How to Browse the Internet Safely
Many people think your computer can only be infected by directly downloading a file, which in completely wrong. People also think, just having an anti-virus, means they will never become infected. The internet can be one of the best places, yet one of the worst. Considering malware is becoming more and more advanced daily (becoming undetectable, hiding under legitimate process names, disguising as Java applets or ActiveX components, etc.) We need to be on our toes to prevent the chances of becoming infected. I will be covering safety tips to keep your computer safe from infections.
Download an Anti-Virus
An anti-virus or an 'AV', is a type of software that is used to find, protect, and remove malware. Many of the newest anti-virus software comes with great web protection, which can be vital to ensure your safety online. AV's with web protection can help you by warning you how safe a website is. Take AVG for example; it shows icons or 'Reputation Shield' next to a website in a search saying how safe the website is. (ie. Clean :
Download a Firewall
A firewall is a piece of software that is an essential part of your protection online. It can prevent DDoS/DoS attacks, it can prevent a hacker from infiltrating your network, shares your privacy to a greater degree, etc. Below is a list of a few, great firewalls. All have been recommended by numerous people.- Comodo Firewall
- Online Armor
- Zone Alarm
Avoid Java Drive-By's
What is a 'Java Drive-by'? A Java Drive-by is a download, but it disguises itself to be a Java applet, or an ActiveX component, and is installed without the user's notice. The drive-by usually occurs once you open a web page.The user would see that a pop-up would ask them to 'Run' or 'Cancel'. The normal user would typically click 'Run', because it they might think the clicking 'Run' would continue onto the web page, in actuality, they have just been infected by a malicious file.
How do you prevent this? There are a few ways you can do this.
- Disable Java : Yes, this can be a tad tedious, but if you're really that worried, you can disable Java. You also have the ability to disable Java in your web browsers. This should only be used as your last option!
- Keep your Java Updated : Older versions of Java might have security exploits, which is obviously bad, and we don't want those! If you keep your Java updated to the latest update, some the the drive-by's will be detected, and or patched. You can update the latest Java update here. If you do update Java, be sure to remove the previous versions from your computer, as Java does not.
Avoid Torrents and Other Downloads
Why avoid torrents, when you can get all the music you want, for free? Because some files in torrents might be binded to other files; namely a form of malware. It's okay to use torrents, but be careful with what you download, and always try to download from a trusted user. Same thing goes for regular downloads, this includes; games, movies, music, pictures, etc. For example, you see a program online you like, and you don't want to pay for it, it's possible it can be infected. Be hasty when downloading, it can be binded with a malware. Before downloading any type of file off the internet, please read the comments about the download if there are any. It could be the thing that prevents you from getting infected. In no way, shape, or form, am I saying stop using torrents, and downloading offline, just be careful.Media files (ie. .mp3, .avi., .jpg, etc.) that are binded with malware can be easy to spot if you're good with computers. If a media file was binded with malware, it would be called something along the lines of; Songname.mp3.exe or Songname.mp3.com. If you see '.com' or '.exe' in a media file, steer clear of that file, and remove it from your computer immediately.
How To Check To See if a File is Actually Infected
- Run the file in Sandboxie. Sandboxie is a program that runs other files, programs, URL's, etc. in a secluded place on your computer, without the risk of infection. If you suspect a file is infected, you can run the file in Sandboxie, and see if it drops any traces of malware.
- Run the file in a virtual machine. A virtual machine or a 'VM' is a program that lets you install another Operating System inside the program. This can be great to use for testing infected files, because you can run the file on the VM's Operating System, and not on your main one. This can save you from becoming infected.
- Submit the file to online malware file scanners/analyzers, such as; Virus Total, NoVirusThanks, Anubis. Virus Total and NoVirusThanks are used to scan the submitted file to different anti-viruses, and gives you the results back. While Anubis, on the other hand, actually sees what the submitted file does to a computer, with information, such as; Temporary Files created, Registry changes, Affected files, etc. These websites are outstanding when it comes to analyzing and scanning files.
- Scan the file with your anti-virus. It's as simple as it sounds. It might not be the most effective solution, but it's quick and easy.
Avoid Phishers
'Phishing' is the technique of stealing user names and password through a fake log-in page. The fake log-in page tends to look similar, if not, identical to the original page. If you enter your information into the illegitimate log-in page, the log-in info you used will be sent to the hacker, without your knowledge of this happening. 'Tab-Nabbing'
Recently, there has been a new type of a phishing attack discovered. It is called 'tab-nabbing'. Here's what it does: Say you log into Facebook, and you need to open a new tab for whatever reason. Once it is detected you are away from the web page, the 'tab-nabber' changes the 'favicon' of the web page (in this case, Facebook.) It then typically redirects you from the page, and asks you to log into the page again. You normally wouldn't think it could be harmful to you at the moment, because you see the 'favicon' and you think you're logging into the original website.Source. Also thanks to, Xch4ng3, for informing myself about 'tab-nabbing'.
How to Prevent Falling Victim to a Phisher
- Always check the URL address of the website you are about to sign into. For example, a phisher for Live, could be 'Live.freewebs.com'. A website often used to be posed as, is Facebook.
- Don't give out your information in e-mails that pretend to be your bank account. This is a very common method of stealing one's credentials. The victim will receive an e-mail from their 'bank', asking for their credit card number, name, etc. to verify themselves, or something of the sort. The hacker then uses the information given by the victim to commit fraud, identification theft, etc. Sadly, multiple people fall victim to this.
- Avoid 'generators'. What I mean by that, is avoid programs or web pages that say they can give you "free points" or "free membership." None of them are real, and are either malicious, fake, or even a phisher.
Clear Your Cookies
An HTTP cookie, or more commonly known as a 'cookie' is a form of text that is stored into the user's web browser. A cookie can be used for authentication or anything else that is completed through storing data. You can clear your cookies and cache either through your web browser, or using a program such as; ATF Cleaner. The more cookies you have stored, there's higher possibility your internet will run slower. Cookies are not malicious in any way, as they cannot execute themselves. Although, they can be used as spyware, because cookies can track what you do online, and can be used to invade your privacy, or even cause malware related problems in the future.Ways To Avoid Cookies
You can easily avoid cookies by modifying a few settings in your web browser.- Internet Explorer
- Tools > Internet Options > Security Tab > Set security level to "High", or Custom level > Cookies > Disable.
- Mozilla Firefox
- Tools > Options > Privacy > Cookies > Remove the check next to the "Allow sites to set cookies" option.
How To Clear Your Cookies
You can easily clear your cookies, either through a program such as; ATF Cleaner or CCleaner.- Mozilla Firefox
- Click on Tools button > Click on 'Choose Recent History' > Make sure the 'Cookies' box has a check mark next to it > Click the 'Clear Now' button.
- Internet Explorer
- Click on Safety button > Click on 'Clear Browsing History' > Make sure the 'Cookies' box has a check mark next to it > Click the 'Delete' button.
- Google Chrome
- Click on the 'wrench icon' on the toolbar > Click 'Clear Browsing Data' > Place a check mark next to 'Delete Cookies' > Click the 'Clear Browsing Data' button.
Other Tools
Here are a few tools that will keep your computer running smoothly.- Malwarebytes' Anti-Malware is an excellent offline malware scanner.
- ESET Online Scanner is an online malware scanner. This version must be used in Internet Explorer.
- ATF Cleaner is an application that cleans out temporary files, cache, cookies, etc.
- HijackThis is a program that generates a log of many entries. This is an indispensable when it comes to removing finding malware. The log created is analyzed by a HijackThis Helper to determine infections. Other programs and methods are used remove the infections. Never try to remove any entries in HijackThis, it could only cause more harm, if you don't know what you are doing!
Use Common Sense!
It is easy as it sounds! Just use your common sense when it comes to browsing the internet. Many people run their computers and surf the internet without an anti-virus, because they tend to know what's legitimate, and what is not, and always take caution in what they do online. This took me quite a while to type this up. If you guys have any problems, corrections, etc., please tell me, and I'll be sure to fix them. This was originally posted by myself at HackForums. Also, I know this isn't in the correct place, but I asked Bad Blood, and he said to post it here.
