If you’re not getting a program directly from the supplier or a distributor that you trust, you should always check it before installing. Even if you are getting it from a trusted source, it’s worth checking, since servers do occasionally get hacked. Most open-source programs distribute either a PGP/GPG signature or a checksum using an MD5 or SHA1 hash along with their downloads. Assuming you get the checksum from a trusted source, you can verify that the package hasn’t been altered.

For IE7, if you have to try out beta 1, go through proper channels (MSDN or the beta program) or get it from someone you trust…who went through channels. Otherwise, you’re better off waiting for beta 2.

Of course, the obvious solution here is don’t let it install anything. That’s what the Java sandbox is for, after all: applets run in their own little world and can’t touch the rest of your system unless you let them (or they find a hole in the sandbox, which is why you need to keep Java up to date—just like everything else).

Time to emphasize the fact that while Firefox is still safer than IE, it’s not a magic bullet. There is no magic bullet. You can minimize risk, but never eliminate it.

(via SANS Internet Storm Center)

Webroot identifies the Top 10 “Most Unwanted” Spyware programs, using the “P-I Index…. P is for prevalence, I is for insidiousness.” The “winners” include pop-up generators, keystroke loggers, autodialers and the like. (via Aunty Spam’s Net Patrol)

Finally, there are several fixes and work-arounds for the pop-up window spoofing vulnerability I wrote about last week. There’s the all-inclusive method: close all other browser windows. Netcraft reports that Opera has issued a fix (7.54u1) and Safari is safe if pop-up blocking is enabled. I just got an email indicating that KDE has released a fix for Konqueror (expect that to start hitting distributions this week). No word yet on Firefox or IE, and while Microsoft has its monthly patch day tomorrow, I wouldn’t expect this to show up quite that soon.

About 91 percent of PCs today are infected with spyware programs that send information from your PC to an unauthorized third party.

NCSA (National Cyber Security Alliance, not the National Center for Supercomputing Applications of Mosaic fame) Chairman Ken Watson quoted by CNET in Study: Consumers take cyberattacks lightly.

That’s a staggering number, and I hope it’s supposed to be 19. Even so, considering how many computers there are in the world, it’s still a staggering number.

Spyware, viruses and worse are out there, and they’re all over both business and home computers. It’s worth checking out the NCSA’s website, staysafeonline.info, as well as others like CERT‘s page on Home Network Security, the US-CERT website, or the FTC‘s guide to Consumer Information Security (though I can’t quite get past the turtle logo on that one).