When you get (supposedly) an email from your bank or any other institution that you have to log in for, don't click on the links in that email. Instead, use your bookmarks to get to the bank. If you don't already have a bookmark, use Google to find the bank's site.

I guess the problem with that is that there is distance between the advice and the implementation. That is, when the email turns up, you are expecting the user to remember the advice.

This of course applies to my number 3 above, which requires the user to remember to get there. It's a filler, it shouldn't there. One day the browser will tell you properly, without you having to strain your brain. But not yet.

iang

For Windows users (home users only): Let Microsoft manage your patches by turning on automatic updates.

Don't use a debit card for online purchases

Use a dedicated credit card with a low maximum credit line for online purchases

Shop online only at reputable sites, not ones that you discover from spam

Don't visit .biz or .info sites. For some reason these are more likely to be fraudulent or to be the launching point for attacks than the .coms.

Don't install closed source file sharing programs. They're loaded with spyware.

>http://www-03.ibm.com/security/news/ten-tips.html

In that one I fid this gem: "Experts project that 2 billion spam messages will bombard IM applications this year." So according to your theory IM must be dying, too ;-)

Olivier

Hey, Ringo, nice ones. Of those, only the first - let Microsoft manage the patches automatically - will work as a top tip, because it's the only one with fire-and-forget qualities.

But, I wonder, is it safe? Can we trust them to do that? I guess as long as it's safer than the alternate, it might be a good idea, but if it went and installed SP2, all hell would break loose.

Cypherpunk, all those words you use ... Try them on your Mom, and see: What's a biz-info site? what's that sharing thing? That sounds nice, dear...

iang

Don't buy penis enlargers! They don't work. Especially if you're a woman.

Hey Cypherpunk, you're just not using them right! Did you read the instructions carefully?

Behave!

Definitely good suggestions - but only in the short-term. There are scripts for exploiting Firefox trickling into release.

The first defence in security is awareness. Being plain dumb in approaches to online security is the first and only breach required.

"There are scripts for exploiting Firefox trickling into release."

Could you explain that? It doesn't parse for me, I have an image of Mozilla releasing tools to exploit Firefox...

Tips / short term: I am under no illusions about Firefox security - a lot of its brand derives from the current honeymoon period. Just how it will behave under sustained attack we won't find out until its market share heads into the teens, or so.