Joel May likes cookies. They make him feel more at home.
“My analogy is: I used to go to this corner men’s store,” May says. “They knew all my sizes, my preferences for Arrow shirts. Now I go to [a chain clothier] and it’s so impersonal.”
This is how it works for him online too. When you visit a website, it drops a cookie into your computer system, a little piece of code that recognizes you when you return to that site. Amazon.com will suggest books for you once you’ve bought one there, for example. A site like Amazon will come to learn your preferences and tastes, and for May that’s a good thing.
But cookies have a dark side, and May will discuss this when he presents “The Most Dangerous Places On the Web,” a free workshop on Tuesday, July 5, at 2 p.m. at the Ewing Senior and Community Center, 999 Lower Ferry Road. Call 609-882-5086, or visit www.ewingsnet.com.
May grew up in Hershey, Pennsylvania, the son of a radio announcer, and attended Albright College in Reading, earning a bachelor of science in economics in l957. He then moved to the University of Chicago, where he received a masters in business administration and a doctorate in economics and statistics, and stayed on as an instructor.
In l977 he joined the faculty of the School of Public Health at the University of Medicine and Dentistry of New Jersey. Later he took on the presidency of the Health Research and Educational Trust in Princeton, until his retirement in l995.
He had worked with mainframe computers throughout the 1960s and ’70s, but it wasn’t until Christmas, 1979, that May moved into the home computer area. “My wife and I were discussing the big present we wanted to get,” May says. “It was between a VCR and a home computer, and I won.”
Since then computers and their ever-changing pros and cons have been a hobby of May’s. And though he has grown to like cookies in the Internet age, he says the problem is that cyber-villains have learned to love them too.
“Every site you visit has the possibility of containing a virus or malware,” May says. Some are just more prone to trouble. The obvious ones are gambling and porn sites. May says these kinds of sites are more likely to hide danger than most because of the amount of traffic they draw and the types of personalities who would seek them out. Visitors to such sites tend to be risk-takers or non-worriers, he says. They are more willing to follow links, and often that leads your computer into bad neighborhoods.
More than just cookies are out there. As easily as a site can drop a cookie into your hard drive, May says, criminals can drop tiny lines of code in there too, sometimes without you even knowing about it.
#b#You’ve got a problem#/b#. One of the most overt ways cyber-villains get malware into your computer is through the false anti-malware or anti-virus pop-up, May says. A very convincing-looking page full of dire warnings pops up, then begs you to download the anti-malware program before it’s too late.
Surprise, you’re downloading malware. Worse, the legitimate-looking software asks you to buy it for guaranteed protection, but all you’re doing, says May, is giving criminals your credit card number. And worse still, the program you’ve just downloaded might be one of those sophisticated programs that records all your keystrokes, allowing the criminals to learn your passwords, account numbers, addresses, and anything else you type.
#b#Beware the tiny#/b#. Twitter became a phenomenon precisely because you have so little room in which to say anything. And in order to fit sometimes bulky website addresses into a tweet and still stay within 140 characters, users often are forced to “tiny” the address — shrinking an address into a smaller link with fewer characters.
Crooks were quick to pick up on the value of the tiny URL. May says criminals often use these links to send people to infectious pages, and the problem is most common on Twitter and Facebook, which use tiny URLs more frequently than most sites.
#b#PDF and Flash troubles#/b#. In 2009 Symantec, one of the largest computer security companies in the world, reported that 49 percent of all web-based attacks were linked to PDFs. Much of the trouble came through the most popular PDF reader, Adobe Acrobat, May says.
Like Flash, which allows browsers to play animation on websites, the problem with Acrobat is not the program, it is the popularity. The fact that Acrobat and Flash are essentially the default software for their respective applications makes them irresistible to hackers.
An additional issue with Flash is that cookies from Flash sites do not get dumped with the rest of your cookies, May says. A pending revamp to the Internet, html 5, he says, is designed to mitigate that flaw. But until everyone is using it, danger will still lurk in Flash and its permanent cookies.
#b#What you can do#/b#. There are three main ways to stay safe. One is to avoid obviously risky pages, such as gambling sites or anything that pops up and asks you for money.
The second is to always stay on top of software updates and upgrades. Acrobat, for example, is updated frequently, in a race to stay ahead of newer and sneakier malware. Update plug-ins and programs as often as possible, particularly anti-malware or anti-virus programs. The more current they are, the safer you are.
The third way to stay out of harm, May says, is to look into alternative programs and software. He, for instance, does not use Acrobat to read PDF files, he uses Nuance. Fox-It is another good program, he says, just as the browser Chrome (by Google) is a good alternative to Internet Explorer (by Microsoft). The comparatively few users of these programs are far enough in the periphery, May says, that criminals do not spend much time looking for victims.
May admits that his own computers have been infected, proving that even those who stay up on technology can stumble across trouble too. Experience and wariness go a long way toward saving people trouble, though, especially with the Internet’s most popular criminal tool, phishing.
Phishing, like phony anti-malware pop-ups, look like legitimate invitations or pleas for help. Criminals mock up pages to look like those of legitimate companies, banks, or insurance providers, then send thousands of them out. If you’re not a customer of the particular bank on the ad, you are not likely to log in.
But if you are a customer, word of trouble with your account might get you to sign in.
May’s cyber-cynicism saved the day for him recently when an E-mail from a friend implored him to help, he says. It was an E-mail from a real friend, claiming that she was stranded in England and needed money. “It almost got me,” he says. “But I felt compelled to call her first.”