Computer Safety for SSI Members

I recently received this message from a friend. I’ll call him Bill (not his real name):

My computer crashes have caused me to lose all my stored information.

When I called to assist him, I learned that he had purchased and plugged in his computer years earlier but had never properly installed a firewall, router, or anti-virus software.  Unknown to Bill, this left him completely vulnerable to Internet viruses, trojans, and worms that not only rendered his computer and bank accounts vulnerable to professional Internet hackers, but it also enabled his computer to attack his friends’ computers.

Since joining SSI and its Board last year, I’ve discovered that a large percentage of our highly-educated members are dumber than a box of dirt when it comes to Internet security.  (This will change as new doctors replace older ones).  Additionally, many of SSI’s members have been targeted by corrupted hospitals and medical boards.  SSI members should be aware that they have no “expectation of privacy” when it comes to university and HMO/PPO Internet connections, and multi-billion dollar healthcare or pharmaceutical companies aren’t above playing dirty if they suspect a disloyal, disgruntled, or disruptive employee.

If you’re being targeted for attack or dismissal, your Internet and email connections are a private investigator’s FIRST target and represent a significant vulnerability.  If you want to use a secure method for sending messages from a questionably-secure facility, Skype offers free encrypted voice, chat, and digital transfer capabilities that are difficult for employers to monitor.  In any case, it’s best to generate a private email service like Hushmail and communicate offsite.

I’ve posted my email to “Bill” so that our members can consider the information and protect themselves.

Dear “Dr. Bill”

I feel your pain. My first computer crashed in 1989 – I had stuff on that from 1982 when I bought my first computer. I’m still sick about that. I now use Acronis to back up my three computer drives onto a one-terabyte back-up drive. Although still painful, a crash will lose, at most, six days of data. There are also some good online backup services that work pretty good.

Unless you have a few years to develop computer security expertise, it’s best to find a reliable “computer guy” who you can trust. I live in Los Angeles and pay my computer guy $50/hour when I have problems. He lives nearby and he is efficient and knowledgeable. If you live in Portland, Springfield, or New York, you should not need to spend more than $50/hr. Pay him immediately and don’t give him trouble. If you’re rude and don’t pay immediately, he’ll either raise his rates or stop assisting you. Many high school and college kids know more than enough to set up your system safely. If you use CraigsList, ask for and call references first. When you find the right guy/or gal, treat him like family. He’s worth his weight in gold.

Once you’ve found your computer guy, tell him what you want.

As much as you use email and Google, your computer guy needs to install Spybot, Norton Antivirus, and Outlook: 

  1. Spybot is free and effective in protecting your registry and blocking hostile websites, but you’ll need to check it regularly for updates.
  2. Norton’s updates are automatic but require an annual $40 subscription. For 11 cents a day, Norton is a worthwhile investment.
  3. DON”T upgrade to Vista – it’s got a bad (and well-deserved) reputation. A new operating system is expected this fall that is basically Vista without the bugs.  I’m told that the beta-release works very well.
These services won’t prevent real talent from hacking into your machine, but it’ll protect you from 99.999% of the viruses, trojans, and worms that infest the Internet. XP has some good firewalls, but you’ll need a router (I use a wireless Linksys router) and a hexadecimal password like Ddk52f0Wq!

Some hard-core Mac users insist that they’re computers are invulnerable, but this is false. Although not susceptible to PC hacks, they also get hacked and phished when left unprotected.

Outlook will manage all of your email address in one place. Have your computer guy set up those things for you.

I also use Avant Browser. Firefox and others are just as good with powerful shortcuts and macros. Avant’s companion service, Roboform generates, saves, and manages all of your passwords. Many people make the mistake of using one username (Bob) and password (1234) for ALL of their computing needs. The problem with that is that if you get phished with your one name and password, that information will be used to attack your other hundred accounts – including Amazon, eBay, and your email. A hacker in Canada, Africa, or China could spend a lot of your money that way. Imagine the fun some kid would have logging into your email account and sending kiddy porn or viruses to all your friends and associates with YOUR NAME. But if you use Roboform to generate, save, and manage your names and passwords, getting phished once won’t clean out all of your other accounts.

This won’t protect you from all Internet-based threats, but like fences, doors, dogs, windows, and locks, it will greatly improve your defenses and computing ease.

Clark Baker is a licensed private investigator and SSI Board member. 

4 Responses to “Computer Safety for SSI Members”


  1. 1 IT Forum says

    I don’t normally comment on blogs but your post was a real call to action. Thank you for a great read, I will be sure to bookmark your site and check in now and again. Cheers, Amy xXx.

  2. 2 Eric says

    I see no advantage in Avant browser’s features and condsider Mozilla’s Firefox with the No-Script plugin more secure.

    No-Script allows user specific levels of security per website and has features that provide added security even if No-Script is blocking scripting (running code on your PC that comes from a website). (Added security here is protection against “click-jacking”.)

    Avant’s highlights for its protection against computer forensics is misguided – as forensics can be much more thorough than a web-brownser’s scope.
    For forensics protection, total hard drive encryption is needed – see truecrypt.org

    Norton is bloatware. The reference to “hexadecimal” passwords is misguided – use the strongest pw possible (not necc a hex pw) and of course make sure how you use it and its limitations.

    Micorsoft office is one of the biggest virus targets in the world, it is overpriced, bloated, and it constantly needs security updates. Try Open Office from Sun Microsystems instead (google it).

    The “reference” pw manager is Password Safe, and a nice bkp util. is Drive Snapshot. Both of these are to be trusted totally. (PW Safe was designed by Bruce Schneier.) KeePassX is good too.

    3rd party email services can be easily coerced by a court order. Use GnuPG instead. (google that too – never put an unknown/unvisited url into your address bar.)

    Consider using Ubuntu Linux instead of Window$ or Mac.

    Remember, PC security is largely dependant on user Behavior, and everyone should know the mantra “Trust no one”.

    I hope this helps and will be passed on.

  3. 3 Eric says

    forgot to mention,

    Nod32 is probably the best AV.

  4. 4 Eric says

    to the Ed.

    please fix

    “even if No-Script is blocking scripting (running code…”

    to
    “even if No-Script is NOT blocking scripting (running code…”

    thanks,
    -E

Leave a Reply