Shopping online: What holiday consumers need to know

The holidays are upon us and online shopping this year is up 55 percent over last year. Millions of people are trusting the Internet and the Web to do more of their shopping.

With more e-shopping comes some online security risks from which to protect yourself.

Kraig Lane understands that it takes integrated security to ward off the bad guys. Lane is group product manager at Symantec, the makers of Norton computer security software products like Norton AntiVirus.

Kraig took a few minutes this week to bring us up to speed on the current cyber security threats and some good tips to have a safe online shopping experience and to keep our computers safe and secure from those worms, viruses and hackers roaming the Internet year-round looking for unsecured computers.

Q: Let’s talk about some of the real threats online users face. What should Internet users really be concerned about now, especially during the holidays with online shopping and giving out personal information?

Kraig: This is a great time to think about security. I always remind people that the first thing is to use the same kind of common sense they use when shopping in physical stores. If it is hard to find a Website’s privacy policy, if they see a lot of misspellings or the deal seems too good to be true, I’d like them to move to a different site, just like I’d move to a different store if the real world store made me feel uncomfortable. That also includes asking me for too much information that doesn’t seem to be needed for the transaction.

Q: Are there more risks during the holidays?

Kraig: Since the computer bad guys know a lot of people are making transactions during the holidays, it’s a great time for them to find credit card numbers and personal information that’s traveling around the Internet. I remind people this is the time to check if their general security protection is up-to-date.

There are new products and services that can afford them extra protection. For instance, their credit card companies are coming up with ways to make people more comfortable making Web purchases. They now have single-use credit card numbers. They issue a number that is only active once. You type it into your order form on an online site and it goes into your credit account, but that number can never be used again. If the bad guy rips you off and tries to make additional purchases, it comes up as an invalid credit card number.
Our Norton Internet Security software has a feature that will warn them whenever their credit card information or Social Security number is being sent from their computer. So if you’re typing your credit card number into an online order form, it will tell you your credit card is being sent. You can say that’s okay because you’re placing an order. But if you’re just browsing a Website and your credit card number is sent at that point, you can stop it. That’s how some of these Spyware programs and old Trojan Horses work.

Q: These spyware, adware and key-stroke logging programs are a new thing to some of us. How do they typically get on your computer?

Kraig: The keystroke logging programs are normally attached to a Trojan Horse which is a program that is disguised as something you might find a valuable so you install it, but it turns out to be devious. It will have a keystroke logger buried inside. In the old days, computer users had to take some sort of action to install one of these Trojan Horses and now, with some of these fast-spreading Internet worms, the guy sitting at his computer doesn’t have to do anything. As long as his computer is on the Internet or he is visiting a Web page, one of the Spyware can be installed on your machine clandestinely. At Norton, we call those “extended threats.”

Q: What about Adware?

Kraig: AdWare is embedded into a software product, normally a shareware or low-cost program. Part of the reason it is low-cost is they’re trading personal information about you. It’s similar to some of the grocery stores that have clubs were they track what you are purchasing so they can sell it to advertisers, and in return they give you a discount on your groceries.

I use my private information like currency. I can trade someone information about myself but I want something in return. What I don’t like is to find people’s hands in my pockets when I don’t know they are there.

Spyware is taking the concept of Adware and using it in a way that you’re not going to know about it and it starts stealing your credit card information, your Social Security number, passwords you might type in – setting themselves up to do an identity theft.

Q: So there are scripts or viruses that will locate your keystrokes and recorded information and send it off to another server, right?

Kraig: Most of the Spyware falls into the keystroke logger category where they try to watch you type in and catch it on the way by. There are others that will search for certain types of files they know are invaluable. Quicken files have been targeted a lot in the past because it’s a popular program that a lot of people have and it contains a lot of valuable information. It especially likes the older Quicken versions that didn’t have a lot of security in them and if people don’t encrypt their Quicken files, it makes it even easier. If they can, they might even send the whole file to themselves and that allows the bad guys to inspect your Quicken files over days and break into them at leisure.

Q: I’ve heard about personal firewalls. What are they and why are they important?

Kraig: A lot of people are scared of firewalls – they sound geeky. Its originally something that was designed for apartment buildings as a special wall that would keep a fire from spreading all over the building. Same thing is happening on the Internet. When a “fire” is burning – one of these big worms spreading – the firewall keeps those worms from spreading onto your computer. It’s really nice for computers that are permanently on the Internet, like the DSL or cable modem customers. Even for dial-up modem users, we find that fast-spreading worms will infect your computer in the 10 or 15 minutes that you’re on checking your e-mail.

Q: Symantec uses the term “Integrated Security.” Why should computer users consider this approach to protection?

Kraig: Almost everybody has antivirus software installed on your computer these days, although a lot of them are not up-to-date. As viruses continue to evolve, they get nastier payloads inside of them. I find that most people don’t know the difference between an Internet Worm that might be deflected by a firewall or a virus that would be caught by anti-virus software. They just think of them all as bad things. I like to recommend this one box called “Norton Internet Security” that combines everything you need to be safe today. It includes security features like full antivirus protection and full firewall software, but it also has another technology called Intrusion Detection, which help us catch threats that never touch certain parts of your computer. There are new nasty threats that try to hide themselves from traditional protection technologies and we can sniff those out using this third leg of our stool called IDS. It also includes features that just make your time on the Internet more enjoyable: the pop-up ad blocker and the spam protection. You can buy each of these separately but I like to tell people to buy what I call our “Greatest Hits Album,” where we make sure everything all works together and you don’t have to worry about which threat is attacking. You know you’re covered from all of them.

Information about Norton Internet Security software and its Spyware-combating programs is at

For more conversation with Kraig Lane, the full interview will broadcast Saturday on KLAY 1180 AM at 11 a.m. and again on Tuesday on KVTI 90.9 FM at 10 p.m. It will also be available at Dana Greenlee is co-host/producer of the WebTalkGuys Radio Show, a Tacoma-based radio and Webcast show featuring technology news and interviews.