(Credit:
CNET Networks)
Editor's Note: This article was updated on 5/8/09 from a previous version published on 3/3/08, and the original, published on 12/15/06.
No matter how you arrive at an unsafe Web site, it's all downhill from there. Phishers will attempt to coerce you into disclosing your address, credit card number, or social security number. Or maybe adware engines will start sprouting pop-ups over your screen like a field of clover. Worse, your computer may become part of a botnet, its processing power used to send spam and infections to others, possibly even in your name. Here are nine telltale signs you're swimming in dangerous waters, with tips to help keep you firmly in the safety zone.
Before we dive in, take note of two tools to help warn you of dangerous sites. McAfee SiteAdvisor for Internet Explorer and Firefox and AVG LinkScanner assess the hazards of sites you visit, and are available for Firefox or Internet Explorer. Online Armor is one firewall that scans sites in real time based on traceable patterns of malicious software behavior. Also check out our Security Starter Kit for an excellent set of tools that defend against potential threats.
Sign 1: Pop-up city
You click a search result and are suddenly bombarded with no fewer than 10 porn pop-ups. Back out immediately by right-clicking the pop-up in your task bar and selecting 'close' or by killing the EXE in your Task Manager. It might also help to press Alt-F4 to close your browser. Then run a malicious software scanner and remover to assess and fix the damage--Malwarebytes Anti-Malware is a good start.
It's a mouthful, but EULAlyzer's ease of use makes up for its awkward pronunciation.
(Credit: CNET Networks)Sign 2: Where's the EULA?
Rogue antivirus apps often scare you into parting with your credit card number by informing you it's found bogus spyware on your machine (it!) If you're about to sign up for or purchase a service and aren't prompted to accept an end-user license agreement, nor are you offered a privacy policy to view. Shady site proprietors often disclose their intentions in the privacy policy or EULA, so you should always read carefully! The free tool EULAlyzer (from the makers of SpywareBlaster) is a great help because it analyzes license agreements and notes any unusual or possibly dangerous language. An upgrade to the professional version is available for about $20.
Sign 3: Excessive firewall alerts
Your firewall repeatedly alerts you to file extensions you don't recognize and other suspicious anomalies. Once you've set your firewall to allow your most common programs, any alert should be taken seriously, and a number of warnings should be a red light something is amiss. If you're not running a firewall, get one right now.
Sign 4: E-mail and instant message links phish for information
You follow a link embedded in an e-mail and arrive at a site that asks you to provide security information for an "important update." Misleading links are increasingly sent through instant messages under the guise of a contact's friendly tip. This variety is especially easy to fall for. If the page is asking for data or looks like a different destination than the link implied, pull yourself out of autopilot and start taking screenshots. Contact the company for verification before taking any action, and check the Federal Trade Commission's alert board.
Sign 5: The site's URL and e-mail don't match
Any case in which a site's URL doesn't match the contact's e-mail address should raise an alarm. Most legitimate companies provide their employees with a corporate e-mail account. This doesn't mean, however, that you can automatically trust sites where the two align. Illegitimate companies can purchase domain names as easily as legitimate companies.
Phishing link sent through Yahoo IM.
(Credit: CNET Networks)Sign 6: Are you secured?
If a site prompts you to enter personal information, such as a username, password, or credit card number, check the browser window. Unless the site is secure--that is, unless the address starts with https:// and a closed padlock appears at the bottom of the window--your information is ripe for theft.
Sign 7: Check teh speling
Developers and engineers may have a bad reputation when it comes to grammar, and that's why most companies hire wordsmiths. Be wary of a site chock-full of grammatical and spelling errors. That includes the Web address--there's a world of difference between www.yahoo.com and www.yhoo.com.
Sign 8: Nested links
Does the site forward you to a completely unrelated site when you land on it? If nested links progressively take you to other sites, the host may be trying to pull a fast one.
Sign 9: Ridiculously large sums
If a free gift offer seems too good to be true, it probably is. You don't get a $500 gift certificate for doing nothing. Most often you'll have to provide personal information, download something compromising, engage your friends in a pyramid scheme, or all of the above. And how about those well-known scams that offer to pay out, but only after you wire someone a chunk full of a change? In this case, the surest preventative measure is your delete button.
Editor's Note: Article updated on May 8, 2009. Original article published September 8, 2006.
Every family has at least one member whose risky computer behavior is asking for trouble. You know whom we mean: the kid brother who can't resist those dodgy downloads; the spouse who clicks on suspicious pop-up ads and updates without a second glance; or the cousin who returns a borrowed laptop riddled with malicious software. You have two options: become a paranoid misanthrope with motion-sensor alarms rigged to your PC, or take a few minutes to establish these four security precautions. They're not foolproof against the most persistent of malicious software magnets, but these basic tips should give novices some ideas.
Step 1: Create multiple user accounts
A no-brainer, perhaps, but creating multiple user accounts is one of the surest ways of restricting a guest's risky activities without breathing down their neck while you supervise each mouse click. Families can generate an account for each member, an especially proactive move if there have been problems in the past. Enact it thus and you, the uber-administrator, can limit others' capabilities to install programs and make systemwide changes, a move that could prevent your errant relations from executing tainted programs. To sweeten the deal, each account-holder's capability to customize their own desktop could help mow down weedy sibling rivalry. Consider adding a password-protected log-in to help maintain privacy.
User accounts make it easy to restrict guest privileges.
Make sure the "password at login" feature is enabled, so everyone who accesses the computer will be required to provide their username and password. The nuisance of compelling returning users to log in after each idle period is easily outweighed by the security benefits of maintaining multiple accounts. Besides, you can always adjust your idle-time settings to minimize the frequency of logging in anew. Here's another tip--setting up an unpassword-protected guest account on a laptop means your friends can borrow it to easily get online or use core Office functions, while the password protection on your account acts as a deterrent.
... Read more
Quiz time: What do CustomizeGoogle, GooglePreview, and McAfee SiteAdvisor have in common?
Answer: The ability to improve on Google search in the Firefox browser. For example, does this scenario sound familiar: You accidentally click on a sponsored link and have to return to the main results page to try again?
How about this one: You wasted 10 minutes clicking through search results because you can't remember the link by name, but think you can identify it by sight (so you check them all)? Or worst yet: You stumble on a dangerous link and get bogged down with malware that takes hours or days to fix. Terrible!
Yep, that trio of plug-ins we mentioned helps you avoid the common pitfalls that add up to a lot of wasted time. The best part about the extensions--other than their being free--is that they're compatible with each other, so you won't see any crashes if you choose to install all three. Watch this Insider Secrets video to see how they work.
(Credit:
CNET Networks)
If you're the type to favor user opinions over editorials, the Firefox plug-in WOT may be the site-rating service for you.
Unlike Grisoft LinkScanner (Pro and Lite), McAfee Site Advisor (for Internet Explorer and Firefox), or the NetCraft Toolbar (for Firefox and Internet Explorer), this extension, published by Web of Trust (WOT), relies on user-generated ratings seconded by Web-gathered statistics to determine key factors of site safety. Trustworthiness, vendor reliability, privacy, and child safety are the four vectors of participant voting. A lengthened color gradient from green (safe) to red (unsafe) offers five shades of ratings levels instead of the customary three.
(Credit:
CNET Networks)
Like the other site-rating tools, WOT surfaces ratings on the browser and from within Google and Yahoo search results. There's also drop-down menu for rating sites from the search results page.
Extra context comes by way of a reputation scorecard that averages total users' ratings, a link to Alexa statistics, user comments, and spam, fraud, malicious software, and customer service complaints. According to WOT's Web site, it also garners some ratings from phishing and scam databases.
The extra user information is useful, particularly if you're a more adventurous Web surfer, and it could indeed help guard users against zero-day security breaches for users who can attribute a compromised site to a malicious software attack in time. I'd recommend the extension as a companion to one of the algorithmic solutions above, but not necessarily as a replacement.
(Credit:
CNET Networks)
As a computer tech, Jack's used to helping families evict unwanted malware.
What he's not used to is having to perform the same service three times in as many months for the same family. Is malware overpowering their defenses, or is the family relying too heavily on professional services as their safety net for chancy online behavior? Find out in this week's Spyware Horror Story.
(Credit:
CNET Networks)
William is philosophizing to his toothbrush one minute and contemplating practicing shot put with his computer the next. What burst his bubble?
William blames a virus, and in his tussle with the malignant malware, he learns a few lessons about the risks of sharing a computer with family and friends. But was it actually a virus that got him, and are the lessons he learned the right ones?
After the frustrations of dealing with damaged data, it's easy to generalize about past and future behavior. Set the record straight in a thrilling malware true-and-false in this week's Spyware Horror Story, Gone in 30 minutes.
(Credit:
CNET Networks)
Ten percent of the 4.5 million URLs Google researchers analyzed for a malware exposé harbored malicious code. The code executes through widgets, ads, compromised downloads, server vulnerabilities, browser holes, phishing lures, and links, making infection possible for even ordinarily safe users.
CNET.com's Robert Vamosi has the full story, and CNET Download.com has programs to add muscle to your antivirus armor. Netcraft Toolbar (for Internet Explorer and Firefox), is an antiphishing browser extension that sniffs out suspicious hosting locations common in spoofed sites. ... Read more
- prev
- 1
- next
