operation
7.5 Basic do’s and don’ts
7.5.1 Don’ts
Do not give access to any computer that you connect online to anyone else. Do not allow software of suspect origin to be tried or installed on your computer, especially a computer that you connect to the Internet or any other network.
Do not open any e-mail sent to you by someone you do not know, and most certainly do not open any attachments to such e-mail.
Do not use Outlook or Outlook Express; they have been involved in far too many documented security incidents. Use some other software such as Eudora (free from www.eudora.com) instead. The same goes for Internet Explorer; use a Netscape or Opera browser instead.
Do not use any Web browser for either e-mail or for Usenet newsgroup reading. They are not secure enough.
Do not enable HTML in the software that you use for e-mail or Usenet newsgroup reading. This is to enable online tracking of your activities by third parties.
Do not open your e-mail or Usenet messages online. Go offline after downloading them and then open them. This is to negate Web bugs (see Section 9.4).
Do not be online unless you have to be. When composing or reading a Microsoft Office document, for example, you should be offline; this is also to negate Web bugs.
Do not register online or allow any software to register on line. Unless the software won’t work unless you register it, do not register it at all. If you must register it, tell the vendors that you do not use the Internet and get them to accept your registration by mail or over a regular telephone call.
Protect your e-mail address almost like your social security number and do not give it out except to individuals you know well.
Do not register with any online service or group that wants to list you or your interests in any directory.
Do not use Wi-Fi (see Section 13.2) unless you are aware of the major security risks that it brings and are willing to accept them.
Do not post to Usenet groups using your true name or use your true e-mail address.
Do not ever leave your hard disk in the computer if you have your com- puter serviced or repaired.
Do not leave your computer on and online unless you are sitting in front of it, even if (especially if) you have a high-speed connection (xDSL or cable modem).
Do not store your e-mail (especially copies of outgoing e-mail) for long. Thin it out to the minimum that you absolutely must keep and convert that into an encrypted form for storage in a removable disk that you can keep in a nonobvious place that will be known only to yourself.
Keep in mind that, for all practical purposes, whenever you do some- thing with your computer, someone is sitting right behind you and is
dutifully noting everything you see or do. As such, do not see or do things with your computer that can land you in jail in your particular country. If you are a freedom fighter or a religious activist and must use a computer, learn all the security-related issues first (all of them are spelled out in this book) before you risk life and limb; you owe it to those who have trusted you.
7.5.2 Do’s
Use a good virus-protection software package and update it at least weekly. Norton AntiVirus used to be the best, but it now requires online registration, which is inadvisable for any software as you really have no idea what infor- mation is being sent to the vendor.
Additionally, use a good Trojan detector such as The Cleaner (http:// www.moosfot.com).
Additionally, use a good adware detector and remover, such as Ad- aware from http://www.lavasoftusa.com.
Additionally, use a good spyware detector, such as Spyware Search and Destroy from http://www.security.kolla.de.
Additionally, use a good firewall software with its most conservative set- tings (including specifically disallowing all scripts, such as JavaScript). Zone Alarm from http://www.zonelabs.com (a part of Checkpoint Software Tech- nologies as of late 2003) is recommended. Set the firewall to forbid any soft- ware in your computer from acting as a server. Be very suspicious when your firewall informs you that some software is trying to connect to the Internet and deny permission unless you know and approve of such connectivity.
Periodically (meaning at least once per month, and certainly immedi- ately after any computer-related activity that might be frowned upon by a regime) defragment your disk(s) and also wipe the disk(s) as per Chapter 2.
Depending on your situation, consider deploying the means described in the next two chapters for intermediate and advanced protection.
Get in the habit of using only encrypted e-mail with those with whom you routinely communicate. There are numerous simple ways of doing so described in this book. When you do, compose your plaintext e-mail in RAM-disk (see Section 6.2.2), then encrypt it and store on hard disk only the encrypted version. The reverse holds for incoming, encrypted e-mail.
If traveling with your laptop, remove the hard disk and have it carried separately, preferably by another person that you may be traveling with, who should clear customs ahead of you. This will drastically reduce damage from theft, as well as the motivation of those in the country you are travel- ing in to spend much time sifting through what may be your company’s proprietary data.