How to stay safe online: Find Things
MOST sources list Wikipedia within the top 10 most important/popular websites on the net. With over 29 million pages of information it's not hard to see why.
Wikipedia was founded on the principles of freedom of information, and its popularity highlights how important being able to go online to access information, to learn and even to ask has become.
Here we'll look at how to do that safely.
One of the main dangers of browsing the web is inadvertently stumbling across a dodgy site that downloads a virus or malware onto your computer and if it doesn't crash your computer, starts stealing your information instead.
Or worse, you don't stumble across a dodgy site at all, but still end up exposed to malicious software. How did that happen?
There are, according to Cisco, two or three strong possibilities. In 2013, their annual security report said the "vast majority of web malware encounters actually occur via legitimate browsing of mainstream websites."
Two years later, this is still largely the case - and the 2015 report highlights early on that a large amount of malware is now being delivered through browser add-ons:
"Users inherently trust add-ons or simply view them as benign."
Meanwhile malicious scripts - using Flash, Java and Microsoft Silverlight plug-ins on webpages - make up around 25% of malware attacks in the US and Asia, and around 15% in Europe and the Middle East.
That means, that as in the past, advertisements are a prime source of malware delivery to computers - including banner ads on otherwise safe websites.
So if malware is lurking behind banners at ToysRUs.com or in the grocery aisles of Tesco.com, how can you avoid it?
Unfortunately, it's pretty difficult to avoid it completely, but you can stay protected. Keeping your operating system and programs up to date and, you guessed it, installing and updating anti-virus software will go a long way to guarding you against such threats.
According to an article published by ZDNet in 2011 the chance of a user who's kept their system fully updated being infected by a "drive-by download", from browsing an infected website or one hosting infected content, is slim.
The writer, Ed Bott, says in the article:
"On Windows machines, some malware comes from drive-by downloads. You visit a website, you get infected by a piece of script that triggers a buffer overflow that allows the malware to stealthily install.
"If you keep your system fully patched, you are almost certainly not that victim. Those types of attacks are typically successful only with PC owners who haven't installed the latest security updates. Most such exploits, in fact, target vulnerabilities that were patched years earlier."
Bott goes on to reference research by leading anti-virus provider Kaspersky, who in a 2009 report concluded that "With very few exceptions, the exploits in circulation target software vulnerabilities that are known - and for which patches are available."
Cisco say much the same in their reports, saying the majority of successful malware attacks are on companies and individuals who don't keep their software up to date.
So where does the vulnerability to malicious software come from?
According to Bott, it's social engineering - tricking people into downloading the software themselves. Bott quotes anti-virus providers AVG Technologies, saying "users are four times more likely to come into contact with social engineering tactics as opposed to a site serving up an exploit."
Social engineering is similar to phishing in that it attempts to dupe users into downloading the malware themselves, for example by loading pop-up windows telling them they need to update their software, or when malware is hidden within other software downloads.
There are two things to take from this:
Firstly, while you may come across websites hosting malware either intentionally or unintentionally through third-party content, as long as you keep your system up to date with the latest security patches, it shouldn't be able to install itself on your computer.
Secondly, it's more likely that you're at risk from malicious software by being scammed into downloading and installing it yourself.
In the same breath then, we can take some of the things we've learned about how to stay safe when sending and receiving emails and apply them here too.
What help is available
Keep your operating system updated
Operating systems, once installed, often still need a lot of work doing to them, which is why updates or 'patches' are rolled out on a regular basis to help ensure your system stays up to date and protected against online threats.
Both Microsoft Windows and Apple Mac OSX generally come with updates set to download, or certainly notify you, automatically. However, you can run these programs manually at any time too.
If you're using an old computer, or you've not connected to the Internet in a while or ever, your computer won't have been able to download any of the released patches or security updates.
Don't worry though: when you connect, your computer will check with Microsoft - or Apple - for all the necessary or missing updates, let you know about them and then subject to a few "yes" or "ok" button clicks, download and install them all for you.
Having up-to-date and patched software is so important to online security that the first time you connect to the Internet, it's worth having "manual update check" right at the top of your to-do list.
As well as checking for operating system updates, remember to check for patches to any other programs you use. Updates are often available for programs such as Adobe Flash, web browsers, Microsoft Office, and of course any security software like Norton.
It will take a while the first time - there are likely to be a lot of updates to install - but once the initial round of updates is done, it should only take a few minutes at most in the future.
Generally speaking, whilst running the built-in update programs will check for updates on most installed software, it's always worth running these separately within anti-virus programs.
Actually, there's one thing worth doing even before going to Microsoft or Apple and starting the update process. We've mentioned it a lot already - so if you've not yet found and installed a good antivirus program, do it pronto!
While not available for Mac OSX, Windows users with Norton 360 or Norton Internet Security can take advantage of Norton's free software, Safe Search.
Norton Safe Search is a small program that simply evaluates websites and grades them with a 'safe' or 'unsafe' icon when they come up in search results from Google, Yahoo! or Bing.
It's a really useful and easy way to add confidence to using search engines and knowing that the site you pick to visit is safe.
People who don't have either of the programs mentioned above can use the online version of Safe Search, powered by Ask.com, and available here.
AVG also offer a similar tool for Windows users, which adds a toolbar search to Google Chrome, Firefox and Internet Explorer.
AVG Secure Search warns if you attempt to visit a dangerous site, preventing the page from opening. You'll be protected if you enter the web address into your browser, navigate to a website via a search engine or social media site, or whenever a program opens your web browser.
You can find out more on AVG's site here.
Block pop-up windows
Most web browsers offer their users the ability to block pop-up windows from appearing.
You may want to become comfortable with turning such a feature on and off when you need to, as it can limit the functionality of some websites. But it will protect you from the generally annoying pop-ups as well as the potentially harmful ones.
Block advertising banners
It's also possible to block the display of banner ads in most web browsers too.
Again, while this can cause some loss of functionality, often all you lose are those annoying flashing or rotating images most of us would rather do without. And with a good proportion of all malware coming from these things, blocking them seems like a good idea to us.
To do this though, you will often need to install a third party provided add-on.
Be careful here.
The web browser companies don't officially provide these add-ons themselves, and as mentioned above, because they're often highly rated by users and regarded as safe to use, browser add-ons can be another way for malware creators to get inside your machine.
So make sure your anti-virus and other safe search tools are enabled first, then check the reviews before downloading additional software.
Firefox offers an add-on that allows you to block the display of advertising banners as well as known malware domains. Out of 4846 user reviews, 3992 users have rated it 5 stars out of 5.
The add-on is available for Mac OSX and Windows Firefox users: addons.mozilla.org.
Here's a short video from AdBlock Plus on how their add-on works as well as how to install it.
There is a similar third party add-on available for Internet Explorer too: simple-adblock.com, which has been given a "clean" rating by Softpedia - so it contains no spyware, adware or viruses.
Remember that if you block advertising or pop-up windows in one browser, try to stick to using that same browser; the settings won't carry over from one to another.
Family protection software
We've a full guide to how parents can help keep their children safe online, including the free software provided by security companies, ISPs and built-in to most operating systems.
But parental control, or family protection, software can be utilised by anyone wanting to keep their experience of the Internet enjoyable and trouble free.
Family protection software can block content from websites you simply don't want to visit. Some of the categories this software can prevent you from stumbling across include:
- Explicit Adult content
- Suicide and Self-Harm
- File Sharing Sites
Websites within some of these categories are often more likely to harbour malicious software such as adware and spyware too.
See our guide here to family protection software for more on the various options to block unwanted content.
What you need to do
Stay within trusted neighbourhoods
It's always a good idea to stay within trusted neighbourhoods.
That generally means not clicking through advertising banners to go from place to place on the web, or following further links from an online casino or other potentially unscrupulous website if you happen to come across one.
This is because browsing the web through advertising often means quickly moving down a line of reputability; the advertising standards of each site will be a little lower than the one that lead you there.
A good rule of thumb is to avoid banner ads completely. Another is to avoid or be particularly careful when coming across sites within these categories:
- Online bingo, poker or gaming
- Dating, or adult orientated sites
- Pharmaceutical or health claim websites
Like being in the ordinary world, if you're just not sure about the site you're on it's ok to leave, and just go back to the beginning or a site you trust.
Be aware of country specific tlds
A TLD (pronounced 'tild') is the name given to the letters after the last full stop in a web address, for example .com, .co.uk, .net.
At the time of this update, the .ru TLD has become almost synonymous with spam websites - far outstripping the number of .com spam websites in existence.
It's been a long time coming: in May 2012 Symantec released statistics that showed 58.89% of spam websites had used the .com TLD in the previous year, and while the .ru TLD was the most common after that, it accounted for less than 10% of URL spam.
In January 2009 [pdf], a similar report from Symantec, listed .cn (China) as having been used in 32.19% of URL spam that month, second to .com again at 57.64%.
Previously, .cc (Cocos Keeling Islands) became synonymous with spam when the registration company offered free domains and bulk discounts for buying in excess of 15,000 domains.
Following on from that, spammers used the .cc TLD to trick people into downloading a fake anti-virus program.
The .cc spam problem became so widespread that in July 2011 Google dropped more than 11 million .cc domain names from its search index. In November 2012 the registration company closed the .cc name servers.
It's far from true that navigating to a foreign website is likely to put you in danger. But unless you're applying for a tourist Visa, or booking a remote hotel off the beaten track, it's unlikely you'll come across foreign websites day to day.
When these sites pop up unexpectedly, it's just wise to garner some caution. Some of the TLDs known to be used for URL spam include:
- .ru (Russia)
- .cn (China)
- .pw (Palau)
- .in (India)
- .br (Brazil)
- .ua (Ukraine)
Although in balance, it's also worth being a little wary of urls with these TLDs as well:
Note the inclusion of .uk in that list. The use of a TLD doesn't necessarily correspond completely to the originating country of the spam website, and .com TLDs can be registered from all over the world.
The Kaspersky SecureList bulletin covering spam patterns during 2014 showed that despite the rise of the .ru TLD, the majority of spam is coming from the US - in fact almost 17% of unwanted mail came from America.
In comparison, Russia and China each produced about 6% of the spam received.
In 2013, China had been the source of the majority of spam emails, accounting for a massive 23% of the stuff. Prior to that Cisco say the majority of 2012's spam emails were coming out of India, accounting for 12.3%.
Kaspersky's more general 2014 summary revealed that the majority of malware encounters that year were from domains hosted in the United States (27.5%), followed by Germany (16.6%) the Netherlands, Russia, Ukraine and the UK.
In 2013, Cisco say the US was again the main source of malware attacks, followed by Russia, Denmark, Sweden and Germany.
Symantec's January 2010 [pdf] report revealed again similar findings, listing the United States, Brazil, India, the Netherlands and Vietnam as the worst offenders that month.
While this information is certainly interesting, how can you make use of it?
As we looked at in the first part of this guide, it's possible to find out where in the world an email was sent from by looking up the originating IP address.
We can do exactly the same thing with websites too. To find out the IP address of a website, you can enter the web address into a tool such as this.
Knowing which countries are high on the world's spam list at the time can help us gauge the risk when we're evaluating the safety of any given email or site.
Continue to next section to find out how to stay safe when sharing personal information either through shopping online or using social media sites.