The Internet is a wild and wonderful place. Because it can be so wild (and, seemingly, anonymous), we need to take precautions to ensure the security of our personal information and of the other data that we store on our computers. We also have a responsibility to do our part to protect other people's data. This potential danger shouldn't discourage you from taking advantage of all the good things the Internet has to offer. Whenever you are connected to the rest of the world via the Internet, you just need to remain vigilant and follow some basic common sense guidelines. Security issues arise when you use e-mail, download files, browse the Web, or engage in e-commerce. This lesson will introduce you to some of the potential pitfalls, as well as ways to deal with them.

Your connection to the Internet is through your Internet account. If broken into, your account could be used: to distribute undesirable mail to others; read your mail and gain access to other information; or if you have a web site, someone could post unpleasant web documents on your web site. Breaking into your Internet account does not allow hackers into the computer on your desktop. The only way that could happen is if you put web server software or other server software on your computer, and the server was not secure in some way.

Access through the modem is another possible way into your system. If the modem on your system is set to answer incoming calls, and someone attempts to dial in and gain access to your system, and succeeds, that person may have access to all the files in your computer. Most modems on PC's are not set up to answer incoming calls.

Before we get any further into the discussion of Internet security, you need to remember that it is extremely important to back-up the data on your hard-drive early and often. This will also protect you from other potential dangers to your precious data, such as an electrical surge that could damage your hard drive or a fire or other disaster in your office that would leave your computer unusable. Backing-up your data is the most basic and most useful security precaution that you can take.

Your main defense against people who want to break into your account is your password. Keep your password secure, and you've gone a long way toward keeping your computer safe. There are some key points you need to remember to protect yourself and your account:

• Never give your password to anyone. That's why you have a password -- so others can't use your account.
• Don't write your password down. If you must, then please don't leave it anywhere near your computer. Some people actually write their passwords on a sticky note and then attach it to their monitors. They might as well send engraved invitations to others to use their accounts.
• Be aware that some people will try to get your password by looking over your shoulder as you type it.
• Never e-mail your password to anyone. Reputable Internet service providers (ISPs) do not ask you for your password. They don't need to. If you receive an e-mail message that seems like it's from somebody who works for your ISP asking you for your password, DO NOT give it to them. Instead, call or forward the e-mail message to your ISP informing them of what just happened. They appreciate being made aware of potential security problems.
• Change your password on a regular basis. Your ISP will be able to tell you your system's recommendation on how often you should change your password, but a good rule of thumb is to change it at least every three months.
• Don't choose a password that can be found in a dictionary. Those are really easy to crack.
• Never use your User ID as your password. This is way too easy to crack.
• Don't choose a password that relates to you personally, such as your name, birth date, social security number, relatives' names and birth dates, your address, or your anniversary date. You get the idea.
• Use passwords that are at least eight characters long and has a mix of numbers and letters.
• Use different passwords for different systems and accounts.
• Don't use well-known abbreviations (wysiwyg) or keyboard patterns (e.g. qwerty).

A good idea is to think of a sentence that is easy for you to remember and convert it into a password. For example:

"In 1776 the Founding Fathers created this nation for me" can convert to I76FFCTN4M.
"The 2001 tax rate is way too high" can convert to T01TRIW2HI.

P.S. Please don't use these examples!

If you suspect that weird things happening with your account, change your password immediately and tell your ISP all about it. It is very common for someone whose account has been hacked to dismiss the signs as technical problems with the system.

A lot of people are nervous about shopping on the Internet, since most of the purchases they make on the Web require payment by credit card. Can some hacker see your credit card information and use it for illegal purposes? Maybe. But think about it, whenever you pay for anything with a credit card, you share your information with one or more complete strangers. How many of you have paid for a meal with a credit card and left the merchant's copy of the receipt on the table? Do you worry about what these strangers will do with your credit card information? A restaurant is more likely to have credit card troubles than a reputable online merchant is. Most online stores encrypt the message between your computer and the store's computer (indicated in your Web browser by a closed lock icon in the bottom left corner of the window). Some will give you the option of letting them "remember" your credit card number by storing it on their computer, or of allowing you to enter it every time you make a purchase. Shop only with reputable merchants and check out their privacy policy before giving them any of your private information.

When you send information through the Internet, it gets relayed from one machine to another and, along the way, if somebody really wants to, he (or she) may be able to take a look at it. The only way to guarantee security is to use encryption. Encryption will convert your data into a "secret code" that can only be decoded once it reaches its destination. Some software packages, such as Microsoft Outlook Express has encryption build-in. You can also purchase software (such as PGP (pretty good privacy)) that you can use to encrypt your messages. Encryption can be pretty cumbersome, and most people probably don't even bother.

A cookie is a small text file stored on your computer by a Web site that you have visited, used to remind that site about you the next time you visit it. Cookies make it possible for e-businesses to remember who you are and what your preferences are next time you visit their site. Cookies themselves are not dangerous to your computer -- they are only text files and are unable to collect any information from your hard drive. Some sites cannot be viewed or used properly unless you allow them to give you one or more cookies. You can think of cookies as a device similar to caller ID. Just keep in mind that sometimes the pages you visit know information about you. Be careful about where you go and what information you submit to insecure sites. Web browsers such as Internet Explorer and Netscape Navigator give you options for how to handle cookies. For more information, check out "cookies" in the online help for your application.

A virus is a piece of software designed and written to adversely affect your computer by altering the way it works without your knowledge or permission. In more technical terms, a virus is a segment of program code that implants itself to one of your executable files and spreads systematically from one file to another. Computer viruses do not spontaneously generate; they must be written and have a specific purpose. Usually a virus has two distinct functions:

• Spreads itself from one file to another without your input or knowledge. Technically, this is known as self-replication and propagation.
• Implements the symptom or damage planned by the perpetrator. This could include erasing a disk, corrupting your programs or just creating havoc on your computer. Technically, this is known as the virus payload which can be benign or malignant at the whim of the virus creator.

A computer virus is a program designed to replicate and spread on its own, preferably without you knowing it exists. Computer viruses spread by attaching themselves to another program (such as your word processing or spreadsheet programs) or to the boot sector of a diskette. When an infected file is executed, or the computer is started from an infected disk, the virus itself is executed. Often, it lurks in memory, waiting to infect the next program that is run, or the next disk that is accessed. In addition, many viruses also perform a trigger event, such as displaying a message on a certain date, or deleting files after the infected program is run a certain number of times. While some of these trigger events are benign (such as those that display messages), other can be detrimental. The majority of viruses are harmless, displaying messages or pictures, or doing nothing at all. Other viruses are annoying, slowing down system performance, or causing minor changes to the screen display of your computer. Some viruses, however, are truly menacing, causing system crashes, damaged files and lost data.

Computer viruses don't infect files on write-protected disks and don't infect documents, except in the case of MS Word macro viruses, which infect only documents and templates written in Word 6.0 or higher. They don't infect compressed files either. However, applications within a compressed file could have been infected before they were compressed. Viruses also don't infect computer hardware, such as monitors or computer chips; they only infect software.

In addition, Macintosh viruses don't infect DOS-based computer software and vice versa. For example, the infamous Michelangelo virus does not infect Macintosh applications. Again, an exception to this rule are the Word and Excel macro viruses, which infect spreadsheets, documents and templates which can be opened by either Windows or Macintosh computers.

Finally, viruses don't necessarily let you know that they are there - even after they do something destructive.

There is never any harm in opening a plain text message, since the only thing that happens is words are placed on the screen. But if the message includes programming code, and that code gets executed, the sender can cause a wide variety of other things to occur. There are a couple of ways that executable code can be included with a message:

• As an attachment. Do not open an executable e-mail attachment unless you are sure of the source, and that it does not contain a virus or other malicious code. At the very least, save it to disk and run a virus checker against it before opening it.
• Automatically Executed Scripts. E-mail messages can include code written in scripting languages which is automatically executed when you click on the message to read it. To prevent this, change your settings to disable scripting languages such as JavaScript or VBScript in e-mail messages. For example, in Netscape Messenger, choose "Edit" then "Preferences" from the menu bar, click on "Advanced", and take the check mark off of "Enable JavaScript for Mail and News". On the line right above that, you can leave the box checked for the "Enable JavaScript" option, which applies to web sites.

The most important thing to remember is to not open any attachment unless you are sure you know the person who sent it to you. In Outlook Express, Netscape Messenger, and Eudora (and others), attachments are shown apart from the text of the message. If you are concerned that the attachment might contain a virus, use an anti-virus program to check the attachment file for viruses before opening it.

Remember that you can "catch" a virus from files other than those you receive as e-mail attachments. If someone gives you a diskette with a file on it, scan the diskette for viruses before opening any of the files. It only takes a minute, which is much less time than it would take to restore a hard drive erased by a particularly nasty virus.

You may have an occasion to download some software from a web site or via FTP. Be sure to check every new program that you download for viruses before you run the program.

There are a lot of good "Anti-Virus" software packages available on the market today. These are programs that run on your computer to watch out for and scan incoming files or disks for known computer viruses. Since there are new viruses all the time these types of software are always being updated, but once you get the initial package the updates usually come free and are often available through the WWW.

Here are some steps and processes involved with maintaining a safe computer:

• Purchase a good quality anti-virus software product. Some of the leading products are: Norton Antivirus, F-Prot, Dr. Solomon, and McAfee's Virus Scan.
• Be sure to update every copy of the anti-virus software in your office at least quarterly, so that the software can scan for newly discovered viruses.
• Do a regularly scheduled scan on your hard drive. Anti-virus software often comes with a scheduling tool to schedule a review of your drive.
• Scan any diskette that you put in your PC that is not yours, or that you do not trust.
• Scan any downloaded software before installing it.
• Scan any attached email files before opening them.
• Never boot your system to a diskette or leave a diskette in a floppy drive when booting, unless you know the diskette is clean.

If you DO get a virus, there are specific steps to follow to correct the problem. Follow the instructions provided by your Ant-Virus Software manufacturer.

A virus hoax is a false warning about a computer virus. It is becoming increasingly popular to play hoaxes on security-sensitive people by sending them messages "warning" them about viruses that don't exist. Well-meaning people then spread the hoax by forwarding the "warning" to everyone they know. Some companies have had their e-mail systems "crash" when dozens of people forward these hoax messages to everyone else in the company.

The message typically warns about opening a message with a specific title, such as "An Internet Flower for You." They almost always ask you to forward the message to everyone you know. This way, the same hoax message can be sent thousands of times; tying up bandwidth and clogging e-mail gateways. Even if the message seems legitimate, try to avoid the urge to panic. Delete it and don't forward it to anyone else. Don't even think about sending a virus alert to others unless you have checked it out yourself to see if it is a real virus warning. See one of the websites below to confirm hoaxes.

You can read about hoax viruses at the following locations:

Symantec's Virus Alert Page: http://www.symantec.com/avcenter/hoax.html

Data Fellows Hoax Warnings Page: http://www.datafellows.com/virus-info/hoax/

McAfee's Virus Hoax Page: http://vil.mcafee.com/hoax.asp

Stiller Research Virus Alphabetic Hoax List: http://www.stiller.com/hoaxa.htm

Consider sending links to one or more of these pages to people who send you a virus hoax message.

1. Find out how to change your password for your Internet account.
2. If you haven't already, purchase an anti-virus software program and use it!
3. Determine how your e-mail software handles attachments (are they opened automatically, along with the message?) and where the attachments are stored on your hard drive.
4. Send me an email with the directory path (ex. c:\attach\....) where your attachments are stored, and the name of your antivirus software and when it was last updated.

Comments from the Computer Law Association, as quoted in Bottom Line Personal 6/1/94 p.8 (in Edupage 5.22.92)

Edupage 06.09.94 (from a story in the Tampa Tribune 6/8/94 Baylife 5)

Godwin, Mike (Chief Legal Counsel for the Electronic Frontier Foundation). Telephone interview.

Kasser, Barbara. Practical Internet, Indianapolis: Macmillan Computer Publishing, 2000.

Levine, John R., Carol Baroudi, and Margaret Levine Young. The Internet for Dummies, New York: IDG Books Worldwide, 2000.

Primers.net. http://www.primers.net/security/settings.html

Symantec Anti Virus Research Center, Copyright 1997. Modified by UVM Extension System, 1977.

ROADMAP: Copyright Patrick Crispen 1994, 1995. All rights reserved.

Modified by permission by UVM Extension System, 1997, 2001.