Tips for Avoiding Computer Crime

Copyright 1999-2000, 2002, 2004, 2012 by Ronald B. Standler

Table of Contents

1. Password
2. Anti-Virus Software
        attachments in e-mail
3. Firewall
4. Avoiding Harassment and Phishing
5. Backups
6. Other techniques
        Disabling Features in Microsoft Windows
7. Wireless Networks
8. Links to other sites
Recommended books


These suggestions are a companion to my separate essay on computer crime in the USA. These suggestions are like installing high-security deadbolt locks on doors of an office or home. There is no warranty that following these suggestions will prevent one from being a victim of computer crime, but at least one can make it a little harder for a criminal, and maybe the criminal will find an easier target.

This essay contains only my personal opinions on the general problem of computer security, and is not intended as advice on your specific problem. You should hire a competent expert in computer security to review your situation and then advise you.

1. Password

To access an online computer service or Internet service provider (ISP) one needs both a user name and password. ISPs typically select a user name that is the same as the last name of the subscriber. This means that user names are easy to guess, therefore one must be especially careful with the password.

Select a good password:
Having chosen a good password, do not write it down, and do not tell anyone what it is. (Get a separate account for your spouse, each of your children, each of your co-workers, .... so that no one shares passwords.) This rule can create a problem if you die or are incapacitated, so perhaps you should write it down once: on a sheet of paper that you keep in a bank's safe deposit box (for your personal account) or in a safe in the corporate office (for the company's computer).

When you get a new computer account, it will come with an initial password, which password was probably randomly chosen. Follow the instructions from the system administrator for choosing your own password, and change the password. The initial password may have been seen by someone who gave or mailed it to you.

Use a different password at each website, service provider, or computer account.

Changing your password every few weeks is standard advice from computer security experts. However, changing your password every few weeks also makes it easier for you to forget your password. You need to decide if it is worth the bother of changing passwords every few weeks. If you do forget your password, you will need to contact a system administrator, prove that you really are the official user, and get a new initial password assigned.

Many users store their user name and password in a logon script on their hard disk in various programs: e-mail (e.g., Eudora), webbrowser (e.g., Netscape), terminal emulator (e.g., Procomm), and modem control programs (e.g., Trumpet Winsock). This storage of user name and password is convenient, as it automates the logon process. However, if you store your user name and passwords in logon script(s), then:
Nearly everyone has private data (e.g., medical and financial data on a home computer; business secrets on a computer in the office) on their machine. The same suggestions about a password in BIOS and a password in a screen saver apply if you have confidential or proprietary information on your computer. However, unlike changing online account passwords, there is no easy way to destroy the value of confidential data in files on a stolen computer. Users with very sensitive data (e.g., military secrets, major trade secrets) should encrypt all of their data files.

2. Anti-Virus Software

In the 1980s, computer viruses were generally passed from one user to another user via floppy disks. Hence, users in the 1980s did not need anti-virus software if they both (1) only purchased software from reputable sources and (2) never copied programs from floppy disks provided by their friends and colleagues.

Three developments in the 1990s made anti-virus software essential for all computer users:
  1. It became common to distribute software and updates via downloads from the Internet,
  2. hackers developed viruses that were delivered inside macros for Microsoft Word, which malicious macros could be hidden inside a document sent by e-mail, and
  3. hackers developed malicious computer programs that were commonly distributed as attachments to e-mail: clicking on the attachment executed the malicious computer program and infected the victim's computer.
Since everyone uses e-mail and nearly everyone will download executable software from the Internet, everyone should have a good anti-virus program running on their machine.

Because an anti-virus program will likely object to the installation of any new software, the user should disable anti-virus program before installing new software. Of course, before temporarily disabling the anti-virus program, use the anti-virus program to scan the distribution files (e.g., CD-ROM, floppy disk, or *.exe file downloaded from the Internet) for viruses. Do not forget to enable the anti-virus software after you install new software.

It is not adequate to purchase anti-virus software with a new computer, install the anti-virus software, and forget about that software. The virus definition file for the anti-virus software should be updated periodically, because new viruses are discovered every day. How often you should update your virus definition file is a complicated question: the answer depends upon your tolerance for risk, how you use your computer (i.e., receiving e-mail or downloading software from bulletin boards is risky), and which operating system you use.
  1. If your computer runs a 32-bit Microsoft Windows operating system (e.g., Windows 95 or later), then I suggest that you update your virus definition files at least once every day.
  2. If your computer runs an Apple operating system or Linux, then I suggest that you update your virus definition files at least once every month.
Of course, when there is an epidemic of a new virus reported in the news media (particularly a virus spread by attachments in e-mail), it would be wise to update your virus definition files as soon as the developer of your anti-virus software revises their virus definition files to recognize the new virus, and daily thereafter until variants (copycats) of the new virus stop appearing.

I have seen estimates that, as of the year 2001, there are only about 80 known viruses or worms that are specific to the Macintosh operating system. (Compare this to more than 61000 viruses and worms for Microsoft Windows known in May 2002.) An exact number of viruses and worms is not possible, because of uncertainty about how to count variants of a virus or worm. As a consequence of this relatively small number of viruses for the Apple, it is probably adequate to update the anti-virus definitions for anti-virus software on an Apple computer every month. This suggestion is in contrast to advice for users of the Microsoft Windows operating systems, where daily updates of anti-virus definitions are prudent.

Owners of an Apple computer who also use Microsoft Word wordprocessing software (versions Word6 and higher) are vulnerable to macro viruses that use Visual Basic for Applications, which also affect computers running a Microsoft Windows operating system.

attachments in e-mail

As a virus, worm, or other malicious program can be transmitted via an attachment to e-mail, one should rigorously follow three rules:
  1. Never open an executable attachment (e.g., an attachment with a file name ending in .exe or .vbs, amongst many other types) in e-mail without first knowing the contents and source of this file. There is no harm done in waiting a few hours or a few days to contact the person who sent the e-mail and learn the contents and source of the attachment. The Melissa and ILOVEYOU incidents, on March 1999 and May 2000, emphasize that you can receive malicious programs from a person who you know and trust, since that person could be a victim of a malicious program that automatically sent e-mail in his/her name.

  2. Never open any attachment from an unknown source. Simply reply to the e-mail and request that the sender send the attachment as plain ASCII text in the body of the e-mail. Or, if the e-mail is obviously junk, delete both the e-mail and the attachment.

  3. Be cautious of any attachment that has a double file extension, especially when the rightmost file extension is an executable file type. (A file extension is a three-letter code at the end of a filename [e.g., .htm, .doc, .exe, .txt, etc.], that indicates the type of file.) Examples of dangerous double file extensions are:
    where "filename" can be any sequence of letters and numbers. Files with such dangerous double file extensions are executable programs (perhaps malicious programs) that are pretending to be a picture, a document, text, or a webpage. This list of dangerous double file extensions is not complete, because there are many different permutations of a nonexecutable file extension on the left with an executable file extension on the right, and because there are more than sixty executable file extensions in Microsoft Windows.

Note: the text of e-mail containing malicious programs often contains ungrammatical text, punctuation errors, or misspelled words, because the author is a non-native speaker of English. Such mistakes in English text in an e-mail apparently from a native speaker of English should alert the reader to the possibility of e-mail from a forged address, which may contain a malicious program.

3. Firewall

It is good practice to erect a "firewall" between parts of a computer system that an external user can access (e.g., via modem or Internet or voice mail) and parts that are supposedly accessible only by a local user. Many hackers run programs that randomly search the Internet and probe ports on computers that are connected to the Internet. If the hacker finds a port that is "open", the hacker might be able to access that computer and view/alter/delete files on that computer. Worse, hackers may also hijack the victim's computer and use it to launch their illegal attacks on other computers.

Some hackers randomly search the Internet, probing ports controlled by a malicious program called SubSeven. When the hacker finds a computer that contains SubSeven and is not protected by a firewall, the hacker can access the victim's computer through the backdoor provided by SubSeven. The SubSeven program was first detected in June 1999, and there are many similar programs in existence, for example, the Back Orifice program that was first detected in August 1998.

When I first installed firewall software on my computer that I use only for e-mail and webbrowsing, just 14 minutes later, someone in Atlanta, Georgia tried to probe the FTP port on my computer in Concord, NH. During 21 hours of my use of the Internet at the end of February 2002, there was an average of approximately 1½ attempts/hour to probe a port on my computer. That statistic convinced me that firewall software is prudent on every computer connected to the Internet. In March 2004, there was an average of 57 attempts/hour to probe a port on my computer. This dramatic increase in the number of attempts per hour to access my computer shows that the Internet is becoming a more dangerous place and that firewall software is necessary for a secure computer.

separate machines

Now that computers are relatively inexpensive (e.g., less than US$ 1000), I believe that it also makes sense to have totally separate and isolated machines for external access. The cost of having a separate computer that is dedicated solely to receiving incoming modem connections and requests from the Internet (i.e., e-mail and webbrower software) is offset by the increase in security with minimum inconvenience to authorized users inside the building. When a secure computer and a computer for external access are in the same building, communications between them should be via floppy disk or rewritable compact disk, not via wire or cable.

For example, this document that you are reading was obtained via the Internet from a computer in Pittsburgh, which provides webhosting service, for which I pay a monthly fee. I wrote this file, and the current archive version resides, on a computer in my office, which is 750 km from Pittsburgh. Whenever I make a revision to one of my essays, I upload a new copy from my office computer to the webhosting computer in Pittsburgh via file transfer protocol (FTP) on the Internet.

Here are some hints about how to make a computer secure from incoming commands:

more important to have firewall on computers
with wideband Internet connection

During the 1980s and early 1990s, communications between computers in different places were made by an analog modem that connected to an ordinary voice-grade telephone line. The state-of-the-art analog modem in 1998 (i.e., using the V.90 standard) could download data at 56000 bits/second and upload data at 36000 bits/second. With compression (i.e., using the V.42bis standard), effective download data rates of more than 120000 bits/second were possible on an ordinary voice-grade telephone line. Each time the user wanted to connect to the Internet, the user would need to have the computer's modem dial the local access number of the Internet Service Provider (ISP) and establish a connection, a process that takes about 30 seconds. The ISP then assigns the user a numeric IP address for that one Internet session. This IP address is known as a "dynamic IP address", because it is different for each session. If the user does not send/receive some data over the Internet during some period of time (e.g., ten minutes), the ISP will automatically disconnect from the telephone line and sever the user's connection to the Internet.

Beginning in the late 1990s, it became common to connect computers to the Internet via cable television lines or on DSL telephone service, which have a much higher download data rate, so-called "wideband" service. The cable or DSL service is always connected to the Internet, unlike the modem on an ordinary voice-grade telephone line. Specifically, the ISP assigns the user an IP address that is either constant or rarely changed, a so-called "static IP address".

Cable or DSL makes a user more vulnerable to intrusions by hackers in two different ways:
  1. The static IP address allows a hacker to return to the victim's computer, once the hacker has found that victim's computer has no firewall or an ineffective firewall.
  2. If a computer is on all the time, hackers have continuous access to that computer, since cable or DSL is always connected to the Internet.
For these reasons, firewall software is more essential if one uses either cable television or DSL for an Internet connection.

4. Avoiding harassment

For casual on-line activities, you can establish a free e-mail account at Yahoo, HotMail, or some other provider, and use an alias for that account. If someone harasses or stalks you, then you simply close that account and chose another alias. In other words, you adopt a disposable identity for your life in cyberspace.

Never give out your real name, address, city, telephone number, or other identifying information to a stranger in a chat room, computer bulletin board, or other public place.

Obviously, this simple solution has disadvantages. I use the Internet to post essays and – I hope – attract clients who need my services as an attorney or scientific consultant. I wouldn't get many clients if I used an alias like "CyberRocket" or "Wolverine" at my website. <grin>

Avoiding Phishing

The only connection between phishing and computers is that modern phishing uses e-mail and a bogus website to get a gullible person to disclose personal financial information to criminals. That having been said, it is worthwhile to alert people to the existence of phishing.

People first encounter phishing when they receive a fraudulent e-mail that typically purports to be from a bank, credit card company, or other financial institution. The e-mail might mention something about your account is suspended until you "verify", "update", or "validate" some information. The e-mail invites you to click on a link in the e-mail. The link typically takes you to a webserver located in a foreign country and operated by criminals, who display webpages with the logo and trademarks of a bank, credit card company, or government agency, which makes the webpage appear legitimate. (It is trivial for people familiar with HTML and webbrowsers to download some webpages from a legitimate financial institution, make some changes to the text, then upload those bogus webpages to a criminal's webserver. The bogus webpages really do appear legitimate because much of each bogus webpage is an exact copy of the real institution's webpage.) The bogus webpage asks you to supply your account numbers, passwords, and other personal information (e.g., Social Security number, date of birth, mother's maiden name) that can be used to fraudulently access your financial accounts and perpetrate identity theft crimes.

Citibank has been a popular target for phishers. In response, Citibank posted a webpage on some specific phishing e-mails.   The U.S. Federal Trade Commission (FTC) also has a consumer alert on the subject of phishing.   There is also an industry antiphishing working group.

5. Backups

If a computer virus or an invading hacker deletes your files, or either one corrupts your files, the easiest way to restore your computer may be to reformat the hard drive(s) and then copy files from a recent backup. Backups also offer protection from more common (and less exotic) threats such as accidental deletion of a file by an authorized user or failure of a hard disk drive.

Because making a backup is a chore that takes anywhere from a few minutes to more than an hour (depending on the amount of files copied to the backup medium and the speed of the backup device), and because backup copies are rarely needed, most users do not make backups as frequently as they should. The interval between backups should be determined by the amount of data files that you can afford to lose.

One should carefully choose a backup medium that will be readable ten or twenty years in the future. For example, in the mid-1980s, a common backup medium was either 5¼ inch floppy disks or — less commonly — a tape cartridge.

Floppy disk drives for 5¼ inch floppy disks became obsolete in the early 1990s. The Windows98 operating system, and subsequent Microsoft operating systems, have no support for such floppy disks.

There are many different kinds of tape cartridges and different formats for each of them. If one purchased a tape drive in 1991, and that computer and tape drive were destroyed in 1998, there is no assurance that one can find a compatible tape drive in 1998 or 1999 that will read one's "old" tapes.

Since the year 2000 I have used backups to CD-R, and more recently to DVD-R, optical disks. For archival backups, I use recording speeds of 2X or 4X, and high-quality disks (e.g. Imation "Business Select" or JVC/Taiyo Yuden disks with Hard Coat).

There are a number of other methods for making backups that are mentioned in instruction manuals for backup devices or backup software, or in comprehensive computer user manuals sold at bookstores. For users with large numbers of files, or with backups to media with a small capacity, it is useful to make three kinds of backups:
  1. A full backup of all files at least twice each year, and immediately after completing a major project (e.g., writing a book).
  2. An incremental backup of only those files that were changed since the previous incremental backup. After I make a full backup, I reformat the disk that I use for incremental backups.
  3. An archival backup: a full backup of all files to newly formatted virgin media. Activate the write-protect feature on this disk or tape cartridge and never write to it again. Use a permanent marker to label this archival medium with the date of the backup and name of the computer.

However, most users can simply do a full backup of all of their data files (e.g., wordprocessing documents, e-mail, downloaded documents, photographs, etc.) once or twice a month.

If the only threat was a computer virus or attack by a hacker, it would be adequate to store all of the backup media in the same room as the computer. Because there are also threats of fire, burglar, tornado, etc., one should also make a backup for offsite storage, such as in a safe deposit box at a bank. Archival backups are particularly well suited to offsite storage, since they are rarely needed.

Most backup strategies involve reusing the media that are used for full and incremental backups in some kind of rotating scheme. Suppose some problem (e.g., corruption of file by a computer virus or malfunction of hardware or software) occurs with old, infrequently used data or document files. One might not detect the damage to these files until after copies of recently corrupted files had replaced all of the earlier copies of good files on the rotating backup media. That is why archival backups are necessary: one can then restore files from an archival backup medium that was recorded several years ago, prior to any damage.

The cost of backup media is so low (e.g., typically less than US$ 1 for one recordable CD or DVD) compared to the value of the data, that it is reckless behavior not to make an archival backup at least several times each year.

6. Other techniques

Because Microsoft bundles an e-mail program, Microsoft Outlook Express, with their operating system, this e-mail program is commonly used. Hackers write malicious programs (e.g., the Melissa virus that struck on 26 March 1999) to use the victim's e-mail address book in Microsoft Outlook, knowing that such a malicious program will cause havoc on most personal computers, because of the popularity of Outlook. Similarly, hackers have written macro viruses that affect the Microsoft Word wordprocessing program. One can avoid being a victim of many malicious programs simply by refusing to use any Microsoft applications software, but instead installing software from other companies (e.g., Eudora for e-mail, WordPerfect for wordprocessing). Avoiding Microsoft applications software makes sense, because of both features of Microsoft products and the immense popularity of Microsoft's applications software, which makes Microsoft's application software a tempting target for hackers who design malicious programs. Prof. Dorothy Denning, an expert on computer security at Georgetown University, agrees that avoiding using Microsoft applications software provides some immunity from malicious programs and she personally follows that practice. Despite the known vulnerability of Microsoft Outlook to attacks like the Melissa virus that struck on 26 March 1999 and the ILOVEYOU worm that struck on 4 May 2000, Microsoft waited until 16 May 2000 before beginning to release a patch to their Outlook program that fixed some defects in security.

While it is possible to write malicious programs to attack users of the Apple Macintosh operating system, only about 5% of desktop computers run the Apple Macintosh operating system, which small market share discourages hackers.

In the Windows98 operating system, the default location for most applications programs is a subdirectory inside C:/Program Files.   A hacker designing a malicious program to use a victim's e-mail address book or document files could simply assume that the victim used the default location for these files. One might frustrate such hackers by installing applications programs in a nonstandard location, for example, put WordPerfect in D:/wordproc and put Eudora in D:/mailprgm.   (An additional benefit of partitioning a disk drive into C:   D:   E: before installing the Windows operating system is that one can put the operating system on the C: drive, all applications software on the D: drive, and all data files (including the disk cache for the Netscape browser) on the E: drive. One can make daily backups of the E: drive, because files change or are added to the E: drive every day that the computer is used, and less frequent backups of the C: and D: drives.)

Declare your computer and software on your homeowner's or business property insurance policy.

Use the latest version of e-mail and Internet browser software, operating system, and anti-virus software. Install the patches that are released between versions, to avoid security holes and other problems.

Before disposing of an old computer, by donation or sale:
  1. delete all data and document files.
  2. delete all application programs (to avoid software piracy).
  3. run WIPEINFO, in Norton Utility for DOS version 8 (or the corresponding version for the Apple Macintosh), to overwrite all of the free space on the hard disk, thus making it difficult to recover your data and document files.

WIPEINFO is necessary, because the delete command only changes the first character of the file name in the file allocation table (FAT) on the disk; the delete command does not remove the information in the file from the disk.

If you are tossing an old computer or hard disk drive in the trash, first disable the hard disk drive. You can use a hammer and chisel to remove some of the integrated circuits from the disk controller that is attached to the hard drive, or you can remove the hard drive from the computer and smash it with a hammer.

The design of a logon screen should include a notice that unauthorized use is prohibited by law. One might refer to the state (or federal) statute and mention the maximum penalties, in an attempt to deter people. On the other hand, making the notice too strong (i.e., reference to secret, proprietary, or private information inside the computer) may be a double-edged sword, in that it may entice a hacker by increasing the thrill.

Disabling Features in Microsoft Windows

Some optional parts of the Microsoft Windows 95, and later, operating systems make a computer vulnerable to harm by malicious programs. For detailed instructions on how to disable some of these parts, see: There are two separate issues:
  1. There have been an alarming number of security flaws in both Microsoft Windows operating systems and Microsoft applications software (e.g., Internet Explorer web browser, Outlook e-mail program), as well as macro viruses for Microsoft Word.
  2. Prof. Fred Schneider in the Computer Science Department at Cornell University speaks of a "monoculture". When nearly everyone uses the same operating system and same applications, then nearly everyone is vulnerable to the same viruses and worms, which makes these viruses and worms propagate more rapidly. A monoculture exacerbates security vulnerabilities in software, as well as stifles competition (i.e., the usual economic arguments against monopolies).
I have never used any Microsoft applications software. And, in May 2002, with the above two points in mind, I abandoned the Microsoft Windows operating system too. Instead, I now use an Apple computer for my websurfing and e-mail.

7. Wireless Networks

A local area network is popular in businesses, because it allows computers to share files without using a modem and because it allows multiple computers to use a single printer. Conventional local area networks in the 1980s required coaxial cable to be strung between computers and printers on the network. Recently, it has become popular to use a so-called "wireless network", in which computers and peripherals communicate via low-power radio transmissions.

However, wireless networks have an obvious security problem. Radio transmissions do not magically stop at the exterior walls of the building. Anyone with an antenna and amplifier can intercept communications on a wireless network, which raises the possibility of both privacy violations and industrial espionage. It is easy to imagine someone sitting in a van in a parking lot with a high-gain Yagi antenna and a laptop computer, intercepting communications from a wireless network inside a nearby building.

If you want to use a wireless network, at least: Personally, I refuse to use wireless networks, as I don't want to risk my clients' confidential data on such networks.


In the year 2002, a new kind of malicious computer program appeared, which is automatically installed when one visits certain websites (e.g., file-sharing services), click on some pop-up adverts, or click on some attachments in e-mail.

The more benign spyware programs track the websites that you visit and send you adverts that are considered appropriate for your interests, which is an invasion of your privacy.

The worst of the spyware programs record your keystrokes, particularly looking for your passwords, user names, credit card numbers, and other confidential information. Your information is then available to whoever controls the spyware.

There are many computer programs that are designed to search your computer and remove spyware. Unfortunately, reviews in computer magazines show that none of these anti-spyware programs are successful in removing all known spyware.

A better way to avoid spyware is simply to chose an operating system that is not 32-bit Windows (i.e., avoid Microsoft Windows 95/98/NT/Me/2000/XP/...).

8. Links to Other Sites

I have moved the links that were formerly here to a separate webpage.

I no longer provide links to sources of anti-virus software, firewall software, and spyblocker software for the Microsoft Windows operating systems. Every computer that is connected (even temporarily) to the Internet should have both current anti-virus software and firewall software installed.

Nearly all computer viruses, worms, and spyware target operating systems in 32-bit Windows family (e.g., Microsoft Windows 95/98/NT/Me/2000/XP/...). Choosing an operating system that is not 32-bit Windows gives immunity from most of these viruses and worms.

I have moved the links for anti-virus software and firewall software for the Apple computer to a webpage at my personal website:

Who Is?

After you install a firewall, you will probably be curious about who is probing the ports on your computer. You can type either the numeric IP address or the domain name into one of the WhoIs databases.

recommended books

Dorothy E. Denning, Information Warfare and Security, Addison-Wesley Publishing Co., 1998.

Dorothy E. Denning and Peter J. Denning, Internet Besieged, Addison-Wesley Publishing Co., 1997.

Peter J. Denning (editor), Computers Under Attack, Addison-Wesley Publishing Co., 1990.
A collection of reprinted articles from computer software journals, mostly from the 1980s.

Peter G. Neumann, Computer-Related Risks, Addison-Wesley Publishing Co., 1995.
A collection of terse anecdotal reports in book format.
Dr. Neumann moderates the online Forum on Risks, the current issue of which is posted at SRI's website. An archive of issues back to 1 Aug 1985 is available at Lindsay Marshall's website at the University of Newcastle upon Tyne.

True stories of detecting hackers:
  1. Cliff Stoll, Cuckoo's Egg, 1990. (Pursuing a German hacker, who conducted espionage for the KGB.)

  2. Tsutomu Shimomura, Takedown, 1996. (Pursuing Kevin Mitnick, a fugitive career computer criminal who made the mistake of hacking into Shimomura's personal computer.)


When a criminal perpetrates a crime, his attorney is likely to say that the criminal did everyone a favor by calling attention to lapses in security of computers. It is a criminal defense attorney's job to put the best possible spin on the client's horrible activities. However, recognize that "blaming the victim" for the crime is a cheap shot. Even if the victim behaved in an imprudent way, a victim never invites a crime.

I want to make clear that there are two completely separate issues: (1) prosecution of perpetrators of computer crimes and (2) steps that a computer user can take to avoid being a victim.

Most of the really effective steps that a computer user can take to avoid being a victim of crime make the user's computer less convenient to use. Each user must balance for himself/herself how much security is enough, especially when faced with daily inconvenience of high-level security measures vs. the rare occurrence of attacks. Further, the user must be aware that a determined and creative criminal can defeat nearly any security measure, so complete security is not possible.

this document is at
created May 1999, last revision 27 Aug 2004, links updated 25 Nov 2007, backup section revised 3 Aug 2013.

My essay on computer crime.

return to my homepage