Illinois Natural History Survey - University of Illinois



Anonymity and exemption from commercial tracking when surfing the web is important to all of us. As most of you know, the vast majority of commercial entities (legitimate and unscrupulous) monitor your visits to their websites. As consumers and citizens who surely must value your privacy, YOU must take an immediate, proactive, and concurrent approach as an individual, as an employee or employer, and as a constituent of your elected officials -- to protecting yourself from accidental and naive sharing of personal information, surfing habits, and lifestyle. Please carefully read everything that you can in the media, and implement any and all appropriate action necessary to protect your privacy. Below, I summarize many suggestions that have been presented in the various forms of media we access daily or weekly, and books and periodicals available at local and regional libraries. I hope to update this site on a weekly basis, and as new information or improved advice becomes available. Good Luck, and resist the urge to procrastinate. I strongly encourage you to seek verification from a trusted friend, network administrator, or other computer guru before implementing any changes to your computer or modifying your computer usage behavior based upon any advice you read, regardless of its source....and that includes the information I present below. It used to be a time when we could guide ourselved by the famous quote of Ronald Reagan, "Trust, but verify"; unfortunately, this casual approach must be modified to be, "Don't trust; agressively verify, maintain suspicion until verification has been supported by one or more independent sources, then approach with lucid caution."

General information and suggestions to protect your privacy *

PLEASE NOTE: Some of the information presented here (specific to versions of products mentioned, and prices for those products) may be out of date; the website links should all be current. More recent publications focusing on every concept discussed below are also available. Use your search engines to secure updated information for any concept mentioned below, esp. by using the word 'review(s)' in your search strategy.


I. E-mail, instant-messaging, web use, list-serve / chat room services, other forms of virtual communication:

Numerous forms of media (television, radio, newspapers, and popular, trade, and business magazines) have been providing information to assist all of us in reducing the amount of unsolicited E-mail messages ranging from mundane to offensive in content that we receive through our virtual connections. Despite federal and state legislation that has been implemented (as well as introduced/pending legislation), all of us realize that unsolicited E-mail is increasing. For several years, these kinds of E-mail messages have been referred to as 'spam' sent by 'spammers'; out of respect for the ®Hormel Foods Corporation, however, I shall henceforth refer to unwanted / unrequested E-mail messages as UVMs - Unsolicited Virtual Messages [Hey -- we all need yet another acronym in our daily repertoirs!].

Excellent articles have been provided in issues (2003 - present) of the following magazines: ®PCWorld (every month), ®MacWorld (every month), ®Newsweek, ®Time, ®Popular Mechanics (Vol. 180, No. 12 - Dec. 2003 issue, p. 32), and ®Consumer Reports (September 2004 issue - Vol. 69, No. 9: 12-19), to mention a few. Most of these magazines also refer readers to websites that provide excellent suggestions for users of virtual media to - at the very least - reduce their obvious exposures to and receipt of unsolicited contact. The February 2004 issue of ®PCWorld has a two page maintenance fold out page attached to the front cover; read it, and take action today! In fact, read every issue of these excellent trade magazines; each has excellent advice on maintaining privacy, not to mention numerous tips and lengthy reviews that will help you improve your computer time, regardless of your task.

I especially recommend an article entitled, "The great American privacy makeover" authored by A. Kandra, A. Brandt, and J. Zeff, and published in the November 2003 issue [Vol. 21(11): 144-160] of ®PCWorld; that article presents a frank and understandable wakeup call regarding your virtual privacy, and follows with a plethora of practical and useful advice for you, your family, your businesses, and your friends, including - 1) a simple privacy quiz to test the level of protection (or lack of it) associated with your daily virtual activities; 2) makeovers [how to fix and improve what you have]; 3) reviews of and suggestions for security tools you should consider; 4) tips for parental oversight of their children's on-line activities; and 5) pending laws affecting virtual privacy, and what you should know and do. READ THIS ARTICLE! Implement changes!. Before leaving a reference to this issue of ®PCWorld, I recommend that you read ALL the articles in this issue; many great suggestions that will benefit you in every conceivable way while using your PC (and some of the great advice is applicable, either directly or indirectly, to those of us who are using the better of the two common platforms...that being the Mac OS).

A recent study released by the U.S. Federal Trade Commission found that 86% of E-mail addresses posted on webpages and in internet news-groups eventually end up on lists used by virtual telemarketers [sorry, I don't have a specific source to cite for this statistic...but then, you and I - and probably everyone you know who has an E-mail address - has received UVMs, so it's probably a valid statement].

Instant Messaging [IM]. I encourage you to read a recent article in PCWorld Magazine (March 2004 issue: 'A Grown-Up's Guide to Instant Messaging', by Scott Spanbauer) that summarizes various instant-messaging softwares; each of the popular services are analysed, with particular focus on their level of privacy (or lack thereof), compatability of two or more IE softwares, and recommendations on a safer approach to use of instant-messaging services, if you must use that medium of virtual communication [and even if you don't use IM, I am sure your children do.....and they could very well be communicating via two or three different IM's, concurrently..

In June 2003, the National Cyber Security Alliance (an industry trade group), conducted a survey of broadband internet users. Among their findings: 1) 62% of broadband users do not regularly update their antivirus software, and 2) 67% of broadband users have not properly installed a firewall [hardware or software], or, -- even if installed -- carefully read the user instructions to assure that it is properly configured to block attacks (presumably - viruses, a variety of searches for any personal/private information on your computer, and 'electronic takeovers' of your computers), turning them into servers for advertisements, other forms of unwanted/unsolicited UVMs, and worse).

Beginning in 2003 and continuing daily since then, we have been informed through various media - and on numerous occasions - of the growing presence of E-mail scams from 'phishers' and 'spoofers'. In 2005, we have seen the intrusion by 'pharmers', as well. These terms have been coined to identify fraudulent scammers (also referred to as scamptsers) that send you E-mails with messages and bogus URL's closely mirroring legitimate companies -- requesting additional, personal information (contact information, social security, drivers license, bank/savings & Loan/credit union/broker, and other kinds of identifying numbers), updates of 'information already in their databases', and/or verification of this and other information associated with 'orders' for goods, and 'previous' communications. We also get weekly, if not daily E-mails warning us that our computer has been compromised, or that one or more of your outgoing E-mails...has carried a virus, worm, or trojan horse with its 'recipient'; do not respond to these! There are also several phishers that include logos that look incredibly realistic to legitimate sites, esp. the MS Windows site, and have very similar URL's associated with them; again, do not respond to these! Recent articles in popular magazines, newspapers, and industry publications, numerous radio and television shows (e.g., CBS' 60 Minutes [May 2004, repeated 12 Sept 2004]) have highlighted the increase in identity theft over the last few years, increasing significantly because of the 'trust' (= ignorance and naivetée) the vast majority of internet users allow in their daily 'virtual' behaviors. Most of you probably have received messages masquerading as security checks, often stating your computer has received a virus, or 'the sender' is reporting to you that 'a recent email received by 'them' from you' was infected with a virus. Many of these are designed quite well, and easily could be perceived as legitimate; DO NOT be persuaded by their implied legitimacy or the quality of their graphics, text message, or general appearance, and DO NOT EVER respond or click on any hyperlinks associated with those pages, including the links at the bottom "so that your E-mail address will immediately be removed" from their mailing lists! Also, be sure to immediately check your E-mail attachment folder(s) and various cache folders on your computer to purge any associated files that came along with those messages [common endings of the file include, but are not limited to the following: .exe, .zip, .jp3, MP3, .dot, .pcx, .pif, .pps, .slr, and of course, .doc, .htm, .wpd. .rtf, .xls, and .jpg (to mention a few)]. NEVER click on or otherwise open those attachments unless you are in personal contact with the person who has sent it to you, and have verified the legitimacy and security of the attachment being sent!

Messages commonly seen in unsolicited E-mails you receive from phishers, spoofers, scammers, and pharmers are similar to "Would you please complete the accompanying form with additional information about yourself?", or "Please complete the survey information, below", or "Please verify [various kinds of] personal information so that we may update our records / your account(s)." I recently received an email from a supposedly legitimate client of Earthlink, requesting that I connect to some URL to verify that 'I', in fact, had personally initiated contact with the client, and that I was sending a legitimate message; I didn't respond, as this seemed like another phishing or spoofing message; attempts to contact security at Earthlink were unsuccessful, and the persons at Earthlink that I DID speak to, failed to reveal a phone number in their security division so I could discuss this seemingly legitimate request to verify that I was a 'real' person (claimed that no phone number existed; no further comment here).

In addition, some of these unsolicited messages warn that, if you don't complete and submit the form in a certain length of time -- you, the client, could lose account privileges. This practice by fraudulent entities has also been referred to as "carding" and "brand-spoofing". Jana Monroe, assistant director of the Cyber Division of the FBI, recently warned us that "Bogus e-mails that try to trick customers into giving out personal information are the hottest new scam on the Internet." In addition to the objectives of phishers, spoofers, and scammers - to steal your identity and money - these entities commonly sell the information that you have unsuspectingly the highest bidder, often resulting in additional loss to you - and certainly, additional UVMs. Legitimate companies such as ®PayPal (an Internet purchasing system used by many businesses as an intermediary in E-commerce, including ®eBay), ®Citygroup, ®Yahoo!, ®MSN, and ®America Online (to mention a few) have been (and continue to be) phished and spoofed. Although these and many other legitimate and worldwide companies who conduct and convey electronic commerce are doing everything they can to deter phishing, spoofing, and pharming, this is becoming an increasingly difficult task; many of the illigitimate E-mails created and sent out by phishers and spoofers originate outside of the U.S., and thus are virtually impossible to locate, shut down, and prosecute. We can only realize limited, empty humor in knowing that these entities have phished, spoofed, and scammed their own ilk, if only on occasion.

In May 2004, I read about two different entities that are mailing 'rebate' checks to businesses and homes; many recipients are cashing those small checks (~$3.75), and without reading the fine print, or...reading it casually without truly comprehending the consequences. The end result is that you are signed up for one or more on-line services....and then billed for these services. The Better Business Bureaus in many cities and states have received complaints about the unscrupulous activities of these entities, and as you might expect, those duped into cashing the 'rebate' checks.....have received a lot more than $3.75 worth of grief and hassle. So, as should be a regular part of your behavior....CAVEAT EMPTOR!.

Common sense recommendations:

A. Virus Protection. Buy, install, maintain (periodic/live updates) and actively use virus protection software available from reputable companies such as ®AVG Anti-Virus [free, from], ®McAfee [VirusScan], ®Trend Micro [PC-cillin], ®Network Associates [Virex], and ®Symantec [Norton Antivirus, Norton Internet Security]. Several other companies have developed and maintain adequate virus protection software, as well, and some of thes products are available free or as inexpensive sharewares. Conflicts may occur when actively running two or more virus protection softwares, so first read the installation and help files associated with any software prior to installation. Use Google [] or other search engines to obtain explanations of and answers for error messages; just enter the error message in the search field of your search engine. Some of the sites will be helpful, and some will not, so read carefully, knowing that the resolution of your error messages and associated problems may not always be simple or easily corrected. Many virus protection softwares, like other utilities, require purchase of annual license agreement (and entitling you to daily/weekly updates via the internet).

B. Firewalls. Install a firewall - either as hardware (commonly included in a router [e.g., ®Linksys, ®Netgear, ®Buffalo Technology, ®Belkin, ®D-Link, ®U.S. Robotics) associated with your home or employment networks) and/or as installed software available from several companies (e.g., ®ZoneAlarm). A good firewall will provide both incoming and outgoing protection, thus eliminating the opportunity for some unscrupulous person to commandeer your personal computer, turning it into a 'slave' or 'drone' unit to propagate viruses and generate innumerable UVMs, completely without your immediate (or even eventual) knowledge. Some of the newer operating systems (e.g., ®Windows XP) include a firewall, but you must activate it, then take the time to set the preferences so that it will function effectively for your personal/professional on-line activities. Windows VISTA OS apparently has a better firewall, and also other protections for your virtual privacy. You can read the recent (late 2006, and all 2007) issues of ®PCWorld and other pertinent periodicals to familiarize yourself with Vista's new options.

If you are still working on the Windows XP platform, the firewall and other security capabilities associated with ®Microsoft Corporation's Service Pack 2 (SP2), released in August 2004, have been improved, so read ALL the information associated with MS SP2 to assure you and your computer take advantage of the new tools associated with this critical update (especially articles in ®PCWorld and other computer magazines specifically related to MS SP2). Be sure to discuss the activation, use, and applicability of firewalls with a knowledgeable person (your network administrator, for instance), to assure that the firewall you wish to adequate. While the ®Windows XP firewall now included in MS SP2 may be adquate for you, I strongly encourage you to 1) review information provided by ®Microsoft (and discussed in security articles in trade magazines) as it relates to the SP2 firewall, and 2) secure an independent evaluation of your internet-associated activities from a trusted network professional. You must also learn how to check for periodic updates using critical update connections for ®Microsoft products, and those of any other operating system, softwares, and external hardware devices, you use. Most antivirus softwares have regular, often weekly updates for you to download and incorporate, and many of these options can be incurred automatically through settings in those softwares. You are encouraged to also read any virus-protection information presented almost daily in the various media (magazines, journals, newspapers, TV, radio). Conflicts may occur when actively running two or more hard- and software firewalls. ALWAYS read the 'read me' and 'instructions' files associated with softwares [and always check the company's website for updates that are not in the printed user guides accompanying softwares] BEFORE you install them, esp. those that are utilities - like antivirus, firewall, and spyware/adware/malware scanning softwares that are active, but often in the background.

Note that some firewalls maintained by your local network or ISP may conflict with the firewalls associated with networks and ISPs that you are attempting to communicate with. Request technical assistance from network and ISP personnel when you have difficulty with inernet connections.

C. Operating System. Just because you work on a computer using other than a Windows-based operating system (e.g., ®Macintosh, ®Linux, ®Unix), this does not preclude you from harmful UVMs, illegal perusal of your computers, or other forms of cyber attack. Be thankful you work on these platforms, but be just as cautious and take an immediate and proactive approach to reduce/eliminate the opportunities for unwanted and damaging compromises to your computers, PDAs, cell phones, and other forms of electronic technology.

D. Passwords! Use them! Learn how to create safe [safer] passwords - mix upper case, lower case, numbers, and symbols (if the particular emulating software allows use of symbols); don't use words in dictionaries, even scientific names or words in foreign languages, and don't use more than two characters that are next to one another (vertical, horizontal, or diagonal) on the keyboard. Consider the use of a password that is a contraction of words from two languages (even using incorrect gender endings of the words), plus incorporating upper/lower case and numerical characters. Change passwords periodically; protect them; note passwords in a safe place, but certainly not on your computer, your PDAs, your cell phones, or other devices that are easily missplaced, lost, stolen (or even worse, by those you may otherwise trust). Also note that there are inherent differences in the kinds of passwords that some hardwares, softwares, and other devices will accept, so read the limitations of these entities before you create a new password. Although the use of unique passwords for each of your softwares, hardwares, and other devices can seem overwhelming, advice in instance is available from a variety of sources, most mentioned somewhere on this page (and hopefully, in the 'Help' file of the very program you are attempting to password-protect). The use of one password for every situation is highly discouraged. Perhaps in this case, you could have a plan to use the same password (provided it is cryptic), but change it regularly, say once a month, for every application. Password management softwares ['keychains'] are also available for those who use numerous passwords for a variety of applications (access to hardwares, softwares, operating systems, files, folders, network systems). Be sure you fully understand the limitations, level of control, and permanency of the different levels of security available to you within the operating system(s) you are using, prior to implementation. MAC OSX has several levels of security; its critical that you fully comprehend the power you implement (for yourself, as the administrator) with these levels of security!

E. Spyware, adware, malware. By now, most of you have heard of these sneaky applications.

Spyware refers to one or more softwares that gather personal information from your computer, usually without your knowledge. That information is then used for advertising purposes. Spyware can include legitimate but usually annoying/irritating software that users consent (often unknowingly) to have installed on their computers, but also can apply to programs that install themselves without the user's permission (sometimes integrated with other softwares a user consciously downloads). Spyware can slow your internet connections, drain computer resources (processor speed), monitor your web surfing, slow or stall your printing activities, increase error reports, and what seems to be a very common activity -- redirect your web browser to unwanted, often inapprpriate sites. Spyware also is commonly associated with unwanted pop-up advertizements, and is often a hidden component of freeware or shareware programs that you download from the Internet, or are associated with similar programs you borrow from friends. Once a spyware application has been installed, it can monitor your Internet activity, transmitting that information to a third party (and beyond). Some forms of spyware have the capability of gathering a lot of your personal information, including but not limited to: e-mail addresses; passwords; credit card, social security, drivers license, and financial account numbers (e.g., bank, saving/loan, credit union, broker). Another common way to 'obtain' spyware is through installation of file-swapping programs (music and movie downloads) from the Internet.

Adware is basically a software created and/or supported by advertizers. Although not necessarily considered to be malware (see below), adware can often be more agressive than advertizing associated with freeware or shareware (and even paid software). Commonly, a separate program (the adware) is installed (and almost always without your knowledge or option to accept/decline) when you download freeware or shareware (utilities and other softwares) from the internet (or get via disk transfer from other sources). Adware often continues to generate advertising even when the user is not running the program you downloaded/installed. This hidden software can then send details of the websites you visit, as well as other information from your computer (which can include your email address) to advertisers so they can target you with UVMs and pop-up advertizements.

Malware is a common name for viruses, worms, trojan horses, rogue programs, and other malicious software (including pornography and graphic violence), and can even result in denial of service to websites, and attack/destruction of one or more parts of your computer system.

According to the Consumer Reports article noted above (quoting information from an in-home study of 120 families with broadband internet service, conducted by and subsequently published by ®AOL in May 2003), 91% of the computers in their study were 'infected' with spyware. Spyware, adware, malware, dataminers, and other similar forms of seemingly esoteric applications usually invade your computer by 'piggy-backing' onto software that you download (often but not limited to free- or shareware) from a diversity of websites; these applications may also be bundled with other free or paid software (web-based or via CDROM disks), and often have been attached to video and music sharing programs. Unsolicited softwares (adwares) accompanying your downloads from seemingly legitimate sites also include scripts and softwares that then prompt irritating displays of pop-up ads; basically, these are ads that pay for (subsidize) your 'free/inexpensive' download. Additionally, many of these sneaky programs quietly communicate your web surfing activities to a variety of advertizers and other, often unscrupulous entities - even third-party marketers under [loose] contract with more legitimate and reputable businesses and companies. Perhaps even more importantly, some of these applications find and exploit security weaknesses in your web browsers and operating systems (any Windows-based computer, but to a much lesser extent - the ®Macintosh, ®Linux, and ®Unix operating systems). Anti-spyware features are available, for a small fee, via your subscription to ®AOL, ®MSN, and ®Yahoo. Free and low-cost spyware and adware protection are readily available: ®Spybot Search & Destroy v.1.4 [free]; ®Ad-aware SE Personal by ®Lavasoft [free; but you are encouraged to consider other products that include additional options that you may find useful; costs are very reasonable]. A new version, now in Beta form, is also available; AVG antispyware, version 7.5 [free]; ®Pest Patrol (for UDS$40), ®Spy Sweeper (for UDS$30), ®Spyware Eliminator (for UDS$30), ®SpywareBlaster 3.4 (free), ®SpywareGuard 2.2(free), and a recent new product receiving a high rating by ®PCWorld, ®Sunbelt Software Counterspy 1.0 (for UDS$20, with options for multi-user purchases).

I use several of these, searching for daily and weekly updates, and weekly look for updates in definition files AND software updates. A recent review of several of the above spyware softwares was presented in the April 2005 issue of ®PCWorld.

Each of the above softwares have their pros (many) and cons (perhaps few), and there are several other softwares available. Be sure to download these softwares from legitimate sites (often called mirror sites from the legitimate software's homepage). NOTE:Please be sure to read the information associated with these softwares before installing them, and again before activating their settings; some settings may do more than you want them to do, perhaps making decisions that are in your best interests.

Do not respond to email messages that discuss readily available software to prevent UVMs, spyware, adware, and datamining applications; these are almost always bogus sites, associated with the very software that you are trying to protect against.

Be very suspicious of ANY contact you receive by E-mail requesting even the most basic of information about you, your family, your business, or your 'account'. Legitimate businesses should, at the very least, provide information via their own websites that prompt you to contact them should you have any questions regarding information that you are required or requested to share, your right to privacy, and their policy on protection of the personal information you have provided to them. ALWAYS contact that company with information you access via browser programs (such as ®Google, ®Mozilla, ®Opera, and other common browsers)that you initiate; DO NOT EVER contact that company via the URL provided in the E-mail message you receive. 
[I acknowledge an article by ®Knight Ridder Newspapers, ~26 August 2003, for some of the information presented in paragraph, above]

Several other suggestions: 
1) Remove all 'automatic' E-mail options from your webpages [those that are associated with hyperlinks that begin with 'mailto:' -- allowing visitors to click on hyperlinks that open an E-mail prompt window from which you can send an E-mail message directly from within the browser rather than from the E-mail software you usually use that resides on your computer, network, or is driven by your ISP]. Additionally, if you have a signature or contact footer associated with your email messages, be sure to

2) Remove, alter, and/or periodically change the E-mail address(s) you include on all of your websites [an option offered by some ISPs and within some E-mail software programs, but not others].

3) Refrain from (and tell all of your E-mail contacts to STOP) sending or forwarding blanket E-mail messages [long listings of E-mail addresses from your address book.......all put in the 'TO:' area of your E-mail header], regardless of their content; instead, set up one or more suppressed E-mail mailing formats by placing all of the E-mail addresses you have selected for receipt of your message IN your address book under some assumed moniker or nickname, such as 'lunch group', 'work staff', 'HS class', 'joke recipients', whatever. Some E-mail software programs provide other means of creating suppressed E-mail messages. Some may require you to include your own E-mail address, most likely to prevent virtual telemarketers from using this method of sending unsolicited messages, or worse. 
A simple solution: Put your own E-mail address in both the 'TO:' part of the E-mail header; put all of the recipient E-mail addresses in the 'Bcc:' [blind copy] section of the E-mail header; this way, nobody else will know who received your E-mail message.

4) Establish a firewall and other filters for both incoming and outgoing E-mails using the options provided by your E-mail softwares, browsers, and ISPs. Most routers that are commercially available often are accompanied by freeware and shareware firewall options for E-mail, web surfing, network protection, or at least offer trial subscriptions for internet security (highly recommended).

5) Many ISPs allow you to establish more than one E-mail address; use one of these for contact with known friends, colleagues, and business entities; use another address for your websites, and implement aggressive filters for it. Assertively request that these contacts refrain from including your E-mail address in ANY kind of blanket mailing (even if its only included with a few E-mail addresses of your family members), and inform them WHY they need to be proactive in protecting you and themselves from unwanted 'virtual assault'. Establish contact with the security team of your ISP; forward offensive E-mails and attachments to them, so they can set up filters on their end to deter their customer base from unwanted contacts. Be sure to first open up the routing option in the toolbar or header of your E-mail program, or at the top of each E-mail message (In Eudora, this is iconned as "Blah Blah Blah"). By sending this information, you will be assisting your ISP in their attempt to block future messages from the sender(s) involved in that transmission, and give them more useful information to forward to the Feds for additional assistance and prosecution. DEMAND that your ISP work with you and their entire client base to suppress unwanted UVMs. Forward these UVMs messages to [], a site maintained by the Federal Trade Commission, to assist them in control of UVMs.

6) Alter your E-mail address if possible -- remove your name, other common names (such as that of your pet, street, or some other personally-connected word or entity) or for that matter, any word in the English dictionary; substitute a combination of characters, letters, and keyboard symbols for the prefix (before the '@' part of your E-mail address). Change E-mail addresses periodically in reponse to increasing receipt of unsolicited E-mails; put pressure on your Internet Service Provider to allow you to change your address periodically. Remember: E-mail addresses are not usually case-sensitive; website URLs usually are case sensitive. Consider switching to another E-mail software; the May 2005 issue of ®PCWorld includes a great review of current E-mail options.

7) Make a modification in the E-mail address(es) you post on websites, vis.: changing the '@' symbol to something like 'AT', 'ATT', 'AHT', or even some other symbol, such as '&', '%', or '#'; make note on the website for those who wish to send you and E-mail message...reminding them to correct this modification so their message can be sent and received. [As an example, see the modification to my E-mail address at the bottom of this page]. Why should you modify E-mail addresses you post on webpages? Spammers and their ilk use 'tractor', 'robot', and auto-webcrawler programs to sweep websites to 'mine' or 'harvest' selected information, especially valid E-mail addresses that are then used/traded/sold to other usually inappropriate entities -- thus resulting in the UVMs we get daily. A recent study released by the U.S. Federal Trade Commission found that 86% of E-mail addresses posted on webpages and in internet news-groups eventually end up on lists used by spammers.

8) The settings of several firewall softwares allow you to complete a dialog box of any and all words that you consider to be private (e.g., social security numbers, drivers license numbers, birthdates, telephone numbers, your name and those of others, home/business addresses, policy numbers, tax identification numbers, registration numbers, and so on); when you accidentally, or purposely include any of this kind of information in your outgoing E-mail messages or attachments, the firewall will first prompt you allow such message or document to be sent. Of course, each firewall hardware/software product must first be set up to do this kind of monitoring, and some are better or more convenient than others in this regard. You should also adjust the security settings of your web browser software; depending upon the settings, your browser will block many (but perhaps not all) websites from downloading a file to your computer without your knowledge. Some settings also will prevent websites from automatically running Windows active scripts when you access these websites.

Remember! The best 'firewall' a dangling broadband coaxial cable, disconnected (physically unplugged) from your modem, or your DSL or CAT 5 cable disconnected from its port on the wall, and/or disconnected from the ethernet port on the back of your computer CPU. Logging off after each active use-session, and even better - turning off your computer when its not being used - are also safe practices with regard to incoming UVMs; however, there are other issues associated with repeated on/off cycling of computers that have been discussed in the literature, the set-up/user manuals that came with your computer, and elsewhere. For those who leave your computer on all the time (in sleep or stand-by mode), you are strongly advised to log off after all user-sessions, and advised to disconnect internet cables when they are not in use, thus adding another level of protection to the firewall, antivirus, and other security measures you have implemented and hopefully maintain agressively. Wireless connections have their own issues, and you should carefully understand the 'con's of wifi before you are overwhelmed with the advertized 'convenience' of mobile communication. Be sure to understand the settings on your computer, wherever you take it, and like the advice, above, to disconnect the internet wires from the modem or wall outlet......unplug the wifi USB module when you are not actually using it (and learn how to turn off other wireless communication settings, such as Airport [MAC OS] when not in use).

9) Read ALL agreements, privacy statements, and the fine print of any documents sent to you by your banks, other savings institutions, brokers, insurance companies, employers, libraries you use; read the entire contents of all on-line associations you have, including the agreements associated with any electronic registration of hardware and software associated with your computer and other electronic devices - and yes, even those associated with your firewalls, virus protection software, internet service providers, other cable and telephone companies used for your electronic communications. Most businesses are in the business of staying in business -- their first and most important (read 'only') priority. What you may agree to that seemingly conveys true privacy protection....often is just worded to appear that way. Be suspicious -- read everything carefully, ask pointed questions, and demand written clarification of any and all of your questions, and be persistent until you are satisfied. If you are confused by anything you read or hear, please seek advice from those you can trust who are familiar with the situation.

10) Learn about cookies, how to repell them, and under what situations you should accept them. Several internet browsers have posted information about cookies on their home pages. Learn how to delete temporary files that are stored on your hard drive, resulting from website visits. Learn about spyware, adware, malware, and dataminers - how to eliminate them from your computer, and how to inoculate / protect your computer from their 're-visits'. See 'E', above, for additional information.

11) Consider the use of a pop-up blocker software, to reduce or eliminate pop-up advertisements when surfing (many of which arrive on your computer with spyware attached, and at the very least, are irritating when you are trying to use your own search strategy to obtain information). Several free- and shareware pop-up blocking softwares are available, but be sure to first read industry magazines so you don't inadvertently load something worse than an advertisement. By now (after reading everything above) you should be aware that many messages and commentary appearing as 'useful' to you may in fact be fronts for useless and often harmful scripts, data miners, adware, and spyware that load onto your computer without your permission or knowledge.

12) Back It Up! Complete periodic back-ups of all of your text, graphic, and data files, your html files, and your digital image files. As if you have not heard it enough, backing up is a good practice, especially if you do this daily, weekly, and with some regular and incremental plan that you adhere to diligently. I suggest that you implement virus, adware, and spyware scans of your system, with appropriate action, prior to your regular backup procedures. No one form of data backup is ideal, but any one form is better than none at all!


II. Personal contact information when at home or place of employment:

In late June or Early July, 2003, the Federal Trade Commission launched the National Do Not Call Registry, a free registry program for consumers who are tired of and bothered, irritated and otherwise interrupted by unsolicited telemarketing phone calls. Those of you who register with this program by 31 August 2003 should be free from receiving these kinds of calls by 01 October 2003. Those who register after 31 August should expect these kinds of calls to cease within three months of their registration date. There is NO COST associated with this registry. Register your phone number(s) for removal in two ways: 
> by E-mail, via the website - [note: 'gov', not 'com'], 
> by calling the toll free number [888.382-1222] from the number you wish to register for removal. Telemarketers who call afteryou have registered are subject to fines up to $11,000. per call.

Caveat to your registry: Telephone calls from not-for-profit/charitable organizations, those entities conducting surveys, and political organizations {surprised?} are still exempt from the registry, and can legally continue to contact you. You may wish to courteously request that the above entities refrain from calling again, but your request may not necessarily be honored. Companies who have an 'established business relationship' with you / your phone number may continue calling for up to 18 months after your last purchase, although you can always ask them to stop.

A (supposedly unfounded) rumor began circulating late in 2004 and continued during the first few months of 2005 -- that......beginning on 1 January 2005, your cell phone numbers may be accessible to telemarketers; many cell-phone companies responded to this rumor, emphatically stating that their customer database would not be released to outside entities. Subsequent articles I have read...state that your cell phone numbers are protected by at least some of the cell phone service providers, but not necessarily all of them; several have very clear policies that protect you, others do not. Thus, you should contact your cell phone provider, and assertively request their written policy on accessibility of your phone number and any other personal information, via their corporate structure and policy (which may likely be posted on their website). Also, many of the newer phones are text-messaging and internet capable, and this....just opens users up to additional breaches of security (and frankly, most are frustrated by the potential of service that in reality is still in its infancy; read as many reviews of multi-function phones before you buy!).

Credit Reports: Nothing is free! Many scams were created within days after the goverment made it easier, through legislation, for citizens to obtain annual credit reports from major [and unfortunately, bogus, spoofing/phishing] credit agencies. One of the many questionable entities that has been agressively advertising on the web, TV and radio, and printed matter - with the word 'free' in its website, has a lot of fine print that rarely is read by viewers and readers of their ads; when contacting this entity, unsuspecting people are often unknowingly signed up for an unnecessary 'service', and for a rather significant monthly/annual fee, adding more grief to the credit report process. Be sure to read articles in consumer magazines, and contact the credit officers of your trusted bank/credit union, to obtain advice on obtaining your own credit report that should be available to every citizen, and without fee, annually. Dont pursue email-based offers for credit reports!

A leading consumer magazine suggests that you contact [ ] to obtain a free annual report from each of the major nationwide credit reporting companies; refrain from others advertizing 'free credit reports', as most have small print that, somewhat ambiguously, alude to the 'real cost' of the service.

Buy an inexpensive paper shredder for home and the office; shred ALL pages that have your name, address, phone number, credit card information, social security information, drivers license information, and any other papers that have any kind of personal information (and obviously, this included unsolicited offers for services such as credit cards, banking, real estate, mortgage, and other financial services). Be sure TO TAKE ALL purchase receipts of any kind from their dispensers, most commonly those generated when you use your charge card to purchase gasoline, and those generated at each ATM machine. Be sure to take all credit card receipts wherever you use the card for purchase, and protect those receipts in a safe place at home until you have a chance to verify/reconcile your purchases against those noted on your monthly billing statements. Save those billing statements for one to several years (discuss this with your personal and tax attorneys), and if so advised, destroy (using your new paper shredder) the original purchase receipts rather than throwing them in your garbage for disposal (or all too commonly, the opportunity for your receipts to blow around in the wind after dumping at the landfill, thus presenting an opportunity for somebody to steal your identity or at least compromise your credit rating and financial security). You must be proactive, every day, in protecting your identity!


Finally, if the information and suggestions above have not convinced you to take action, please start at the top, read this page completely, become better enlightened, and take immediate action! Realize that it may not be too late, today, to repel or circumvent a potential cyber attack by implementing appropriate security measures - for yourself, your family, and your friends and coworkers; also realize that tomorrow just might be the day that the electronic devices you think you have control over.....are compromised.

Read ALL end-user and license agreements associated with hardware and software; all have their policies integrated into the installation process, demanding that you read and then accept (physically clicking on an 'accept' 'button' on your monitor). Please understand that the information presented in the end-user agreement, almost all of the text being in a small font, may in fact give up many or all of your rights to privacy.....thus allowing, as permitted by federal and varying state laws, the free and random sharing of your personal registration information...with....well, who knows for sure?

Consider an alternate, more secure browser than 'ie', such as Mozilla Firebox 1.5 [free download, from]

Read ALL 'privacy' statements you recieve in the mail from your banks, credit unions, savings and loan institutions, insurance companies (incl. life, auto, business, homeowner, disability underwriters), brokers, stock, bond, mutual fund, and other investment entities; the privacy statements and explanation of policies that federal law requires those entities to provide for you - often require that you respond in writing to request the blocking of some of your personal information.....that which the contact entity often is allowed by federal law to share regardless of your wishes, as well as personal information that federal law allows them to share unless you actively (via written statement sent by mail to them) request that your personal information be prevented from sharing. [Basically, current federal laws -- 1) prevent them from sharing personal information without your expressed written consent, 2) allows them to share some personal information unless you specifically ask them not to, and 3) federal law allows them to share some of your personal information even though it may be in spite of your disapproval]. Also know that......these privacy laws are rather vague (even though they at first seem substantive). You MUST ask for additional privacy and protection of your personal information from being shared. Remember that the entities with whom you do business........have significant lobbying power, and thus their influence to water down strong privacy legislation is a reality; your individual power to lobby your elected weak at best. Do not be complacent, however; contact your newly-elected local, state, and federal legislators, and assertively request their serious consideration of and focus on solid legislation that more strongly protects your right to privacy.

Read the article entitled 'Your privacy for sale', published in the October 2006 issue of Consumer Reports magazine (pp. 41-45); in particular, carefully read the inset on p. 44, entitled 'what you can do' to assume more control over your personal information that is often too easily - and widely - shared, distributed, circulated, and (no doubt) sold.

Visit the websites of your computer's operating system and all legitimate hardwares and softwares you use, weekly - especially those that are directly associated with the security and privacy of your system (and you). Be sure to update all virus, adware, spyware, malware, and datamining protection softwares weekly, or more often; several provide automatic notification of updates, but others do not, so be sure to make note of these options at the time of installation. Run disk cleanup after every websurfing session; clean out your website and E-mail caches daily.

Be an active constituent of your elected officials (local, county/parish, state, federal, provincial) - take every opportunity to contact them with your views on and support of any and all kinds of legislation that will strengthen protection from cyber attack for all citizens. Be courteous and understanding, speak intelligently, but be assertive. Your privacy belongs to you; protect it, and demand that your governments actively and aggressively participate in its protection - through enactment of strong consumer legislation and iron-clad enforcement!



- - Additional (and more extensive) sites presenting information on protecting your privacy - -

Two extensive and incredibly informative sites (with or without frames) have been established and are maintained by Eric L. Howes (currently Director of Malware Research at Sunbelt Software):

Protecting Your Privacy & Security on a Home PC



Microsoft Security Update site

Advice: Please read the extensive article in the October 2004 issue of ®PCWorld, on upgrading your XP system with Service Pack II; the article recommends several tweaks to enhance your computer security, avoid some conflicts, and basically improve your computing efficiency.

This same October 2004 issue of ®PCWorld Magazine also includes an article appropriate to the focus of this website, written by Andrew Brandt and entitled: "Security Tips: Keep Viruses, Worms, and Spyware Off Your PC". Many important articles published every month in ®PCWorld are also available via there website, www.

I remember reading an announcement to the effect that (as of sometime in July 2005) Microsoft Corporation will no longer be supporting the Windows 98 and ME operating systems (at least, with security and other updates); but be sure to check this situation out for yourself. ----------------------------------------------------------------------------------------------


Federal Trade Commission (FTC) website on Information Privacy & Security


And dont forget to run a search on the words "privacy" and "security" using Google or some other browser; and be sure to verify the legitimacy of the sites you visit prior to implimenting their recommendations, or downloading their softwares. There certainly are websites that spoof other legitimate sites, and present options that will not be in your best interests, and in fact could possibly do a lot more harm to your computer, and your privacy, than not doing anything at all.



The mention of companies, corporations, hardware, software, freeware, shareware, utlities, and/or other proprietary / commercial entities on this website does not in any way constitute either a personal or an institutional endorsement or recommendation.

The installation and/or subsequent use of softwares, utlilities, freeware, shareware, and/or other computer products may conflict with user license agreements of one or more applications currently installed on your computer system. It is highly recommended that you consult your user license agreements for compatability and other pertinent information prior toyour download and installation of any software, then consult one or more trusted friends/colleagues/network administrators who hopefully have the expertise to provide you with advice appropriate to your particular computer needs in this virtual world.

Also be aware that the installation of new hardwares and softwares.......may be incompatible with and thus create conflict with previously existing hardwares and softwares [especially firewalls]; be sure to read all information associated with new products...BEFORE you purchase; ask a professional!


Once again -- Caveat Emptor!

This web page has been accessed [Access Counter] times since 4 January 2004.
page update: 15 April 2007.


Illinois Natural History Survey

1816 South Oak Street, MC 652
Champaign, IL 61820

Terms of use. Email the Web Administrator with questions or comments.

© 2019 University of Illinois Board of Trustees. All rights reserved.
For permissions information, contact the Illinois Natural History Survey.

Staff Intranet