How to practice safe surfing
Some tips and tricks for a safer internet experience
I get support calls from people running firewalls and anti-virus programs and they STILL get malware/worms/viruses/scareware. Sometimes, talking with them, we can pinpoint how they got infected. Usually though it's a mystery. I don't know how they do it. I (knock wood) have not run anti-virus software in about 18 years and haven't had a problem. And here is a truth to keep you up at night - the newer worms and viruses are written in such a way that there is a lag time of two to four weeks before effective means of detection and eradication can be implemented. And even then not all AV products work equally well.
So here are some quick tips to stay safe on the internet. Some require more technical skill than others.
* I'll also note that this was written in 2012 before Windows 7 took off. While all of it applies to XP, much is also applicable to Win7.
1) Surf with a Limited User Account
Windows XP by default gives everyone an Administrator account. This is a very dangerous thing. By some estimates, 90 - 95% of security issues could be eliminated if users had a Limited account. If you are using XP, set up a limited user account for your browser and email client. By doing so, you stop malicious software from being able to install itself. The downside to a Limited account is that you will need to log in as an administrator occasionally to update your software. (Firefox for sure. Flash, Acrobat, and Windows I'm not certain. I've only recently started transitioning users to Limited accounts and haven't found all of the quirks involved.)
[How To: ] (XP) Got to Start -> Settings -> Control Panel -> User Accounts -> Create a new account -> Give it a name like "Internet" and select type of account as Limited. (Vista/Win7) [Instructions later after I reinstall Vista]
If you choose to follow tip #2 below then copying your old account is easy. Log in to the new account, start Firefox (or Opera) then log out and log back in to the administrator account. This creates the subdirectory(folder) for Firefox, copy everything in the Documents and Settings\%Your_user_account_name%\Mozilla\Application Data\Firefox\Profile\%some_weird_string_of_random_letters.default%\ subdirectory to the same location under the new Internet account (note: the random letters will be different). For Opera, copy everything in the ...Application Data\Opera subdirectory that has Bookmarks.adr. For Internet Explorer users, good luck.
[How To: ] (XP) Got to Start -> Settings -> Control Panel -> User Accounts -> Create a new account -> Give it a name like "Internet" and select type of account as Limited. (Vista/Win7) [Instructions later after I reinstall Vista]
If you choose to follow tip #2 below then copying your old account is easy. Log in to the new account, start Firefox (or Opera) then log out and log back in to the administrator account. This creates the subdirectory(folder) for Firefox, copy everything in the Documents and Settings\%Your_user_account_name%\Mozilla\Application Data\Firefox\Profile\%some_weird_string_of_random_letters.default%\ subdirectory to the same location under the new Internet account (note: the random letters will be different). For Opera, copy everything in the ...Application Data\Opera subdirectory that has Bookmarks.adr. For Internet Explorer users, good luck.
2) Switch Web Browsers
Most surfers click on the big blue 'E' to go to the internet not knowing any better. I won't go into the myriad of reasons why Internet Explorer (IE) is such a poor choice for a web browser here. I will just recommend installing Opera [Homepage] or Firefox [Homepage]. Both have been technologically superior to IE for many years and are far more customizable than IE. Check out "Speed Dial" on Opera and Personalities for Firefox. Links to some of the better/more popular extensions to Firefox are on my downloads page.
3) Adobe Acrobat Reader
Comes with JavaScript enabled by default and Adobe refuses to listen to the security community and change this. A very popular exploit making the rounds currently is the pdf file embedded in a banner ad ("ad poisoning"). There you are surfing along happily looking at pictures of cats that can't spell when all of a sudden Adobe pops open and BAM! you're infected. With JavaScript turned off, you'll be aware of what's happening because Acrobat is forced to ask if you want to run JavaScript in the current document. Well of course not. Tell it "No" and close Acrobat and continue on. I suspect this is the cause of quite a few of the problems I've dealt with lately. More about this problem here (ignore the registry stuff).
[How To: ] In the Acrobat Reader menu go to Edit -> Preferences -> JavaScript -> uncheck the box marked "Enable JavaScript". Then go to Preferences -> Trust Manager -> uncheck the box marked "Allow documents to open other files..." (note: you may have to do this every time you update Acrobat Reader [Homepage]) You could also download an alternative pdf reader such as Foxit Reader
[How To: ] In the Acrobat Reader menu go to Edit -> Preferences -> JavaScript -> uncheck the box marked "Enable JavaScript". Then go to Preferences -> Trust Manager -> uncheck the box marked "Allow documents to open other files..." (note: you may have to do this every time you update Acrobat Reader [Homepage]) You could also download an alternative pdf reader such as Foxit Reader
4) Change your Windows theme
Some malware shows up as a warning popup in the bright blue XP theme colors trying to trick you into thinking it's a Windows security notice when the reality is that clicking on the image installs their malcious software. These images are now starting to show up looking like Vista warnings - an obvious color/theme difference. By changing the color/theme of your desktop, you can tell legitimate warnings from most fake ones.
[How To: ] Right click on the desktop (wallpaper) -> Properties -> Appearance -> Color Scheme and select a different color.
[How To: ] Right click on the desktop (wallpaper) -> Properties -> Appearance -> Color Scheme and select a different color.
5) Click on the 'X'
If you do encounter a suspicious popup (with optional running counter as if it is really scanning your computer and usually telling you that it's infected with a bazillion viruses) close the tab or, for a popup, click the red 'X' in the upper right corner like closing any other window. Never click "Cancel" as this will likely just ok it to install it's payload.
6) Ignore Anti-Virus alerts online
[see 5 above] You click on a link and get redirected to a page usually with a running counter/scanner that tells you you're infected. Ignore and close tab. Don't click ANYTHING on the page. Otherwise it will be right - you WILL be infected. [see 8 below]
7) Video Codecs and Players
When watching/downloading video DO NOT download extra codecs or viewers. My brother can tell you this is true. If it can't be viewed in Flash, Windows Media Player(WMP), VLC, or your choice of viewer, and tells you you need to download a special viewer/codec then it is not likely legit. The only codec you should ever need to install is ffdshow [Homepage]. Also keep Flash updated (see the Adobe link above))
8) Don't Install Anything
Ok that's rather broad and not likely but this is a good time to discuss what is safe to download. There are quite a few good security programs and utilities available for free. Yes free. Gratis. Nada dinero. Bupkis. See my recommendations page for some of the better ones. If a site wants to sell you some software or, worse yet, scare you into buying their software [see 6 above], don't fall for it. Yes I include McAfee and Norton/Symantic here. I believe they are bloated, overpriced products. The most you should ever have to spend is a paypal donation to a worthy project if you like their software. Other safe sites to download programs from are Downloads.com and Sourceforge. Just check the reviews first. And, when in doubt, look the program up on Wikipedia. If it helps you sleep at night then go ahead and install an anti-virus program. I suggest looking into Avast and AVG first or using the TeaTimer utility in Spybot Search&Destroy before installing McAfee or Symantic products. Most Registry cleaners/optimizers should also be avoided as they generally do little to no good. one exception
9) Use ZoneAlarm
ZoneAlarm is a far better firewall than the one built into XP (Vista/7 may be better than XP's). It will block traffic both incoming AND outgoing. Because of this heightened level of security, unfortunately, it asks for more permissions which can confuse the average user. Or worse - get them in the habit of blindly clicking whatever it asks like Vista's UAC.
[Download here]
[Download here]
10) Turn off Autoplay
Another security mistake on Microsoft's part. this is how worms like conficker spread. It's a good idea to shut off autoplay for all drives except your optical CD/DVD drives. Here is a good link that covers both 9 and 10. This can also be done with Microsoft's TweakUI utility available here or at the Microsoft website. Update - As of 1/2011, this one may have been fixed with a security update.
11) Show File Extensions
This one is in the top 10 stupidest things Microsoft ever did. I'll make a list some time. It's the reason the Kournakova worm spread several years back. By turning this off, email readers didn't know they were opening "Kournakova.jpg.exe" (an executable file) because Windows showed them "Kournakova.jpg". [see 9 above to fix]
[How To: ] Windows Explorer->Tools->Folder Options->View-> Uncheck "Hide extensions for known file types"
[How To: ] Windows Explorer->Tools->Folder Options->View-> Uncheck "Hide extensions for known file types"
12) Email Attachments
Now that you've turned on file extensions, you can see just what kind of file that attachment really is. Be wary of email attachments and if someone sends you one of the following, email them back to confirm that they really did send it. Files that shouldn't be run include ".exe", ".bat", ".pif", ".com", ".ini", and ".vbs". These are the most common.
Some safe (and common) extensions are ".jpg", ".gif", ".bmp", ".avi", ".wmv" (unless it says it needs a codec [see 7 above]), ".pdf" (unless it wants to run javascript [see 3 above]) and ".doc" and ".xls".
Some safe (and common) extensions are ".jpg", ".gif", ".bmp", ".avi", ".wmv" (unless it says it needs a codec [see 7 above]), ".pdf" (unless it wants to run javascript [see 3 above]) and ".doc" and ".xls".
13) Phishing Scams
(coming soon) Password stealing, spotting fake domains and such
14) Dump Windows and Try Linux
For the really brave souls out there.
Actually, it's not that bad. There are many flavors of Linux out there but the one I recommend isUbuntu Linux Mint. The current version of Ubuntu/Kubuntu Linux is incredibly easy to set up and the package manager makes it a breeze to install new software. The Kubuntu version tries to mimic the Windows look and feel to make the transition easy and there is a program to do pretty much everything that you would on Windows. This includes:
• Microsoft Office -> OpenOffice
• Word -> Writer
• Excel -> Calc
• PhotoShop -> The GIMP(Gnu Image Manipulation Program)
• IE -> Opera, Firefox
• WMP -> VLC, Totem, Audacious, etc.
Most of which have Windows versions so you can try them out before making the switch. For a Computer user who doesn't need Windows-only software like Quicken/Quickbooks, this is a viable alternative. Another bonus, besides the cost (free), is that performance/responsiveness is better because there is little need for an anti-virus program and Linux is less resource-hungry.
[How To: ] Read more about and get Ubuntu here and Kubuntu here.
Actually, it's not that bad. There are many flavors of Linux out there but the one I recommend is
• Microsoft Office -> OpenOffice
• Word -> Writer
• Excel -> Calc
• PhotoShop -> The GIMP(Gnu Image Manipulation Program)
• IE -> Opera, Firefox
• WMP -> VLC, Totem, Audacious, etc.
Most of which have Windows versions so you can try them out before making the switch. For a Computer user who doesn't need Windows-only software like Quicken/Quickbooks, this is a viable alternative. Another bonus, besides the cost (free), is that performance/responsiveness is better because there is little need for an anti-virus program and Linux is less resource-hungry.
[How To: ] Read more about and get Ubuntu here and Kubuntu here.