Website Security

Computer security is a big issue these days. And it's turning up in some unexpected places. While we are seeing almost-daily warnings about viruses and worms, most of us concluded some time ago that the e-commerce security issue had been laid to rest. If you recall, there was much concern initially about sending your credit card number over the Internet, but gradually most people decided that it is certainly no more dangerous than handing it to a waiter or waitress in a restaurant.

And, in fact, that is still true. However, a couple of fairly spectacular security failures were highlighted in the Wall Street Journal recently that gave web developers something of a jolt. One of these involved the Saks Fifth Avenue website, the other OpenTable.com, which is a site that lets you make restaurant reservations. In both cases, by making a fairly simple change to a number stored in your computer you could get access to the records of another customer of that site. Fortunately, credit card numbers were not compromised (although in one case it was possible to get the last 4 digits of a person's credit card, along with address, phone number, etc.).

Both sites were fixed immediately, of course. But computer security is obviously getting more and more complicated, and now it's not sufficient to just be careful about your desktop system -- you now must also be careful about how your website is constructed. The solution (of course) is to choose a web developer who stays on top of these security issues for you.

Protecting Your Disks on a Network

If you have a home or office network, make sure you have a password on all your shared disks. Even if you trust everyone else on the network, a password protects against a virus on another machine. It works like this: Many viruses are designed to look for a network connected to the infected machine. If a network is found, the virus attempts to use the network to find other machines to infect. The one thing a virus cannot do, however, is figure out a password. So if one of the other machines on your network gets infected, a password on your shared disks prevents infection via the network. Of course, not sharing disks also works, but in many offices files are frequently passed around via the network.

Even though we have a router with a firewall, we also have a firewall on each of our systems. While that may seem redundant, we believe in multi-layer security. Any security system can be compromised. Usually it is compromised by carelessness of the user rather than any malicious action from outside. But once it is compromised, the system is not protected. Multiple layers of security help protect against carelessness.

What is Spyware?

You may have heard this term. It refers to software that surreptitiously sends private information it finds on your computer to some pre-arranged location. How does spyware got on your system? Often it arrives with the download of a some piece of software you find on the web. Be especially suspicious of "free" software -- ask yourself if the author of that software has a reason for offering that software for free. Sometimes the free version is a way of selling you a more complex paid-for version, and that's fair. But if there is no upgrade, be a little suspicious. Be especially suspicious of software that downloads advertising to display to you while the software runs.

Unfortunately, this isn't a black-and-white situation. While some spyware is just plain malicious, there is a big gray area. Some software collects information about how you use it as a way to improve the next version. Sometimes they ask your permission, but often they do not. Software that includes advertising sometimes collects information about where you go on the web to decide which advertising to send to you. Is collecting information about how you use their software malicious intrusion or good marketing research? Since different people have different sensitivities to privacy issues, you have to decide for yourself.

You can get a handle on whether you have any such software on your system by downloading a free utility called SpyBot. You can find it here: http://www.safer-networking.org. A big word of warning, however. Spybot finds everything that might possibly be spyware on your computer. Some of it may be things you want to keep. For example it locates and flags every cookie on your system. But as we have discussed here before, there are good cookies and bad cookies. Don't blindly delete everything that SpyBot finds. And if you aren't sure, don't delete anything without first checking with a computer consultant you trust. If you don't know of a good computer consultant, we can refer you to one -- email us.

Thanks for joining us this month. See you next month.