Wed 2 Mar, 2011
Tags: browsers, cybercrime prevention, hazard, hostile software, safety, security, web security
As Monday was about basic online safety and Tuesday was about safe Email use, today’s Security 101 will focus on web surfing specifically. Web surfing is one of the more common uses of online time, as it’s the way to access much of the generally available information (rather than the special-purpose non-”web” internet archives–those are a special case). Accordingly:
- Make sure that you have applied all the updates available for your computer, your browser, and any antivirus program that you might run. The vast majority of infections by hostile software come about as a result of unpatched security updates.
- If you use Windows, do not use Internet Explorer. IE is still tightly integrated into the operating system; as such, any vulnerability in IE that is not patched–either because Microsoft has not released a patch or because you ignored the previous bullet–is a vulnerability in Windows as a whole. Using any other browser (such as Chrome, Firefox, or Opera) will introduce another layer for hostile software to have to go through before it can affect your computer. Additionally, both Chrome and Firefox have numerous plugins (or add-ons or extensions or whatever the browsers are calling them these days) available specifically to make your browsing experience safer. Some of those for Chrome have been discussed here; those available for Firefox are just as easy to find.
- Consider blocking most advertisements. There have been several cases where advertisement servers have been compromised and have ended up serving ads containing hostile software. Text ads are, by their nature, immune to this–though it is still adviseable to be very careful before considering clicking them, as many ads do point to sites of dubious provenance.
- Hover before you click. Especially on sites where users submit links, hover your pointer over the link and look at the address that appears at the bottom when you do so. If you have any doubts about the domain that the link goes to, don’t follow it.
- When in doubt, close the browser. A website can’t hurt you if you don’t have a browser open to it.
- If shopping, or any time that you might enter personal information, make sure that the form has SSL–a technology to keep your information encrypted in transmission–enabled. Most modern browsers have a specific, clear indicator that the page has been encrypted with SSL; for instance, the Chrome browser will turn the address bar green. SSL addresses always start with “https” rather than “http”–double-check to make sure, and don’t put in any personal information unless that’s there.
- Do not give out any personal information other than the bare minimum required. If a site wants more information from you than you feel comfortable providing–especially if, like the Gawker family, they have poor security–consider alternatives instead.
- Avoid downloading any files unless you are sure of the source. Anything more complicated than a basic text file can contain hostile software that can harm your computer, and this risk goes up with the complexity of the file.
- If a website suddenly looks different than what you’re used to–especially if it’s one where you manage your financial information–doublecheck the spelling of the address. There have been many instances of what is referred to as “typosquatting,” where an address only a couple letters off from the official one is bought by someone unrelated to the official website and used for fraudulent purposes. If in doubt, close the browser window or tab and try again.
- If some kind of web content “requires” a plugin to view, do not follow the link from the page. Instead, check to see if you have the plugin installed, and if not, look for the manufacturer’s webpage to find it. Flash, for instance, comes from Adobe; any other source cannot be trusted.
As before, all the other general recommendations still apply: think before you click, and if you’re not sure of a situation, find someone who does this for a living and ask them nicely. Merely keeping “tips” in mind will not keep you safe–only a deep and abiding commitment to safety, and careful use of safe browsing practises, will do that.