Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo


Unsupported browser: Your browser does not meet modern web standards. See how it scores »

{ action.text }

In recent months, I’ve met at least three people who have been the victim of hackers who’ve taken over their Gmail accounts and sent out e-mails to everyone in the address book.

The e-mails, which appear legitimate, claim that the person has been robbed while traveling and begs that money be wired so that the person can get home. What makes the scam even more effective is that it tends to happen to people who are actually traveling abroad—making it more likely that friends and families will be duped.

Although it’s widely believed that a strong password is one of the best defenses against online fraud, hackers increasingly employ highly effective ways for compromising accounts that do not require guessing passwords.

This means that it is more important than ever to practice “defensive computing”—and to have a plan in place for what to do if your account is compromised.

Malware. Sometimes called the “advanced persistent threat,” a broad range of software that was programmed with evil intent is running on tens of millions of computers throughout the world.

These programs can capture usernames and passwords as you type them, send the data to remote websites, and even open up a “proxy” so that attackers can type commands into a Web browser running on your very computer. This makes today’s state-of-the-art security measures—like strong passwords and key fobs—more or less useless, since the bad guys type their commands on your computer after you’ve authenticated.

Today, the primary defense against malware is antivirus software, but increasingly, the best malware doesn’t get caught for days, weeks, or even months after it’s been released into the wild. Because antivirus software is failing, many organizations now recommend antediluvian security precautions, such as not clicking on links and not opening files you receive by e-mail unless you know that the mail is legitimate. Unfortunately, there is no tool for assessing legitimacy.

Windows XP. According to the website w3schools, roughly 33 percent of the computers browsing the Internet are running Windows XP. That’s a problem, because unlike Windows 7, XP is uniquely susceptible to many of today’s most pernicious malware threats. Windows 7, and especially Windows 7 running on 64-bit computers, has security features built in to the operating system such as address space randomization and a non-executable data area. These protections will never be added to Windows XP. Thus, as a general rule, you should not use Windows XP on a computer that’s connected to the Internet. Tell that to the 33 percent.

Kiosk computers. You should avoid using public computers at hotels, airports, libraries, and “business centers” to access webmail accounts, because there is simply no way to tell if these computers are infected with malware or not. And many of them are running Windows XP. So avoid them.

7 comments. Share your thoughts »

Credit: Pedro Miguel Sousa

Tagged: Web

Reprints and Permissions | Send feedback to the editor

From the Archives


Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me