For time being you are better off keeping your security outside of your e-mail or word processing package, and exchanging attachments that are fully protected and not relying upon any of different systems that people are using. That way you increase security of result and do not have to rely on complex interactions between proprietary systems.

It may not be as elegant, but it will take you a lot further than relying on a specific e-mail service and will give you, for time being, a much more secure result.

Introduction

For last ten years or so we have become increasingly reliant on e-mail. It is ubiquitous, and unlike real mail it can chase us from continent to continent in seconds. For better or worse we now have ability to conduct next worst thing to conversation, but in writing.

Of course, and despite all advice, we treat this ability as if it were same as personal conversation. Private. Off record. We also assume that no-one else is going to be able to read it, and that it can’t ever get into wrong hands.

Slowly but surely we are finding out, hard way, that, as in words of song, “It ain’t necessarily so.” What we are doing is like sending picture postcards through mail. It appears that everyone from our e-mail administrator to half hacking community can pick up what we are doing, even off internal network.

Enter answer – secure e-mail (Se-mail?). Run it just like ordinary mail but click on secure button and you’re done. Shangri-La! But is it for real or is it yet another of IT pipe dreams?

Silver Bullet Syndrome

This is not a new disease. Far from it. This is a regular epidemic every time someone goes near IT security allergy. Somehow or other it seems obvious to anyone that immense complexity of computer can be made safe and secure by a single act (the laying on of hands perhaps?). Despite fact that every day experience teaches us how difficult it is to get a computer to anything without us making a significant contribution, security is supposed to happen without any thought or planning (even less than putting something in a brown envelope rather than a see-through folder).

Manufacturers have been quick to recognize two things. The first has been that they need to service their customers more so that they can charge more. The second is that despite all claims about standards in security, cold hard reality is that there are hardly any.

What, no standards?

Well, almost none. We have S/MIME (version 2 or 3?) to sort out how you might sign and encrypt streams going from one e-mail client to another. That’s fine except that you need ‘PKI’ standards sitting behind S/MIME to make it useful, and there seem to be more of those than you can shake a stick at. This is a case where there are so many different standards (and even more interpretations of them) that in effect you have no standards.

If you want to think about standards in terms of manufacturer’s products (after all, dominant suppliers and monopolies set standards of a kind) then picture is more like this. We have Outlook Express and Outlook (not same thing even if they are from same stable) and HotMail. To that we must add Eudora, Lotus Notes and AOL (Compuserve). We have an increasing number of web-mail products such as Yahoo and Lycos, just in case others weren’t enough. And we haven’t yet begun to mention all various brands of ‘secure’ mail that exist, including PGP. Can you believe that all of these interoperate smoothly and seamlessly with each other?

So we can conclude that standards are not yet in a position to help us.

Our objectives

Somewhere in security debate, you lose, as we seem in danger of doing, sight of what your objective actually is because technology debate is so much more confusing.

The objective for user might be summarized as follows (borrowing from paper world):

- to be certain what they send goes to right person/place; - to be certain that right person/place can read information; - to be able to use signed information as proof to a court or other body; - to stop wrong people from reading personal and private information.

It seems everyone has an opinion about best software and advice for keeping your computer safe from viruses and online predators. The following will help you increase your online security and usually without spending a dime!

Zone Alarm

Zone Alarm offers several versions of their popular firewall software with various options for increased security. The basic firewall software comes free of charge and ranks among most highly rated firewalls available. The paid version helps you to eliminate everything from pop-up windows to unwanted advertising and also helps you track hackers back to their source.

Visit www.zonealarm.com to download your copy today, especially if you don't already carry a firewall on your system.

The Guru Of Security

Visit www.grc.com if you want a real "eye opener!" Frankly, some of things I saw on this website shocked me. I had no idea so many potential problems existed for breaches in your online security.

But what also shocked me was how simple most of "fixes" rate for securing your computer against attack. It became very apparent to me that most computer hackers don't exploit hardware or software weaknesses, they actually exploit our ignorance about simple steps we should take to protect ourselves and others.