Section One: Email
1 - Open attachments from strangers.
Never do this. Ever. Nothing good has ever come of opening something a stranger sent you. Just imagine every attachment you see in an email from a stranger is a package from the Unibomber.
2 - Open attachments from friends.
Before you open an attachment from someone you know, make sure they meant to send you that attachment. Maybe they did mean to send it and it's safe to open, maybe they opened an attachment from another friend that hijacked their inbox and sent this to you. Check first.
3 - Click on a link from a stranger.
If you were walking to work and a stranger shouted "Go down to Fourth and Main! No wait, I'll drive you!" would you go? Probably not, because most people don't get in cars with shouting strangers. Links in emails are the same - they say "GO HERE, NO DON'T BOTHER, I'LL TAKE YOU!"
4 - Click on a link from a friend.
Just like with attachments, you need to check and see if your friends or contacts meant to send you a link. Some links are safe, some are not. If the link is the only content of the email and you can see that it was sent to a bunch of people, the link is not safe. If the link is the only thing in the email other than "Check this out!" the link is probably not safe. Just ask before you click it, because "Hey, did you really mean to send me this link to spybottakeover.com?" is not an unreasonable question.
5 - Open unknown file types.
This may seem a little patronizing, but using a computer is a little like using a gun. If you know what you're doing, you can have a lot of fun. If you don't know what you're doing or don't know it's dangerous, you're going to shoot yourself in the foot. If someone sends you a file with an extension (the extension is the series of letters that follows the period in .jpg or .docx or .exe) you don't recognize, don't open it. Pretend you're a five year old, and it's a gun, and go get an adult to make sure it's safe before you touch it.
6 - Open .zip files.
.Zip files are either large files that have been compressed to be sent over email, several files compressed into a single .zip file to keep them together, or a great way to send malicious files in a neat bundle that starts running them as soon as you unzip the .zip file. Never, ever open a .zip file from someone you don't know personally or professionally, and always ask if they meant to send it to you before you open it.
7 - Open .exe files.
.Exe files are executable files - as soon as they are opened they begin to execute a program. Most casual internet users see them when they upgrade Adobe Acrobat and are told by the installation wizard to run "Acrobat9Upgrade4000.exe" as part of the installation process. If you are a casual internet user, this is just about the only time you should see .exe files, and the only time you should run them. Never run an .exe file someone sent you in an email.
8 - Ignore spam filters.
Every email client out there has some kind of spam filter. Use it. Set it for "moderate" protection, the kind that automatically ignores advertising emails and nonsense email addresses. If your spam filter picks most of the dangerous stuff out of your inbox before you even look at it, you have a lower chance of accidentally clicking on something that will damage your computer.
9 - Give your email address out everywhere.
I'm sure you've seen what I'm thinking of - quizzes that require demographic information and an email address before they send you your "Love IQ" or surveys that require an email address before they send you a free iPad. When you fill out these pages and give them your email address, it's only a matter of time before you start getting 10 new kinds of spam a day, at least a little bit of which is actually dangerous to your computer and privacy. If you insist on doing these types of quizzes or surveys, create a throwaway email address that you use only for applications that you expect to generate spam. Protect your real email address - think of it as your personal cell phone number. You wouldn't give out your cell number for a fortune cookie fortune or a lotto ticket, don't give out your email address for quiz results or a chance to win an iPad.
10 - Automatically open attachments.
I actually have a little trouble believing people still do this, but some email clients allow you to automatically open email attachments when you open an email. DO NOT DO THIS. Turn that function off forever, forget that it existed, and be happy with your less-messed-up computer.
Section Two: Phishing (Phishing happens in email as well as over the phone and on websites, so consider this as an extension of email security advice)
11 - Give out your PIN when asked for it.
No legitimate bank will ever call you on the phone, write you an email, or direct you to a website and ask for your PIN. Sometimes when YOU call your bank they will ask for your PIN or your SSN, but the important difference is that YOU called them and are (hopefully) sure that you are talking to your bank.
12 - Take phone numbers and web addresses at face value.
If you get an email from Wells Fargo asking you to reset your username and password, it is most likely BS. If you want to check and make sure that it is BS, call Wells Fargo or go to their website, but DO NOT USE THE PHONE NUMBER OR LINK IN THE EMAIL, or that someone gives you over the phone. That link in the email may be wellsfargo.com.tv and may be totally bogus. The number that someone gives you over the phone may be just as false and misleading. Go to the real website or call the real phone number (both will be on your credit or debit card) and ask if you really need to reset your username and password - they will tell you no, that it's a scam and never to reset your username and password because of an email from them.
13 - Reset your username and password because of an email.
This applies to banks, social media, schools, and pretty much anything online. If your password expires, as it does with some vending or financial websites, you will be informed of it by the website when you try to log in, not through an email. Again, this is the difference between you going to a website and using the URL you are familiar with or have bookmarked and allowing yourself to be directed to a scam site by an email.
14 - Allow someone to remotely access your computer.
Microsoft is a busy company. HP is busy. Google is busy. These companies will never, ever call you out of the blue to solve your problems. If someone calls claiming to be from Microsoft or some other large company and asks you to allow them to remotely access your computer, hang up on them. If they call you and ask you to install something on your computer, hang up on them. Microsoft and HP and other big tech companies have very good customer service - if you call them, they will stay on the phone with you until your problem is solved. If they can't solve it in one day, they will give you a case number, and when they call back they will refer to it. If some tech company calls you and they refer to a case number that you don't know, hang up on them.
15 - Give out your SSN when asked for it.
Once again, no one legitimate will contact you asking for your Social Security Number. There are a few places where it is appropriate to give it out online, such as on Financial Aid forms, but generally you should not give people your SSN online or over the phone. You should NEVER reply to an email asking for your SSN, type it into an advertisement, give it to someone calling you, enter it into a popup window, or send it in a text message. This is how identities get stolen.
16 - Give out your credit or debit card number when asked for it.
This is, once more, the difference between contacting a business and being contacted by a business. If you go to a website or call a business on your own to purchase something it is probably safe to give them your credit card number (though you should make sure the URL of the website starts with https rather than http before you enter the number, and make sure that you found the number or the site legitimately, not through an email or a bogus website. Google it if you aren't sure.)
17 - Give out personal information in a text message.
Text messages are the bastard children of the communications industry. Never give a company or a stranger any personal information through a text message.
18 - Trust people on the phone.
Social engineering is the practice of contacting people and asking for information - it works more frequently than you might think. Maybe you get a call from a hospital, saying your grandson has been hurt and they need a credit card number before they can proceed with his surgery. Maybe you get a call from a credit card company and they say your account has been compromised and they need your SSN to prove that you are you and allow you access. Maybe you get a call from an IT company saying that the network at your office is down and they need your desktop or email password to get things up and running for you. One way or another, don't trust the people who are calling you and asking for sensitive information. If someone calls and says a family member is in trouble, call another family member to ask if it's true.
Section Three: Safe Surfing Practices
19 - Click on ads.
Ads are made to get our attention, whether they are real ads for real products or malicious ads meant to direct you to a dangerous website. I'm sure everyone has seen the shooting gallery ads, made to look like you're swatting a fly or knocking down a clown by clicking your mouse; likewise everyone has seen the ads that shake and jitter and flash letting you know that you're the millionth visitor to the site and you should click on the ad to claim your prize. Don't do it. It might try to get you to download something malicious or, take you to the most annoying website in the world, or just try to sell you something.
20 - Click on links you don't recognize.
Links are everywhere on the web and they are great, as long as you don't click the wrong ones. If you hover over the highlighted text in the paragraph above and look at the bottom left corner of your browser window, you'll see that it directs you to a YouTube video. Some links are left plain in the text (for example, this link to http://google.com actually directs you to Google) while others are meant to purposefully confuse people who click on them (for example this link to http://google.com takes you to the IMDB page of a terrible movie - if you hover over it you can look in the bottom left corner of your browser window and see where the link will send you.) So hover over links and think twice before you click on something that redirects to a page that you don't recognize or that seems suspicious.
21 - Use an outdated browser.
Web browsers are updated for a reason. Sometimes it's because they're faster and work better with new technologies, sometimes it's because the old version of the browser was less secure than the new version. Firefox and Chrome both update regularly with improved functionality and reduced vulnerabilities. If you insist on using Internet Explorer, please at least use the most recent version.
22 - Use outdated software.
Like browsers, software such as Adobe Acrobat is sometimes updated to make improvements to functionality and sometimes to make it more secure. Always use the most updated version you can of all the software that you have.
23 - Unthinkingly allow scripts to run.
Many webpages use scripts to run. Some of those scripts are malicious. Javascript in particular has a reputation for being used maliciously. If you use Firefox you can choose to disallow all scripts or temporarily enable scripts or allow all scripts from a particular website, which makes a potentially safer browsing environment.
24 - Unthinkingly allow cookies.
Some websites ask you to allow cookies. Sometimes this is beneficial and saves time by letting websites remember you and your habits. Sometimes this is problematic because it lets websites track you and your habits. If a website asks you to allow cookies, think very carefully before agreeing, and clear cookies occasionally.
25 - Agree to everything.
If you click "ok" or "agree" in every dialogue box that pops up on your screen, eventually you are going to agree to something really onerous. Consider before clicking yes and remember to read what you're agreeing to before you agree.
Section Four: Social Media
26 - Complete your "About Me."
Facebook gives you the option of telling people what school you went to, what cities you've lived in, and who your parents are. What are the most common security questions on the web? School mascot, the city you were born in, your mother's maiden name, and your father's middle name. If you fill out a public About Me and friend your parents, you've freely given out all of the information social engineers need to hijack your accounts.
27 - Tell everyone everything.
Thieves don't have to case a neighborhood in person before committing a robbery these days - they just have to check Facebook and Twitter. If you're telling the world at large that you're going to be out of town for two weeks and Tweeting pictures from the deck of your cruise ship, you are making your home a target. Share information selectively.
28 - Ignore privacy settings.
This relates to the previous two entries, as well as to everything you do on social media. The first thing you should do when setting up a new social media account is go to the privacy settings and make it as private as possible, requiring that you approve all of the people who will be reading your post. This not only protects you (to an extent) from opportunistic criminals, it protects you as a professional. No one has ever gotten fired because their profile was private or because they Tweeted too little. Plenty of people have been fired because of public posts and allowing friends to tag them in photos.
29 - Share metadata.
Metadata is the information in a digital photograph that is not the image itself. Digital cameras record the f-stop, aperture, time the photo was taken, and a whole bunch of other information. Digital cameras in cell phones and tablets frequently include the GPS coordinates where the photo was taken in the metadata. Unless you specifically tell your cell phone or tablet NOT to link to GPS there's a good chance that you're broadcasting your physical location every time you upload a photo. Think about that before you Tweet a photo from your son's football game or your sister's birthday party.
30 - Use Foursquare.
I have no idea why the hell people use Foursquare. I consider it actively dangerous. For instance, in about three minutes of browsing I was able to identify a user who is the "Mayor" (person who checks in most frequently) of a bookstore near me. I now also know which train stations he uses most frequently, where he gets gas, where he likes to eat, and that he was a marketing major at UCLA. Sure, his home address is private, but why should that stop someone from tracking him down when he shares the location of his school, train station, favorite hangouts, and the gas station around the corner from his house. Some people have Foursquare set up to automatically check them in to every location they walk past. That means that these users have chosen to share a real-time tracking device with the entire internet. Just in case you hadn't picked up on it, that is a terrible and dangerous idea.
31 - Click on links in your friends' posts.
Go look and entry number 20 again. Don't click on links in your friends' posts or comments - especially if you see the same post in your feed made by different friends (if you see the exact same image with "Check this out!" written underneath by two or more friends, your friends have been the unwitting hosts of spammers - you don't want to join them). If you're unsure about a link, hover over it and see where it's going to send you. If it's a URL that looks incredibly shady, don't click it.
32 - Click on Facebook ads.
I know I mentioned this in entry 19, but Facebook has had serious problems with ads spreading Malware and viruses in the last few years. DO NOT CLICK ON FACEBOOK ADS. Worst case scenario, you end up with difficult-to-remove viruses, best case scenario you learn about "real" singles in your area or fringe political groups; it's a lose-lose scenario. Don't click on Facebook ads.
33 - Friend everyone.
Only friend people you know personally. A large number of the friend requests or follows you get on social media sites are going to come from spambots looking to distribute spam or from real people with ulterior motives. There are literally zero benefits (and some negative effects) of having hundreds of people following your personal Facebook or Twitter. If you friend everyone you are opening the door to spammers, stalkers, thieves, and even just people who you don't really need cluttering up your life. If you have a band or a business page, sure, make that public and follow everyone, but your personal page needs to be at least somewhat private.
Section Five: Downloads
34 - Download desktop customizations.
There are images that you can safely (and freely) download from the internet to use as desktop wallpapers. None of them come from websites that have "wallpaper" as a keyword. There are safe places to download screensavers, but they are so few and far between that it's better not to make the attempt. There are no safe places to download courser or pointer customizations. A Yellow Submarine in place of a mouse pointer is not worth the baggage attached to it.
35 - Download games.
There are MANY games out there that are safe to download and fun to play - they tend to come from large game companies like Steam. There are MORE games out there that are dangerous to download and fun to play - games that look like slot machines, games that give you a crossword of the day, games that look like Bejewelled or Candy Crush but are cheap or free for download right now! If you are going to download games, research them first (a simple Google search of "is xxxxx a virus?" can save you a lot of headaches) and make sure you really know what you're getting.
36 - Download software.
Probably the most frequently downloaded, updated, and reconfigured software on any given computer is the .PDF reader. Some complete and utter jerks trying to trick nice internet users into downloading something malicious will "helpfully" link to .PDF readers that are full of Spyware and Malware. If you need a .PDF reader and you're confused or worried about a safe .PDF reader, go to Adobe's website. Adobe Acrobat is one of the more widely used .PDF readers and creators - while it is vulnerable to attacks if it is outdated, it is unlikely to house Malware when you download it.
Research ALL of the software that you download. You should never put anything on your computer without understanding it first.
The Adobe Reader download page looks like this. It may not have Malware, but it does have a glaring and all-too-common problem (see entry 37).
37 - Install or download without reading the fine print.
Look at the image above. The page is divided into three columns. In the center column is an optional offer of a free trial for McAfee Security Scan Plus which has been helpfully bundled into the download for you. Security is great, but McAfee is a pretty crappy security system and if you are running another antivirus or security program there's a good chance that McAfee is going to conflict with it. Long story short, if you were to download Adobe Reader without unchecking the box in the middle column of the page your computer might stop working, your antivirus will almost certainly stop working, and you will definitely start getting daily popups telling you to buy McAfee.
Bundling good software with bad software (or even good software with good software when you don't need the second one) is incredibly common and VERY frustrating. Before you download ANYTHING you need to carefully read the fine print of the Terms and Conditions and uncheck any obvious bundles. Once you have done that, you need to carefully read every page of the installation wizard and uncheck any non-obvious bundles. If the program won't allow you to install without a bundled toolbar or security scanner or anything that is not the specific program you want, you need to cancel the installation. If you aren't sure, call someone who knows computers better than you do and ask for help because it will be easier to tell you to stop an installation than it will be to unistall somewhere down the line.
38 - Ignore updates.
Your computer should be scanning for updates regularly and asking you to install updates. It is a good idea to have the computer do this once a week, but not a great idea to have it automatically install updates for you. When you are alerted that you have updates to install, do a Google search on each update to make sure there isn't a problem with it, install the updates that don't have known issues, and wait a week to install updates with known issues to see if those issues have been fixed. If you're not sure that you can be that hands on with updates, set them to automatically install at least once a week.
39 - Download pirated software, movies, or music.
I don't want to discuss the rightness or wrongness of piracy here - all I want to point out is that peer to peer sites have no control over what people are uploading. You may think you're getting a free copy of a new album when you're really getting a nasty virus. Like most of this section, it simply comes down to the fact that you get what you pay for - if you pay for Dexter on DVD you get Dexter on DVD. If you go looking for something free, you get whatever someone is willing to hand you, which may be what you're looking for but might be arsenic in a candy coating.
Section Six: Antivirus Software
40 - Don't use an Antivirus.
If you are using a PC and you don't have antivirus software running right now go to Microsoft's website and install Microsoft Security Essentials. It is a free, basic antivirus that will do a fair (though somewhat minimal) job of protecting your computer. If you are using a Mac and don't think you need an antivirus, you are wrong (and also pretentious); look into Sophos and please install SOME kind of antivirus. There is free antivirus software everywhere, none of them are perfect and some of them are downright awful. There are also paid antivirus software everywhere, and most of them are frustrating (especially because you're paying and they're awful). Where I work we recommend ESET Nod32 Antivirus for both PC and Mac. I have heard some not-awful things about Kaspersky. I would not recommend using Norton or McAfee as they seem to have some pretty significant issues.
41 - Use two antiviruses at the same time.
Most antivirus programs are incompatible with other antivirus programs. Before you install an antivirus program make sure that any trial versions or old versions of other antivirus programs are uninstalled. This also greatly simplifies the single greatest problem that arises from fake antivirus programs - if you only have one antivirus installed and you know what it is, you won't be tricked by a fake program.
Scareware is designed to look like legitimate Antivirus software to scare people into paying to
"remove" the viruses it has found. Paying for Scareware doesn't fix the problem; the Scareware
remains on your computer, allows Malware and Viruses onto your system, and now you've given
your credit card number to the person responsible for infecting you.
Original image from Haverford.edu.
42 - Get tricked by Scareware.
Scareware is an kind of malicious software that pretends to be a legitimate antivirus program. It usually appears as a popup or a blue screen warning the user that they are infected and it is urgent that they remove the infection. Some kinds of Scareware charge you to remove the viruses, some simply ask you to allow them to run. A new trick that some Scareware is using is to activate your webcam and take a photo of you, claiming that you are being accused of piracy or child pornography. If this sort of thing pops up on your screen DO NOT PAY ANYTHING and DO NOT CLICK ON ANYTHING. Immediately turn your computer off. If you think you can take care of the problem yourself, restart your computer in safe mode and Download and Run the Free Version of Malwarebytes. If you think it's beyond you to remove Scareware call around to local computer repair shops and tell them your computer is infected. Expect to pay at least $140 and to be without your computer for at least two days for a thorough cleaning. By the way, the link in the caption above is an EXCELLENT guide on what to do if you have Scareware.
43 - Ignore your antivirus software.
I find it completely insane that this is still happening. If your antivirus software pops up with a warning that you are infected, listen to it. If your antivirus software pops up a window saying "This site may be infected" or "This document may be infected" or ANYTHING about infection, listen to it. Some people turn off or ignore the warning because "That's my favorite poker site," or "That's the program I do my schoolwork in," or "It wouldn't let me watch my movies," or something along those lines. If you antivirus doesn't want you to use a site, that site is a risk to your computer. If it doesn't want you running a particular program, that program may be exploitable and needs to be updated. If it doesn't want you opening a certain file, that file is infected and is a risk to your computer. People frequently complain to me "but it was doing it all the time," and my response to them is a complete lack of pity - if your antivirus is constantly warning you about risks online, you are engaging in risky online behavior and the antivirus software is not at fault if you ignored or disabled it.
44 - Completely trust your antivirus.
The only way to make sure that you never get a virus is to never go on the internet and that no one but you ever physically touches your computer. Don't think that you can go anywhere and download anything because your antivirus acts like a magic shield. Regularly backing up your files and using safe surfing practices in addition to using a good antivirus will lower your chances of getting infected, but not keep you completely safe.
45 - Let your antivirus expire.
Most antivirus software is subscription based with a one year term. The first year costs from $30-$40 and each subsequent year costs $15-$30, depending on the software. If your antivirus expires on June 15th, you will start getting warnings that it is going to expire as early as May 15th. If you ignore your renewal warnings until you get a virus on October 15th, you are going to regret it.
46 - Don't update your antivirus.
Like operating systems, web browsers, and all other forms of software, antiviruses release new versions and in between new versions they need updates and patches. Unlike other forms of software, antiviruses are CONSTANTLY learning new virus definitions. If you don't regularly update your virus definitions (at least 1-2 times a week) you are at a higher risk for getting infected. Just like last year's flu shot doesn't protect you from this year's flu virus, last week's virus definitions don't protect you from this weeks viruses.
Section Seven: Backups
47 - Never make a backup.
At some point or another, your computer is going to fail. Whether this is due to a virus, hardware failure, or a freak stroke of lightning, it is going to happen. When it does happen, you will be much happier if the video of your daughter's first steps is saved somewhere other than on the hard drive that recently became a coaster.
48 - Make constant backups.
Some of our customers do twice daily backups. These are customers who employ hundreds of people and have nearly a petabyte of storage available to them. Some of our customers make backups twice a week and occasionally lose a day or two's worth of work if their server crashes at the wrong time. These are customers who have 5-20 employees and don't put too heavy a load on their system. Some of our customers make backups once a year. These are the customers who end up paying a lot of money to try to recover data from a failed hard drive. For a home user I would recommend backing up your files at least every other month, but no more frequently than once a week. If there is a file that you absolutely, positively, just CANNOT afford to lose, manually transfer it to your backup drive, copy it to a USB key, burn it to a DVD and print out a hard copy, because if something is that vital you need to have a healthy respect for Murphy's Law. But backing up too frequently is hard on your system, eats up storage space. Most people can get away with manually backing up their photos, music, movies, and any vital work files once every month or two.
49 - Rely on backups.
Hardware fails, servers crash, and file cabinets are flammable. It would be wonderful if there was a way to make sure that you never lost your big presentation, final thesis draft, family photos, or important insurance documents. It would be wonderful, but it's not going to happen. The best advice that I can give you is redundancy. It is unlikely that your hard drive is going to fail. It is less likely that your hard drive is going to fail at the same time as you backup drive fails. It is even less likely that your hard drive and backup drive are going to fail at the same time as your cloud storage fails. It is less likely still that your hard drive, backup drive, and cloud storage will fail on the same day that your house catches fire. It is far less likely that your hard drive, backup drive, and cloud storage will fail while your house is on fire and your safety deposit box is getting swept away in a flood. So decide what level of likelihood is comfortable for your level of paranoia and try to make sure your backup plan is comfortably backed up.
Section Eight: Scams
Some of this is stuff more properly covered in the email section, but scams are such a big deal that they deserve their own section. If you're concerned that something may be a scam, do a Google search for the company name, and as a good general practice regularly look for common Consumer Frauds and Scams and check out the Fraud page of Snopes.com to know what to watch out for.
50 - Give your account number to someone in Nigeria.
No millionaire from ANYWHERE is going to be contacting you to transfer their money safely for a small finder's fee. Never, ever, under any circumstances forward money via Western Union to, give your account number to, or cash checks for a person who you have never seen. You will not only lose money, you may possibly be prosecuted for fraud. If you get an email from someone with bad grammar claiming that they could be of great benefit to you, they are lying - delete the email (or text message, or hang up the phone.)
51 - Don't check out their story.
This is a sad one that happens mostly to elderly people and has had a lot of help from Facebook: If your grandchild, niece, or nephew calls you and asks for money for a hospital bill or bail or bail in another country, call their parents and ask where the younger relative is, or call the younger relative's cell phone number. Scammers will call older people who may be hard of hearing, impersonate a young relative, and make off with thousands of dollars. If you get a call or a text from an urgent grandchild, as harsh as it sounds, check and make sure that it is your grandchild. In order to protect yourself in the meantime, make sure that your online accounts are visible only to your friends and family.
52 - Have faith in advertising.
Websites like FinallyFast and CleanMyPC are scams. They do not make your computer faster, they "find" viruses and "remove" them while actually installing Malware and charging your money for the trouble. Just because something is advertised on TV or on the radio does not mean that it is safe to use. Before you go to any website or use any program, do some research on that product. If most of the searches pop up with "Is xxxx a scam?" or "Xxxxx is not a scam," you probably don't want it on your computer.
53 - Be the base of a pyramid.
Pyramid schemes have extended their reach in the era of the internet. Remember that the words "get rich quick" are a warning sign, and that if you generate more income by signing up subordinate employees than you do by selling a product, you are embroiled in a Pyramid or a Ponzi scheme. If you are not sure whether or not a company is a Pyramid scheme, do some research (though yes, Herbalife, MonaVie, MaryKay, and Amway are all considered Pyramid schemes.) If you think that you may have lost money due to the misrepresentation of a Pyramid or Ponzi scheme, consider making a report to the FTC.
Section Nine: Hardware and Media
54 - Trust physical media.
We've already gone over why you shouldn't trust attachments in emails, but trusting physical media (such as CDs, DVDs, and USB keys) isn't a good option either. You can trust CDs and DVDs (writable only, not RW) that you have burned to be free of viruses and malware, and physical media that comes from a store is probably safe too, but be cautious with USB keys that you have loaned to or borrowed from friends, and never put any physical media that you have found in you computer. Think of it as potato salad. Potato salad in a container from the store is very unlikely to give you food poisoning. Potato salad that your friends make is maybe slightly more likely to make you sick (especially if you know your friend has poor hygiene). Potato salad that you find on a bench at the park, or sitting in a container on the sidewalk, is very likely to make you sick and should not be put in your body. Similarly, you should not put any media in your computer that comes from a suspicious source.
55 - Don't know the limitations of your hardware and media.
My little sister said something to me the other day that startled me, largely because of how common her attitude has become. She told me that her backup hard drive was five years old, and when I recommended that she replace it she scoffed and said "this one still works. I'm not going to replace something that isn't broken." So I'll just break this down for all of you based on the standards my company adheres to.
- Desktop computers are good for about 5 years of work.
- Laptops get an estimated three years.
- Servers are expected to start failing at about 5 years.
- Hard drives have an expected lifespan of maybe 3 years for the very high end ones, one to two years for the cheaper ones.
- USB keys, if stored properly, can last up to 5 years.
- Regular CDs and DVDs can store data for 5-10 years (depending on how they're stored)
- Archival quality CDs and DVDs can store data for 10 years or more.
If my sister waits until her hard drive fails to replace it, she is going to lose everything on that hard drive. Keep an eye on your technology and make sure you're aware of when it's getting old and when it might be time to replace it. A computer isn't like a car, where parts can be replaced every once in a while to keep it running; computers need to be replaced on a fairly regular basis to function well and interact with the outside world well.
Section Ten: Viruses, Spyware, Malware, Ransomware
56 - Ignore the possibility of a virus/malware
It's hard to tell just by looking whether or not a website is safe to use, but just because a site LOOKS safe doesn't mean that it IS. Larger sites (Google, Facebook, Twitter, Yahoo, YouTube) tend to be less prone to infection because they pay for better protection services; smaller sites run by people who aren't expert users tend to be attacked more frequently. However ALL sites are vulnerable to attack, and if they are infected, all sites can infect your computer. If you want to be extra cautions, go to Norton Web Safe or AVG Threat Labs and look up the URL of websites you want to visit so you can be sure they're not infected before you expose your computer to malware.
57 - Pay for a virus
Any time a window pops up and demands money from you to remove a virus, pay a fee, or decrypt your data, it is never legitimate and you should never pay for it. Rogue antivirus software pretends to be an antivirus program and charges you money while infecting your computer. The FBI Virus pops up a warning about piracy, child pornography, or gambling; activates your webcam; takes a photo of you; and finally demands that you pay a fee for "violating the laws of" whichever agency it's pretending to be. Ransomware encrypts your files and tells you to send a MoneyPak or Western Union transfer to get a decryption key. DO NOT GIVE MONEY TO ANY OF THESE PEOPLE. Paying doesn't get rid of the problem. Rogue Antivirus and FBI Viruses won't be removed if you pay the fee, and doing so only ensures that your credit card number is in the hands of very untrustworthy people. If you're dealing with malware or a virus that uses scare tactics or follows the FBI virus pattern, take your computer to the local computer shop and have them clean it for you. If you have Ransomware, I'm very sorry to tell you that you are probably not getting your data back. Take the computer and your install discs (and any backups that you have) to your local computer shop, have them wipe the computer and reinstall. But one way or another, don't pay for a virus. It won't make your system any safer, it won't get your data back, and it encourages the perpetuation of the problem.
Section Eleven: Wireless Networks
58 - Trust a wireless network.
Wireless networks are inherently less secure than wired networks. A fantastic example of this is Firesheep - an extension for Mozilla Firefox that allows users to observe the activities of other people using the same wireless network. While using WPA and WPA2 protected networks provides some level of protection, you should be suspicious of all wireless networks and try to make sure that any financial transactions are conducted in a more secure venue.
59 - Allow access to your wireless network.
If your wireless network is open people can snoop on your activity and that's a problem; the bigger problem is that other people can use your network for their own ends and kill your bandwidth, jack up your bill if you have a bandwidth cap on your service, and potentially get you in trouble for the illegal things that they download. Put a password on your wireless, especially if you live in an apartment building with lots of neighbors in close proximity.
Section Twelve: Passwords
60 - Don't use a password.
A password is the easiest way to protect your computer and your identity online. You should set up an admin account on any computers you own and require an admin password to install any program on your computer - this simple step would save a lot of people from a lot of infections, if only they would set it up.
61 - Use simple passwords.
A lot of our lives are spent online these days. Billions of people access the internet daily, and all of these people have multiple accounts that require a login. A lot of people are busy and don't want to think up and then type in complicated passwords with varied cases and punctuation marks, so they just type in something simple - a word in all lower-case letters, a single number or letter repeated multiple times, and so on. Don't do this. If your password is an actual word, if it is simple, if it is the same character repeated multiple times, it is not a good enough password and needs to be upgraded. Make your password as long as possible, include letters, numbers, and characters to make it as secure as you can.
62 - Use a common password.
Most common passwords are simple passwords; they're strings of digits, repeated characters, simple words, well known fictional characters or sports teams, common first names, and so on. Look at this list of the 500 most common passwords (sorry, some of them are rude) and NEVER, EVER USE ONE OF THESE PASSWORDS - they're the first ones any good cracker will try when trying to get into an account.
63 - Use the same password across multiple accounts.
With email, Facebook, Twitter, blogs, Tumblr, Imgur, Reddit, Google+, Banking sites, Ticketmaster accounts, and the million other things that people sign on to, it's no wonder that people want to use the same password for every account. Don't. If you use the same password for all of your accounts someone only has to figure it out ONCE to take over your entire online life.
64 - Don't change your passwords.
If you've had the same password on your email account since you started that email account, it's time to change it. You may have let your password slip once to an ex, or not realized that your friend was watching you type it, or left it written down on a post-it at work; one way or another, the longer you've had a password, the more chances there are that someone else knows that it's your password. Change your passwords at least once a year.
65 - Write your passwords down.
There is no point in having a secret password protecting your encrypted computer or your online life if you are going to write it down and leave it next to your computer (or drop it on the ground, or throw it away and let someone digging through the trash find it). Seriously, don't write your password down unless you're comfortable giving anyone who could possibly find that piece of paper unfettered access to your life.
66 - Tell people your passwords.
I hate the idea that some couples know each others email and Facebook passwords. What if you break up? What if you get a divorce? What happens if you tell your siblings your password and then you have a falling out? What happens if you tell your roomate your password and then you're late with rent? I don't understand it. Don't tell anyone your passwords unless you're comfortable with them having insight into your entire life (even your husband or wife doesn't need to know your taste in porn or what's in your Amazon shopping cart, seriously).
67 - Automatically log in to accounts.
If you're going to have all of your accounts remember your password and keep you logged in at all times, you might as well not bother with a password. All it takes is one instance of forgetting to log out and all of a sudden the next person using that computer has your life in their hands.
So, I was initially going to go for 100 ways to screw up your life, but I'm stopping at 67 for now because that's all I can think of to keep most people out of computer trouble. As I see more examples at work and around the web, I'll update the list and we'll see if we can someday make it to 100.
- Cheers, Alli
