Boyle M. Owl's Guide to Safe Computing For Ordinary People +=+ Trust in God but tie your camel. +=+ These rules of thumb are neither comprehensive nor complete. However, I am guessing they can take care of 90 percent of situations. It is more or less a short as possible practical guide to computer use in the Internet age. While some of it may seem too strict (like "never pirate"), this is for users who are not technically oriented. Your Mileage May Vary. ------------------------- Begin ------------------------ Read The Fine Manual. Read quickstart guides. Read books like "Windows for Dummies" and "Windows in a Nutshell." There is a reason why IDG and O'Reilly make a good amount of coin publishing such works. Your car came with an owner's manual. The Internet and computers are more complicated than your car, in spite of the deceptively easy interfaces. Start with a clean install of everything. Never pirate software. Only get software from trusted sites and trusted authors. If you cannot afford software, there is Free Software. Look for software that has a GPL, LGPL, MIT, BSD or similar license. Go to www.fsf.org and www.opensource.org to learn what this is. You'll be glad you did. For Windows users, http://osswin.sourceforge.net/ is a good place to start. You may also want to look at http://en.wikipedia.org/wiki/List_of_free_and_open_source_software_packages Keep up with software updates. Turn on auto-updates. Run as a limited user. The Administrator account is reserved for installing and maintaining a computer for good reasons. Run a firewall. If you use Windows, enable the one that comes with it. You do not need to buy and install another. Learn what different file types do. Learn the difference between an executable file and data files. Typical file extensions for windows executable types are .exe, .com, .scr. Examples of a data files would be a .txt (textfile), mp3 (music file), or .doc (Word file). If you are expecting a data file, and are instead given an executable, don't blindly double click on it. There are websites that will tell you what a file type does so you can make an informed decision. When someone sends you a "joke" file and says "Run This" don't. Ever. Even if it's the old "Cupholder" program that ejects your CD tray. Just don't. It's not worth it. It's never that funny anyway. Scan all downloads and email attachments for badware. This applies no matter where they are from - work, friends, acquaintances, etc. If you run Windows and have kids, install DeepFreeze from Faronics Software and learn how to use it. Set up a guest account for people who say "I just need to check my email." Never let guests use your daily user account. If you run Windows, install Microsoft Security Essentials. It's free. It works. It works well. Don't use Internet Explorer. Reserve it only for interacting with Microsoft.com. Instead, use Opera, Firefox, Safari, Chrome, whatever. Never use Outlook Express. If you are still using this after it being discontinued for this long, STOP. NOW. USE SOMETHING ELSE. Never turn on "Open Attachments Automatically" in your mailer, be it Pegasus (remember that?) Outlook, or Thunderbird. Don't use Adobe Reader. First of all, it's a pig. Secondly, it's vulnerable to attack due to well known security holes that Adobe takes too long to patch. If you use Windows, use the Foxit reader. Do not blindly click on links. If someone sends you an unfamiliar "go here, it's funny" URL in email, be skeptical Never click on a link to go to your bank. Always type the URL in by hand. Better yet, do all your banking and bill paying from a Live Linux CD like Knoppix or Ubuntu. Knoppix can be downloaded from www.knoppix.com and Ubuntu can be downloaded from www.ubuntu.com. If you don't want to be bothered downloading an image and burning it to CD, Ubuntu ships CDs for only a few dollars. Some banks hand these out. If your bank does, don't be silly, use it. Your bank will never ask you for personal information in email. If you see an email from your "bank" asking for account and personal information, delete it. The same goes for all credit card companies. If you surf for porn (we know you do, 80 percent of everyone does), don't use Windows. Use a Linux CD. If you are contemplating doing anything risky, don't do it. Ask someone else about it first. Don't fall for stupid websites that say you are infected and must download "super windows fixer" - Seriously. Don't click on anything. Close the tab or window. Really. You're not "infected" and downloading and running their "fixer" *will* infect you. Anything that asks you to copy-and-paste javascript (or an undecipherable location) into the address bar of a browser should be treated with the highest suspicion. When in doubt, don't do it. Install Noscript and Flashblock for Firefox if you use it. If your computer becomes infected, don't try to clean it. Wipe it to the bare metal, reinstall, and recover your data from backups. You did back up your files, yes? Make backups. Use the Windows scheduler, or in OSX and Linux, use cron to do this nightly at 2 or 3am. Learn how to make incremental backups. Back up your vital data offsite. Use a professional service or, in a pinch, leverage Google Mail, archiving software, and encryption to turn Gmail into a Poor Man's Data Fire Shelter. Don't give out personal information unless it's needed and you trust the recipient to not scatter it hither and yon. Don't run any services that you don't need. Don't do peer-to-peer networking (Limewire, torrents, etc) unless you know exactly what you're doing. Don't be so trusting. It's no longer 1990 on the 'net when the population was academics, professionals, and students. Don't drink and computer. You may not like the answer to the question "What did I say last night?" Not everyone is as they seem. Don't post anything to the 'net, especially Facebook and other social networking sites, that can haunt you in the future. Nothing published on the 'net ever really goes away after it's deleted. The movement of "chat" to the web away from the ephemeral environment of telnet chats and irc means that everything is spidered and archived and your reputation will be folded, spindled, and mutilated. Email is as secure as a postcard. You have not inherited 5 Million Pounds Sterling. The banking official from Lagos, Nigeria is not a banking official. Being a mule for overseas banking, erm, interests will likely result in prosecution for money laundering. If it's too good to be true, it more than likely is. Some of the above does not apply to certain operating systems, but just because you run OSX, Solaris, Linux, BSD, or OpenVMS doesn't mean you're immune to your own stupidity.