WOT… is a community whose members exchange knowledge of websites: Can they be trusted? Are they safe to use? Do they deliver what they promise? If a site has a bad reputation, WOT will warn you – and save you a lot of trouble. By joining the WOT community you can protect yourself and help others. Our mission is to make the Internet safer by giving our users a way to share their experience of websites and the services they offer. WOT is a powerful tool – and it’s free! We have information on 21 million sites. Join us today and make the Internet safer for us all.

Sounds attractive, doesn’t it? I gave it a try for several days. In my experience, it wasn’t very useful for two reasons:

1. Firefox started crashing soon after installing the addon and returned to stability shortly after removing WOT. I have no idea why this happened, but I’m not going use any addon that behaves this way.

2. After installing the addon and creating my WOT account, I started providing feedback on the sites I visited. But with my web browsing habits, I guess I don’t go to sites dodgy enough to be a real concern. I rarely went anywhere that didn’t already have a trusted rating. And when I did, I already had a high degree of confidence it was a trustworthy, although obscure place. Very quickly, WOT became all work and no play.

Still, I probably would have kept contributing to WOT except for #1 above. Putting all this together, WOT isn’t ready for the average Internet user.

For our purposes, I think this page comes up a little short. For example, on the right-hand column is a short list labeled “5 Suggestions For Home Computer Users”. Here’s what they say:

1. Use an  anti-virus program (I suggest using “AVG Anti-Virus Free Edition”).
2. Keep operating system up to date.
3. Don’t open or download unfamiliar e-mail attachments.
4. Never send confidential information over e-mail.
5. Use a firewall (use caution; it’s easy to get overwhelmed using either ZoneAlarm, Comodo, or similar).

These are good ideas, but the implementation details aren’t directly linked. On this page I’ve fixed that for four of the five items.

I think number four is overly-broad and unrealistic for most people. I’ve spent about an hour searching for an existing page that would help, but I can’t find one. May just need to write it myself!

…in the last two years alone, cyber thieves have cost Americans more than $8 billion and that last year worldwide they stole data worth up to $1 trillion. He described how even his own presidential campaign network had been compromised last fall, with hackers gaining access to policy position papers and travel plans. (The Washington Post)

From a cyber defense perspective, in 2007 the US Department of Defense detected about 360 million attempted attacks against its computer networks. That’s up from just 6 million in 2006. The cost to defend against these attacks was $100 million over the last six months.

I have to say: If the DoD can’t keep cyber criminals out of its computers, what chance has an average Internet user?

To that end, I recently stumbled across this article on the Berkeley Linux User Group that tells Where to Buy a Preinstalled Linux Desktop/Laptop. This is useful for people who can’t (or won’t be bothered) to learn how to install and maintain Linux on their existing hardware.

I don’t have any experience with buying Linux pre-installed from any of these vendors (although in late 2000 I did buy Red Hat Linux pre-installed on a beige box from VA Linux, who is no longer in business). Most of the vendors on the Berkely list appear to be small businesses, so I would suggest finding one close to your home if you went this route. But I would feel comfortable trying Dell with Ubuntu based upon my 10+ years of using their Windows-based laptops.

• Matt Knox was motivated to write this piece of adware because he needed money; he wasn’t seeking fame nor pursuing any other agenda. It was just a job to him.

• The adware he wrote had many self-protective capabilities; it actively resisted efforts by the machine owner to remove it. Knox described using one particular advanced tactic: “We did create unwritable registry keys and file names” by exploiting backwards compatibility functions in Windows. This meant it was impossible to even see the adware’s registry keys with regular tools, let alone alter or delete them.
• It also removed any viruses and other adware that happened to already be present so as to have the resources of the machine available to do its work.
• The adware this guy wrote was typically installed by people who thought they were getting something useful for free (e.g., a funny screen saver).
• Knox’s company aimed for the biggest, easiest target: “Most adware targets Internet Explorer (IE) users because obviously they’re the biggest share of the market. In addition, they tend to be the less-savvy chunk of the market.”
• Here’s the obvious follow on question: “In your professional opinion, how can people avoid adware?” Answer: “Um, run UNIX.” (e.g., MacOS X or possibly Ubuntu Linux.)

Clearly, adware authors like Knox count on infecting those people using the dominant desktop operating system (Windows) and web browser (Internet Explorer) while at the same time relying upon old-fashioned confidence schemes.

For the “average” Internet user (and I have some stats on who this person is that I’ll share with you soon) I’d say the easiest way to avoid malware in general is to stop using Windows computers. That means they need to take up MacOS X or possibly Ubuntu Linux. If they buy certain netbooks, they will get an easy-to-use version of Linux that would give them the same protection.

If they can’t or won’t give up Windows, they need to switch to Firefox. And then install effective malware control software and adopt a more critical mindset that is more resistant to being swindled online.

As we go forward, I’ll have a lot more to say about how to avoid adware and all kinds of malware. What do you think?

Wikipedia says “Adware or advertising-supported software is any software package which automatically plays, displays, or downloads advertisements to a computer after the software is installed on it or while the application is being used. Some types of adware are also spyware and can be classified as privacy-invasive software.”

Take a look at the interview. There are sections that get a bit technical; skip over them if you like and you’ll still learn a lot. I’ll give you my reaction in my next post.

Given the audience, which I believe is similar to those I am trying to reach in this blog, I think the advice is reasonable and simple enough. Trouble is, the average Internet user probably won’t be able to follow every suggestion.

For example, here’s tip #3: “Control the privacy settings on your social-networking sites.” OK, now how do you do that? What settings, in particular, should be changed? Where do I find them? What values should I select? Without that site specific information, or a pointer to it, I doubt many people are going to know what to do. So the article seems to put a little wind in your sails to get you moving, then you abruptly come to a stop.

Taking a quick glance around, I’m overwhelmed by the number of details on social network privacy, such those provided by EPIC, the Electronic Privacy Information Center. I found one page at the Illinois State University site that appears authoritative to me, but how would an average Internet user know if it was reliable?

The upshot is I believe my blog would be more impactful if I provided authoritative advice on the technical settings you should make from your computer to guard against cybercrime. What do you think?