Let’s recap shall we?
Mom wants to get online to read email, surf the web and Google stuff that you don’t even want to know about. We’ve already presented 4 ideas – which essentially boil down to 2 themes:
- Use Common Sense
- Know how to use your stuff
Okay, now we’re ready to get serious and specific about helping mom manage the risks of her internet behavior. So let’s look a little closer at each of the things mom wants to do:
Send and receive email – This will clearly require an email client, but what else? Well, let’s assume that mom wants to check out pictures of you and your significant other frolicking in the surf on your last vacation. And of course there’s Uncle Edgar who sends out those swell PowerPoint presentations and Aunt Thelma who sends MP3s of the latest hymns (at least that’s what mom says they are). So far all of this can be handled by any personal computer (and most cell phones) running any OS with either built in or free add on software.
Email risks fall into 2 categories, cyberfraud (e.g. phishing scams) and attachment-borne malware (e.g. worms or trojans embedded in attachments). While there are virus scanners that can scan your email for malware attachments, these will never sufficiently mitigate the threat without a judicious application of the first 4 ideas. Unfortunately almost all cyberfraud is undetectable by virus scanners, simply because there is nothing wrong with the email format or data itself. The fraudster relies on the recipient to actually take action to fall into the trap. So the only way to mitigate a cyberfraud threat is by using the first 4 ideas. While there are “anti-phishing” mechanisms built into most browsers and some email clients these days, they are useless if you don’t understand them and they are certainly not foolproof.
Surf the web – This is going to require a web browser. Again, any personal computer and most cell phones will come with a web browser sufficient to the task. While the actual choice of browser is mostly a personal taste kind of deal (if there is a choice – which there may not be on a cell phone) some browsers definitely have better security features than others (more on that later).
Web surfing risks include cyberfraud (note that email cyberfraud will almost always utilize some web-based component like a malicious web site that the email links to), downloaded malware (e.g. a trojan embedded in a file you download), malformed images (pictures that are designed with intentional flaws to crash the browser – or worse), malicious active content (all those cute dancing hamsters are really little programs that can actually do worse than just annoy you), leakage of personally identifiable information (e.g. some web sites will collect personal information from you in exchange for some goodie – and then sell it to spammers or phishers) and privacy invasion (e.g. tracking your surfing habits using third-party cookies). The right choice of web browser software and associated “plugins” will go a long way toward mitigating these threats, but again you must apply ideas 1 – 4 to achieve a decent level of threat mitigation. It should be noted that your web surfing habits have a dramatic impact on the risk you incur. Specifically if you intend to visit adult (porn) or warez (pirated software) sites your risk is increased exponentially. Whereas reputable sites like legitimate shopping sites or wikipedia are relatively low risk, a trip to the typical warez site can almost guarantee several of the above threats being real and present. So the moral of this story is don’t even think about stealing software or surfing for porn unless you really know what you are doing and take extreme measures well beyond the scope of what I’m going to tell you about in these posts.
Using search engines – Usually all you need is a browser for this, but almost invariably search engines like Google are way more than just search engines. Google, for example, is an entire suite of web services. They have portals, email, calendar, instant messaging, contacts, office tools and a whole lot more. And they are not alone. Yahoo has similar offerings as does AOL (to some extent). And each and every one of those bad boys wants to install some kind of browser toolbar and desktop application on mom’s computer. My advice is (again see the first 4 ideas) decide on single search provider and use only what you need. Otherwise you will subject yourself to a cornucopia of conflicting crapware. Trust me, it bites wind and mom won’t like it.
Search engine risks include all of the web surfing risks listed above (well Duh! search engines raison d’être is to allow you to surf lots of places really fast). But in addition there is a search engine specific risk of search engine gaming (e.g. a porn site will intentionally embed words like “angels” or “family values” into pages just so the search engines will direct you there when you search for those words). Luckily if you are a firm adherent to the first 4 ideas, this can usually be minimized to simply an annoyance. Also most modern search engines do a pretty good job of filtering out gamed results.
Throughout this post it may seem that (in addition to not adding anything tangible to our list of ideas) I’ve been using the terms risk and threat interchangeably. Just so there’s no confusion let’s go right to the definition of the relationship between them:
Risk management is a structured approach to managing uncertainty related to a threat.
This seems like a logical place to break so we’ll pause here for station identification and finish this up in another post.
Security For All 
Pingback: Safe web browsing « Security For All
Pingback: Common sense advice for parents of networked kids « Security For All
Pingback: Safe web browsing in 2013 | Security For All