Tax time is right around the corner, and if you’re like me and 73+ million others, you’ll be filing electronically this year – especially if you qualify for free e-filing. Before you get started, here are some tips to preventing malware, spyware and other crap from making off with your tax and bank information.
Clean your (Windows-based) computer of any viruses or spyware. There is a growing trend of not running anti-virus, anti-spyware or firewall software. Even if you use real-time scanners, there are a couple of steps you should take:
- Update your software. Most security software apps rely on updates to definition lists and scanning engines. Usually, real-time scanning software automatically updates, but it’s a good idea to hit the update button just to make sure.
- Dump the debris. Empty your temp files and temporary Internet files. Although you can do this manually, I suggest using a software app with an easy-to-use interface and solid reputation in the anti-spyware community, like CCleaner.
- Scan your computer. Real-time scanners typically protect your computer by scanning files as they are used (opened, closed, saved, downloaded, etc), but it’s a good idea to run a manual scan once in a while. After updating, initiate a manual scan and make some coffee – it’ll especially take a while if you enable advanced options like heuristics and archive scanning.
- Get a second opinion. When doing spyware/virus removals, I always use at least two different virus removal programs and several spyware removal apps. IMPORTANT: if you install more than one antivirus software application, enable the real-time scanning engine for only ONE application. My favorite freeware products include:
- Get a third opinion. Use a web-based scanner, like PCPitstop or Trend.
Look for the padlock. Make sure the address starts with https://, which indicates a secure connection with your bank or e-filing institution. You may have to log in before the secure connection is initiated.
File with Linux. Many Linux distributions offer a “live cd” version – pop this disc in your drive, boot from the disc and you have a fresh operating system complete with a browser for online banking and finance. Ubuntu is a popular choice right now (I personally use Kubuntu, as I don’t like the Gnome interface), is frequently updated and is easy to learn. If you become a linux convert, you can easily install the live cd onto your computer to speed bootup and file access. Using a live CD prevents any malware infection possibly residing on your computer from snagging your financial information. Of course, this option only works if you’re filing and banking through an Internet website.
Geek out – use a virtual machine. A “virtual machine” (at least in this context) is a software application that emulates a second computer. By installing a virtual machine application, you create a “sandbox”, or self-contained operating system that does not spread malware and virus infections to the entire computer. This stuff is geeky and doesn’t lend itself to a short description; for more information, see wikipedia’s entry on generic usage of VMWare. Popular virtual machine applications include VMWare (free versions here), Microsoft VirtualPC, Parallels and Xen.
While there are several approaches to installing and using the virtual machine, for maximum security you should format your computer to ensure no virus or malware infections exist, then immediately install the virtual machine for general Internet use. If formatting is not an option, at the very least thoroughly clean your Windows host as outlined above before installing and using the virtual machine. Simply installing a virtual machine inside your existing Windows host for e-filing and banking is not the most secure approach, as keyloggers and malware infecting your host operating system would still have access to information you type into the virtual machine. The idea is to contain infection to the sandboxed virtual machine.
Never, EVER respond to solicitations for information. Paypal doesn’t need to know your username and password, and your bank would never contact you via e-mail with a clickable link and an account termination notice. If in doubt, always verify e-mail solicitations with a phone call.
Have tips of your own? I’d love to hear them – share them in the comments below.