Keeping Safe Online

Last week, the New York Times (via Yahoo) posted an article
on five ways to keep safe online.  They have blurbs and excerpts on each one,
but here they are with my summaries.

  1. Use a secure browser.  The article suggests that because
    Internet Explorer and Firefox are the most popular browsers, they are the most
    targeted. That’s true, and they go on to suggest that you should use the most
    recent version and install security updates.  Again these are both good pieces
    of advice.

    The NYT then says it can help to use a more obscure browser
    like Google Chrome.  Because it’s not as popular, it’s not as targeted.  That’s
    essentially security by obscurity and the theory is that since it is not used as
    often, it is not worthwhile being targeted by malicious actors.  There’s some
    truth to that, but psychologically if you think that nobody is going to target
    you and therefore you don’t need to take security precautions (cough, Mac users,
    cough), you could end up being even more vulnerable.  The reason is that having
    no coverage at all means that the most glaring security exploits go unchecked by
    you and eventually, you get hit simply due to the prolific nature of malware on
    the web.

  2. Get Adobe updates.  Adobe’s software has suffered in recent
    years with a perception for being insecure.  Given that Adobe Acrobat has as
    wide a footprint on users’ computers as Microsoft’s Windows, and that’s a large
    user base for malicious actors to target (Flash is also quite ubiquitous –
    except on iPhones and iPads – and it runs in browsers, see point

    Luckily, Adobe has adopted a security model similar to Microsoft’s in
    that they have a predictable patch schedule.  So long as you agree to install
    the updates when it is finished downloading (and you should), these auto-updates
    lower your risk.

  3. Be careful of malicious ads.  When you do search results on
    a search engine like Bing or Google, sometimes, the ads on the side are
    malicious.  For example, if you search for “antivirus software”, sometimes the
    paid search results look like anti-virus programs but are actually malicious
    software (malware) that actually do nothing for you except flip your computer
    into a botnet or steal personal information.

    It’s a little unfair to
    expect the end user to beware of malicious ads on search engines; a good portion
    of the user base doesn’t understand how to recognize them.  My own perspective
    is that Google and Microsoft should be aggressively hunting these things down
    and removing them as quickly as they can detect them.  The NYT does advise users
    to run Microsoft’s MSRT tool, so that’s a good thing.

  4. Beware poisoned search results.  This is similar to the
    above where a spammer or malware author will do black search engine optimization
    to get their pages to the top of a search list (such as exploiting the top
    search terms of the day).  Most browsers today have URL filters built into them
    that update frequently that are able to scan the link that the user browses to
    and indicates that the site is malicious.

    My perspective here is similar
    to the above.  Internet browser maintainers need to partner with URL reputation
    organizations to protect their end users.

  5. Be careful who your friends are.  While the NYT article
    says to beware all social media sites and calls out Twitter, they specifically
    allude to Facebook and advise you to only friend someone whom you know.  The
    reason is that some malicious actors will use Facebook to gain your trust and
    blindly add them to your friends list where they can either access your data, or
    get you to install applications that steal data from you.

    Facebook is an
    interesting case study because it does so much, but is also attracting the ire
    of legislators.  I don’t think that Facebook was prepared for its rapid growth
    in popularity and is dealing with the growing pains.

Comments (1)

  1. tzink says:

    With regards to Mac users, I'm having a little fun.  I remember all those Mac-vs-PC commercials where the Mac guy implies that PCs are prone to viruses and malware with the subtle suggestion that Macs are not.  Regardless of whether or not Macs are prone to these things, the viewer does come away with inference.