Security Secrets the Bad Guys Don't Want You to Know
You already know the basics of internet security, right?
You know to keep your antivirus program and patches up to date, to be careful where you go on the Internet, and to exercise online street-smarts to resist being tricked into visiting a phishing site or downloading a Trojan horse.
But when you've got the basics covered, but you still don't feel secure, what can you do? Here are a few advanced security tips to help you thwart some of today's most common attacks.
Remember, however, that security is all about trade-offs. With most of these tips, what you gain in security, you lose in convenience. But hey, it's your computer. Be as paranoid as you want to be.
JavaScipt attacks are everywhere. If you use Facebook, you may have seen one of the latest. Lately, scammers have set up illegitimate Facebook pages offering things like a free $500 gift card if you cut and paste some code into your browser's address bar.
By blocking scripting everywhere and then using NoScript to build a whitelist of trusted sites, you can derail most of the so-called Web drive-by attacks that currently plague the Internet.
NoScript also comes with a cross-site scripting blocker. Cross-site scripting has been around for a while, but these days bad guys are using it more frequently than ever to seize control of online accounts on sites such as Facebook and YouTube.
Unfortunately, neither Internet Explorer nor Safari has a NoScript equivalent, but IE users can adjust their Internet Zones security settings to require prompts before scripting. And IE 8 includes new cross-site scripting protection to ward off some attacks.
The downside of all these defensive tactics is inconvenience. With scripting disabled in your browser, many animations, movies, and dynamic Web pages simply won't work--and many users get frustrated by the never-ending cycle of opening a Web page, seeing that it doesn't work properly, and then choosing to allow scripting on that page.
Back Out of Rogue Antivirus Offers
Far too many people have had this experience recently: You're surfing the Web on a totally legitimate site when a scary-looking warning message pops up suddenly. It tells you that your computer is infected. You try to get rid of it, but more windows keep popping up, urging you to scan your computer.
If you do this, the scan invariably finds security problems and offers to sell you software that will take care of the problem. This is rogue antivirus software. The only thing the software does is put money into the pockets of criminals.
Rogue antivirus programs have emerged as one of the most annoying security problems of the past few years. To the victim, the pop-ups can seem like an infection themselves. Every time you try to close a warning window, another one appears.
Here's what you do:
First off, never buy the software. It simply doesn't work, and often it will trash your system. Either press Alt-F4 to close your browser directly or press Ctrl-Alt-Delete to open your system's task manager and shut the browser down from there. Closing the browser generally puts an end to the pop-up problem.
Another way to steer clear of rogue antivirus attacks is to be careful when reading up on a hot news story. The bad guys follow Google Trends and Twitter's Trending topics, and they can quickly promote one of their malicious Web pages to the top of Google search results.
Google tries to control this activity, but when a breaking news story is involved, the evil doers are often one step ahead. "Cut down on the risk of being affected by only reading news sources you trust, or--at the very least--search Google News for news services you haven't seen before," says Sunbelt's Boyd.
Next: Use Less-Popular Apps; Verify That Your Programs Are Up-to-Date