Most systems have security suites nowa¬days. The bad guys know that, so when they can't finagle a Trojan onto your system, they fall back on more ancient techniques-they'll try to scam you. As a result, many spam filters specifically identify "phishing" e-mails-messages meant to defraud. And security suites often include phishing protection at the browser level; if you try to visit a known fraudulent site, this protection stops you before any harm is done, Phishing sites come and go rapidly, so the suites gener¬ally use some kind of heuristic analysis to identify brand-new phishing pages. But if they don't do a better job than the antiphishing built into Firefox 2 and IE7, there's no point.

Another common feature prevents transmission of user-defined private data via e-mail, 1M, or Web forms. The suite should let you define exceptions for each piece of private data, so you can (for example) enter your PayPal password at the PayPal site, but not at a fake PayPal site that got past the phishing protection,
The private data should be stored in encrypted form and never displayed¬not even to the administrator. The best implementations of this feature allow you to define whether to block unequivo¬cally or let the user choose, with different settings for different users. That way you can, for instance, prevent your kids from giving your home address and phone number to their "new Internet friend," but freely enter it yourself when needed.

Name: Protect Your Identity.jpg Views: 21 Size: 20.7 KB

NIS 2008's approach is unusual. Its Identity Safe records your personal info and enters it automatically (or on demand) in the appropriate fields on known safe sites. Because you don't type the data yourself, there's no opportunity for a keylogger to snag it, not even a hardware keylogger. Similarly, the feature can memorize usernames and passwords for secure Web sites and automatically reenter the info for you. At the opposite end of the passwords but doesn't help you gather or enter them.