The Internet may feel like a place where you roam anonymously and privately, especially if you access it from your own home. However, with every foray onto the Internet, your computer and other computers actively exchange information. So just how private and secure are these communications? That depends primarily on the sites you visit and your Web browser's security features.
Security with Microsoft® Internet Explorer 4.0
Shopping
Banking and Investing
Viruses
Cookies
Privacy
ActiveX®, Java, and Certificates
|
Last Revised: 11/17/1998 |
Created by The PC Help Desk (Hughes Glantzberg) |
Security with Microsoft Internet Explorer 4.0
Microsoft® Internet Explorer v4.0 allows you to take full advantage of the powerful technology on Web sites you trust, while reducing the risk of harm from sites you don't know much about.
Security zones
You can do this by assigning sites to one of four security zones - local intranet zone, trusted sites zone, Internet zone, or restricted sites zone - and determining the level of security you want for each zone. Select from high, medium, or low security, or customize dozens of aspects of the security level of each zone.
More features
The security features of Internet Explorer 4.0 also let you do these things:
Sites to visit
Check out the Web sites of these organizations, which are concerned with Internet privacy and security issues:
How often do you hand your credit card to a waiter in a restaurant or give out your account number over the telephone when ordering products? Such actions probably pose a greater security risk than charging items online - at least from trusted Web sites.
Certificates
If you have doubts about providing your credit card number or other personal information to a company's Web site, check for the site's certificate. (With Microsoft® Internet Explorer v4.0, on the File menu, click Properties and then click Certificates.) A Web site certificate is an online document that certifies the site's identity so you know your information is going where you intend it to go.
Weighing the risk
There is a chance that a thief could intercept your credit card number as it travels from your computer to the Web site's server, but it's a faint possibility. In fact, it's much more difficult to carry out such a scheme online than it is in the real world where your credit card number is printed on statements and receipts that are mailed, filed, or thrown away. Some sites may work with your browser to encrypt, or encode, your transaction information so that, if it's intercepted, it can't be read.
Sites to visit
Check out the Web sites of these organizations, which are concerned with Internet privacy and security issues:
Online banks and investment services use encryption to protect the information in your transactions. Before information leaves the Web site's server for your computer, or vice versa, it's turned into code. After it reaches the appropriate destination, it's decoded. While the information travels over the Internet-where it may be vulnerable to being intercepted by someone with malicious intentions - it's essentially gibberish.
Two levels of encryption
Servers and Web browsers use 40-bit or 128-bit encryption. With 40-bit encryption, there are many billions of possible keys to unlock the code for each unique transmission, and only one of them works. With 128-bit encryption, there are 300 billion trillion times as many possible keys as with 40-bit encryption.
How to check for encryption
Microsoft® Internet Explorer v4.0 lets you know when encryption is in use by displaying a padlock icon along the bottom of the Internet Explorer window. Here's how you can find out a Web page's encryption level with Internet Explorer 4.0:
Sites to visit
Learn more about encryption from Wells Fargo Online. Browse the site for information about online banking, or search the site for the word "encryption."
Check out the Web sites of these organizations, which are concerned with Internet privacy and ecurity issues:
To protect yourself from viruses on the Internet, don't download files from sources that you don't know are safe. Viruses are usually hidden in programs and activated when the programs run. They also can be attached to certain other types of executable files, such as special-action Web files and video files.
Heed the warning
Generally, when you're about to download a type of file that could contain a virus, your browser will display a warning and ask whether you want to open the file or save it to disk. If you're confident that the file comes from a trustworthy source, you may want to open it. If you're not sure, you may want to cancel your download.
Check the certificate
One way to verify the identity of a site is to check whether it has a Web site certificate naming the site's originator. With Microsoft® Internet Explorer v4.0, you can check a Web page's certificate by right-clicking on the page, clicking Properties, and then clicking Certificates.
Use an antivirus program
There are many antivirus programs that can scan your computer for viruses, inoculate against known viruses, and maybe even repair damage caused by a virus. To get the benefit of such a program, make sure you run it as recommended (you may be able to schedule it to automatically scan your computer on a regular basis) and get updates to the program, which include information about new viruses.
Sites to visit
Visit the Microsoft Office Anti-Virus Clinic Web site.
Find out more about antivirus software from McAfee and Symantec.
A cookie is a small amount of information stored on your computer by a Web site - information that your Web browser sends back to the site whenever you visit it again. Usually the cookie is designed to remind the site of information about you - such as your password for the site or the customized background color you chose - so that your browsing is simplified.
They're usually harmless
Cookies are common and usually harmless. They can't be used to take information about you or your computer that you have not provided. But they can be used by certain services to create a profile of your interests based on the sites you visit. Then advertisements on participating sites can be customized for you.
Controlling cookies
With Microsoft® Internet Explorer v4.0, you can choose to be alerted whenever a server tries to give you a cookie:
You can choose to prohibit all cookies up front:
To delete cookies from your system, using Windows® Explorer, go to C:\Windows\Cookies and delete any files there.
Sites to visit
Check out the Web sites of these organizations, which are concerned with Internet privacy and security issues:
Any Web site you visit can tell who and where your Internet Service Provider is, what site you were last at, what Web browser you're using, and what you do while you're at the site. By asking you to register, a site can collect additional information from you, such as your name, E-Mail address, postal address, income level, and interests. It's up to you whether to provide this.
Are you listed?
If you're listed in the white pages of the telephone book, your name, address, and telephone number are probably in databases on the World Wide Web, available for others to search. For example, try looking yourself up in the Yahoo! White Pages or the InfoSpace directory. You may be able to find out if your name appears elsewhere by searching for your name using a search engine.
Take care with E-Mail
Theoretically, the postmasters and system administrators who relay electronic-mail messages could read your E-Mail if they wanted to. But so many E-Mail messages are sent each day that it's unlikely any particular message would be read. Still, you should know that employers have the right to monitor E-Mail you send using their computers, law enforcement authorities can monitor your E-Mail under certain circumstances, and courts can require you to produce E-Mail that relates to a court case. So it's a good idea not to say anything in E-Mail that you wouldn't want to have to say in public.
Newsgroups aren't Private
Messages you post to Usenet newsgroups are available to anyone on the Internet, and they are archived and can be searched, so don't think of them as private. Also, spam E-Mailers - those who send mass E-Mail messages - sometimes pick up E-Mail addresses from newsgroups.
Sites to visit
Check out the Web sites of these organizations, which are concerned with Internet privacy and security issues:
ActiveX, Java, and Certificates
Even if you don't intentionally download software from a Web site, elements of a site may download, run on your computer, and pose a potential security risk such as by unleashing a virus onto your system.
ActiveX
ActiveX® technologies allow software to be distributed over the Internet. You'll encounter ActiveX in the form of ActiveX controls, usually graphic items such as scrolling marquees, on Web sites. Think of them as small programs within the site that run on your computer. An ActiveX control can be digitally signed by its creator. Then a certifying authority such as VeriSign can certify the signature.
A certificate is your assurance that the control was safe when it was designed and that it hasn't been tampered with since. You can set your Web browser to enable, disable, or prompt you to decide what to do with ActiveX controls depending on whether they are labeled safe.
With Microsoft® Internet Explorer v4.0, you can automatically turn off ActiveX completely:
To be prompted before any ActiveX control is downloaded and executed, in the Internet Zone box, select Medium.
To set individual aspects of ActiveX control security yourself:
Java
Java is a computer language. Java-based mini-applications, or applets, can be downloaded from Web sites and run by Web browsers. Generally, these applets are limited in what they can do.
To disable Java with Internet Explorer 4.0:
Certificates
Digital certificates, granted by certifying authorities, signify that a Web site or element of a Web site has been digitally signed by its creator. A certificate lets you know who is responsible for the site or element, and verifies that it is free from malicious components (such as viruses) and has not been tampered with since it was certified.
When your browser is presented with a certificate, it checks its list of certifying authorities. If it finds a match, it allows your activity to continue. If your browser warns you that something is amiss about a certificate, your safest course is to cancel your activity.
Sites to visit
Read more about ActiveX, Java, certificates, and other Internet security issues at the Web site of the World Wide Web Consortium, especially its Security Resources and World Wide Web Security FAQ.
Visit the VeriSign Web site.
Check out the Web sites of these organizations, which are concerned with Internet privacy and security issues:
