A common misunderstanding newbies have is the exaggerated claims of how hakers are waiting to jump and steal your personal information and take advantage of you. Well, there are! It's just not enough to make you that paranoid when you go online.
Some really paranoid nuts will have you believe that they can see what you are doing behind your monitor and watch every move you physically make. Unless you have a camera hooked up, turned on and aimed at you while you are fed through a live hook up or connection, no one is actually watching you in that sense.
Yes, there is an element of danger on the Internet, just as there is an element of danger when you go out in the real world. The same types of thugs you see on the street are the same online. There are just as many good and bad guys surfing the 'net as there are in real life. So try and keep things in perspective.
In real life, a criminal has a better chance of getting your personal information by breaking into your home, pickpocketing you, going through your garbage, stealing your mail, mugging you, breaking into your home, stealing the carbon stubs from your in store credit card purchase and so forth. So your real life odds of being personally touched are better than being touched online.
The only difference is online crime is harder to catch, trace and prosecute. And the criminal could literally be anywhere in the world.
Unless you have a certain type of software on your computer known as a firewall, you are pretty much an open book. Sometimes, even with a firewall, a determined person can get a glimpse at what you are doing. Most of the time these eyes are only doing just that - looking.
Without a firewall, and even sometimes with one, a determined person can see what is on your computer and fetch out passwords, stored credit card information, and personal information about you. Usually it is the criminal element that will go after that kind of information. Sometimes you may make an enemy out of a computer savvy person who wants revenge. Most who spy on what's on your computer are just doing it for the sake of doing it.
What they are mostly watching is where you are going online. Most of the time the "eyes" watching you are only software designed to track where you have been, how long you were there, where you came from and where you go to next. "Cookies" are the tattletale tracks that tell where you have been.
If you open up your Internet Explorer, click on the icon that says "history". On Netscape, press control and h.
Understanding cookies
Some Web sites store information in a small text file, called a "cookie," on your hard disk.
Cookies contain information about you and your preferences. For example, if you inquire about a flight schedule at an airline's Web site, the site might create a cookie that contains your itinerary. Or it might only contain a record of which pages within the site you visited, to help the site customize the view for you the next time you visit.
Only the information that you provide, or the choices you make while visiting a Web site, can be stored in a cookie. For example, the site cannot determine your e-mail name unless you choose to type it. Allowing a Web site to create a cookie does not give that or any other site access to the rest of your computer, and only the site that created the cookie can read it.
Internet Explorer is set up to allow the creation of cookies; however, you can specify that you be prompted before a site puts a cookie on your hard disk, so you can choose to allow or disallow the cookie; or you can prevent Internet Explorer from accepting any cookies.
You can specify different settings for different security zones. For example, you might want to allow Web sites to create cookies if they are in your Trusted sites or Local intranet zone, prompt you before creating cookies if they are in your Internet zone, and never allow cookies if they are in your Restricted sites zone.
Many Internet sites are set up to prevent unauthorized people from seeing the information that is sent to or from those sites. These are called "secure" sites. Because Internet Explorer supports the security protocols used by secure sites, you can send information to a secure site with safety and confidence. (A protocol is a set of rules and standards that enable computers to exchange information.)
When you visit a secure Web site, it automatically sends you its certificate, and Internet Explorer displays a lock icon on the status bar. (A certificate is a statement guaranteeing the identity of a person or the security of a Web site. For more information, click Related Topics below.)
If you are about to send information (such as your credit card number) to an unsecure site, Internet Explorer can warn you that the site is not secure. If the site claims to be secure but its security credentials are suspect, Internet Explorer can warn you that the site might have been tampered with or might be misrepresenting itself.
Note
Some secure sites require a higher level of connection security than what you might have installed on your computer. The Internet Explorer High Encryption Pack gives you 128-bit encryption, and the is now available worldwide. However, due to legal restrictions this software is not available in U.S. embargoed destinations.
Protecting your computer from unsafe software
When you download or run programs from the Internet, you want to know that the program comes from a known, reliable source. That's why, when you choose to download a program from the Internet to your computer, Internet Explorer uses Microsoft Authenticode technology to verify the identity of the program. Authenticode technology verifies that the program has a valid certificate: that the identity of the software publisher matches the certificate, and that the certificate is still valid. Note that this does not prevent a poorly written program from being downloaded or run on your computer, but it does reduce the chance of someone misrepresenting a program that is intended to be malicious or intentionally harmful.
You can specify different settings for how Internet Explorer handles downloading programs and files, depending on the zone it is coming from.
For example, you might be confident that anything you download within your corporate intranet is safe. So, you might set your security settings for your Local intranet zone to a low level to allow downloading with little or no prompting. If the source is in the Internet zone or the Restricted sites zone, you may want your security levels set to Medium or High. Then, you'd be prompted with information about the program's certificate before it is downloaded, or you may not be able to download it all.
Protecting your identity over the Internet
You can use a personal certificate to protect your identity over the Internet. A certificate is a statement guaranteeing the identity of a person or the security of a Web site. You can control the use of your own identity by having the private key that only you know on your own system. When used with mail programs, security certificates with private keys are also known as "digital IDs."
Internet Explorer uses two different types of certificates:
A "personal certificate" is a kind of guarantee that you are who you say you are. This information is used when you send personal information over the Internet to a Web site that requires a certificate verifying your identity.
A "Web site certificate" states that a specific Web site is secure and genuine. It ensures that no other Web site can assume the identity of the original secure site.
How do security certificates work?
A security certificate, whether it is a personal certificate or a Web site certificate, associates an identity with a "public key." Only the owner knows the corresponding "private key" that allows the owner to "decrypt" or make a "digital signature." When you send your certificate to other people, you are actually giving them your public key, so they can send you encrypted information which only you can decrypt and read with your private key.
The digital signature component of a security certificate is your electronic identity card. The digital signature tells the recipient that the information actually came from you and has not been forged or tampered with.
Before you can start sending encrypted or digitally signed information, you must obtain a certificate and set up Internet Explorer to use it. When you visit a secure Web site (one that starts with "https"), the site automatically sends you their certificate.
Where do you get your own security certificates?
Security certificates are issued by independent certification authorities. There are different classes of security certificates, each one providing a different level of credibility. You can from certification authorities.
Securely sharing personal information
Profile Assistant can save you from having to enter the same information repeatedly, such as your address or e-mail name, every time you visit a new Web site that requests such information. It does this by storing the information on your computer. None of this information can be viewed on your computer, or shared with others, without your permission.
When a Web site requests information from Profile Assistant, the request will tell you:
The Internet address of the site requesting the information.
What information the site is requesting from Profile Assistant, so you can exclude information if you want.
How this information will be used.
Whether this site has a secure connection (Secure Sockets Layer or SSL). If it does, you can verify the site's certificate.
You can encrypt your personal information, both when it is transmitted and as it is stored on your computer. For more information, click Related Topics below.
Using secure Internet sites for transactions
Many Internet sites are set up to prevent unauthorized people from seeing the information that is sent to or from those sites. These are called "secure" sites. Because Internet Explorer supports the security protocols used by secure sites, you can send information to a secure site with safety and confidence. (A protocol is a set of rules and standards that enable computers to exchange information.)
When you visit a secure Web site, it automatically sends you its certificate, and Internet Explorer displays a lock icon on the status bar. (A certificate is a statement guaranteeing the identity of a person or the security of a Web site. For more information, click Related Topics below.)
If you are about to send information (such as your credit card number) to an unsecure site, Internet Explorer can warn you that the site is not secure. If the site claims to be secure but its security credentials are suspect, Internet Explorer can warn you that the site might have been tampered with or might be misrepresenting itself.
