How to stay safe online: Find Things
MOST sources list Wikipedia within the top 10 most important/popular websites on the net. With more than 29 million pages of information it's not hard to see why.
Wikipedia was founded on the principles of freedom of information, and its popularity highlights how important being able to go online to access information, to learn and even to ask has become.
Here we'll look at how to do that safely.
One of the main dangers of browsing the web is inadvertently stumbling across a dodgy site that downloads a virus or malware onto your computer and if it doesn't crash our computer, starts stealing our information instead.
Or worse, we don't stumble across a dodgy site at all, but still end up exposed to malicious software. How did that happen?
There are, according to Cisco, two or three strong possibilities. In 2013, their annual security report said the "vast majority of web malware encounters actually occur via legitimate browsing of mainstream websites."
In their 2015 report they highlighted the growing issue of malware being delivered through browser add-ons, saying, "users inherently trust add-ons or simply view them as benign."
Add-ons and browser extensions are now the top source [pdf] of malware infections, with Facebook scam links the third biggest; Trojans account for the majority of other malware infections.
The use of malicious scripts - using Flash, Java and Microsoft Silverlight plug-ins on webpages - has declined significantly, but now the platforms themselves are less popular their users run the risk of having an older version that's vulnerable to attack.
The methods differ, but the end result is often the same - the exploitation of advertisements and otherwise innocent links to infect our devices with malware, including banner ads on otherwise safe websites.
So if malware is lurking behind banners at ToysRUs.com or in the grocery aisles of Tesco.com, how can we avoid it?
Unfortunately, it's pretty difficult to avoid it completely, but we can stay protected. Keeping our operating system and programs up to date and, you guessed it, installing and updating anti-virus software will go a long way to guarding users against such threats.
According to an article published by ZDNet in 2011 the chance of a user who's kept their system fully updated being infected by a "drive-by download", from browsing an infected website or one hosting infected content, is slim.
The writer, Ed Bott, says in the article:
"...Attacks are typically successful only with PC owners who haven't installed the latest security updates. Most such exploits, in fact, target vulnerabilities that were patched years earlier."
Both the leading anti-virus provider Kaspersky and Cisco agree with this assertion, saying year after year that the majority of successful malware attacks are on companies and individuals who don't keep their software up to date.
So where does the vulnerability to malicious software come from?
The answer seems to be social engineering - tricking people into downloading the software themselves. Anti-virus providers AVG Technologies say that "users are four times more likely to come into contact with social engineering tactics as opposed to a site serving up an exploit."
Social engineering is similar to phishing in that it attempts to dupe users into downloading the malware themselves, for example by loading pop-up windows telling them they need to update their software, or when malware is hidden within other software downloads.
There are two things to take from this:
Firstly, while we may come across websites hosting malware either intentionally or unintentionally through third-party content, as long as we keep our systems up to date with the latest security patches, it shouldn't be able to install itself on our devices.
Secondly, it's more likely that we're at risk from malicious software by being scammed into downloading and installing it ourselves.
In the same breath then, we can take some of the things we've learned about how to stay safe when sending and receiving emails and apply them here too.
What help is available
Keep your operating system updated
Operating systems, once installed, often still need a lot of work doing to them, which is why updates or "patches" are rolled out on a regular basis to help ensure our systems stay up to date and protected against online threats.
Both Microsoft Windows and Apple Mac OSX generally come with updates set to download, or certainly notify us, automatically. However, we can run these programs manually at any time too.
If we're using an old computer, or we haven't connected to the Internet in a while or ever, the computer won't have been able to download any of the released patches or security updates.
Don't worry though: when we connect, the computer will check with Microsoft - or Apple - for all the necessary or missing updates, let us know about them, and subject to a few "yes" or "ok" button clicks, download and install them all.
Having up-to-date and patched software is so important to online security that the first time we connect to the Internet, it's worth having "manual update check" right at the top of any to-do list.
As well as checking for operating system updates, remember to check for patches to any other programs we use. Updates are often available for programs such as Adobe Flash (essential, as it's a favourite target), web browsers, Microsoft Office, and of course any security software like Norton.
It will take a while the first time - there are likely to be a lot of updates to install - but once the initial round of updates is done, it should only take a few minutes at most in the future.
Generally speaking, whilst running the built-in update programs will check for updates on most installed software, it's always worth running these separately within anti-virus programs.
Actually, there's one thing worth doing even before going to Microsoft or Apple and starting the update process. We've mentioned it a lot already - so anyone who hasn't yet found and installed a good antivirus program, do it pronto!
While not available for Mac OSX, Windows users with Norton 360 or Norton Internet Security can take advantage of Norton's free software, Safe Search.
Norton Safe Search is a small program that simply evaluates websites and grades them with a "safe" or "unsafe" icon when they come up in search results from Google, Yahoo! or Bing.
It's a really useful and easy way to add confidence to using search engines and knowing that the sites we visit are safe.
People who don't have either of the programs mentioned above can use the online version of Safe Search, powered by Ask.com, and available here.
AVG also offer a similar tool for Windows users, which adds a toolbar search to Google Chrome, Firefox and Internet Explorer.
AVG Secure Search warns if we attempt to visit a dangerous site, preventing the page from opening. We'll be protected if we enter the web address into our browser, navigate to a website via a search engine or social media site, or whenever a program opens our web browser.
There's more on AVG's site here.
Block pop-up windows
Most web browsers offer their users the ability to block pop-up windows from appearing.
It's a good idea to become comfortable with turning such a feature on and off when we need to, as it can limit the functionality of some websites. But switching them off protects us from the generally annoying pop-ups as well as the potentially harmful ones.
Block advertising banners
It's also possible to block the display of banner ads in most web browsers too.
Again, while this can cause some loss of functionality, often all we lose are those annoying flashing or rotating images most of us would rather do without. And with a good proportion of all malware coming from these things, blocking them seems like a good idea to us.
To do this though, we often need to install a third party provided add-on.
Be careful here.
The web browser companies don't officially provide these add-ons themselves, and as mentioned above, because they're often highly rated by users and regarded as safe to use, browser add-ons can be another way for malware creators to get inside your machine.
So make sure our anti-virus and safe search tools are enabled, then check the reviews before downloading additional software.
Firefox offers an add-on called Adblock Plus that allows us to block the display of advertising banners as well as known malware domains. Out of 4,964 user reviews, 4,241 users have rated it 5/5.
The add-on is available for Mac OSX and Windows Firefox users: addons.mozilla.org.
Here's a short video from AdBlock Plus on how their add-on works as well as how to install it.
There is a similar third party add-on available for Internet Explorer too: simple-adblock.com, which has been given a "clean" rating by Softpedia - so it contains no spyware, adware or viruses.
People who use more than one browser for different tasks should remember that settings don't carry over from one to another.
Family protection software
We've a full guide to how parents can help keep their children safe online, including the free software provided by security companies, ISPs and built-in to most operating systems.
But parental control, or family protection, software can be utilised by anyone wanting to keep their experience of the Internet enjoyable and trouble free.
Family protection software can block content from websites we simply don't want to visit. Some of the categories this software can prevent us from stumbling across include:
- Explicit Adult content
- Suicide and Self-Harm
- File Sharing Sites
Websites within some of these categories are often more likely to harbour malicious software such as adware and spyware too.
See our guide to family protection software for more on the various options to block unwanted content.
What you need to do
Stay within trusted neighbourhoods
It's always a good idea to stay within trusted neighbourhoods.
That generally means not clicking through advertising banners to go from place to place on the web, or following further links from an online casino or other potentially unscrupulous website if we happen to come across one.
This is because browsing the web through advertising often means quickly moving down a line of reputability; the advertising standards of each site will be a little lower than the one that lead us there.
A good rule of thumb is to avoid banner ads completely. Another is to avoid or be particularly careful when coming across sites within these categories:
- Online bingo, poker or gaming
- Dating, or adult orientated sites
- Pharmaceutical or health claim websites
Like being in the ordinary world, if we're just not sure about a site it's ok to leave, and just go back to the beginning or a site we trust.
Be aware of sites with certain tlds
A Top Level Domain or TLD (pronounced "tild") is the name given to the letters after the last full stop in a web address, for example .com, .co.uk, .net.
In the past couple of years, the .ru TLD has become almost synonymous with spam websites - far outstripping the number of .com spam websites in existence.
It's far from true that navigating to a foreign website is likely to put us in danger. But unless we're applying for a tourist Visa, or booking a remote hotel off the beaten track, it's unlikely we'll come across foreign websites day to day.
When these sites pop up unexpectedly, it's just wise to proceed with caution. Some of the TLDs known to be used for URL spam include:
- .ru (Russia)
- .cn (China)
- .pw (Palau)
- .in (India)
- .br (Brazil)
- .ua (Ukraine)
Since 2013, ICANN (the Internet Corporation for Assigned Names and Numbers, the organisation responsible for internet address allocations) have been releasing generic top level domains, using recognisable words.
Some of these have become magnets for cybercriminals and spammers: in March 2017, Spamhaus's list of the 10 least reputable gTLDs looked like this:
These TLDs have the advantage to spammers and scammers that they're not immediately associated with any particular geographic location - although the use of a country-specific TLD has never been a guarantee of the location of a site's origin.
Why is their country of origin important?
Kaspersky's 2016 spam and phishing summary revealed that the majority of malware encounters that year were from domains hosted in the United States (12.1%), followed by Vietnam (10.3%), India (10.2%) and China (4.7%), with Mexico and Brazil ranking above Russia as sources of spam.
While this information is certainly interesting, how can we make use of it?
As we looked at in the first part of this guide, it's possible to find out where in the world an email was sent from by looking up the originating IP address.
We can do exactly the same thing with websites too. To find out the IP address of a website, enter the web address into a tool such as this.
Knowing which countries are high on the world's spam list at the time can help us gauge the risk when we're evaluating the safety of any given email or site.
Continue to next section to find out how to stay safe when sharing personal information either through shopping online or using social media sites.