Consumer Reports has major article on home computer security

The September 2008 issue of Consumer Reports has some valuable perspectives and tips on home consumer security. The basic TOC link is this.

On p 23 there is a report on a survey in the article called “Protect Yourself Online: The Biggest Threats & The Best Solutions.”

The overall picture of home computer security is improving. CR seems to believe that Windows Vista represents an improvement and is likely, over time, to result in fewer serious problems for home users than has XP (or previous operating systems). It may be worth considering an upgrade even for current XP users. MacIntosh users tend to report few infections, although the general view is not to be complacent.

One particularly disturbing problem is “news spam” where spammers design fake stories intended to get quick search engine rankings, and actually may be infected with malware or fake antivirus downloaders. Some of these sites are overseas (particularly Romania) and may not get filtered out quickly enough by search engines and by safety products like McAfee Site Advisor or Web of Trust. It’s a good idea to click on news stories from sites from known companies (and glance at the mouse preview first to make sure they match). The article also mentions a disturbing router vulnerability that could allow whole domain names to be spoofed, a problem mentioned at the Black Hat convention (by a Russian physicist) and difficult for ISP’s to fix completely without a lot of investment. (See my “consumer identity security” blog on Aug. 9.) The hope is that security companies and Vista can develop sophisticated screening for this specific problem.

On p 26 CR presents an article “7 Online Blunders.” The first is not to keep tabs on whether your anti-virus and firewall program subscriptions are up to date and whether the packages are working and loading updates. The article feels that major virus programs do work if properly installed and maintained. On p 34 CR compares a number of anti-virus packages, including Bitdefender (one of the best), McAfee, Norton, F-Secure, Microsoft’s own, and a free package including Avira. CR feels free packages (or bundled) may be good enough; I might wonder about liability concerns (previous post) if a regular subscription were not used. Child filters are mentioned.

CR also warns about clicking on email links (especially in phishing situations), about strong and varied passwords, and particularly about the recent epidemic of fake anti-virus software offers (3% of the time, they have created detectable infections, even if accidentally launched and then canceled).

CR recommends using a separate credit card for Internet shopping (unless you really watch your cards online – I do) and don’t use debit cards. https links are safer, but in rare cases even these had had problems. The more often you check bank information or any accounts you are responsible for (like publishing sites) the safer you are. Unused accounts that are not often checked can represent a risk..

