- Joined
- Sep 19, 2010
- Location
- Seattle
LAST UPDATE: 30MAR11
As a response to a lot of requests for good anti-virus software I have decided to create a thread outlining best practices for browsing the internet. These guidelines do not pertain to a specific browser as they are browser independent and can be utilized no matter which browser you wish to use.
GENERAL BROWSING
Here at Overclockers we emphasize safe browsing mainly by way of analyzing the URL. The URL (Universal Resource Locator) is entered into the rectangular box that is normally near the top of the web browser's window:
Pictured above is a standard URL. This URL uses the prefix "http". HTTP is a protocol that the World Wide Web uses to fetch web pages. HTTP is not a secure protocol. The packets of data that it transfers from the internet to your PC may be intercepted and analysed by anyone who is capable of doing so (not very hard these days). For this reason, HTTPS was created. HTTPS is the secure version of HTTP and mitigates the chance that someone may decode intercepted packets of data by encrypting them. How do you know if you are using HTTPS? Just look at the URL on your web browser:
Notice the "https" prefix of the URL. This means that the website you are accessing is utilizing the secure version of HTTP and, therefore, your browsing is at a much lesser risk of being eavesdropped upon.
The HTTP and HTTPS protocols are available by anyone around the world who wants to use them. That being said, what if someone with ill intentions sets up a website to trick you into providing sensitive information and slaps HTTPS on the page? Sure your browsing is encrypted, but if you securely give a stranger your sensitive information, you are still giving it away without knowing who you are giving it to. How do you know if the website is legit? Lets say you are logged into Newegg and you are about to make a purchase. How do you know that when you get redirected to the page where you are prompted to enter your credit card information you aren't clicking a 'ghost link' that brings to you a Newegg look-alike website with the agenda of obtaining your credit card information? That's where certificates come in.
A website's certificate is proof that the website you are accessing is indeed itself. A certificate is normally displayed as a box with the name of the company that owns the website within the URL box:
Clicking that box will open up another box that will give you more information about the company that owns the website, who the certificate was verified by, and so on.
UPDATE, UPDATE, UPDATE!
A good way to prevent attacks is to keep your PC and any software that uses the internet up to date. Updates are, quite simply, a fix to problems and vulnerabilities within your software. When your software was first installed out of the box it did not come with these fixes. Most good software companies release updates for software on a consistent basis (Microsoft, for example, releases updates every Tuesday) so that the software's users are continually backed by the most up-to-date protection against malicious activity throughout the internet. Those who neglect to update their software are typically the victims of web-based attacks.
Update your Web Browser: Most all web browsers nowadays will automatically update themselves. Some of them tell you that they are doing it beforehand, some of them don't tell you until afterward, and some of them might not tell you at all. As a user of the software, it is your responsibility to ensure that your updates are being installed as soon as they are available.
Update Plugins: A plugin is software that is used to run specific features on websites throughout the web. Some common examples of these are Java, Adobe, and Quicktime plugins. Web-based attacks can be in the form of scripts that these plugins run. These plugins typically prompt you that an update is available via a popup on your desktop. Don't just ignore the popup! If your plugins aren't up-to-date your computer may be at risk of contracting malware when visiting some of those less-than-trusted websites.
Update your Operating System: Your operating system is the most important piece of system software that you have installed on your computer. Ensuring that updates for your operating system are being installed as soon as they become available is an extremely proactive approach to preventing a web-based attack.
BEST PRACTICES
Some really good random suggestions for your everyday browsing:
That's all for now. If you have anything you feel you want to add please feel free to post and I will add it to the guide. Thanks for reading!
Brian
As a response to a lot of requests for good anti-virus software I have decided to create a thread outlining best practices for browsing the internet. These guidelines do not pertain to a specific browser as they are browser independent and can be utilized no matter which browser you wish to use.
GENERAL BROWSING
Here at Overclockers we emphasize safe browsing mainly by way of analyzing the URL. The URL (Universal Resource Locator) is entered into the rectangular box that is normally near the top of the web browser's window:
Pictured above is a standard URL. This URL uses the prefix "http". HTTP is a protocol that the World Wide Web uses to fetch web pages. HTTP is not a secure protocol. The packets of data that it transfers from the internet to your PC may be intercepted and analysed by anyone who is capable of doing so (not very hard these days). For this reason, HTTPS was created. HTTPS is the secure version of HTTP and mitigates the chance that someone may decode intercepted packets of data by encrypting them. How do you know if you are using HTTPS? Just look at the URL on your web browser:
Notice the "https" prefix of the URL. This means that the website you are accessing is utilizing the secure version of HTTP and, therefore, your browsing is at a much lesser risk of being eavesdropped upon.
The HTTP and HTTPS protocols are available by anyone around the world who wants to use them. That being said, what if someone with ill intentions sets up a website to trick you into providing sensitive information and slaps HTTPS on the page? Sure your browsing is encrypted, but if you securely give a stranger your sensitive information, you are still giving it away without knowing who you are giving it to. How do you know if the website is legit? Lets say you are logged into Newegg and you are about to make a purchase. How do you know that when you get redirected to the page where you are prompted to enter your credit card information you aren't clicking a 'ghost link' that brings to you a Newegg look-alike website with the agenda of obtaining your credit card information? That's where certificates come in.
A website's certificate is proof that the website you are accessing is indeed itself. A certificate is normally displayed as a box with the name of the company that owns the website within the URL box:
Clicking that box will open up another box that will give you more information about the company that owns the website, who the certificate was verified by, and so on.
UPDATE, UPDATE, UPDATE!
A good way to prevent attacks is to keep your PC and any software that uses the internet up to date. Updates are, quite simply, a fix to problems and vulnerabilities within your software. When your software was first installed out of the box it did not come with these fixes. Most good software companies release updates for software on a consistent basis (Microsoft, for example, releases updates every Tuesday) so that the software's users are continually backed by the most up-to-date protection against malicious activity throughout the internet. Those who neglect to update their software are typically the victims of web-based attacks.
Update your Web Browser: Most all web browsers nowadays will automatically update themselves. Some of them tell you that they are doing it beforehand, some of them don't tell you until afterward, and some of them might not tell you at all. As a user of the software, it is your responsibility to ensure that your updates are being installed as soon as they are available.
Update Plugins: A plugin is software that is used to run specific features on websites throughout the web. Some common examples of these are Java, Adobe, and Quicktime plugins. Web-based attacks can be in the form of scripts that these plugins run. These plugins typically prompt you that an update is available via a popup on your desktop. Don't just ignore the popup! If your plugins aren't up-to-date your computer may be at risk of contracting malware when visiting some of those less-than-trusted websites.
Update your Operating System: Your operating system is the most important piece of system software that you have installed on your computer. Ensuring that updates for your operating system are being installed as soon as they become available is an extremely proactive approach to preventing a web-based attack.
BEST PRACTICES
Some really good random suggestions for your everyday browsing:
- Don't download pirated software! Doing so opens up the door to your computer for embedded malware within the pirated software.
- Ensure that what you are clicking on is the real deal! Addresses with 1's in place of L's for example are designed so that the user does not notice the difference at a glance. Don't be that person who just glances and assumes everything will be alright.
- Be aware of how you are connecting to the internet. If using a public or wireless connection, understand that you are at an even greater risk of attack because of the public nature of the connection. Try to avoid accessing accounts within websites that contain your sensitive information on these networks.
- Avoid downloading "codecs" from websites that are not affiliated with the codec (for example, don't download a DirectX codec unless it's from the DirectX website!).
That's all for now. If you have anything you feel you want to add please feel free to post and I will add it to the guide. Thanks for reading!
Brian
Last edited: