If you are truly concerned about your security and privacy, don't know much about the issues, but yet have precious little time to do any research, I suggest you start with these links (which are taken from the listings that follow) and then go from there. You can find a vast amount of good information on the Internet (and you can find a lot of junk, as well), but searching for and then processing all of it are time-consuming tasks. The links below should provide a good introduction to the topics you need to be concerned about. You should visit the links roughly in the order presented (although they are all important and useful). Sorry, but it will take some time to go through and absorb even this small collection of links.

Always keep in mind that you alone are responsible for your own personal security and privacy. The stakes are potentially very high: just stop for a moment and think about the kinds of information you store in your computer, and then consider what would happen if you were to lose that information or if it were to fall into the wrong hands. The situation is becoming even more critical with the proliferation of broadband (cable modems and DSL). But the good news is that, with some knowledge and the proper tools, the situation is certainly manageable by the average user. Sure, there's plenty of media hype and misinformation going around, but the dangers in cyberspace are indeed very real, quite serious, and well hidden. I urge you to become educated and take appropriate action before it's too late.
 

Viruses and Antivirus Software
How It Works: Viruses by PCWorld.com
Norton AntiVirus by Symantec
McAfee VirusScan by McAfee

Firewalls and Firewall Software
How It Works: Personal Firewalls by PCWorld.com
ZoneAlarm by Zone Labs (Free for personal use.)

Windows Security and Testing
Four Myths of Online Security by Fred Langa (Provides a concise description of how to adjust network settings.)
Home Network Security by CERT/CC (A must-read for everyone, network or not.)
ShieldsUP! by Steve Gibson of GRC (Or start here to see the ShieldsUP! counter, at 10-million-plus and counting, and follow the links to ShieldsUP!)

Disaster Recovery
Retrospect Backup by Dantz Development

Privacy
Guide to Online Privacy by the Center for Democracy and Technology
Internet Privacy FAQ by Dan Wallach, Rice University

Newsletters
LangaList by Fred Langa (An excellent newsletter; standard edition is free, "Plus!" edition is only $10 per year and is well worth it.)
Kim Komando Show Newsletter by Kim Komando (Contains useful computer-related information, and is free. Excerpts are heard on WCBS radio.)
 
 

This resource kit is a work in progress and will be updated regularly. It is available online here. Additions since the last revision are marked New! Links marked *** are unavailable at the present time, but are still included here for now, just in case they come back online.

All of the links in this file (except those noted) were active as of the revision date listed above. However, web sites occasionally reorganize their pages, older information is taken offline, and sites have been known to suddenly vanish overnight (e.g., Winmag.com). If you find a link that doesn't work, try editing the URL. Simply delete directories from right to left until you find a valid page. (You may just have to go to the home page and follow the existing links.) For example, if:
http://www.programs-r-us.com/tools/cookies/ no longer worked, you could try:
http://www.programs-r-us.com/tools/ where you might find a new link to cookie tools. If that doesn't work, then try:
http://www.programs-r-us.com/, which is the home page.
Or try performing a search from the home page, if that feature is available. Many of the links below are actually home pages and the remainder should be quite stable, so you shouldn't have any problems.

With all of the information available on the Internet, we are much more likely to become overwhelmed and experience "information overload." I consider the links below to be the some of the best in my rather extensive collection of bookmarks. Although I have probably given you more information than you need, you are more likely to find information that suits you best by visiting numerous sites. You'll also be able to form a more objective opinion.

Unfortunately, Windows Magazine and Winmag.com, a good source of online information, have vanished. A lot of the original material has reappeared on TechWeb.com, however.

Please report any dead links that you may find. Comments and suggestions are also welcome. I wish you safe surfing!
 
 

Books

Charles Jennings and Lori Fena, The Hundredth Window: Protecting Your Privacy and Security in the Age of the Internet, The Free Press, 2000.
From the Foreword: "It lays out, eloquently and in detail, the range of issues that comprise personal privacy..." It's a very interesting book on the serious privacy issues we face daily both on and off the Internet.

The National Research Council, For the Record: Protecting Electronic Health Information, National Academy Press, 1997.
From the online description: "For the Record reviews the growing interest in electronic medical records; the increasing value of health information to providers, payers, researchers, and administrators; and the current legal and regulatory environment for protecting health data." Get a full description of the book and read it online here.

Simson Garfinkel, Database Nation: The Death of Privacy in the 21st Century, O'Reilly, 2001.
From the online description: "As the 21st century begins, advances in technology endanger our privacy in ways never before imagined. This ... is the compelling account of how invasive technologies will affect our lives in the coming years. It's a timely, far-reaching, entertaining, and thought-provoking look at the
serious threats to privacy facing us today." Read about the book here.

Preston Gralla, The Complete Idiot's Guide to Protecting Yourself Online, Que Corporation, 1999.
This is a decent general guide to security and privacy, although it is a bit misleading at times (plus you have to put up with the incessant lame humor, which I personally find a distraction). It covers email, the World Wide Web, chat rooms, online shopping, protecting children online, AOL, and malicious programs. It does not, however, cover important topics such as firewalls and Windows configuration, and is somewhat superficial in other areas. It is also getting a bit old; here is a quote: "Let me put your mind at ease. You can't get a virus by simply reading an email message." That was true until November 1999, but no longer. Things change fast in this business. (Now you can even get a virus just by browsing a web page. The possibilities seem endless.)

New! Matthew Danda, Protect Yourself Online, Microsoft Press, 2001. This book is quite comprehensive in some areas (email, cryptography, viruses, online shopping, and others) and somewhat deficient in others (firewalls, trojan horses, web bugs, hackers, and Windows security). Coincidentally, there is barely a mention of the serious security flaws in consumer versions of Windows (Microsoft did publish the book, after all) and not a shred of information on how to fix the problems. It is still a useful resource, however.
 

Guides, Articles, FAQs, and News on Security and Privacy

New! Home Network Security by CERT/CC (A must-read for everyone, network or not.)
New! Yesterday I Couldn't Spell Systems Administrator--Now I Am One! by Larry Rogers of CERT/CC
Guide to Online Privacy by the Center for Democracy and Technology
Know the Rules, Use the Tools by the U.S. Senate Judiciary Committee
What's News at Junkbusters (News and opinion on marketing and privacy; discusses cookies, web bugs, banner ads, much more.)
Internet-Security Site by Symantec
The World Wide Web Security FAQ, especially the section on Client Side Security (Discusses browsers, active content, cookies, more.)
Internet Privacy FAQ by Dan Wallach, Rice University
Internet Privacy: Who Makes the Rules? by Richard M. Smith (Discusses many privacy concerns, including cookies, web bugs, and online profiling.)
ID Theft: When Bad Things Happen To Your Good Name by the Federal Trade Commission (Contains info on credit-bureau 888-5-OPTOUT, more.)
 

Newsletters

LangaList by Fred Langa (An excellent newsletter; standard edition is free, "Plus!" edition is only $10 per year and is well worth it.)
New! Kim Komando Show Newsletter by Kim Komando (Contains useful computer-related information, and is free. Excerpts are heard on WCBS radio.)
 

Organizations

The Center for Democracy and Technology
Privacy.net
Junkbusters ("Bust the junk messages out of your life.")
The SANS (System Administration, Networking, and Security) Institute (A lot of corporate information, but searches still reveal good information for individuals.)
TRUSTe (Sites that display their seal agree to adhere to established privacy principles.)
DMA (Direct Marketing Association) (Remove your name from telephone, mail, and email marketing lists.)
The Connecticut Dept. of Consumer Protection's no-call list (Remove your phone number from telemarketing lists.)
New! CERT (Computer Emergency Response Team) (Operated by Carnegie Mellon University; provides information on Internet security.)
New! NIPC (National Infrastructure Protection Center) (Government-run agency; provides information on computer and IT threats.)
 

Searchable Technical Information

ZDNet.com
PC Magazine (Part of ZDNet.)
PCWorld.com
SmartComputing.com
Webopedia ("The only online dictionary and search engine you need for computer and Internet technology.")
The Encyclopedia of Computer Security
New! Newbie.org (Offers beginner, intermediate, and advanced information on numerous topics.)
New! Computer Gripes ("This web site is devoted to what stinks about computer products... These gripes are not product reviews, which typically describe the features of a product and what's good about it. Instead they fill in the gap, focusing exclusively on what's bad about a product.")
 

Software (numerous categories)

PC Freeware Security Tools
 
 

Active Content

Discussion
The World Wide Web Security FAQ: Client Side Security
ActiveX: Is It Worth the Risk? by The Iseran Project (Software developers.)
Background: ActiveX and Java by Inter-Networking
JavaScript & Security by Jim Press, who submitted this text to The Encyclopedia of Computer Security
JavaScript for Beginners by various writers from the University of Maryland University College (History, security, tutorial, and tips & tricks.)

Reviews
eSafe Protect Desktop 2.1 by PC Magazine
eSafe Protect Desktop by Jim DeVault of Comp-media
SurfinShield: bringing harmful mobile code to a halt by ZDNet (This is an old review, circa 1999, for a product that's related to SurfinGuard Pro.)

Software
Norton Internet Security

Note: I've had little experience with the two programs below. After I installed eSafe, my computer would no longer boot. (As with any installation process, make sure you have a way out.) I also could not get SurfinGuard to install and run properly. Maybe you'll have better luck; please email me with your experiences.

eSafe by Aladdin Knowledge Systems
SurfinGuard Pro by Finjan Software (Free for personal use.)
 

Adware and Spyware

Discussion
OptOut by Steve Gibson of GRC

Detection and Removal Software
Ad-aware by Lavasoft
 

New! Agreements and "the Fine Print"

Peer-To-Peer's Dark Side by Fred Langa (Fred discusses "...a new kind of business model whereby a software vendor takes over its customers' CPUs in an aggressive and stealthy manner, and sells the aggregate computing power to third parties." He looks at Juno specifically: "...Juno is saying that you must give it the right to use your PC for whatever purposes it chooses, when it chooses.")
Fine-Print Follies by Fred Langa (Fred examines the license agreement that's part of Microsoft's new FrontPage 2002: "That addendum says, in part, that you can't use FrontPage 2002 to create or maintain sites that 'disparage' Microsoft.")
What Is Hip? Not GoHip.com by Wired News ("When a user accepts the terms of the Windows video browser download, an executable file is copied to that user's system and is executed automatically. All of a sudden, GoHip.com becomes the user's homepage, and his email has a brand new signature... A close look at the software agreement's fine print reveals that GoHip warns the user of the changes. But duped customers say they don't have time to read the fine print, and say they shouldn't have to.")
 

New! AOL Complaints, Controversies, and Security Issues

AOL Gripes by ComputerGripes.com (Contains numerous topics and links to stories regarding AOL.)
The Best and Worst ISPs by PCWorld.com (AOL did poorly in this review from November 2000; it also had the highest percentage of dissatisfied customers.)
Do AOL6 and MSN Explorer Destabilize Your System? by Fred Langa ("...AOL6 and MSN Explorer needlessly increase the complexity of your system setup... At best, these changes will make your system less stable; at worst, your system may also be wide-open to hackers, crackers, and other online miscreants.")
You’ve Got Problems, AOL by Fred Langa ("AOL’s behavior is a new issue to many people, but long-time readers know that my own negative feelings towards AOL's hyper-aggressive setup predate (by years) the recent  mergers and acquisitions.")
AOL 5.0: The Upgrade of Death? by Fred Langa ("I decided simply to try avoiding AOL, but it’s a marketing behemoth that just won’t quit.")
No More AOL CDs (Collects unwanted AOL CDs "to make it clear to AOL a lot of people do not want and have never asked for their CDs" and "to stop the needless pollution of the environment due to distribution of unwanted materials.")
AOL: Just Say "NO!" by Dan Gookin of Wambooli ("...there are very serious issues involving AOL, and very specific reasons why I dislike it.")

Browser Privacy Checks

BrowsInfo
BrowserSpy
privacy.net
 

Cookies

Cookie Demos
Bake Your Own Internet Cookie! by Privacy.net
How Companies Can Track Your Movements on the Internet by Privacy.net

Cookie Managers and Ad Blockers
The Internet Junkbuster Proxy and Guidescope
Cookie Crusher
Cookie Pal
AdSubtract
Norton Internet Security
New! Cookie Jar by jasons-toolbox.com (Free for personal use.)

Discussion
Cookie Central (A popular site for general information about cookies.)
How It Works: Cookies by PCWorld.com
Internet Privacy: Who Makes the Rules? by Richard M. Smith (Discusses many privacy concerns, including cookies, web bugs, and online profiling.)
 

New! Disaster Recovery

Retrospect Backup by Dantz Development
Drive Image by PowerQuest
 

New! Email and Spam

Discussion
Why Junk Email Must be Stopped by Junkbusters
Email and Spam by Newbie.org
The SPAM-L FAQ by Doug Muth ("...how to track down spammers, decipher message headers, perform traceroutes, etc.")
Why are you still using Outlook/Outlook Express? by Dan Gookin of Wambooli ("Because Microsoft uses nonstandard e-mail tricks (such as the signature and automatic preview), its e-mail programs are wide open for viral attack and infection...")

Encryption
PGP (Pretty Good Privacy) ("...is the world's de facto standard for email encryption and authentication." You can also get it from the MIT Distribution Center.)
HushMail.com ("...a free web-based service that lets you send and receive email in total security... works automatically, transparently, and seamlessly...")

Miscellaneous
Glossary, tools, and other resources by Doug Muth

Organizations
FREE (the Forum for Responsible and Ethical Email)
CAUCE (the Coalition Against Unsolicited Commercial Email)

Security
Outlook and IE--Setting Security Zones by James Madison University ("...it is increasingly hazardous to enable Active Content in Outlook and IE. The defects could enable viruses to spread without the need to click on an infected attachment.")
How Active is Active Content in Email? by Russ Cooper of NTBugtraq (Discusses the effects and risks of active content in email.)

Software
MailWasher ("...the easiest way to check and manage your emails before you download them." Free and paid versions are available.)

Testing
Test Your E-mail Defenses by jasons-toolbox.com ("...test your defenses against script viruses without running the risk of infecting your computer.")
 

Firewalls

Discussion
Personal Internet Firewalls that really work! by Steve Gibson of GRC
How It Works: Personal Firewalls by PCWorld.com

"How-To" and Related Information
Instant Internet Security by PCWorld.com (Specific to ZoneAlarm.)
Installing ZoneAlarm by ZDNet
ZoneAlarm Gripes by Computer Gripes

Miscellaneous
ARIN Whois (Used for determining the owners of IP addresses; note that "owner" means the service provider, not the individual user.)

Reviews
Make Your PC Hacker-Proof by PCWorld.com (Six different firewalls.)
Norton Protects Broadband Hookups by PCWorld.com
Keep Your PC Safe From Intruders by PCWorld.com (Norton Internet Security and ZoneAlarm.)
*** Personal Firewalls/Intrusion Detection Systems by SecurityPortal (In-depth review and comparison of several products.)
Personal Firewalls: What are they, how do they work? by The SANS Institute (Norton Internet Security, ZoneAlarm, and BlackICE.)
Personal Firewall Scoreboard by Steve Gibson of GRC (Refer to the LeakTest page to see what firewall leaks, the latest exploitation, are all about.)
Making Your PC Secure Online by Fred Langa (This article was previously at Winmag.com.)
Seven Solutions for Safe Systems by Warren Ernst (This article was previously at Winmag.com.)

Software
ZoneAlarm by Zone Labs (Free for personal use.)
Norton Personal Firewall & Norton Internet Security by Symantec (30-day free trial available.)
McAfee Personal Firewall by McAfee
BlackICE Defender by Network ICE
 

New! Online Shopping

Organizations
TRUSTe ("Building a framework for global trust.")
BBBOnLine ("BBBOnLine's mission is to promote trust and confidence on the Internet...")
 

Trojan Horses

Discussion
TROJANS: Barbarians at the Gate…Again!!! by The SANS Institute
Cyber Threats: Viruses, Worms, Trojans, and DoS Attacks by The SANS Institute
The Back Orifice "Backdoor" Program -- YOUR security is at risk by PCHelp (Very interesting discussion of the proliferation of just one trojan.)
Threats to your Security on the Internet by Don Kelloway of Commodon Communications (Click the red headline and then follow the "How to Detect" link, or go directly to that page here.)

Port Lists
Trojan port list by Don Kelloway of Commodon Communications
Another Trojan port list by Doshelp.com
Yet another Trojan port list by ONCTek

Software
Note that Don Kelloway of Commodon Communications (listed above under "discussion") says, "The ability to detect and remove trojans does not require that you buy anything, from anyone." Read that comment here and see what he has to offer before you spend any money on software.
List of trojan detection/removal software
 

VBS Files and Windows Scripting Host

Discussion
The Dirty Workings of the ILOVEYOU Worm by Peter Deegan of ZDNet (Details on the worm, VBS files, and hidden file extensions.)
To Script or Not To Script by Peter Deegan of ZDNet ("Read this before removing your scripting capabilities in Windows.")

Software
Script Sentry by jasons-toolbox.com (Handles scripts within many different types of files. Free for personal use.)
Also see software for viruses (some antivirus software handles script files) and software for active content.

Testing
New! Test Your E-mail Defenses by jasons-toolbox.com ("...test your defenses against script viruses without running the risk of infecting your computer.")
 

Viruses

Discussion and Resources
Computer Virus Resources by the CERT Coordination Center (Contains a comprehensive list of links: FAQs, hoaxes, organizations, vendors, and articles.)
How It Works: Viruses by PCWorld.com
Personal Computer Viruses, Myths, Hoaxes and Security by L.P. 'Tony' Ferris (His home page is here.)
The Bad Times Virus (The most destructive virus known!) (A humorous satire.)
Vmyths.com ("The truth about virus myths and hoaxes.")
I Was Wrong (about this email virus) by Mark Welch
KAK virus can infect your PC without an attachment by Dan Gookin of Wambooli
Wscript.KakWorm by Symantec ("Simply reading the received email message causes the virus to be placed on the system.")

New! Nimda Worm
Protect Your Network from the Nimda Worm by Noel Davis of The O'Reilly Network (the computer-book publishing people)
CERT Advisory
Symantec Security Response (Includes a detailed description and a removal tool.)

Software
EICAR Antivirus Test File from EICAR (the European Institute for Computer Antivirus Research). To quote the description page: "It is safe to pass around because it is not a virus and does not include any fragments of viral code. Most products react to it as if it were a virus." It is certainly worth the effort to get a copy of this simple program to test your antivirus installation and see it in action. You can either download the file or, using Notepad, simply paste the text string into a file named eicar.com. The file is also available at a vendor's site here.
InoculateIT by Computer Associates (Sorry, this product is no longer available. Their promotional program ended on 6/7/01.)
Norton AntiVirus by Symantec (Included with Norton Internet Security.)
McAfee VirusScan by McAfee
 

Web Bugs and Email Cookies

Discussion
The Web-Bug Boondoggle by Fred Langa ("Web bugs aren't the threat you fear they are.")
Web Bugs by internet-tips.net ("...the main reason is much less dark. The desire is to provide statistics without impacting a page...")
Internet Privacy: Who Makes the Rules? by Richard M. Smith (Discusses many privacy concerns, including cookies, web bugs, and online profiling.)
Bugnosis.org by The Privacy Foundation (Bugnosis software and information on web bugs.)
New! The Cookie Leak Security Hole in HTML Email Messages by Richard M. Smith

Email Cookie Demo
How Companies Can Track Your Movements on the Internet by Privacy.net (This is actually Step 4 of their standard cookie & tracking demo; works best with Internet Explorer.)
 

Windows Security and Networking

Discussion
Windows Networking 101 by Steve Gibson of GRC (Detailed description of Windows networking begins here and continues through the link below.)
Network Discipline for Windows 9x by Steve Gibson of GRC (Direct link to the step-by-step instructions for fixing Windows.)
How to Defuse the Dangers of NetBIOS by ZDNet ("Surf the Internet worry-free by eliminating the security issues of NetBIOS in Windows 95, 98 and Me.")
Four Myths of Online Security by Fred Langa (Provides a concise description of how to adjust network settings; previously at Winmag.com.)

Reviews of Security Checks
ShieldsUP! Test your machine for online vulnerability by ZDNet
Is Your PC Open to Hack Attacks? by PCWorld.com ("Gibson Research's free Web-based utility checks whether your PC is easy prey.")
Symantec Offers Web-Based PC Checkups by PCWorld.com ("Security Check debuts with online tools to scan your PC for viruses and other security risks.")

Security Checks
ShieldsUP! by Steve Gibson of GRC (Or start here to see the ShieldsUP! counter, at 10-million-plus and counting, and follow the links to ShieldsUP!)
Security Check by Symantec (Works best with Internet Explorer.)
Secure-Me by DSL Reports
Security Scan by Sygate