Safe computing

Introduction
Use an anti-virus
Use firewalls
Use passwords
Check for software updates
Log off and clear your cache
Secure your downloaded information
Beware of P2P networks
Test your computer
Additional resources

Introduction

We have taken strong measures to ensure the security and the confidentiality of your tax information. However, it is equally important that you, the user take precautions to help keep your information safe and secure.

This document summarizes the main risks involved in using the Internet and the steps you can take to minimize these risks. While it includes links to Web sites that can offer more detailed information as well as useful products, please keep in mind that these links are provided for your convenience only. The products available have not been tested by, and are not endorsed by Dr Tax Software Inc.-UFile.ca.

Use anti-virus software

You should always use up-to-date anti-virus software that is capable of scanning files and email messages for viruses and trojan horses. This can prevent your files from being corrupted or lost, and save you hours of frustration as you try to restore an infected computer system.

See also:

• Choosing Your Anti-virus Software
• Anti-Virus Product Developers Consortium

Use personal firewalls

Any computer or device connected to the Internet that is not properly protected is vulnerable to a variety of malicious intrusions and attacks. This concerns all users of cable modem, digital subscriber line (DSL), and dial-up. However, users of cable modem and DSL are particularly vulnerable as both methods provide "always on" connection capability. The likelihood of a malicious intruder acessing your system increases significantly the longer your computer is on and connected to the Internet.

A personal firewall will help protect you from such intrusion. Firewalls create a barrier between your computer and the Internet. A firewall can be a hardware device, a software application, or a combination of the two. Firewalls can prevent malicious attacks and block certain types of data from entering your computer or private network. They can also be set up to alert you if anyone attempts to access your system.

See also:

• How do firewalls work?
• PC Firewall Community
• Personal Internet firewalls that really work!

Use strong passwords

Passwords are used by computer systems and Web sites to verify your identity. When you log in to a secure Web site using a password, you are granted appropriate access to available services and resources. If someone else knows or guesses your password, they can access the same resources and do whatever you can do, under your identity.

Always choose unique passwords that include letters and numbers. Longer passwords that consist of eight or more characters and a mix of letters, numbers and special characters are much more difficult for an intruder to figure out than shorter, more straightforward passwords. You should also avoid choosing obvious passwords such as the names of family members or pets, birth dates, etc. which might be easy for others to guess.

See also:

• Microsoft tips for creating strong passwords

Keep your software up-to-date

Because the software you use and the Internet itself can impact the security of your online activities, you should watch for security bulletins that warn you about various security holes or bugs, which can harm the software you are using including your Web browser.

It is imperative that you visit the Web sites of your operating system and Web browser vendors periodically for software patches and updates. Some operating systems and other software can be configured to check for new updates automatically and/or provide for email notification of new security updates.

To access current Microsoft patches, please visit the Windows update Web site.

Remember to log off and clear your cache

Once you have finished conducting online transactions or visiting secure Web sites, remember to properly log off and close your browser window. This will ensure that any information that is cached or stored on your computer or in your browser is erased. It will also prevent others from subsequently being able to view this information. This is especially important if you are sharing a computer with other people.

If you choose to leave your computer running after completing activities in an encrypted area of a Web site, you should still take the time to clear your cache, then quit and restart your browser in order to eliminate copies of Web pages that may have been stored automatically on your computer's hard drive.

For more information on clearing or deleting your cache, please refer to the Help feature of your Web browser.

Secure your downloaded tax information

UFile enables you to download your tax return in the form of a ".pdf" file, which you can view and print using the Adobe Acrobat program installed on your computer.

Also available for downloading is your ".tax" file, which enables you to submit your federal tax return to the CRA via their NETFILE service. Quebec taxpayers may also download their ".mrq" file to submit their Quebec tax return to the MRQ via NETFILE Quebec.

Because these downloads (.pdf, .tax and .mrq) contain your tax information as well as some of your personal data, you should take the necessary precautions to safeguard them should your computer system become compromised. If you are unable to remember where you saved these files, use the Search or Find feature from your Start menu to locate them on your computer. Their default names are "return04*.pdf", "net04*.tax" and "net04*.mrq" respectively.

Consider following these recommendations for safeguarding your .pdf, .tax and .mrq files:

• Save or move these files from your personal computer onto removable media such as a diskette or a CD-ROM. Label and store this media securely along with your other confidential information. You may be required to produce these files again later on in the event of a dispute over the filing of your return.

  UFile will continue to safely store your tax information online and you can return with your username and password to generate these files again, if need be. If you prefer, however, you can delete your files from the UFile servers by using the delete feature found under Utilities when you log in to UFile.

• You may want to use some of the tools available on the market to help secure your confidential data further. For instance:

  • Compressing your files into a password protected ZIP file provides a measure of protection against casual users who do not have the password and are trying to determine the contents of your files. Some compression tools like PKZIP now include strong encryption.

  • Encryption programs are available which allow you to encrypt and password-protect specific files or entire directories which contain all your confidential files. Some of these tools use strong encryption which can thwart more than casual hackers.

    For file compression and encryption software, see:

    PKZIP with desktop security
    WebAttack File Encryption Tools
    File Buddy
    Cryptomite
    

Beware of P2P file sharing networks

While facilitating file sharing and searching for multimedia files (.mpeg or .mp3), services like Kazaa, Bearshare, Imesh and others do a poor job of preventing you from compromising potentially sensitive files (.doc, .xls, etc.) Users who appreciate the simplicity of downloading files provided by a P2P network can inadvertently allow access to their private data files such as email, tax reports, work related spreadsheets, and other private documents. It is important that you review your file sharing settings when using such applications. These systems are often installed by children or young adults on the family's computer without any regard for the risk of exposing their parents' files to the rest of the world.

Click here for information on P2P sharing networks.

Test your computer for security vulnerabilities

If you are running any version of Windows, you probably share files and printers. The "NetBIOS file sharing port" is the single largest security hole for Windows workstations running on a network. For potentiel intruders, the payoff from finding open Windows shares is so important that many scanning programs have been written specifically for the purpose of finding open ports such as this one. Closing it should be a high priority for you.

There are several tools currently available on the Web that you can use to test your computer system for security vulnerabilities. For more information, see:

• Greetings! Without your knowledge or explicit permission...
• Symantec Security Check
• Microsoft Baseline Security Analyzer (advanced users)

Additional resources

• Security and Privacy Basics for Home Users
• SOHO Security Best Practices
• Securing your LAN
• 5 key elements for your PC security plan
• Hackers and vandals and worms, oh my!

• CRA - NETFILE security
• CRA - FAQ's about NETFILE security

............
<< Back