Welcome to Shaun Luttin's public notebook. It contains rough, practical notes. The guiding idea is that, despite what marketing tells us, there are no experts at anything. Sharing our half-baked ideas helps everyone. We're all just muddling thru. Find out more about our work at bigfont.ca.

Internet Security Questions (and Answers)

Tags: tech-cafe, library

Friday, May 30, 2014 3:33:13 PM

Is Shaw Open a secure WiFi connection?

No. Shaw Go WiFi (previously Shaw Open) is not a secure WiFi connection. The communication between your computer and the router is not encrypted. In the unlikely case that someone nearby is spying, he/she could eavesdrop on the communication between your computer and the router. This isn’t normally a problem, unless you are sending sensitive information AND you are using HTTP instead of HTTPS.

Generally speaking, there are three places where a spy could eavesdrop on your communications.

(Your Computer) ----cx1----- (The Router) -----cx2---- (The Modem) -----cx3---- (The Destination Server)

In the above diagram, HTTPS secures the cx1, cx2, and cx3 whereas a secure WiFi connection secures only cx1.

  • Your Computer is the computer from which you are surfing the Internet.
  • cx1 is the WiFi (wireless) communication between Your Computer and The Router.
  • The Router is also known as the Wireless Access Point. Other computers, in addition to yours, may also connect to The Router.
  • cx2 is the connection between the Router and the Modem.
  • The Modem is what actually connects to the Internet.
  • cx3 is the communication between The Modem and The Destination Server.
  • The Destination Server is one of the many computer that make up the Internet. For instance, www.facebook.com lives on a server that Facebook owns.

Someone with the right equipment could eavesdrop at cx1, cx2, or cx3. How do you protect yourself if you want to send sensitive information? The solution: Use HTTPS! The HTTPS signal will encrypt the communication between Your Computer all the way to the The Destination Server. Sure, the NSA might be able to decrypt the content, but that’s another (political) issue.

Is my anti-virus secure enough? Do I have a good one?

Visit these two resources to view the rankings of different anti-virus suites. Both of the websites are quite complicated. The content, though, seems realistic and comprehensive.

  1. AV Test (http://www.av-test.org). Publishes several anti-virus ratings. For instance, here is a list of home user anti-virus software rated by Protection, Performance, and Usability.
  2. AV Comparatives (http://www.av-comparatives.org/). Publishes several anti-virus statistics and charts. For instance, here is a list of Awards by Vendor.

Is Mac more secure than PC is?

Historically there were probably fewer people working on exploiting the Mac OS than the Windows OS. Is one more secure than another is? We don’t know for sure. In any case, with the growing popularity of Macintosh computers, it’s probably a good idea to have an Anti-Virus.

Is it possible to use the Internet securely?

Yes and no. It’s a matter of degree. In the same way that you can’t make your house into Fort Knox and you don’t sleep in a bank vault, you cannot make using the Internet 100% secure. Rather, you can reduce the risks in the same way that you lock your front door and perhaps have a alarm system. Sure, at cat burglar could break in, but you’re pretty safe.

How can I use eBay, PayPal, and Amazon securely with my banking information?

Become familiar with the address bar when you’re visiting a website. Learn to figure out whether the website is what it claims to be. E.g. is the site actually run by eBay or is it a malicious company pretending to be eBay? If you are entering sensitive information (e.g. banking, password), make sure the site has HTTPS instead of just HTTP. The S in HTTPS is important – it stands for Secret!

Can a download happen without my permission or awareness?

Yes. This was a recent surprise for me. If you visit a compromised or sketchy website, a download can happen without your permission or awareness. These are sometimes called drive-by-downloads. Mitigation strategies include 1. not visiting sketchy websites, 2. installing anti-virus software, and 3. using modern browsers that implement sandboxing.

See also:

http://windows.microsoft.com/en-ca/windows/downloading-files-internet-faq

http://www.microsoft.com/security/sir/glossary/drive-by-download-sites.aspx

http://www.youtube.com/watch?v=c8cQ0yU89sk

http://security.stackexchange.com/questions/59086/can-a-website-download-malicious-content-to-my-windows-computer-without-my-permi

http://www.nsa.gov/ia/files/factsheets/BestPractices_Datasheets.pdf

Some Terms

Streaming

Using video, music, and sound on the Internet without saving it to your computer.

Downloading

Saving something to your computer from somewhere that isn’t your computer (videos, music, sound, documents, programs, files…)

Pharming

When you try to go to one website, and a malicious program redirects you to a fake website instead.

Drive-by-Download

An unintended download that can happen for one of two reasons:

  1. you authorized the download without understanding the consequences
  2. a download happened without your knowledge or permission (e.g. from just visiting a website)