Security, Email and the Internet
There's a lot of rubbish talked about the internet, email and security in general. You could easily be forgiven for thinking that your computer is in constant danger of being compromised and all your personal data stolen every time you log on to the internet or open an email attachment.
On the other hand, we are often amazed that so many people take absolutely no precautions when they surf the net or receive emails, trusting blindly to luck. But it's fairly easy to secure your data and surf safely if you take a few simple precautions, so read on.
General security
The first step in beefing up your security is to decide what information needs to be protected or kept private. What you do then depends on which version of Windows you are running.
Win
95/98/ME has essentially no security, even if you "log in" at start
up, so you will have to encrypt your private data to keep it from prying eyes.
Our favourite method is to create an encrypted volume on the hard drive using
PGP Disk and a strong pass phrase. Mount this volume using the pass phrase
when needed, after which files can be saved to it directly or by using drag
and drop. Unmount the volume when you're finished and its contents are completely
inaccessible. PGP Disk comes as an integral part of early versions of Pretty
Good Privacy but was removed from later versions and sold as a commercial
product; version 6.02i was the last version to include it, so this is the
one to download.
Windows 2000/XP are based on Windows NT, a potentially much more secure technology - providing that it is installed with NTFS as the file system rather than FAT32. Unfortunately, some versions ship with the Administrator account set for automatic log in as default, in which state their security is no better than Win 95. A good strong password should be added to the Administrator account and then a user account should be set up with limited access for normal use. Do not do your normal work logged in as Administrator as the PC is wide open to attack in this state. You should also set access rights on a folder-by-folder basis so that normal users (or passers by) can only access the minimum folders necessary for their work. You can also choose to encrypt chosen folders so that only the creator can view their contents, but since they are unencrypted transparently whenever you log in, they are also available to snoopers if you leave your computer unattended for a short time. But they do offer additional security should your PC be stolen, so it seems worthwhile to encrypt particularly sensitive data. Remember to log off whenever you leave your PC, even if you don't shut it down.
Passwords are used extensively to protect access to computing resources; unfortunately users have a habit of choosing bad passwords! A bad password can be easily guessed (your birthday, wife's name etc) or broken using software which is easily available on the Internet (dictionary attack, brute force attack). A good password is impossible to guess and will resist software attacks for a long, long time. I2t*l?9nS7$Z is a good password, but it's almost impossible to remember. And of course, you really should use a different password for each resource you want to protect...
One way around this is to choose strong passwords and save them in a password manager such as Password Pal (find it on PCWorld or ZDNet )which uses one master pass phrase to protect them all. I suspect that most mere mortals will find all this too much trouble, but I do suggest that you try to use at least moderately secure passwords which include both normal and capital letters, numbers and symbols, but in an easily remembered form e.g. 2Nay9b*or.