Safe Computing on a Budget, Part 2: Know what you download

In the previous post, we changed our browser to Google Chrome. This will help prevent a lot of the slowness and security exploits in other more popular browsers. Today, we're going to discuss knowing what you're downloading, which seems like common sense but can be hard to verify if you're a computer novice or you find yourself downloading certain types of files often.

Know Your Source

Don't download everything. It's not always necessary to do so. but when you do, make sure where you're getting the file is legitimate. How do you do this in a vast sea of web sites? Despite the immense number of sites available, very few actually host files. Downloads can take up server space that site owners typically have to pay for, so they choose to host their files in the same place as everybody else. This equates to a finite but still large number of legitimate sites.

The best way to know where you're getting your file from is to look at the bottom of the screen when you move your mouse over a link or button:

The address to the next place you will go to get the file is listed here. It can seem arbitrary, but the main part you need to look at is the address of the web site, which is the first part of the link (everything before the ".com" or ".org" or whatever) called the domain. You can actually open a second window and open this first part of the address to see where it goes. Does it go to a place you recognize?

It complicates things when a web site owner uses multiple addresses for different functions, like CNET using dw.com.com for its download pages and files. This server, if you went to it directly, shows nothing. It would look to a novice like it's something bad, but it is used by a reputable company. The second thing you might want to do is check the owner of the site by using "WHOIS" search.

Who.is is my favorite of these types of search sites but you can use most services you see when searching "whois" in Google. The function here is to see who owns the domain. Because one business can own another, you are looking for something that identifies the web site as owned by someone you expect it to be owned by.

In this example, we see that the owner of dw.com.com is CBS Interactive, Inc, which is somewhat arbitrary to someone who doesn't know who CBS Interactive is. However, we do see that the person to contact has a CNET address, so it should be legitimate (most hackers and scum won't ask you to send inquiries to a major company, because having that information on WHOIS means that company may have some legal control over its ownership).

You can do this your first time, and as long as you're going to the same place each time, you shouldn't have to go back and check WHOIS each time. If the domain was "dw.com.ru", which would be a Russian domain, or "dw.com.co.uk", which would be a British domain, you can decide if you should really be going out of the country for your file and act accordingly. The WHOIS should show the same information if owned by the same company. If it shows some random person with contact info that does not seem legitimate, be cautioned when going there.

Know the Sender

Email is not as common to contain viruses because less people use software like Microsoft Outlook for their email. Attachments in places like Yahoo! Mail or Gmail are often scanned by the provider, and many harmful extensions (detailed below) are denied being downloadable so their clients are not infected. However, some viruses still get through.

Don't open attachments from people you don't know, and verify that people you do know actually purposely sent you any attachment you didn't ask for. Some attachments are sent automatically or have been spoofed by a sender to look like your friend when it was really sent by someone else. And don't use "Reply" to ask a sender to verify themselves, as emails can reply to a different email address. Always type a new email with the original sender's email address.

Instant messaging is also potentially unsafe if a friend sends you a file. Don't open anything sent by a stranger; don't even accept the file transfer.

Know Your File Type

There are tons of types of files, PCs determining the type of file by the extension used (the letters after the dot in the file name, like ".exe"). Viruses are not present in many types of files because they are not "executable", meaning they don't create commands that the computer must follow to use the file. Items with extensions like .jpg, .png, .mp3 and some other media files are not likely or sometimes impossible to carry a virus.

Fileinfo.com discusses common file types and their uses. Use it as a reference to find the kinds of files you want, and know if the file you're downloading has the right extension.

However, the reality of the internet is that it always changes. And the internet community has seen viruses hide in all sorts of files, and new viruses are created everyday.

Treat all files the same is my motto. I scan everything I download from any source I don't know intimately, or at least have an active virus scan that can catch things before I open them. This is especially true for any .exe, .zip, .rar, .pdf, .epub, .mobi, .msi or .7z files that are common to include viruses if not from a well-verified source.

Know that double extensions,which can look like .exe.vbs or .jpg.c, are likely to be a virus in disguise. Hackers expect novices to not notice the extra letters, figuring it's some sort of enhanced version of a file type they know. Unless you know for sure the file should have a double extension like this, don't open it, and delete it immediately.

P2P and Torrents Are Plagued

Anyone who has used ThePirateBay.se or other torrenting sites, or used a peer to peer (P2P) networking software to download files from other people will have heard of or have experienced a virus being carried by the files shared. It doesn't seem illogical to assume when you're doing something illegal you will probably run into other criminals who want to mess with you. You also can't trust someone else's computer to be virus free if they're not a corporate server or a high-level tech geek.

Assume everything you download from torrents is potentially infected with viruses, whether you're pirating movies or finding legal free stuff from collections shared by others. Scan everything, verify all files, and don't download anything you don't know how to open. Don't even trust common safe file types like .jpg.

Torrent sites like ThePirateBay.se also have comments posted by other users. It is important to read these comments before downloading anything from a torrent because they will tell you if someone else caught a virus or if it's not the real thing. Communities like this try to tell each other when to beware. If you are active in these communities, give feedback when you can.

Please note: Pirating songs, movies, software or other copyrighted or patented material is illegal and you can be fined or jailed for engaging in communities that traffic this kind of contraband. These are considered black markets, and on top of virus possibilities you should consider the legal ramifications of your actions before choosing to download something that you don't own.

Use Common Sense!

You get an email from a friend that has some kind of general note in it like "This is so funny I almost died laughing" and that's it, but it has a file you have to download to view. Is something so funny you risk infecting your computer and losing your data? Or could you let your friend know you aren't opening that stuff unless they give you more details about what they're going to see, and add something that verifies it's really from them? Common internet courtesy for emails, file sharing and the like is to make sure there's a way you know who it's coming from and what's in the file. If you don't, you might as well delete the email or pass up the file sharing link until you can.

Only download stuff if you know it's really what you want. One of the most common mistakes made by people who constantly get viruses is to download items that say they're something the person really wants, like a cute game or, inevitably, porn, but the file they download uses those popular past times to lower the person's sense of security so they won't scan it beforehand and make sure it's safe.

And speaking of porn, for the sake of your security and family sanctity, find a better use of your friggin' time! Porn really isn't that exciting. Half of it is hilarious, and the other half is gross. But most video and photo downloads that are freely distributed have a higher potential than any other kind of software to contain something harmful, annoying, destructive or curious about your personal data. I have fixed more computers damaged by people who got porn viruses than any other kind of infection. You really want to see people having sex? Get a subscription to a porn site or go to your local smut shack and buy a DVD.

Now that we've covered that...

In the next installment, we will discuss virus software and what I suggest to use to scan and protect your system.

Apple products are less likely to have viruses. Is tax time the right time to switch?

Have questions or concerns I haven't covered yet? Ask in the comments below!

Hack All The Things: Kid-friendly music from Pandora

Morgan gets way to much attention on this blog. I want some attention too. I'm going to start posting some good family hacks for us low income families who are trying to make it and still want to be tech-capable or need to fix something quick.

First hack: Kid Friendly Music Time
Needed: Pandora and Pandora-capable devices
Also Featuring: K9 Web Protection

I don't like paying for music when I'm a broke dad. It makes me feel like I am spending money on a past time for their ears rather than food for their mouths. But I don't like the radio. There are too many mixed content bags on broadcast radio where you could be listening to a perfectly kid-friendly song then get something like Katy Perry's "Last Friday Night". No one wants a 4-year-old asking, "What's a mhuna-mhuna (ménage à trois)?"

Here comes Pandora! I have offered to have a computer in each of the kids' rooms equipped with K9 Web Protection so I can block everything but what I want them to see online. I can also stop the internet entirely after 8pm so they have to go to bed or suffer boredom. I setup Alayna's email address with Pandora, and set the Explicit Content Filter to "No" (Settings > Account > Explicit content filter) with only my email address able to remove it. Now whenever she goes into a Pandora-enabled app (Pandora.com, Pandora on Android, etc), she cannot receive explicit content. Beyond that, I told her I will remove any radio stations I deem inappropriate and she will be grounded anytime I find one. I have also agreed with her and Aiden that no radio stations are added without my knowledge. If it becomes a problem, I have another hack that can prevent them from changing anything on Pandora.com when they're on the site (sometime I'll show you how to do that).

My fav stations for the kids right now are:

• They Might Be Giants (Children's)
• Laurie Berkner
• The Aquabats (Children's)
• Caravan Palace
• Beats Antique
• Flogging Molly
• Children's Indie (Genre)
• Children's Folk (Genre)
• Family Folk Songs (Genre)

There are plenty of others. You'll have to find the ones you feel are appropriate. Remember that the explicit content filter will not go through a song and deem it unsuitable if it has questionable subject matter, such as kissing same sexes or smoking and drinking. It leaves out swear words or removes songs flagged as explicit, which is not always the same as your own definition of "explicit".

For rooms without a computer, use the Pandora Android or iPad app on your phone or tablet. You can also use a streaming media player, like the Netgear NEO TV Streaming Player:

These boxes replace your cable or satellite box, or complement it, depending on what you like to watch. This is also a great streaming source for Netflix, Hulu Plus and YouTube, but the main function here is Pandora Radio. Roku was one of the first to make a commercial streaming player to rival cable/satellite television. I often recommend Roku streaming players over other brands.

You can even get Pandora in your car to provide family friendly audio entertainment on long drives. With four rambunctious kids, I expect at some point to get a deck that streams Pandora myself. But instead of spending $100+ on a car audio deck to play Pandora, why not use your iPhone or Android smartphone powered by the Pandora app and use an FM transmitter to send Pandora audio straight to your radio in your car, regardless of brand or connections?

Connect this to the headphone jack on your phone and use the MP3s you load onto it or Pandora to keep the kids interested in something other than fighting with each other all the way to grandma's.

It's this kind of stuff that keeps us sane. It does not have to cost a whole lot either; often you can use what you already have if you don't need radio coming through your car and TV speakers. It's just another way to tailor the audio in your life to your kids (or you and the spouse when you're having "time alone"). Don't spend your money on MP3s or CDs unless you want to listen to specific bands on demand, which is the only limitation of Pandora. Save that money for the mouths in your house.