This next section addresses your "spyware" concerns and general information on keeping those private files private.

If you have any questions or comments you would like to be discussed or even added here, please email support@conecta4.com, this way we can work it out or even add it to this "section" enabling others that have also wondered about the same issue to find help.

Q. What is “spyware”?

A.“Spyware” means either programs or files that, to put it simply, SPY on you. They spy on your behaviour, what files you download, what pages you visit, etc. Spyware is the WORST thing that can ever happen to your online privacy. And you know what? Spyware is perfectly legal awe guess that about 85% of all internet users have spyware on their system. Spyware is used (according to their creators) to “follow how their services are being used so that they can provide better services in the future and build a statistics from user behavior”. So, in other words, to build a very detailed profile on you and use it for marketing purposes. In your point of view, there is NOTHING good on having spyware in your system, and there are plenty of alternatives to spyware-embedded software.

Q.Ouch! How can I get rid of this spyware?

A.Its easy! First, go to http://microsoft.com and download Microsoft Anti SpyWare. Its 100% free and for sure its the best defence out there at the moment. Second, secure your Internet Explorer (or other browsers) settings so you don't get it in to your computer again. You might have dozens of spyware components inside your computer, but don't panic! Anti SpyWare gets them all. And again, remember to check for updates from their site every now and then…and set it to run automatically! Also please take the time to learn about the system tools side of this program, it can be a great help for a multitude of operation issues...

Q. What are "webbugs"? Are they spyware too?

A.Not exactly, but... Webbugs are usually very small, practically invisible pictures that are installed into web pages or sent in emails. The trick is that the webbug gets the actual picture from a web site, and while it does that, the owner of that site knows about it. They can get your IP-address with this trick or give you cookies to further profile you. There are a couple programs available that block this, but the main thing to remenber here is if you don't accept cookies from unknown sources, don't allow images from third-party web sites or in emails, and in general don't read spam email, webbugs are pretty harmless. If you dont...well, just imagine...

Q.What about viruses or worms or Trojans or bots? What are they? What should I do about them?

A.In short: they are malicious programs that can spread from or to your machine and do serious damage, or they can be used to attack someone else's computer using YOUR computer and internet connectin to do it! They can destroy or send your documents and other files across the internet. They are a serious privacy, security and stability threat! This is the part where you need some money. Buy a good anti-virus program; we recommend Norton Anti virus…and remember keep their virus databases updated and check the settings too! They don't give you much protection if you just install and forget them! Check the settings! Update!

If you want a free program, I recommend choosing AVG , its good and it gives you excellent protection. Free versions are only for US and UK citizens so look closely...

Another free Anti virus is AVAST . It does not have restrictions so any home user can use it.

Panda online Anti virus scan is afree online Anti virus scan. Its always updated. You don't have to install anything, the whole scan is run from a www-page!

Q.Is there anything I can do to prevent these viruses, worms and trojans from attacking me?

A.Yes !lots.. First of all, viruses don't suddenly just jump into your computer. You (or the person using the computer) have to run them before you can get infected! The most typical way of getting infected is via email; ie. you get email from a friend of yours or from someone you don't know…and there is an attachment along with the email…and you execute that attachment! The fact that the email seems to come from a friend of yours doesn't mean it doesn't have a virus inside! In fact, most of the viruses come from the people you know, because they spread by using the hosts address book.

Also, there has been numerous bugs in browsers, email and server software that have allowed viruses to be run without users doing anything! Code Red worm, for instance, spread by scanning for un patched servers and infecting them directly from the internet! Windows have had similar worms every now and then, so its crucial to have some kind of firewall running to prevent all not-wanted inbound traffic! Also, java script"exploits" can be found in many web pages. This is dangerous since they can also be exploited by using html email. They will execute by just you watching he email message! It is highly recommend that you read all email as plain text (you can adjust this in Outlook Express in "Read" page in the settings) and/or disable the preview panel (you can disable it in Outlook Express in "Layout" setting"). For security perposes it is recomended that you use some other email client than Outlook Express and a browser other than Internet Explorer. We recomend both Firefox and Opera equally.

So once again, it is very important to keep your software updated and take care of your security in ALL layers. Security is only as strong as the weakest link!

Q.How do I know it's a virus and not some harmless file I should execute?

A.First of all, if its your friend who's sending you something, I'm sure he/she would mention it in the email, right? And if the email itself sounds like one that comes from him/her, ie. it says:”Hi Jeff! Here's the document about our projectX that we talked about, see it yourself and tell me whether you like it or not. See you at the office Tuesday! Marty.” Typical virus-email might have the message like:”CHECK THIS OUT! Great one! by:X” or “Important patch from Microsoft.” or “This joke is great! Read it!”… Either way, its something that you are ABSOLUTELY NOT expecting from the person you are dealing with. If you are not sure whether or not to open the attachment, how about sending this friend of yours the email back and asking him/her what is that attachment…if he/she don't know FOR SURE what it is, don't open it! Delete the whole email. And if you don't know who the sender is, don't, under ANY situation, open the attachments inside, no matter what they say in the email! Don't give a hoot about it even if was sent to you by Tony Blair , just ignore the email and delete it!

Be especially careful with files that have double extensions like README.TXT.bat or similar. Never open any such files. Or files that have very bizarre names like some (F2FLSWOC2-292FKSLWF-29FOWCK25), it is possible to "spoof" Windows to run such files as something else than it says in their extension (scary, eh?). Also, you should not execute files that are .exe .bat .com .pif .cmd they can be very dangerous when run. Files like .jpg or .mp3 are pretty much harmless and cannot contain viruses. You should go to "My computer" / "Tools" / "Folder Options" / "View" - and disable "Hide extensions of known file types"...this way you will actually SEE the file extension you are about to execute so you can be sure that it is not a harmful file type!

The file extensions that can do most damage are .exe .scr .pif .cmd .bat .reg .vbs .hta .js If you get attachments with these extensions, delete them, they are 99% sure viruses. Don't care about the icon you see on the file, they can be spoofed to look like text or word documents, when the file actually is .exe file for example. Look for the true extension of the file!

To put it simple: I would recommend that you do not, never, ever, under any situation, run any files you get by email or otherwise (for example, from net). The only exception to this rule is when you are absolutely sure you know what your are getting, where you getting it from and what it is going to do. You must KNOW for sure, don't guess or think you know. This is the very basic and very effective measure to combat all kinds of malicious software.

Q.What about BIOS passwords? I have heard that its possible to prevent anyone from using your computer or altering settings using one?

A.BIOS passwords are pretty much useless. It takes about 3-10 seconds to bypass them. You can bypass them by either taking off the battery of the mainboard or by resetting the BIOS from the mainboard. Or to just go around it remove the entire hard drive from the computer and take it to other computer and see what is inside of it. BIOS settings are not that important, sure you can mess up your computer by altering them if you don't know what you are doing, but they don't directly affect ANY settings at the program level. Operating system and programs have their own settings.

Some laptop computers provide the option to set up "Driverlock" password. This protection is actually pretty good. Villains cant boot the computer nor get access to the hard drive even if he removes it from the computer. Sure, there are "some" hackers that can, in theory, at least, do that, but most cant. "Drivelock" provides average security. Of course, the problem is, that if you die or sell the computer with the drivelock on, the computer is useless. If you have just encrypted the HDD, it can be formatted, but if Drivelock is present, that hard drive is unusable without the pass phrase.

Q.What is PGP?

A.PGP stands for Pretty Good Privacy. It is an encryption software created by Phil Zimmermann. It is available for free for anyone (individuals, not corporations) to download and use. You can use it to encrypt your emails and files on your computer and even on floppy disks, either using public key cryptography, conventional cryptography or self-decrypting archives. Also you can create digital signatures with it. You can also use PGP to wipe files and free space on your computer. PGP provides the strongest and best tested cryptography in the world today. PGP is so powerful, that US officials tried to prevent it from being distributed and exported, they even tried to sue the man who created it.

Q.Hold on a second...puclickey cryptography, conventional cryptography and self-decrypting archives? Digital signatures?

A.Public key infrastructure (PKI) is based on funny mathematics... You see, in conventional cryptography both the sender and the recipient of the encrypted message must know the key to so they can encrypt it and decrypt it. Consider it like a password that they have shared. But in puclickey cryptography that is not needed because two different keys are used at all time: one to encrypt and the other to decrypt. It might sound strange but you can share your public key (which is used to encrypt) to anyone since they can only encrypt with it...they cant decrypt the messages with that key even they had themselves encrypted them! Private key is used to decrypt the messages encrypted with the corresponding public key and therefore should be kept secret and never shared with anyone. Self-decrypting archives that latest PGP versions support, are packages that anyone can open if they know the password, BUT they can open them even they don't have PGP installed on their computer (which they need in order to open PKI or conventional encrypted messages)!

Digital signatures are signatures that have cryptographic security. You cannot forge then as easily as handwritten signatures. If digital signature is used with a good signature algorithm, key size and hash function and the private key is kept secure...digital signature is VERY secure. In practice, it cannot be forged in any way! If you sign document X, you use your private key to "encrypt it" (actually only in RSA but never mind, lets not get into technical blahblahblah here). Anyone with your public key can "decrypt it". Since anyone can decrypt it, anyone can check it. But since only you can "crypt it", you must be the person who encrypted it! So, YOU signed (= encrypted in this case) it! If someone tries to remove your signature, they can do it, but they cant join it to some other document or such...or well, they can...but as people try to "decrypt it", they will notice that it will not decrypt as it should and they will see that its not a valid signature! Digital signatures can be used in many things, but they are mainly used to authenticate users or verify documents.

Now this might sound confusing...if you want to decrypt something encrypted to you in PKI, you use your private key. If you want to encrypt something to someone (like yourself) you use the recipients public key. If you want to make a digital signature (RSA) you use your private key. If you want to verify digital signature you use the persons public key who signed it. Confusing? Oh yes. But it works, just trust me on this one.

Q.Sounds great! How do I use PGP?

AIts pretty easy but you really should read the manual in order to understand how to use it. In short, it has a graphical user interference, plugins for most of the email programs and help files to assist you. In practice, all you need to do to start encrypting is to start using it! After you have installed it, it prompts you to create a new keypair, public and privatekey. Your privatekey is encrypted using your pass phrase. so remember it! After you have created the keys, you should create PGPdisk (right click inside some folder / new / PGPdisk volume) and store your personal documents and key rings there (as an added layer of security for the privatekey since there *is* a way to tamper your private key otherwise, even though it is encrypted using your pass phrase.)...and remember the pass phrase. of the PGPdisk and wipe the originals!!! If you forget the pass phrase., say bye bye to your documents since there is no way they can be opened. After that, all you need to do is to deliver your publickeys to somewhere people can download them (like keyservers) and get the peoples publickeys to whom you are encrypting to, to your key ring. This can be done easily with just copy+paste and import+export from the PGPkeys.

Q.How strong is PGP really? Can it be broken?

A.PGP itself cant be broken by any means that are known today, if it is used properly. It has been estimated that breaking a single PGP encrypted message would take all the computers in the world over million times more time than the age of the universe... However, the implementations of PGP can be "broken" in many ways. Like for instance, installing a trojan horse into your computer that captures your pass phrases and privatekeys. That's why it is important to take care of your security on ALL layers: security is only as strong as its weakest link. Also, someone can do a man-in-the-middle-attack against your and your friends publickeys. This means that the villain replaces your public key to his and all the messages encrypted to it (because your friend thinks its your key and not the villains) will be encrypted to villain...and all he has to do is to capture the messages, decrypt them, and then encrypt them back to your original public key That is why it is important to sign keys that you trust and make sure you have downloaded the right key....phone the person and ask what their key fingerprint is and does it match the keys fingerprint you have downloaded. If it does, sign his key with your private key (if you trust him that is) and you can be sure that you can communicate securely with him. Or use www-pages to handout your publickeys or any other way that lots of people can get access to your public key so that they can all check (and more importantly, YOU can check) that they got the right key.
Phew..! complex eh.. look, only the really serious security concious need to consider this.

Q.Where can I learn more about PGP ?

A.You should check this link http://www.pgp.com/