3 Basic Internet Security Rules

Versión en Español
2009 June 26

Rule #1: Delete unsolicited e-mail (spam) without opening (nor previewing) them

Today’s e-mail are not only text files but web pages with images and scripts. Scripts are small programs that let a web page interact with the user.

A common, simple and useful script that everyone knows

When trying to create an account to access a webmail service (for example, Hotmail) the web page can tell if you forget a required field.

First left click the "OK" button without writing your first name. Then write it and click again.

First name:    

Text is harmless, but scripts and certain types of images may contain malicious code (malware) that exploits vulnerabilities in the operating system (for example, Windows) to infiltrate in your computer.

Once infiltrated malware hides in your computer and it could, for example, send infected messages to your contacts once a week, or monitor your web browser and send a copy of all your usernames, passwords and credit card numbers to the malware’s creator every day, etc. All of this behind your back.

Would you let a stranger run a program in your PC without your permission?

Your web browser interprets and executes the scripts of a web page with or without your permission.

Examples of scripts that need your permission to run are  and this link. Go ahead, you can click them.

Examples of scripts that DON’T need your permission to run are this countdown   and the window that will open automatically when the count reaches 0.

Operating system vulnerabilities are fixed by its manufacturer (for example, Microsoft) through periodic updates (patches). It’s because of this that it’s so important to keep the operating system always up-to-date.

Malicious code in scripts and images can be executed by just opening the web page (or the e-mail message) that contains them.

Just because you can't see them doesn't mean they are not there!

Images in a web page may be hidden or transparent, you don’t see them, but your computer does.

An example of a transparent image is this one [].

Right click between the brackets and then left click "Save picture as…". Save it in your desktop and then open it. Your computer will recognize it as an image, even if you don't see it on this page.

Previewing a message is the same as opening it, so it’s better to turn off the preview pane of your e-mail client (for example, Outlook Express).

Remember

  1. Delete unsolicited e-mail (spam) without opening (nor previewing) them

Rule #2: Save files before opening them

When you receive an e-mail attachment, or download a file from a web page, save it in your computer before opening it. If you open the file directly it is possible that your antivirus cannot scan it.

Want to try it yourself?

Left click this link: MachuPicchu.pps.

Or right click it and then left click "Save target as...".

Most anti-viruses scan any potentially dangerous file as soon as you save it in your computer. But if you want to make sure, scan the file manually (right click the file and then left click the scan option) before you open it.

Remember

  1. Delete unsolicited e-mail (spam) without opening (nor previewing) them
  2. Save files before opening them

Rule #3: Make sure links go where they say they go before following them

The text of a link (where it says it goes) and its destination address (where it truly goes) are not necessarily the same. To make sure, hover your mouse pointer over the link and watch the destination address in the status bar of your web browser.

Or right click the link and then left click "Properties".

Important!

When you receive an e-mail message with a link that says go to your bank’s web site, don’t click it. Better go to your bank’s web page writing the address yourself. It doesn’t matter if the message looks legit, it doesn’t matter if the sender address is correct. All of this can be forged.