While the law is meant to shield users from unwanted targeted advertising – we are looking at you here Phorm – the requirement will be that all ‘tracking cookies’ will be subject for approval.

This means that the entire way websites work in Europe will have to be reassessed. Currently, when you log on to a website, cookies will be stored on your computer to remember your preferences, account details and things that most of us take for granted.

Like taking a sledgehammer to a walnut, if the law is passed in the UK – and across the rest of the 27 member states – then all of this usually harmless but necessary behind-the-scenes action will be queried every time you visit a new European-based site.

Also at TechRadar, technology lawyer Struan Robertson observes:

A law that demands consent to internet cookies has been approved and will be in force across the EU within 18 months. It is so breathtakingly stupid that the normally law-abiding business may be tempted to bend the rules to breaking point.

It is true that Internet cookies may have some possible privacy concerns but cookies per se are not bad. They serve many very useful purposes and the heavy-handed EU law is going to cause unnecessary problems.

©2009 The PC Informant. All Rights Reserved.

Today, we are excited to announce the launch of Google Dashboard. Have you ever wondered what data is stored with your Google Account? The Google Dashboard offers a simple view into the data associated with your account — easily and concisely in one location.

The sign-in link to Google Dashboard is here.

Added later: here’s a closer look at Google Dashboard from PC World.

©2009 The PC Informant. All Rights Reserved.

©2009 The PC Informant. All Rights Reserved.

Unfortunately, the Internet has no resemblance to the ordinary environment we are used to. The rules are different. Our ordinary life experience doesn’t hold. The Internet exposes us to hundreds of millions of people all at once. Most of them may be just like us but any very large group contains criminals and other sociopaths. It only takes a small percentage of bad actors to make the Internet a place where precautions must be used.

In fact, using the Internet requires a change of mindset. We cannot rely on strangers to be trustworthy. Instead of trusting, we must approach Internet activities with the assumption that what we do can be exploited in undesirable ways. Personally, I am surprised at how careless people are with what they put on social sites. In their minds they are sharing with a few friends and relatives. Actually, they may be revealing personal information and pictures to a lot of strangers in far off countries who will not hesitate to use what is posted for shady purposes. Even if the purposes are not shady, the information may be used in ways that are disagreeable.

Sunday’s New York Times has an article discussing the consequences of posting pictures of your children. It begins with the experience of one mother who put up pictures of her children on Flickr for relatives to see:

Then a friend sent her an e-mail message with the kind of subject line no parent cares to read: “Oh no — it’s Gracie.”

The message contained a link to Orkut, a social networking site popular in Brazil. Someone had created a fake profile, using headshots of Mrs. Gwozdz’s 4-year-old daughter.

“They gave her a fake name, Melodie Cuthbert, and a relationship status that said she was interested in making friends and dating men,” Mrs. Gwozdz recalled in a recent telephone interview. Other Orkut members had given the profile a “sexy” rating of two and a half hearts.

Unless a social site has strict privacy controls, remember that you are not just sharing with friends and relatives. You are providing material for any one of hundreds of millions of people to do with as they wish. And the Internet is a perpetual archive. What’s “cute” today may look very foolish in ten years time. And even privacy controls are no guarantee. So adjust your mindset and think twice about what you post.

©2009 The PC Informant. All Rights Reserved.

Now here’s a third way to check your patches; it’s Update Checker from File Hippo and was the choice of readers in a recent Lifehacker survey.

All three applications mentioned are freeware.

©2009 The PC Informant. All Rights Reserved.

A lot of the effort involved in establishing a secure computing environment focuses on technological solutions, from providing warnings about phishing attacks to blocking the propagation of botnets. But, as previous research has shown, security involves a significant human component. Nowhere is that more true than the item at the heart of basic security: the humble password. Here, our best practices—something that’s not in the dictionary or written down, differs for every account, etc.—ignores basic research, which shows that humans have a limited capacity to associate random text with, well, just about anything. A new survey of institutional IT users provides a glimpse into just how bad the password situation is, with less than five percent of users managing to use best practices.

One possible solution may be to use biometric methods like finger prints, retinal patterns, etc. In the meantime, use strong passwords and get a password manager.

©2009 The PC Informant. All Rights Reserved.

©2009 The PC Informant. All Rights Reserved.

Do you make online financial transactions from a Windows computer? If so, you may want to re-visit that decision.

It’s a given that almost all malicious software targets Windows. In my opinion, while it is possible to secure a Windows computer, the process is too hard, too time-consuming and/or technically over the head of most people.

Horowitz goes on to explain why he thinks some sort of portable Linux setup is the best solution. Not switching completely to Linux but using one of the Linux distros that run on a CD or a USB key for sensitive transactions. As he explains, it’s not all that complicated to browse the Internet with Firefox and portable Linux.

Yesterday, Adrian Kingsley-Hughes took up this theme in a ZDNet post:

It’s time to ditch Windows for online banking and shopping.

There, I’ve said it.

Last week, FBI Director Robert Mueller told an audience in San Francisco how he nearly fell for a bank phishing email. As a result of this Mueller now doesn’t do any banking on line.

Then Washington Post “Security Fix” columnist Brian Krebs advises businesses not to carry out online banking on Windows-based machines and to use a Linux-based LiveCD.

I’m going one step further, and suggest that no one use Windows for either banking or online shopping. Period.

So, am I saying this to be controversial? No. Am I attacking Windows or Microsoft? Am I trying to start a flame war? No.

So why am I saying this? Simply because I believe that the risk of using Windows outweighs the convenience.

Like Horowitz, he recommends using Linux on a CD.

I do a lot of various transactions on the Internet and I have to say that I am seriously considering using Ubuntu on a CD. The sophistication of the latest bank scams is alarming.

Added later: Here is the article in the Washington Post by Brian Krebs in the Kingsley-Hughes quote mentioned above. It begins:

An investigative series I’ve been writing about organized cyber crime gangs stealing millions of dollars from small to mid-sized businesses has generated more than a few responses from business owners who were concerned about how best to protect themselves from this type of fraud.

The simplest, most cost-effective answer I know of? Don’t use Microsoft Windows when accessing your bank account online.

I do not offer this recommendation lightly (and at the end of this column you’ll find a link to another column wherein I explain an easy-to-use alternative). But I have interviewed dozens of victim companies that lost anywhere from $10,000 to $500,000 dollars because of a single malware infection. I have heard stories worthy of a screenplay about the myriad ways cyber crooks are evading nearly every security obstacle the banks put in their way.

But regardless of the methods used by the bank or the crooks, all of the attacks shared a single, undeniable common denominator: They succeeded because the bad guys were able to plant malicious software that gave them complete control over the victim’s Windows computer.

©2009 The PC Informant. All Rights Reserved.

©2009 The PC Informant. All Rights Reserved.

You can also check out links within an email but be very careful not to actually open a link. Right-click a link you want to investigate and choose “Properties” from the context menu. Then you can read what the link actually is. Note that what appears to be the link in the text of an email can say anything. What counts is the actual underlying HTML and that is what you can read by right-clicking. Whatever you do, don’t enter sensitive personal information into any form opened from an email unless you are 100% sure of its origin. Instead of using an email link, go to the Web site of your bank or whatever institution directly.

How can you tell if an URL is a phish once you read it? Check every component very carefully. Phishers are clever at placing pieces of what seems like legitimate destinations in an URL. But something will always look suspicious. For example, check the country code. Does your bank send emails from China?

A number of anti-malware programs now have link scanners that you can use to check if a link is legitimate. However, these scanners depend on some sort of database and the database may not be up to date. Phishers often use a link for a few hours only and then abandon it for a new one. So a clean bill of health from a link scanner is not definitive.

In addition to my article on the components of a link that is mentioned above, you can look at a recent post from SEOmoz, called SEO Cheat Sheet: Anatomy of A URL

©2009 The PC Informant. All Rights Reserved.