I posted this yesterday to my blog and THOUGHT I also posted it here last night. It seems to have vanished so I am re-posting. I don't think it got deleted because Jason asked me to post it here:) One of those mysteries on the net, but hopefully it will go into the ether this time:)

If you are in the IT field, you have suffered extreme tortue by probably having to go to a few lectures or conferences on security. A dreary subject made all the worse by speakers who want to talk the *theories* of secured computing and a bunch of blah. Or vendor propaganda. This won't be near as dull, I promise!

Security for your home computer(s) is generally an afterthought until a nightmare happens to some unfortunate person you know or yourself. Then, it is suddenly a SERIOUS consideration, after the fact! Let's try and stop big-time problems before you have to learn the hard way.

Viruses? You should be so lucky! Everyone gets hyper about viruses but they generally just cause hours of headaches or a re-install at the worst. How about something that doesn't wipe-out your data, but instead steals it and your bank account and your financial life gets hijacked? I'm talking the worst threat out there, KEYSTROKE LOGGERS.

These little progs run invisible to you and don't cause an effect on your PC experience like crappy adware and malware. They can be directly installed on to your PC by someone else like your Dad or the IT geeks at work to monitor everything you do 24/7. Checking that bank acct at work? How about doing a little Yahoo mail to your mistress? Good chance that pimply dork known as the *network technician* is laughing his ass off at your private indiscretions or $2.87 bank balance. He's got your logins and passwords and he might decide to embarass you one day or even blackmail your ass. Say you're not that stupid to do this? Well, consider yourself one of the few. I have a keystroke logger in a corporation of a couple of hundred PCs and the employees of this corp have signed a statement acknowledging that those PCs are for WORK primarily and they ARE monitored. Plenty of employees still just do whatever the hell they feel like, seemingly oblivious to the fact they are monitored. A few got fired for spending 7.9 hours out of 8 watching porn streams and it took only about a week before married clowns are back sending emails to their action on the side or checking their bank accts. Duh!
So, unless you're the whole IT at where you work, forget about doing things with your ecurrencies or bank accts or anything you wouldn't want someone else having their hands on! Think your company is too small and no one there knows crap about computers so they aren't monitoring? Think again! I've put keystroke loggers on plenty of Mom and Pop style small businesses and showed them how to read the daily reports! I have seen my *efforts* I was paid for bring down people ranging from accounting temps to CEO's making mid-six figures to public officials like sheriffs and govt officials. DON'T BE STUPID!

OK, we got the #1 area where you can get seriously hosed at-your workplace-out of the way. Ignore the above at your own risk, Mr. or Mrs. It-Only-Happens-To-Other-Idiots! Let's secure your home PCs since that is the ONLY place you'll be doing anything financially or private, RIGHT? I thought so.

We are going to assume you are using Windows XP. Don't tell me about that stupid old saying about what *ass-u-me* really means. I ASSUME your intelligent enough to realize that around 90% of peeps out there are using Windows and that version would be XP. Mac and linux users, you know you have to use Windoze at times whether you want to or not so just shut up and listen for a while:)

You ARE using XP with Service Pack 2, RIGHT? You have Automatic Updates turned ON, RIGHT?Unless you have a funky custom application you use, get SP2. It's free. Contrary to what you may read, almost everyone who uses the standard stuff benefits from SP2 over not having it. I have installed SP2 on several thousand PCs since it came out in production, serious-as- hell-can't-go-down environments. Get it already! OK, maybe it won't run your 15 year old copy of WordPerfect for DOS. Move on.

1. If you are using IE as your main web browser, WHY? Do you enjoy all the bugs and serious security problems/updates? Get the Firefox browser (similar to IE) that is more secure, easier and better:
http://www.mozilla.org/products/firefox/
It has an option to automatically check for updates Think that might be something you would want to do? Hell yes! Even this much more secure browser will have holes discovered and upgrades so make sure you are using the latest and greatest, not something that three months had a problem.

2. Never go online without some sort of proxy. Proxies are a *middleman* between your PC and the big bad Internet. This goes *double* if you are browsing a lot of hyip or doubler sites. You trust those kind of admins with your information? I don't. One of the most popular options is the Metropipe tunnel (VERY secure - no one can see you at all). Metropipe is more then a proxy, its a tunnel...nothing in and nothing out of the secure tunnel.
http://metropipe.net
Easily configured to use with Firefox. Not that hard with IE if you follow instructions.
There are plenty of others that aren't expensive services. Stay away from the *free anonymous proxy servers* How do you know they are anonymous? How do you know they aren't what is called a *honeypot* that someone is using to gather your information(passwords people, passwords)from? Don't get cheap here. For $10 or less a month, you knock-out one huge privacy problem.

3. Use an encrypted(scrambled as opposed to plain old text anyone can read) and/or anonymous paid email service:
http://mailvault.com- free last I checked
http://www.safe-mail.net- same as above
http://katzglobal.net- not free but cheapo
This is getting real serious about security now! If you are doing the hanky-panky with your neighbor and you're married, this is a MUST. Don't leave evidence or your IP address around that is a great trail right back to you and your PC.

4. Get and use Roboform. It encrypts your ids and passwords so that if you got a keylogger, you are still protected! As a lot of keyloggers are accidently downloaded from websites, you might get one through your defenses. RoboForm or ShortKeys protects you even if you are infected.
http://roboform.com
They have a free trial version and I think u can use it with 10 logins/passwords forever. Excellent!

5. Firewall! If you are using DSL or broadband, you might not be aware that your router(that box that your connections go into) has a built-in firewall. It is not much to speak of but better than nothing if you use it. Make sure you pay attention to the instructions that came with your router about CHANGING THE DEFAULT PASSWORD!
Sorry, but leaving it as *admin* or *linksys* is an open-door to trouble.

Windows XP SP2 has a firewall. It's made by Microsoft so it's a half-ass firewall. If you don't like Windows constantly chiding you about not having it on, turn it *on* Some firewalls don't work with it *on* so you will need to read the instructions that come with the firewall you are going to get to better your security! Running two firewalls at the same time is usually a problem, BUT not a problem with

Agnitum! Excellent firewall and it will also run with XP's still on.
http://agnitum.com

Norton's or Macafee's firewalls? Don't get me started on how weak they are. ZoneAlarm is free and likely better than those two, but not near the toughness of Agnitum.

6. I use AVG anti virus. They have a free version.
http://www.grisoft.com/us/us_index.php
Let's put it this way: ANY antivirus is better than none. Most are about the same JUST KEEP THEM UPDATED! Stay away from *all-in-one* solutions that combine firewall, antivirus, spyware,etc. They may be simple and easy but don't cut it when you are surfing the dangerous wilds of doubler and hyip admins and using ecurrencies that people love to steal.

7. Spyware/malware/keystroke loggers/hijackers.
Too many to list. AdAware and Spybot are two real popular and free ones. I am probably the only dude that thinks that Webroot's SpySweeper is a clunker. As far as the paid ones, it is very popular but I find it to be very slow and misses too much. If you want to pay and get industrial-strength on spyware's sorry asses, go with Computer Associates' PestPatrol. For $30, it's worth it. Whether you are going the free or paid route, KEEP THEM UPDATED!

Last thing and this should be obvious: don't use the same login and password for progs you are in, gold accts, bank accts, etc.! Don't let a BAD THING like one login and password getting compromised turn out to be ALL your logins and passwords compromised! You got RoboForm now, you don't have to write down or remember this stuff!

How do you protect yourself from a stealin' egold or intgold employee on the inside from taking your money? Sorry, but that's always a possibility so make sure you don't let ecurrency linger in your accts. Get it the hell out of there ASAP!

Whew, security is a serious topic with a lot of areas to cover! I may have to charge *double* for this column. I hope you noticed one recurring theme here and that is whatever you have and use, KEEP IT UPDATED! New bad stuff appears daily and something a week out of date doesn't get the job done.

Do the above and you seriously will mimimize the chances of your egold acct getting emptied or someone deciding they would like to use your identity to open numerous credit card accts and buy some plasma TVs. And when your friends' ask about how secure it is to use a credit card on the net, ask them how secure is it to give your cc to some teenager in a restaurant or a convenience store clerk? Life is full of security risks, you just have to decrease the risks as much as realistically possible and accept that it will never be 100% fool-proof. It takes technology *experts* 6 hours of lecture time to make that basic point.
NUK