used to suggest in a very good guide to electronic security prior to its most recent versions of Windows.  Windows 10 is the most secure version thus far. 

Only install anti-virus and anti-spyware programs from a trusted source  
Never download anything in response to a warning from a program you didn't install or don't recognize, especially if it claims to protect your PC or offers to remove viruses. It is highly likely to do the opposite.
Update software regularly

  • Keep all your software up-to-date, especially your anti-virus and malware software and your web browsers.
  • Subscribe to automatic software updates whenever they are offered—for example, you can automatically update all Microsoft software[If you are a very experienced user you might adopt one of the other alternatives Microsoft offers but most of us are wise to automatically update.]
  • Uninstall software that you know you don't use. You can remove programs or apps using Windows Control Panel.

Use strong passwords and keep them secret

  • Strong passwords are at least 12 to 14 characters long and include a combination of letters, numbers, and symbols. You can find out how to create them through a web page such as How-To-Geek's.  [Better still, as that page suggests, use a good password manager such as Dashlane, PasswordBox, LastPass, KeePass, or RoboForm, most of which have free and paid for versions.  If you create your own passwords and want to be extra cautious consider using Vesik Method Revised to defeat key loggers.]  You can test the strength of your passwords with tools such as How Secure is My Password or The Password Meter, but they're not totally reliable and as the Kaspersky Lab site says it is best to enter a password like the one you intend to use and not your real one.
  • Don't share passwords with anyone.
  • Don’t use the same password on all sites. If it is stolen, all the information it protects is at risk.
  •  Create different strong passwords for the router and the wireless key of your wireless connection at home. Find out how from whoever provides your router or sets it up for you.


Unless essential, NEVER turn off your firewall 
A firewall puts a protective barrier between your computer and the Internet. Turning it off for even a short time increases the risk that your PC will be infected with malware.



Use flash/thumb/USB drives cautiously

Minimize the chance that you'll infect your computer with malware:
  • Don't put an unknown or even a friend's flash/thumb/USB drive into your PC.  For all you know it has malware on it.
  • Hold down the SHIFT key when you insert the drive into your computer. If you forget to do this, click the cross in the upper-right corner to close any flash drive-related pop-up windows.
  • Don't open files that you're not expecting.

Don't be tricked into downloading malware
Instead, follow this advice:
  • Be very cautious about opening attachments or clicking links in email or internet mail, or in posts on social networks (like Facebook) — even if you know the sender.  Call to ask if a friend sent it; if not, delete it or close the window.
  • Avoid clicking Agree, OK, or I accept in banner ads, in unexpected pop-up windows or warnings, on websites that may not seem legitimate, or in offers to remove spyware or viruses.
  • Press ALT + F4 on your keyboard to close the browser. If asked, close all tabs and don’t save any tabs for the next time you start the browser.
Only download software from websites you trust. Be cautious of "free" offers of music, games, videos, and the like. They are notorious for including malware in the download.  When downloading software be particularly careful not to accidentally accept something you don't want, e.g., a new home page or search engine.   


MINIMUM PROTECTION FOR MALWARE EXPANDED
  • A firewall, which you should have in your Microsoft operating system and if you have a broadband or wireless router that will also have one.  It’s only if you have an old version of Microsoft’s operating system and dial-up that you really need to think about a firewall.  Check that your Microsoft firewall is on. [In Windows 10 go to Control Panel>Windows Firewall.]
  • One, only one, anti-virus program or security suite.  It can cause problems on your computer to have two different anti-virus or security suite products installed at the same time. If you don't like Windows Defender or whatever else you have there are at least three free anti-virus programs you can choose from and use with reasonable confidence: Avast!, AVG Anti-Virus and Avira AntiVir Personal.  There are a number of excellent non-free anti-virus programs and security suites, some of which have free versions that are said to be better than the three above, see, for example, Gizmo's Best Free Antivirus Software and TechRadar's assessments and AV-Comparatives.  Every new review seems to score a different anti-virus program or security suite as the best.  If you need one or need to change make sure you get a well-regarded one by having a look at recent reviews on the internet or in one of the PC magazines.   Do not feel you have to change your existing program just because it no longer scores quite so well. Ultimately, there is no one "best" AV application.
  • At least one anti-spyware or anti-malware program in addition to your principal anti-virus or security suite program.  It can be a passive one that you run from time to time and not an active one giving real full time protection.  It seems reasonably safe to just run a free one passively if you take normal precautions when using your computer, your e-mail and the internet.
  • There are at least two free anti-spyware or anti-malware programs that are generally well regarded, Malwarebytes’ Anti-Malware and SUPERAntiSpyware, and both are suitable for passive use.
  • Whichever web browser you use [e.g., Internet Explorer, Edge, Google Chrome, Mozilla Firefox, Opera, Safari - the Apple Mac browser - or other] will have options and extensions that can make your internet browsing safer.  Go to a workshop about web browsers or look for help about your particular browser.
  • If you think you have an infection or want to check out your machine independently of your installed programs try using the Microsoft safety scanner or Malwarebytes’ Anti-Malware or one of the free on line programs of one of the reputable security companies like Kaspersky, ESET, Trend Micro, McAfee, BitDefender or Symantec. 
  • Microsoft has Windows Defender Offline, for Windows 7 and 10, a recovery tool that can help you start an infected PC and perform an offline scan.  However, you must first download it from a clean machine on to a flash/thumb/USB drive or a disc compatible with your machine.
  • If you are really stuck have a look at one of the excellent articles in the subscriber edition of Windows Secrets by Fred Langa and Ryan Russell or search for an answer or get help.  

Testing your Malware Defences:
Windows Secrets recently noted some examples of free, well-known, and well-regarded tests that use simulated malware attacks.  You can find many more via your favourite search engine.


Changing your anti-virus program: 
If you should decide to change your anti-virus program for any reason do this:
1. Check out your intended new program with AV-Comparatives most recent advice.
2. If it looks OK download the intended new program but do not install it.
3. Make sure you have the right tool to remove the old program as it's not a simple matter of just removing it through Control Panel or with an uninstaller like Revo or Geek. Web search for "removal tool for [name of old] antivirus" to find the right removal tool for it. You might have to download it and follow its instructions.
4. Once you have the new program downloaded but not installed and the right tool for removing the old program close any web browsers you might have open.
5. Remove your old program.
6. Install the new program.

SCAMS GENERALLY

A scam is simply a confidence trick by which a fraudster attempts to defraud a person or group after first gaining their confidence.  They are many and varied.  There are numerous sources of information about scams, a number of which are to be found in the Links below.  Our Consumer Affairs division of the Ministry of Business Innovation and Employment, the NZ Police and Consumer NZ all give good advice about scams, including the different types of scams, how to protect yourself from them and what to do if you've been scammed.  Many scams, but not all, rely on appealing to our seemingly in-born wish to get something cheaply or for free.  Others prey on people looking for love.  Others seek to get your personal details so they can rob you.  Among the worst scams in recent years are:
  • Dating and romance scams;
  • Investment scams;
  • Upfront money scams;
  • Online auction and trading scams; and
  • Online products, advertising and computer hacking. 
  • Scare-ware.
  • Ransom-ware. 
A less common scam is a hit man threat, where the offender relies on fear.

SCARE-WARE 

This is worthy of separate mention as its a common form of scam relating to tech support.  A recent US survey indicated 2 out of 3 people had experienced a tech support scam in the previous 12 months. Even experienced computer users are regularly caught by this con.  These programs are called “scare-ware” because they exploit a person’s fear of online viruses and security threats.  The scam has many variations, but there are some tell-tale signs. For example:

  • Messages tell you to install and update security software for your computer.
  • You may get ads that promise to “delete viruses or spyware,” “protect privacy,” “improve computer function,” “remove harmful files,” or “clean your registry;”
  • You may get “alerts” about “malicious software” or “illegal pornography on your computer;”
  • You may be invited to download free software for a security scan or to improve your system;
  •  You are offered a “free security scan,” perhaps in a pop-up, an email, or an ad that claims “malicious software” has been found on your machine.
  • You could get pop-ups that claim your security software is out-of-date and your computer is in immediate danger;
  • You may suddenly encounter an unfamiliar website that claims to have performed a security scan and prompts you to download new software.

If you accept an offered "free scan" it will claim to find a host of problems. Within seconds you’re getting urgent pop-ups to buy security software. After you pay money for the software, the program tells you that your problems are fixed. The reality: there was nothing to fix. And what’s worse, the program now installed on your computer could be harmful.

Scare-ware purveyors also go to great lengths to make their product and service look legitimate. For example, if you buy the software, you may get an email receipt with a customer service phone number.

Do not be tricked.  Remember that these are well-organized and profitable schemes designed to rip people off. 

Never
  • Call a toll-free number which appears suddenly while you are browsing the web or using your computer. 
  • Give your credit card number to a stranger. 
  • Give a stranger access to your computer by allowing them to connect remotely.

How Do the Scammers Do It?

Scare-ware schemes are often sophisticated. Some scam artists buy ad space on trusted, popular websites. Even though the ads look legitimate and harmless, they actually redirect you to a fraudulent website that performs a bogus security scan. The site then causes a barrage of urgent pop-up messages that pressure you into downloading worthless software.

What to Do

  • If you’re faced with any of the warning signs of a scare-ware scam or suspect a problem, close your browser immediately.
  • DO NOT click “No” or “Cancel,” or even the “x” at the top right corner of the screen. Some scare-ware is designed so that any of those buttons can activate the program.
  • Whether you use Windows or Apple press ALT + F4. You may need to do that twice. If asked, close all tabs and don’t save any tabs for the next time you start the browser.
  • Or if you use Windows you can press Ctrl + Alt + Delete to open your Task Manager, and click “End Task.”  Disregard any warnings about losing data or the like.
  • Or if you use a Mac press Command + Option + Q + Esc to “Force Quit.”
  • If nothing else works try to power off your computer.  If necessary use the power switch.  Leave it off for a couple of minutes before turning your computer back on.

If you get a suspect offer, you can check out the program by entering the exact name in a search engine. Don't forget it might be dressed up to look like a genuine site with an almost identical name.  The results might help you determine if the program is on the up-and-up.


TELEPHONE TRICKERY 

These days you are almost certain to get a scam telephone call at some time purporting to be from Microsoft, your phone company, your internet provider company or some other reputable company. 
 
If someone claiming to be from Microsoft, your phone company, your internet provider company or any other reputable software company calls you:






  • Do not purchase any software or services.
  • Do not give control of your computer to the caller.
  • Ask if there is a fee or subscription associated with the “service.”  If there is, hang up.
  • Take the person’s information down and immediately report it via the NetSafe site.


  • RANSOM WARE  

    The latest variant of scare-ware, known as ransom ware, results from a Trojan being installed on your computer, locking some or all of it or encrypting your files. 
    Our part of the world is the third-most targeted region for ransom ware attacks.  It can affect any device including your smart phone. You get a message from what appears to be a genuine source such as the Police as to what to do to fix the problem but it is a nasty fraud.  The best protection is to have a good anti-virus program, to make sure everything on your computer is up-to-date and to ensure you back up your files regularly.  This Trojan can be defeated but it is not simple and you might need professional help.  Do not succumb to ransom ware.  Microsoft's Malware Protection Center has a very good page on the topic and here is a link to their own blog on the subject.

    IDENTITY THEFT 

    Malware generally may or may not disadvantage you financially but the whole purpose of Identity theft, like scare-ware, is to make you poorer.  So if there is some repetition in what follows it is with the hope it will stop you losing money through identity theft.
    Here is what the New Zealand Police web site says about it:

    "Identity theft is when someone assumes another person’s identity, such as their name, bank account details or credit card number, to commit fraud or other crimes.
    Identity theft is one of the fastest growing areas of crime across the world and has no geographical boundaries – victims and offenders can be on opposite sides of the world. This makes it difficult for Police to investigate the crime, catch the perpetrator or help the victim.
    The majority of identity crime is committed with the help of computers and other electronic devices. It can involve the theft of:
    • bank and credit card numbers
    • passports
    • names
    • addresses
    • driver licence details
    • logon details for other services."

    Skilled identity thieves may use a variety of methods to get hold of your information, including:

    1. Dumpster Diving. Rummaging through trash looking for anything with your personal information on it.
    2. Skimming. Stealing credit/debit card numbers with a special storage device when processing your card.

    3. Phishing. [See below.]

    4. Changing Your Address. Diverting your billing statements by completing a change of address form.

    5. Old-Fashioned Stealing.

    6. Pretexting.  Using false pretenses to obtain your personal information.  

    The US Federal Trade Commission and the NZ Police both give general advice about identity theft.  Here's what our Police have to say:

    "How to protect yourself against identity theft

    • Don’t give out personal information over the phone, personally or via computers unless you are certain that the [recipient] you are giving it to is legitimate.
    • Never write your PIN numbers for your bank and credit cards on the cards ...[or on anything in your wallet.]
    • ...
    • Dispose of personal information securely (shred papers, wipe/remove ... hard drives before sale or disposal).
    • Minimise the amount of identification ... that you carry around, including what you leave in your car.....
    • Check bank and credit card statements for unauthorised transactions. Report any [error] immediately.
    • Be very wary of how much personal information you post on publicly accessible websites. Personal information can be misused in many ways by identity thieves, some of whom trawl websites.

    To which can be added -
    • Don't reply to email or pop-up messages that ask for personal or financial information.  Don't click on links in a message. Don't cut and paste a link from the message into your Web browser — phishers can make links look like they go to one place when they go elsewhere.
    • Some scammers send an email that appears to be from a legitimate business and ask you to call a phone number to update your account or access a "refund." The area code will not reflect where the scammers really are. If you need to reach an organization you do business with, call the number on your financial statements or on the back of your credit card.

    Don't forget that if your computer or any technological aid, of whatever kind, with personal data on it is lost or stolen the data can be used.  The degree of protection you adopt might depend on how much data is involved and how easy it is to lose the item involved or have it stolen.  For example, you can encrypt your hard drives and your flash drives. 

    In the context of our computers perhaps the commonest form of identity theft relies on “phishing”.  Its like fishing except that we are the fish.

    The US FTC says this:“When internet fraudsters impersonate a business to trick you into giving out your personal information, it’s called phishing. " 

    I have already touched upon the advice from our Consumer Affairs division of the Ministry of Business Innovation and Employment and the NZ Police.  The Police advice gives some good examples of phishing scams:

    “Common scams sent by spam email

    Get rich quick schemes - offering opportunities to earn thousands of dollars a week.....

    Nigerian fee scam - this age-old scam offers you a percentage of millions of dollars in exchange for letting the sender use your bank account to transfer the funds out of where they are currently held. The Nigerian letter has many variations.....

    NEW! IMPROVED! fee scam - new versions of the Nigerian scam feature authors [of all kinds]

    Prize notifications - you are told you have won a prize in a lottery you haven't entered. [If you pay money the prize will be released.]

    Internet auction scams - ...buyers use stolen credit card numbers to buy high price items. Sellers ...try selling a lot of items at once then take the money and run. ... the fraudster is ... overseas.....

    What should I do with scam mail ?
    Check the Ministryof Consumer Affairs' Scamwatch service to see if there is a warning about that particular scam. If there is, delete the message.
    Don't reply. A reply only serves to confirm that your email address is active and ready for further "offers".
    Notify the spammers Internet Service Provider (ISP). If spamming is against the ISPs policy for email account holders, the ISP may sanction the sender.
    Notify your own ISP or IT support. They may be able to advise you about whether filters can be placed on your email program to stop such emails.”

    The Ministry site gives this additional advice, which overlaps with some of the above:

    “Protect yourself from banking and phishing scams
    ·       Keep your ATM and account details, PINs and passwords secret and safe..... 
    ·       Don't share your PIN with anyone.....   
    ·       Don't give your account details to anyone you do not know or trust.....
    ·       Don't give out details over the phone unless you made the call and you definitely trust that the number you called is genuine...
    ·       Never visit your bank's website by clicking on a link. It can activate all kinds of hidden programs. Type in the website address yourself.
    ·       Check the website address carefully. It may be similar to your bank's, or PayPal's, but not quite right.
    ·       Never enter your personal details into a website unless you are sure it is genuine.
    ·       Never send your personal details or accounts or passwords in an email. Email is a very insecure system.
    ·       If you receive a call, ask for a name and number so you can call them back. Check that number against a number you know to be genuine.
    ·       If, despite everything, you think the email may be genuine, call the [sender], using a number you know to be genuine. Ask their advice. Do not use the number listed in the suspicious email, unless you know it is the right one. The scammers may have used it to add to the email's false sense of legitimacy.
    ·       Don't buy anything over the internet using your credit card details unless you know and trust the business. Ensure that if you make a payment to a trader via the internet that the payment page is secure, normally demonstrated by a padlock symbol somewhere on the page, and that the website address starts with 'https://'. The 's' stands for secure.
    ·       Don't use software on your computer that fills in forms for you.  [There are safe exceptions to this such as LastPass and RoboForm.]
    ·       Keep [yourself] safe from credit card skimming. This type of fraud copies the contents of your card's magnetic strip. Never let your card out of your sight at a store.  Say 'no' to requests to swipe your card through more than one machine.  If an ATM has a suspicious device attached to its card slot, don't use it (and report it immediately). If you think your card has been skimmed, or you notice unexpected items on your credit card statement, contact your bank immediately.
    ·       Order a credit report every year to make sure no-one is using your name to borrow money or run up debts.”

    In respect of its similar advice the US Securities and Exchange Commission has the delightful heading "Phishing" Fraud: How to Avoid Getting Fried by Phony Phishermen." 

    If you have a Skype account beware as such accounts have been particularly vulnerable to scamming.  At the very least ensure you have a strong password for it.
     
    The simplest advice of all is to focus on getting to the correct site rather than trying to identify a fake one. All you need to do is to bookmark or add to your favourites each of the web sites where you conduct financial transactions and use those bookmarks or links whenever you need to access them rather than rely on any link contained in any email.  The best way to bookmark those sites is to login to the site and bookmark the opening page, which is almost always a secure site.

    SPAM  

    Spam or junk mail is unsolicited email: see this Wikipedia page.
    Here are four of six suggestions from Cloudeight InfoAve on what to do in respect of spam:
    “1. Never respond to unsolicited email. One response or “hit” ... is enough for spammers to [persevere]. In addition, a response lets the spammer know that your email address is active, which makes it more valuable and opens the door to more spam.....
    3. Never follow a spam email’s instructions to reply with the word “remove” or “unsubscribe” in the subject line or body of the message unless you are sure of and trust the source of the email. Normally, this is a ploy to get you to react to the email, which tells the spammer that your email address is valid.
    4. Never click on a URL or web address listed within a spam email, even if the message tells you that’s how you unsubscribe. This is another trick that tells the spammer your email address is valid. Once they know your address is valid it can be added to databases which are sold to professional spammers on DVD or CD for a few hundred dollars. And this will result in you getting more spam .....
    5. Don’t fall for sites set up to help you remove your name from spam lists. Some of these sites MIGHT be legitimate, but most are collecting valid email addresses to sell to spammers. If a collector gets your address, they know it’s a valid, working email address, and it is worth ... money to them. They’ll put your email address in one of their databases and sell them to professional spammers. Not only won’t your email address be removed from spam lists, it will added to [more] lists. And you’ll get more spam....."

    ISPs filter your mail for spam.  Sometimes they filter out genuine email and you might not even be aware it existed.  You should regularly check your web mail from your ISP and look in the spam folder to see if by some mischance mail you want has got into it.  Mark it ‘This is not spam’ and it shouldn't be dumped in your spam folder again.

    As Gmail is thought to have the best spam filters it is often suggested you get a Gmail account and set it up in whatever email program you use. Gmail provides instructions on how to do this. 

    Our Department of Internal Affairs and Microsoft both give somewhat similar advice to Cloudeight’s.

    Most e-mail programs contain their own spam filters giving a second line of defence to that provided by our ISPs.
    If you are annoyed beyond endurance by the amount of spam you receive then the simplest free answers are:
    ·   Use Gmail, either as part of your existing e-mail system or by itself as web mail.
    ·  Use a free spam filter such as MailWasher or SPAMfighter, both of which are recommended by various reviewers and whose Pro products are equally highly regarded.  [See Gizmo’s Freeware for an informative discussion on other ways of reducing and filtering spam.]
    Whatever you do you are likely at some stage or other to receive spam from yourself as someone, somehow, has adopted and adapted your address for sending spam.  There is nothing you can do about it.  Usually it goes on for a relatively short period and then stops.


    WIRELESS NETWORK SECURITY

    You need security for your wireless router.  Your home broadband router has its settings fixed by your ISP.  Your wireless router must be set up for maximum internet security.  If you have had it installed for you the installer should have attended to that.  If you did it yourself you must ensure the security is the tightest you can make it.  In particular you need Wi‑Fi Protected Access (WPA or WPA2).

    WPA and WPA2 require users to provide a security key to connect. Once the key has been validated, all data sent between the computer or device and the access point is encrypted.   If possible, use WPA2 because it is the most secure. Almost all new wireless adapters support WPA and WPA2, but some older ones don't. In WPA-Personal and WPA2-Personal, each user is given the same passphrase. Go to Microsoft's advice for home networks for more.
    I hope it’s not necessary to add a warning about using public facilities in libraries or cafes or free Wi-Fi for accessing any private information, such as e-mails or banking or anything else that requires you to log on to a site.  You simply don't know whether they are safe or not.  DO NOT TREAT THEM AS SAFE. 

     MOBILE MALWARE

    Check out your phone by going to the Federal Communications Commission's Smartphone Security Checker, which will enable you to obtain guidance about it.  It is quick and simple to use.  It also contains links to very useful information about smart phone security generally.

    There is one tip not mentioned on its pages.  Don't respond immediately to messages of unknown origin: double-check the number of a missed call or text message from an unknown source. Don’t respond if it’s a 0900 number – or a number in a strange format. Scammers sometimes use "premium rate" numbers. If you return the message, you'll be charged a hefty bill. 

    Most smart phones enable sophisticated security protection just as good as that available for computers, including encryption, remote locking and remote wiping, as well as anti-malware programs.  At the very least consider ensuring you have a lock code and that your phone is set up to auto-lock.    

    There are numerous other guides to security for mobile phones.  Unfortunately most of them are somewhat dated.  Three that are up-to-date are Tom's Guide, ContentEurope.com and TopTenReviews.  If you want an in depth treatment of the topic have a look at this Mobile Security Wikipedia page.

    For more on mobile and smart phone security you can do an internet search for "smartphone security" or the best free security app for your phone.  If you are concerned have a look at AV-Comparatives Mobile Security Reviews.

    APPLE MACS

    If you are using an Apple Mac there is some Apple oriented information available, including:

     AV-Comparatives- an independent overview.  "Macs are being attacked more and more by cybercriminals, who take advantage of the complacency towards malware threats amongst Mac users.  ...phishing affects everyone equally."  From that site you can download and read the Mac Security Review/Test for 2016.

    Apple on Security - what Mac says about its own security, which is possibly somewhat complacent.[current]
    MacMalware Guide : Do I need anti-virus software? [2015]    
    MacMalware Guide : How do I protect myself? [2015]
    There are a number of other sites evaluating the best antivirus or other security software for Macs.  A web search will bring them up for you.  They include Techtop100.com, Tomsguide.com and TopTenReviews.com [all 2017]. The Mac Security Blog [2017] is more general.

    ARE YOU A VICTIM?  

    It is easy for any of us to press a button by mistake or fall for the blandishments of a sophisticated con artist and be the author of our own downfall.  You're not alone and certainly not the first.  Take advice and report it.  Here is the link to TheOrb, the site set up by Consumer Affairs and NetSafe for that purpose.  Its one thing to make a mistake, quite another to help someone you know is ripping you off because of threats or not wanting to appear a fool.

    OTHER

    Windows 7, 8, 8.1 and 10: Look at Microsoft's own information site about its security.

    Links to useful resources: 

    • Australian Securities and Investments Commission - You can check on Australian companies, brokers and financial advisers.
    • Better Business Bureau - network of US and Canadian Bureaux that provide reports on business firms and help resolve consumers disputes with businesses. Includes scam tracker.
    • Commerce Commission - responsible for enforcing the Fair Trading Act, the Commission's site has a guide to the Act, and information about various scams on which it has taken action.
    • Consumer Affairs - useful information about scams and on-line security.
    • Financial Markets Authority - includes advice about investing wisely, and warnings about investment scams.
    • Fraud.org - an offshoot of the US National Consumers League, this site contains lots of information about telemarketing fraud, internet fraud, fraud against the elderly etc.
    • National Consumers League - US nonprofit advocacy group. Includes pages on internet fraud, slamming, cramming etc.
    • SafeFromScams - UK resource of articles and advice on staying safe from scams.
    • StaySafeOnline.org  - US National Cyber Security Alliance.
    Our PrivacyCommissioner has advice cards on how to keep our information safe.

    For an excellent general guide look at the SeniorsGuidebook to Safety and Security - RCMP.



    SeniorNetUSA has a four lesson course on Cyber Security.



    DO YOU COMPLY WITH THE ADVICE IN THE SUMMARY?  



    [Updated 12 March 2017 when all links worked.]