FWIW: your Logo shows nonexistant dice; the opposite faces of a die add up to 7, so you can NEVER simultaneously see the 3 and the 4.

Stu Savory

I think you missed the point here. Having that little “lock” does not guarentee security, and that’s what Bruce was trying to get across. All it means is that the connection between the browser and the server is encrypted. It doesn’t mean the data will be secure after the server gets it.

I’ve personally applications that e-mailed credit card data in plaintext from our coloed web server to the person that would process the card number. We were running SSL, so our users expected the card data to be safe. Obviously, this wasn’t the case at all.

Screensavers are NOT SAFE. This includes MP3 downloading programs, like Kazaa

Since when are P2P file sharing programs Screensavers?

Matthew: sorry for the poor paragraph structure. I listed three things that said “This includes…”, then explained something after each one. Hope that makes sense.

Timm: I agree. Good point.

Stu: I haven’t found that they regard each other as malware, but I will try to check that out when I get home. I tend to use those two to get ‘good coverage’ in most situations, and haven’t had any problems running them. I have had the ‘impossible dice logo’ thing pointed out to me a couple of times. Thanks for the notice anyway.

To any visitors from Metafilter who believe I misread the audience: You may be right about those who subscribe to his RSS feed. Let’s look at how he addresses this post: “I am regularly asked what average Internet users can do to ensure their security.” Average Internet users are the ones for whom Microsoft now blocks read access to Windows system directories, the Program Files subdirectory, and more. When I think about average Internet users, I think about all the experiences i’ve had with people wandering their hard drives trying to delete random executables and dll’s they find, simply because they didn’t know what they were doing there. That’s the type of user i’m worried about, and also incidentally the type of people that everyone seems to want to show these instructions to.

The microwave part was stupid, but the shredder advice was sound. Note that he mentions “better shredder.” He should have been explicit, however, and told the user to check beforehand to make sure their shredder is rated for CDs and DVDs.

It is relatively easy for home Internet users to stay virus and spyware free. Neither my wife nor I have had viruses or spyware on our machines in the 20 years we’ve been using computers. It just takes a little common sense to avoid 90% of the behaviors that lead to this (such as downloading screensavers or clicking on attachments).

Thank you as well for your comments. I’m happy to see some actual real people posting comments, as opposed to all the spam I usually clear out with mt-blacklist. In any case, I understand why you and others feel that i’m talking to the wrong audience.

However, I believe that there are people of all sorts of skill levels out there. Those who take sensible precautions and have good habits, like yourself, won’t have massive spyware and virus problems. I have no doubt that there are virtually no “average Internet users” reading my blog, other than my friends.

The crowd i’m addressing are those people who might read Bruce’s directions, and put them into practice without being particularly careful or knowing what they’re doing. When I thought about the damage they could cause by following some of his instructions without the appropriate foresight or background knowledge, I felt compelled to write about why those directions might not be such a good idea, so that people who know “just enough to be dangerous” think twice before doing these things themselves, or even worse, start spreading this around those who are even less knowledgeable. Judging from the amount of people who immediately posted on metafilter about how they were going to print it out for their families, I fear I may have blogged in vain.

With respect to the shredder, he does suggest that it should be a some sort of heavy duty shredder. But in light of the ‘audience’ issue i mentioned above, the danger isn’t the people who have a heavy duty shredder, but those who are willing to try it on their shredder just to see if it works.

In any case, thanks for the comment! I’m happy to hear about why certain parts of my post misaddress the issue, or aren’t valid, or even how my dice on the logo are impossible.

Many thanks for a very useful and timely post. I had already recommeded Mr Schneier’s list on my own site, but have now put in an update so that my less-technically-able friends don’t charge in and start breaking things. I – and probably most reasonably technical people – read “if you no longer need it, uninstall it” as good sound advice to use the “Remove” part of “Add/Remove programs” as well as the “Add part”, but having been in front-line tech support roles at various times in my life I should have remembered that people are likely to read it as “delete everything you don’t understand”.

Cheers!

Giles

Before you enter in your password somewhere, make sure that there’s a little “lock” icon in the bottom part of your browser.

I have seen a fake paypal site that makes a realistic looking “lock” icon using images. To be safe one must type and address into the browser manually. Copying and pasting the address is generally safe.

FWIW: your Logo shows nonexistant dice; the opposite faces of a die add up to 7, so you can NEVER simultaneously see the 3 and the 4.

you nerd