Bug Watch: Top tips for Christmas

This week has seen much media coverage of the annoying worms Badtrans.B and Goner. As yet another security story hits the headlines, dampening consumer confidence in online activities, Mark Read, professional services consultant at MIS Corporate Defence Solutions, looks at some seasonal tips for a happy Christmas and a truly safe New Year online.

With Christmas less than a month away, many consumers are more and more tempted by the benefits of online shopping and banking.

That last minute dash to the shops on Christmas Eve, only to find out the one thing your partner really wanted sold out three weeks ago, can be avoided with a few clicks of the mouse.

However, at a time when online activity has the potential for big business, there is still a certain amount of resistance among consumers.

For instance, a Department of Trade and Industry survey released this week has shown that 47 per cent of those questioned were concerned about the level of security of the online actions they carried out.

Working in the security sector on a daily basis, it's easy to relate to people's fear of what is still a pretty much unknown entity.

Yes, the vast majority of people deal with the internet on a daily basis but, in comparison, not that many regularly buy or bank online due to fears regarding online security.

Recently the UK saw Badtrans hit for the second time this year. With reports that BT Openworld was one of the casualties, infecting many of its internet customers yet again via an email, it's no wonder that confidence has been knocked once more and has left many questioning again just how reliable the internet really is.

Although a virus such as this is not directly linked to the security of online purchasing and banking, it is without doubt that episodes like these are bad PR for the internet medium as a whole.

In the business of IT security, the market deals daily with the ramifications that breaches, hacks, bugs and glitches have on the everyday user.

It's a hard task to set minds at rest when coverage not only comes from the specialist press, but from widespread coverage of the latest security issues.

More and more people have access to the web and the power of the internet is increasing, but the hindrances to this take up are slowing potential progression.

Many are concerned that carrying out everyday activities online, even sending the odd e-card, may well bring with it serious consequences from annoying virus infections through to credit card fraud.

As the government heads into its second year of promoting the benefits of online activities through its Clicking with Confidence campaign, 2002 is looking like a year for higher levels of confidence regarding online retailing, banking and conversing. With this in mind, a few opportune tips may well come in handy for the coming weeks.

A top 10 tip hit list

• Use secure passwords on both your PC and any login information for ecommerce and e-banking sites. They should be a minimum of eight characters and contain mixed case letters, numbers and extended characters - for example the word chocolate could read cHoCoL8. It is also strongly advisable that people use completely different passwords for different systems. Although slightly inconvenient, doing this will prevent, for example, a rogue systems administrator who has written the system in such a way that he can view your password, to access your entire online life.
• Never send username or password details to anyone in an email or disclose them in any way to another person.
• Never store login and password details on the system via the Save Your Password option that remembers your details. This is similar to not storing your Pin code with your bank cards.
• Ensure that no one is looking over you whilst you are inputting your login details to prevent someone from gaining unauthorised access to your details.
• Keep your system, applications and games installed and up-to-date with the latest security technologies. This will involve some effort on the user's part to check the vendor's websites for updates, although some vendors such as Microsoft can notify you of a new update via the Windows Update system. If this is not available, subscribe to a vendor's security bulletin list.
• A personal firewall should be installed to help protect your system from malicious users on the internet. Some even offer the added protection of being able to control what connections are made outbound from your computer, which can protect you from spyware, Trojans and the like. It is very common for internet service provider dialup addresses to be scanned and attacked. Some are free and easy to download from the web, such as BlackICE and ZoneAlarm. This may sound rather daunting and difficult, but is actually fairly simple.
• Ensure that the website being viewed uses encryption or secure servers when providing financial or login details. Look for the little yellow padlock icon at the bottom of your screen and check that URLs read 'https' rather than just 'http', denoting that it is a secure site.
• Ensure that when dealing online you print out copies of all purchase confirmations, transactions etc so that you have physical proof.
• Dealing with reputable companies that you know are bona fide can also go a long way to instilling confidence in the power of the web.
• Lastly, go with your instincts. If you're unsure of the authenticity of a website, for example if there are no facilities to contact the company and no physical addresses, be more vigilant. Going with the better known names and those recommended by friends is often the best way.