Seattle Tops Symantec's List of Cybercrime Cities

Sure you have a firewall, but what about people photographing you through the window? Thanks to Flickr pool member mangpages!

It's like the Los Angeles Times only cares about Seattle if we're jumping off bridges or exposing ourselves to cybercrime. The story now is one of those virally successful PR efforts, based on computer crime busters Symantec rating 50 U.S. cities "using 24-million security sensors that monitor malicious-attack activity around the globe."

They counted up PC attacks, viruses and worms, and bot-infected computers used to send spam or transmit malware, checked the frequency of the attacks, and weighed behavior like connecting to public Wi-Fi shopping online without a secure connection.

Says Symantec, Seattle is top of the charts on almost every risk factor. But let's take this with a grain of salt. I asked Mark Rushing, systems analyst and open-source pusher at Orbis Lumen, for his take. Mark would have wanted to confirm that we're talking about actually illegal acts, rather than the sexy, all-purpose "cybercrime," and to know more about the role of false positives in "attacks" reported by virus software. But here are his initial responses.

So, cybercrime mecca Seattle: hooey or not hooey?

Probably a little of both. It's marketing. You're supposed to be scared and buy Norton/Symantec products. I notice that Fox News seems to have taken the largest interest in this story.

Is security even possible any more?

Complete security has never been, and will never be, possible. You can only take precautions. The more precautions you take, the more inconvenient and impractical your experiences can become. And interestingly, the more privacy you seem give up.

What are some basic precautions people just don't "get around to"?

The best protection is increasing your awareness. If you want to be safer, you must be aware of your environment. Learning is the best thing you can do. Alas, people prefer packaged conveniences, it seems, so they buy Norton/Symantec products, or buy AVG products (or use their free one). But this lets them observe all you and your computer is doing.

Better to use an operating system that is based upon best practices in the underlying science and technology, rather than predominantly marketing forces. Your conveniences always come at a cost, and those conveniences are rarely the best (and often not even the simplest) way to do things.

And of course, don't use the same password for every site. Use unique, harder passwords for sites with access to your bank accounts. Don't install software from places you do not know or trust. Etc., etc.

Have you ever solved the "I change my password so frequently I now forget what it is 95 percent of the time?" problem?

Well, it's probably better to have a strong password than to change it frequently, and passwords should always be encrypted in transit. Encryption certificate and keying mechanisms are great, too. Some people use "password vaults" on their computers to store passwords, using a "master key password" to allow access to them. I have seen no studies on the effectiveness of these things, particularly the ones where you grant all programs access to it, after entering your master password one time only.

The best thing is to have several passwords. Personally, have only a few strong passwords I've used over the years, and have never had any problems. Sites I don't care about I use my weakest password. Sites I moderately care about and trust more I use a stronger one. Sites that have more important things for me, I use unique and strong passwords. I store all passwords in an encrypted file on my hard drive--encrypted with GNU Privacy Guard (GPG) encryption.

Changing your passwords frequently will not matter much if you have a keystroke logger on your system, however.

What are some advanced precautions?

The most advanced thing you can do is strike out on your own. Almost all virus problems are targeted toward Microsoft platforms. Start running another operating system (like Ubuntu). It's very easy now, and can usually run alongside your Microsoft installation, giving you time to readjust. And it will import a lot of things you use over. After a little bit of readjustment, it won't even seem advanced any more, and in many ways, far more sensible and easy. (and free, as in both cost and freedom!)

Public Wi-Fi: the devil's work?

No, public wi-fi is wonderful. It's fast, free Internet access while you're out wandering about. Just be sure you're using a good operating system, that it is up-to-date, and that you are running a firewall. Always make sure passwords and browser session information is being encrypted.