IT Legends – Tech in Connecticut

In a previous post about not runing anti virus, I mentioned that you shouldn’t go to shady, possibly suspect sites.  Well, how do you determine one?  I am by no means the guru on this, a lot of it is gut feel.  Recently I had to get a replacement battery for a laptop for a friend of mine.  I was trying to locate one at a decent price and I turned up with a page that was not looking very professional.  The page was supposedly for a local shop somewhere in USA that also sold its stuff online, so it looked like an in-house web job by a programmer that doesn’t know much about Web Interfaces.  That’s okay, the site worked alright and I was able to find what I thought I needed.  But I was suspect that it just might have been a phishing or identifty-theft site.  So, operating under the assumption that scam sites are usually short-lived and don’t have any history to them, I looked it up.  There’s an archiving project for the Internet called the Way Back Machine by the folks at The Internet Archive (which I learned about from listening to The Tech Guy – not for this purpose but because they were talking about some changes coming in copyright laws.).  I checked what the site looked like a few years ago, and I figured if it were truly a phishing/scam site it would not have existing then, or if it did it would have been very different.  Anyhow, the site I was looking at had a long history of promoting the exact same thing.  Also a quick Google search on the site address with “scam” turned up nothing.  Just in case, I also put in the company’s name.  It all appeared to be legit.

This isn’t the end-all guide to checking the credibility of a website, but give it a shot if you come into something you question.

I do not recommend this for anyone running a Windows PC, but I wanted to let you all know that I’ve been running this computer now for about 2 years with Windows XP Professional edition and no anti virus software.  I recently did a check on the system and have determined that my responsible computing practices and a decent mail gateway has kept me safe.  Here are some simple rules I follow:

• You’ve heard it before, and this is serious.  Don’t open attachments if you don’t know why you received them.  If its work related, that’s great.  But if its an email from someone that says “Here are the sales figures” but they don’t give any other details, it might be a virus – even if it appears to have been sent from a colleague.  This means not to open the funny email attachments your friends send you, like video files or powerpoint files – they might have sent them and they might be okay, but they might not have and might not be.  Links to YouTube are fine.
• I run Firefox as my main web browser with the NoScript add-in installed.  Not only does this prevent cross site scripting and a host of other vulnerabilities, I get the added benefit of not seeing so many ads.  However, since I actually use Google Analytics and Google AdSense, I allow these domains access to run scripts.  It would be hypocritical otherwise.  This script does make it annoying to purchase things sometimes.
• I don’t spend time on suspicious looking web pages.  This is arbitrary google-fu type stuff, I can’t help you here.
• I’ve switched to OpenDNS.  Go to their website for information.  And its free.
• I use the Paypal SecureCard PlugIn service to buy online now – this helps against identity theft and stolen credit cards.  They want you to install the Plugin into your browser, but I don’t do that.  I just log into the website and click on plugin to generate card numbers.  You have to have a PayPal account to read about it.
• I use Google Apps for my email at itlegends.net – they have an excellent spam filter that also catches a lot of viruses, worms, trojans, etc.  Gmail works just as well if you aren’t running a domain and just want a personal email address, if not better.  You can even send/receive email from your other hosts with this tool and I really like the feature set.
• I regularly update my Windows operating system.  The easiest way for you users to do this is to use the Microsoft Update Service.  Only works in Internet Explorer.  Personally, I don’t like that service and it doesn’t work for every user.  I use the Heise Security DIY Service Pack.  If you’re a geek, check out their security RSS feed.
• My Windows Firewall is turned on.  I rarely allow exceptions.

There’s a lot more that I do, but at the moment I can’t think of it.  I’ll add edits to this page if I need to.  By the way, if you’re looking for a free anti virus to use for home, try Avast! Home Edition or AVG Free Edition.  I installed Avast! for my roommate and its working out well for him.  I would steer well clear of the Norton or McAfee security suites if I were you.  When people tell me they have problems with their computers, I usually uninstall these.

If you’re looking for professional licensing for a business, the Corporate Symantec Antivirus is pretty good.  So is AVG by Grisoft (but its becoming more bloated) and NOD32 by Eset.

And no, I’m not installing antivirus on my home PC.  But I do have it installed on my trusty ThinkPad since I bring it all over the place to open WiFi networks.  I’m using AVG 8.0 Free there.