A lot of people wonder just how much information their computers are communicating
to web sites when they visit. On this page, I try to explain what is and isn’t
provided to a web site when you visit it. If you have questions that aren’t answered here,
feel free to send me feedback
and I’ll try to get back to you with an answer.
Summary of Questions
Can web sites look at my hard drive?
Not directly, no. While other computers (and their owners) may attempt to access your computer,
web servers (the computers that hold Web sites) in themselves are not designed to look
at anything; they just provide web content. If the organization or individual running the Web site
that you visit is running just the web server, you should be safe.
Even from a technical standpoint, visiting a web site is a pretty simple process: First, the web
browser program running on your computer contacts the web server at the site you want to visit, via
the Internet. Then it asks the web server to send the contents of the page or pages you want to
see. Finally, the web server sends the pages you requested back to your computer, and your browser
displays them on your screen. All of this happens automatically when you type in the name of the site
you want to see, or when you click on a link in a page. Nothing in this exchange allows the web site
to look at your hard drive.
Furthermore, web pages themselves are quite simple as well, internally: they just contain
plain text, plus a few “keywords” to tell your computer how to format the text, and images
(pictures). None of this is dangerous to your computer, and certainly none of it allows a web site to
look at the hard drive of your computer, or anything else.
All of the above applies to basic web surfing, using a basic browser or a browser with all
the bells and whistles turned off. If you are using a fancy browser, however (such as
Microsoft Internet Explorer, Firefox, Opera, etc.), there is some potential risk, in
certain situations—not really anything as drastic as erasing your hard drive or anything, but
still things you should know about. See the next question, below, for details.
[Return to Summary]
What about the stories I hear about security problems?
The stories you may have heard about “holes” in the security of the web that might
allow web sites to trash your computer always involve one of two special circumstances: (1) a bug
in a web browser program that allows a web site to somehow request some sort of evil action on your
computer when you visit the site, or (2) the use of so-called scripts and
active content, which allow a web site to cause your computer to carry out certain
actions, exactly as if a computer program were executing on your own machine.
In the first case, a number of bugs have been discovered in various fancy web browsers (mostly
Microsoft Internet Explorer and Netscape Navigator) that allow an evil-minded web site
to get your computer to do things that it shouldn't, such as deleting files or executing commands on
your computer without your knowledge. All of these bugs are corrected as soon as they are discovered,
so they don't exist for very long; you can visit the web site of your own browser's manufacturer to
see if any security updates for your browser are available to correct bugs. Most of these bugs have
never actually been used by the bad guys, either—they are filled only to prevent the bad guys
from using them at some point in the future.
The reason these bugs exist is that browser manufacturers (especially the industry leaders) race
each other to see who can put the most features into a browser first. The fancier the browser becomes,
the more potential there is for various bugs to develop that allow the browser to be misused by a
dishonest web site. Simple browsers (such as the old NCSA Mosaic browser,
or the text-only
Lynx browser, both of which are free) have very few bugs, because (1) they are so simple
in construction that they are unlikely to contain security bugs, and (2) they don't have any of
the fancy features that open potential security holes, such as active content and scripting. This
means that you are theoretically safer with a very primitive browser. The only problem with this is
that very primitive browsers are missing many features that make web surfing fun, so you sacrifice a
lot in exchange for a little bit of extra safety (I don't think it's worth the sacrifice in
In the case of the more common, fancy browsers, the risk is in the fact that a web page can
contain scripts (programs that the browser executes on your own computer) or active
content (tiny programs that are downloaded onto your computer to provide special features,
such as moving video and audio). While these features are extremely handy under normal conditions and
make the Web-surfing experience more interesting, they can both be abused by unethical Web site
operators. There are many safeguards in the fancy browsers that support these features, but the
features are so complex that it is difficult to be sure that all the security holes are closed.
Fortunately, most holes are discovered by manufacturers or honest people before the bad guys use
them. Furthermore, as stated previously, simple browsers don’t even recognize these fancy
features, so they can be used to visit any Web site in relative safety.
If you are truly paranoid, most of the fancier browsers let you selectively turn off any features
that you consider too risky. For example, you can disallow the use of scripts in Web sites that you
visit if you change the options in your browser. The flip side to this is that it can make some Web
sites difficult to view, since many of them depend on these fancy features nowadays. The choice is up
to you. I have just about everything turned off in my browsers, but I'm relatively paranoid compared
to most people.
[Return to Summary]
Does your web site contain any of these scripts or active stuff?
contents) if you arrive on the site from a link directly to one of my pages. A handful of other pages
also contain scripting (such as my Cool Wallpaper
section that contains some scripting to display thumbnail images of wallpaper). The site banner
sometimes contains scripting to help me gather global statistics for my site. Other than that, my site
contains only pictures, text, and a few sounds. I don't use ActiveX controls, Flash
content, or Shockwave content anywhere. You're quite safe here.
I believe that content is more important than fancy features. Mine is a minority viewpoint,
however, judging from what I've seen elsewhere on the Web.
[Return to Summary]
Is there a way to turn all the scripts and active stuff off?
Usually, yes. If you are using a standard version of Microsoft Internet Explorer 6.0, for
example, you can look under the Tools | Options | Security menu and disable things like
scripts, active content, or whatever you want. You can also select a general security level (from
high to low) that automatically sets all the other options appropriately, which is handy because there
are many, many options to look at if you set them yourself individually. By default, most of the
advanced features are enabled, since most people are more interested in having fun surfing the Web
than in security. That is, if you decide to disable these things, your browser will be slightly more
secure, but there will also be quite a few Web sites that won't be completely accessible to you, since
many of them try to use one of these advanced features.
For other browsers, you'll have to consult the documentation to figure out how to turn these
things off. Some browsers don't support these advanced features, so there is nothing to turn off.
Others won't let you turn them off (uh-oh!).
Be forewarned that some sites—especially those that expect you to use customized versions of
Internet Explorer—depend heavily on active content (especially the very popular
Flash animations), and won't work at all if you turn off the advanced features (assuming you
can even find a way to turn them off). The Microsoft Network is in this category, for example,
as are a number of other major Internet providers.
[Return to Summary]
Is there a way for web sites to find out my e-mail address?
In most cases, no. However, a few web browsers will give your e-mail address (if they know what it
is) to a web site when you visit it. The SPRY Mosaic browser is said to be one of these, for
example. Microsoft Internet Explorer and Netscape Navigator (I think) do not reveal your
e-mail address to web sites.
I have encountered a few web sites that attempt to secretly send mail from your computer to a
specific address whenever you visit the site. They usually do this with some clever web-page coding
and scripting. Whether or not this works depends on whether or not your browser can handle scripts,
and whether or not your e-mail program can send mail on its own, without telling you.
The browser I use on my own machine (Microsoft Internet Explorer) can handle scripts
(although I usually keep scripts turned off), but my e-mail program (Microsoft Outlook Express)
won't send e-mail without asking me first, so if a web site tries to scam my e-mail address, it won't
work. That's how I discovered that some sites try to do this.
[Return to Summary]
Can a web site discover who I am or where I live?
No. Of course, if a web site asks you to fill out a form with your name and address
and other personal information, and you do so, obviously the site operator can find out who you
are—but that's not your computer's fault, is it? There isn't any way for a web site to find out
these things automatically, without asking you explicitly.
Your web browser sends a small amount of information automatically to every site you visit. For
example, if you are visiting a site with Internet Explorer 6.0, your browser will give every
web site you visit the following information:
- The name and version of the browser you are using.
- The languages your browser supports. This means English, Japanese, or whatever
other languages you have installed.
- The kinds of files that your browser can display. This always includes text
and images, obviously, but it can also include things like spreadsheets, word-processing
documents, and the like, if your computer is set up to be able to display these within
your browser. I suppose a site could figure out what kinds of software you have on your
computer based on this, but I don't really see that as a big deal. My browser announces that it
can handle Word, PowerPoint, and Excel documents, for example, because I
have Microsoft Office installed.
- The size of your computer screen (that is, the number of pixels it can
display), and the number of colors it can handle. This is useful to allow a web site to
adjust the web pages it displays to match your screen, in some cases (although hardly any sites
take advantage of that).
- The operating system your computer is running: Windows 95/98,
Windows NT, MacOS, Linux, etc.
- The type of computer you have: a PC, a Mac, etc.
None of this is terribly personal information, as you can see. It is intended mainly to help the
web server at the other end figure out how best to format web pages for your computer (if it is
capable of customizing pages for each user).
More recent versions of web browsers tend to be a bit more conservative in what they send to the
In addition to the above, most web sites keep a log of all visitors to the site, mostly for
statistical and security purposes. This log doesn't contain any personal information, but it does
contain information from which interesting conclusions can be derived. I cover this in a separate question, below.
It is possible to match your IP address (the number that
identifies your computer while you are on the Internet) to yourself personally, if the Web-site
administrator can persuade your online service to cooperate, or if your computer is permanently
connected to the Internet (one glaring example I once saw was the New Zealand parliament—when someone from their network
visits my site, I could actually see the full name of the person visiting in my logs!). However,
online services usually don't cooperate with anyone who doesn't have a court order and doesn't work
for the government, so the chances of someone casually locating you personally just because you
visited his web site are small indeed. If you don't tell him, he won't know.
Special considerations apply if you have a permanent connection to the Internet, such as
via a cable or DSL modem. In that case, your permanent connection to the mighty Net
makes you more vulnerable, so you should be more careful.
[Return to Summary]
What sort of information do web sites log?
Just about all web servers automatically log every visit to the site. These logs are stored for
examination by system administrators, or by statistical or accounting programs. Typically, the
information logged by web servers includes the following:
- Your IP address. I explain the IP address in a separate
- Any identifying information your browser sent to the web site. This would
include a user account name, for example. Browsers don't normally send information like this to
a web site unless access to the site requires some sort of account name or password (the account
name is logged in that case, although the password isn't, for security reasons).
- The date and time.
- The exact web page you accessed.
- Whether or not your request for the page was successfully satisifed.
- The amount of data transferred when sending you the page.
- The “referrer URL.” This is the URL (i.e., the name) of the
page you were on when you clicked towards the page on this server. For example, if you were on
Jane's page and reached the current page by clicking on a link in her page, the referrer URL
will point to Jane's page. This allows a site administrator to figure out how people are
reaching his site. If you type a URL directly into your browser to reach a page, the referrer
URL in the web server's logs will be blank (you just “came from nowhere” in that
- The type of browser you are using.
Most of the data above is just dry technical information, and you can see that it is the sort of
information that is very useful for compiling general statistics. However, you can reach other
interesting conclusions by examining it carefully.
Let me provide an example. I know, based on the logs kept on my own site, that someone visited my
site on July 29, 1997, at 14:28 GMT (probably 8:28 AM local time, based on the visitor's location, but
I can't be sure), using the PC in his or her office at a large New York-based financial-services
company. This person had found my site by doing a search at http://www.excite.com for web pages containing the words
“Eiffel Tower.” One of the links from his or her search led to the pictures of the Eiffel Tower that I have in my Photo Gallery. The visitor spent about a minute and a
half looking at the pictures of the Tower that I have on my site, then he or she left. This person was
using Netscape Navigator 3.0 Gold, and was running a PC using Windows NT. I know what
the person looked at while he or she was here, and at what time, and from what location (roughly), but
I don't actually know who the person was. In short, I know that someone looked for pictures of
the Eiffel Tower on the Web using his office PC, found my pictures, spent a minute or two looking at
them, and then left. This is the kind of information that I can obtain from logs.
It was on the basis of my logs that I originally started to add more pictures of Paris to my site.
I noticed that a lot of people were visiting specifically to see the pictures.
[Return to Summary]
What is an IP address?
An IP address (IP stands for Internet
Protocol) is the Internet equivalent of a telephone number.
Every computer connected to the Internet has an IP address, and no two computers on the Internet
have the same IP address. This is very much like the telephone system, in which every telephone in
the world has its own, unique telephone number. Anyway, when your computer wants to talk to another
computer, it contacts the other computer using its IP address; at the same time, your computer
provides its own IP address to the other computer, so that the other computer knows which computer is
waiting for an answer. This latter function is similar to the Caller ID feature found in many
modern telephone systems that displays a caller's telephone number, except that, on the Internet, this
feature is required, not optional (it's the only way for two computers to set up a two-way
If your computer is permanently connected to the Internet (at the office, for example, or via a
cable or DSL connection from home), it probably has a fixed IP address. The
address is assigned by your ISP and never changes. In addition, your computer in this case will often
be given a name (called a hostname) so that other computers on the Internet can identify you by
name, instead of only by IP address.
If you connect your computer to the Internet by dialing through a modem, chances are that
the online service that is providing you with access to the Internet gives you a temporary IP address
(chosen from a pool of available addresses) at the time you connect, and then frees this address for
use by someone else when you disconnect. Your IP address in this case is relatively unpredictable, and
it changes from one connection to another (although it stays the same for the duration of a single
connection). Since no IP address is permanently associated with your computer (and since you are not
connected 24 hours a day), your computer doesn't have a hostname. The practice of assigning IP
addresses on the fly like this is called dynamic addressing. Not only is this used by online
services, but it is also used by many corporate networks to limit and control connections from the
company's internal network to the outside Internet, for security reasons.
The IP address itself looks like four numbers, separated by periods. The IP address of the
computer you are using now, for example, is 220.127.116.11.
Any computer on the Internet can contact your computer simply by connecting to this IP
addressand in fact that's exactly what the computer holding my Web site is doing right now (in
order to send you this page). My computer knows the IP address of your computer because your computer
provided it when you visited my site (this is mandatory—without your IP address, my computer
can't send you the Web pages you request).
Of course, you probably reached here by typing something like www.atkielski.com. The name www.atkielski.com is the hostname (also called a fully-qualified domain
name or FQDN) of my web server.
When you type a hostname or a domain name, various computers on the Internet called
nameservers examine the name and look it up in a worldwide directory of IP addresses. When you
type www.atkielski.com, for example, the nameservers look this up
and return the IP address for that name, which is the IP address of my web server. Your computer then
uses this IP address to connect to my web site.
This whole domain name system (DNS) works very much like a printed telephone directory
works for the telephone system, except that the Internet automatically looks up a name and matches it
to an IP address—you don't have to do this yourself. DNS makes it hugely easier for human
beings to locate computers on the Internet, because it allows them to specify easily-remembered names
instead of numbers.
If your computer is connected only temporarily to the Internet, via a modem
and a telephone line, you don't have a fixed IP address, and so you don't have a permanent
hostname or domain name; instead, you have a temporary IP address, and probably a temporary
hostname as well—but the hostname is just the name that is assigned to your temporary IP
address, and it is usually something weird, like ec2-54-234-42-16.compute-1.amazonaws.com. If your computer is permanently
connected to the Internet via a cable or DSL connection, you may have a permanent
(or nearly permanent) IP address, and you do have a hostname—but the hostname is likely to be
just as weird as the temporary hostnames given to dial-up connections (although some companies will
actually put part of your name in the hostname, to make it easier to identify your line).
It is impossible for IP addresses to be concealed. Whenever two computers communicate over the
Internet, they both know each other's IP address. As a result, you're never completely anonymous on
the Internet, although tracking down an IP address can be extremely difficult, especially in the case
of computers that are only temporarily connected via a modem (because they never have the same IP
address twice, and they often don’t have a domain name that you can look up).
[Return to Summary]
Is it safe to buy things online from a Web site?
It depends on the circumstances.
Normally, everything that passes between a Web site and your browser is “in the
clear”; that is, anyone monitoring the traffic over the Internet between you and the Web
site can see what you are doing. If you happen to be transmitting a credit-card number or
something, such a person could obtain that by watching the exchange between you and the Web site.
However, even though this type of eavesdropping is entirely possible technically (and routinely
conducted by some government agencies), the likelihood of a bad guy actually doing this just in the
hope of getting personal information from you is extremely low. For what it's worth, I don't know of
any cases of this actually happening. So, buying things online isn't significantly less secure than
ordering them by telephone. In fact, it may be considerably more secure, because online
purchases often do not involve human beings (and thus reduce the opportunities for
fraud), whereas telephone and mail purchases require human intervention at some point.
If you are paranoid (like me), however, there are ways to increase the security of a transaction
on the Web. The easiest way is to use a “secure connection” between you and the Web site;
many sites that offer online purchase of goods and services use this type of connection. It looks just
like a normal visit to a Web site—you don't see anything different (except perhaps a tiny
padlock icon on your browser's status bar, in some browsers)—but all the information
between your computer and the Web site is encrypted, making it unintelligible to anyone who
might be monitoring the traffic between you and the site. This makes any attempt to obtain
confidential information by eavesdropping billions of times harder (literally!), so it is pretty
secure. It's not 100% secure, of course, but unless you are carrying out transactions worth billions
of dollars or something, it would not be worth any crook's time to try to break into the connection
and uncover the information you're exchanging with the Web site.
I consider secure connections to be sufficient for most purposes. With a secure connection, you're
more likely to be shafted by the business running the Web site than by any eavesdropping on the
connection, so there's little point in worrying about the latter. In fact, I feel more comfortable
buying things online than purchasing by telephone or by mail—with online purchases, there are
often no human eyes looking at my credit-card information.
[Return to Summary]
What are “cookies”?
“Cookies” are small blobs of information that are stored on your computer when you
visit some web sites. Essentially, the web site asks your browser to save a small amount of
information on your computer. The next time you visit the same web site, your browser sends this saved
information back to the site. The web site can also ask to update the information on your computer, if
necessary. That's about it.
The dangers of cookies are dramatically exaggerated. Cookies are used by web sites to save
information between your visits to the sites, in order to save time. For example, if you visit a large
site with many different pages, the site may send your computer a cookie with the names of the pages
you visited most. The next time you visit the site, it will use this cookie (sent back automatically
by your browser) to immediately send you to the pages you were visiting last time, so that you don't
have to navigate through the entire site again. This is what cookies were designed for.
Cookies do not carry viruses, they do not damage your machine, and they do not give web sites any
personal information about you that they did not already have. They are pretty harmless. Even I don't
worry about cookies, and I have a reputation for paranoia.
If you are really worried about cookies, some browsers (such as Microsoft Internet
Explorer) give you the option of refusing to accept them. If you do this, though, some sites might
not work correctly when you visit them, since they might expect to receive cookies from you from a
previous visit. I just leave cookies enabled on my own browser.
[Return to Summary]
How can I prevent my kids from visiting web sites I don't want them to see?
The Internet is an extremely safe place, overall. However, there are sites that some parents might
not wish their children to see: adult sites, sites espousing unacceptable religious or political
views, sites featuring graphic depictions of Bad Things, or whatever. There are a number of ways in
which you, as a parent, can restrict what your children see on the Web.
The most obvious and best way to control what your children see is to surf with
them. Not only do you thus have a say in what they see, but you can explain things to them and
help them find sites that interest them (there are many sites that are designed especially for
children on the Internet).
If you are unwilling or unable to spend time surfing with your child, you can use site
ratings to control what they see, if your browser supports it. Site ratings are like movie
ratings, except that an appropriate browser (such as Microsoft Internet Explorer) will actually
refuse to let a child visit sites with inappropriate ratings (or without any ratings at all). My own
site is rated with two rating services: ICRA, which
is the industry leader in Web ratings, and SafeSurf, an organization run primarily by parents. These
organizations allow sites to rate themselves. Both of these organizations use the PICS rating
system, which is built into Microsoft Internet Explorer; I think the latest versions of
Netscape support it, too.
Another method of controlling access is to install software that examines every Internet reference
a child makes from the PC and censors inappropriate access. For example, a software product can check
the domain name of a Web site and grant or deny access on the PC side. CyberPatrol is one of the oldest and best-known of these
No solution, short of actually spending time surfing with your child, can completely prevent him
or her from reaching Internet sites that you might find objectionable. However, the techniques and
products mentioned above do a pretty good job. A very computer-literate teenager might be able to get
around them to a limited extent, but smaller children and toddlers should be adequately protected
(unless they are computer prodigies or something).
[Return to Summary]
I want to put up my own web page. Is it safe?
Some online services allow their subscribers to publish their own, personal web sites. If you
subscribe to such a service, you may have considered publishing a site of your own, and you may have
wondered how “safe” doing so might be.
In general, it's as safe as you choose to make it. The only information people can obtain from
your web site is the information that you choose to publish on the site. Keep in mind that anyone
in the world can visit your web site, so don't publish anything that you would not want to see on
the front page of the New York Times. It's probably best to avoid publishing your
address or telephone number; most people limit this type of information to their names and e-mail
If your site is linked to any other site, there is a good chance that it will be “sniffed
out” by search engines on the Web, and that it will soon be indexed by services such as Alta Vista. People will be able to look
up pages on your site by searching with appropriate keywords. As a result, be sure that you publish
only things that you don't mind communicating to strangers.
Keep in mind that any e-mail addresses you publish on your site may be sniffed out by
robots and added to junk-mail address lists.
If you allow your children to publish their own web pages, it is probably best to
especially avoid providing any identifying information on those pages (full name, address,
Many people put pictures of themselves on their web pages. I'm one of a paranoid minority that
prefers not to include photographs on a site. However, there probably isn't very much risk in it, and
it's pretty much a matter of personal preference.
Remember also that nothing prevents anyone from downloading anything you put on your web site. You
should include appropriate copyright notices for any material you publish on the site
(including your own material). Nevertheless, you should realize that information on your site can be
easily stolen for use by others, with or without a copyright. A picture of you on the site, for
example, could be downloaded by someone and distributed in a magazine without your approval. Once
something has been distributed in this way, there is no way to call it back. Information you provide
on your Web site may still be available on the Internet, somewhere, even years after you take down the
site itself. It's something to keep in mind.
[Return to Summary]
Can my computer be infected by a virus from a web site?
Ordinary web pages cannot transmit computer viruses, so you have little to fear, as a general
rule. If your browser cannot handle scripting or other active content, you have nothing to fear.
If you have a more advanced browser, such as Microsoft Internet Explorer or Netscape
Navigator, there is a small risk. Browsers like these allow you to accept “active
content” from web sites. What this essentially means is that you can automatically download
actual programs from web sites and execute them on your PC. If such a program is infected with a
virus, your computer may catch it. This is something you might wish to be careful about.
In the same way, you can catch viruses from software you download from free software sites,
just as you can catch viruses from infected diskettes. Here again, caution is in order.
In general, you should avoid downloading anything from a site you do not or cannot trust.
If a site tries to download active components (Internet Explorer will normally warn you of this
and ask if you wish to proceed if it happens, usually displaying a kind of certificate with the name
of the company that publishes the component), don't accept the download unless you trust the company
that published the component.
Overall, though, virus infections from visits to web sites are virtually unknown, so the risk is
there, but not high enough to worry a great deal about.
[Return to Summary]
Can other people access my computer while I'm online?
Yes—if they know, or can obtain,
your IP address.
If you are connected directly to the Internet with a fixed
IP address and a domain name (using a
cable or DSL connection, for example), anyone can
attempt to access your computer, by sending a message to its
This is how web servers and other computers permanently set up
to answer connections from other computers
If you are accessing the Internet through a dial-up
connection and an ordinary modem, however, you don't
have a permanent IP address.
As a result, the only way that another
computer (and the person behind it) can access your computer is
if the other computer finds out your IP
address, which is pretty much impossible unless you talk to the
other computer first (in which case it
will see your IP address in your messages). Thus, while a random
attack against your computer is
theoretically possible, in practice the chances of it happening
are insignificant, since it's too hard for another
computer to discover your IP address during the relatively short
period of a single connection.
In both cases, the situation changes once you connect
to another computer. When you establish the connection with
the other computer, your computer will tell it your IP
address, so that the other computer can
answer you. From that point onward
(at least until you hang up the telephone and close the connection),
it knows your IP address and can
send unsolicited messages to you.
The risk here depends on how your computer is set up. If another
computer sends your computer a request
to see the web pages on your site, your computer will typically
just ignore the request, because your
computer isn't a web server. If another computer tries to send
you a request to transfer files, your
computer will ignore that, too, because it isn't set up to work as
a file server. In fact, your
computer will ignore just about any incoming connection that it isn't
expecting, which means that, even
if another computer discovers your IP address, it won't necessarily
be able to do anything with it.
There are a few exceptions to the above. If you have “shared”
folders or printers on your computer (if you
don't know what this means, you probably haven't done it), it's possible
for other computers on
the Internet to attempt to access your shares directly, under certain
conditions, so beware. Similarly, if
you are running a fancy operating system like Windows NT Server,
there are lots of services
that other computers can request from your computer over the Internet.
However, if you were running
a fancy operating system like that on your computer, you'd already be
aware of all this, and so you probably
wouldn't be reading this FAQ.
In summary, yes, other computers on the Internet can theoretically
access your computer while you are
connected to the Internet, but it's not easy, and it's not very likely
to happen, unless you
have a permanent connection to the network (see below).
[Return to Summary]
Are cable and DSL connections to the Internet dangerous?
There's nothing inherently dangerous about a cable or DSL
connection to the Internet, if you are careful.
There is a greater potential risk to these connections, however,
because they keep you connected to the Internet
all the time, with a fixed IP address, and this makes
it much easier for bad guys on the Net to
attack your machine. If you are using a connection of this kind,
your computer will be scanned by
bad guys sooner or later—it's just a matter of time. It's
important to be prepared for that inevitability.
The main precaution to take with a permanent connection to the
Internet is to make sure that you leave no
“open doors” on your computer. On a Windows
computer, the most common and obvious of these is file and
printer sharing. If you are using file and printer sharing,
turn it off, or protect all shared folders and
printers with passwords.
There are many other potential holes in security that
your machine might have, although most of them exist
only if you have put them there yourself explicitly. The
range of risk items and corrective actions is too
great to cover here—whole sites are devoted to the subject.
However, if you turn off file and printer sharing, and
if you aren't doing anything unusual on your computer (such as
running a personal web server), you should
If you are running a computer with a server operating system
such as Windows NT Server or UNIX,
there are many potential holes that you must carefully plug or avoid.
If you're reading this, though, you probably
aren't running one of these fancy operating systems.
A very easy way to secure your computer on the Internet is
to install a personal firewall, such as
I recommend this for any computer
that is permanently connected to the Internet via a DSL
or cable connection.
[Return to Summary]