Security Fix Live: Safe Online Shopping

Brian Krebs
Security Fix Blogger
Friday, December 7, 2007; 11:00 AM

Security Fix blogger Brian Krebs was online Friday, Dec. 7 at 11 a.m. ET to provide advice on how to protect your personal information when shopping on the Internet.

Read more tips for avoiding Internet scams and ID theft as you search for holiday deals online.

The transcript follows.


Brian Krebs: Greetings, dear Security Fix readers, and happy Friday! We're a tad light on the questions today, so please feel free to drop a query into the hopper if you've got a security or computer-related conundrum, fire away.


Arlington, Va.: BK,

I've got a vista laptop. Zone Alarm tells me that firefox is asking permission to act as a server. I've been clicking deny and making a note to ask you if there's any reason to let firefox do that. Thanks as always.

Brian Krebs: It's important here to look at what Firefox is asking to do. It may ask to be a server, but it's likely to be requesting server status for a local address, such as, or a broadcast address, e.g., 255.0.0.x. This is fine, as it's not asking for permission to go anywhere outside of your network.

There a couple of other places that Firefox will by default ask for permission to go: One is a Google address, and that's because Firefox comes with the Google search bar built-in. The other is likely to be Firefox's update servers, as the browser is configured to phone home each time it's started up to check for updates. Also, pretty much every time the browser is updated with patches or a new version, your firewall will likely ask again for permission to let the browser contact the above-mentioned servers, as most firewalls detect when a program has changed.

Hope that helps.


Rockville, Md. : Brian:

I should know this, but right now I don't even know where to look for an answer without getting lost in the maze.

When I had Ghost, I could boot my computer from a CD then restore from an external drive. Can I do the same with the Windows Vista CD? I am using the Windows backup since I have the new Ghost but am not sure it works with Vista.

Can I boot from the Vista CD and restore from it?


Brian Krebs: The short answer is, yes. The Windows Complete PC Backup and Restore feature is designed to mimic other complete backup utilities like Ghost, which allow you to create a complete image of your drive, store it to another drive, and restore it should something go horribly wrong later on. The Windows installation CD is designed to be used to restore backup images that you have stored on other media, be it another drive or what have you.

For whatever reason, Microsoft's online documentation for this feature is somewhat lacking. I've not had to use this feature myself yet, but the instructions at this link appear to be fairly comprehensive.


Rockville, Md. : I have a firewall, virus checker and Microsoft Defender and use a Linksys router. I think I have it configured for encryption and security, but I am not sure. Is there any web page I can go to that will test my security and give me a report?

Brian Krebs: There are a number of Web sites that will test your firewall setup to help you tell whether or not unwanted traffic is going to make it through your network's defenses. Most of these are fairly straightfoward, and will tell you whether your system is accepting any kind of traffic to any "ports" on your system. Ports can be thought of as separate doors or possible entry points into your network. Chances are, however, that your router will block any and all attempts to access your network from the outside. Software firewalls, like the one that ships with Windows, or Zone Alarm, et. al, are designed to help you manage which programs should be allowed to dial out of your system to the larger internet.

Shields Up

PC Flank

Firewall Leak Tester

You didn't say whether your router is a wireless router or not, but I'm assuming it is. None of these tests will tell you how secure your wireless setup is. Whenever possible, use WPA over WEP encryption, choose a strong (more than 10 character) password/passphrase for the encryption, and pick a decent password (not the default password!!!) for the router itself -- the one used to access the router's configuration settings.


Arlington, Va.: Why is it that when I right click on the start button to explore the directories on my XP machine that it sometimes takes up to a minute to fully populate the file structure? This also happens in some applications where I try to change directories while saving files. Almost like it keeps looking for something not there. I tried trouble shooting by deactivating my firewall, AV, and wireless printer, but they appear not to be the cause. Thanks.

Brian Krebs: I can't conclusively answer your question, but I can take a few stabs. If you have multiple hard drives or hard drive partitions, this can make Windows work harder to display them all. Ditto for USB devices and CD/DVD-ROM drives connected to your PC.

In the nuts-and-bolts department, it may be that your machine has the default amount of system memory installed (that is, not very much). If you're running XP on less than 512 MB of RAM, you're asking for a sluggish system all around. To find out how much RAM you have, go to the Control Panel and click on the System tab. The first window that opens up should list the RAM installed. Upping the amount of RAM can significantly improve system performance.

Beyond that, Windows XP has a couple of annoying and resource-consuming settings that can be changed pretty easily. I'd encourage you to check out which file types and data are shown by default. When you have Windows Explorer open, click on "Tools" menu, and then "Folder Options." From there, click the "View" tab. Deselecting things like "show common tasks in folders," can somewhat increase the responsiveness of Explorer (in my experience) without really taking anything away.


Chantilly, Va.: I have an MS-DOS 3.3 machine, and I want to protect it from the Michaelangelo virus...

Seriously, just wanted to say thanks for all your great work and the very helpful chats and columns!

Brian Krebs: OMG! I read the first part of your question and nearly fell out of my chair. I was thinking "huh, talk about security through obscurity!"

Thanks for the laugh, and the nice comment. Happy Holidays!


Mclean, Va.: I have a wireless network question. Due to the funky layout of my condo, the computers in my upstairs bedroom can barely receive the signal from my wireless router on the first floor. Since moving the router is not really an option, what should I do? Better antennas for the upstairs computers, boost the signal from the router, or both?

Brian Krebs: You have a couple of options, here. Yes, there are bigger, more monstrous antennas you can buy to attach to the wireless router and try to boost its reception/broadcast ability, but these will only marginally help, if at all. They typically don't help your situation, which has to do with the ability of a signal to travel upwards/downwards.

One, less appealing option is to use an external wireless card on your laptop that gets killer reception over longer distances. The Buffalo Technology brand of cards are notable here, in my experience.

Another option is to purchase a wireless repeater or range extender, which should extend the range of your wireless router. The trouble is that so many other repeaters on the market that frankly stink -- either because they only support the weaker WEP wireless encryption or because they're a pain to set up or they don't really extend much of anything. I'd encourage you to read up on the reviews for any range-extender or repeater before buying.

Good luck!


Nashville, Tenn.: Thanks for all the good advice, Brian. I have two questions. First, I signed up for Paypal yesterday; is it a safe way to buy online?

And second, do you still recommend the NoScript utility for everyone? I took your advice and use it, but have to partially allow some pages every time I surf (usually I allow the main .com page only). I tutor novices on computers, and frankly this is one too many burdens for them to handle.

Brian Krebs: If you're signed up for Paypal and want an extra level of peace of mind, you might opt for their anti-fraud token. It's basically just a little key fob that you poke to generate a random six-digit key that you need to enter each time you log in to eBay or Paypal. The idea being that even if someone does steal your username and password, they can't log in to your account without the key fob. I think it still costs $5, and remember that while eBay says you can still log in without it (you have to go through a fairly involved Q/A process), trying to access your account without the fob in hand is not terribly practical.

Also, keep in mind that you can still be fooled by fake Paypal sites, so just be sure that whenever you're going to log in to Paypal that you are in fact at Paypal's site (the Netcraft toolbar will help immensely here.)

As for Noscript, I hear you: there is definitely a learning curve, and disabling/enabling scripting can be a real pain sometimes, particularly on sites that have multiple scripts, and the fact that it's becoming difficult to find a major Web site that doesn't require the use of javascript for some function to work properly.

That said, malicious javascript attacks are NASTY, pervasive, and often ill-detected by anti-virus programs.

At the very least, I'd encourage you or your friends to set up the browser so that it runs under a limited user mdoe, so that anything that tries to use javascript or some other sneaky technique to install software simply will fail. If you haven't already, please see my tutorial on setting up Drop My Rights.


Olney, Md.: Brian, if you can squeeze this in, I got an external antenna for my router and mounted it sideways on a window pane, and the coverage in the room below improved markedly.

Brian Krebs: More advice for the Va person asking about extending the range of a wireless network. As an additional note, I've found that wireless reception depends on a great deal of different factors, and it's rare that one product or add-on works in all settings. Plenty of factors affect wireless reception: the makeup of your walls, objects situated near the router or between the router and the laptop, other wireless devices in the area competing for signals, etc.


Silver Spring, Md.: I am new to internet shopping and still have not done so. I've read about using pay pal, debit card, credit cards. . . which one is the most secure, but user friendly for newbies like me? BTW I use a MAC G5 computer. Thanks for your help, Jam

Brian Krebs: Credit card is the way to go. Even if someone steals your card digits and uses them to buy stuff in your name, the credit card company cannot hold you liable for more than $50 of fraudulent purchases, and it's rare that credit companies ever hold you to even that amount. Avoid using your debit card for online purchases: Even if you are held faultless for fraudulent debit card purchases, the funds missing from your account even temporarily can cause checks to bounce, bounce fees, etc.


Brian Krebs: Well, we had at least one online shopping related question. Thanks to everyone who stopped by, and here's wishing you all a very safe and happy holidays. I've been taking some vacation days this past week, and so the Security Fix blog has been a little light on new content, but it'll be back to normal next week, so please stop by regularly to stay on top of security news and tips. Be safe out there!


Editor's Note: moderators retain editorial control over Discussions and choose the most relevant questions for guests and hosts; guests and hosts can decline to answer questions. is not responsible for any content posted by third parties.

© 2007 The Washington Post Company