Web Surfing Security
Web Surfing Security
Follow these rules to keep yourself safe when surfing the web:
- If you’re using one of the popular web browsers, click the following link to open a new window which will check the versions of your browser and browser plug-ins. If there are any out-of-date ones, follow the instructions to get the updates. Seriously consider setting Safele.com as your web browser’s Home Page so that you get informed on a daily basis of any problems with your computer. Reasoning: Out-of-date software (especially browser-related software) is a major transmission mechanism for viruses and trojans.
- Do not fall for the scam where a website displays an image which looks identical to a Windows Error Message Box that says that your computer is infected with a virus and that you need to download software from some obscure website to fix it. The Windows operating system will never legitimately give you such an Error Message Box, so such Windows Error Message Boxes are always fake. Tricking you into downloading and running their program is how the scammers actually load their virus onto your computer! Note that the above scenario is not the same the scenario that occurs with Safele.com, mentioned in point 1, which instead warns you about out-of-date software, and then links to well-known reputable websites like Microsoft.com, Oracle.com, Apple.com, etc.
- Do not run programs downloaded from websites that you don’t 100% trust.
- Do not install software downloaded from websites that you don’t 100% trust.
- Do not type any personal information into an insecure web page. Equivalently, only use bank, share trading, etc. websites that are secure. A secure web page will exhibit all of the following properties:
(By the way, https encryption is also called SSL or TLS. It means that on any secure web page, both the information you see on the page, and any information you type into the page and send to the company, will be encrypted. That means anyone using a computer that is between you and the company, e.g. someone at your ISP or the company’s ISP, wont be able to see the information passed between the two of you.)
- The link will start with “https:”, not the usual insecure “http:”.
- The browser will show a padlock near the URL at the top of the browser window or at the bottom of the browser window.
- Newer browsers will change the colour of the web address to Green if it’s super-trustable, Blue if it’s medium-trustable, no color if it’s a normal untrusted website, and Red if it’s a website using an out-of-date or fraudulent security certificate.
- The certificate’s “Certification Path” (sometimes called “Certificate Hierarchy”) will generally be very short and contain one Certificate Authority (e.g. “VeriSign” or another highly trusted Certificate Authority) at the 1st and 2nd level, then have the website you’re accessing at the 3rd level. If the Certification Path contains an unusual Certificate Authority anywhere in the chain, then the certificate may be forged (for example, by your ISP, employer, or government of the country you’re currently in).
- Avoid visiting websites in foreign countries, i.e. those with top-level domain names which are different from your own. e.g. If you live in Australia, the address of most local sites will end in “.au”. Now, assuming you are not Russian, you would probably never need to visit a site with an address ending in “.ru”, so if you ever see such a web address in an email or search page or instant messenger session, then you should seriously think twice before clicking on the link.
- Be extremely careful about what personal information you put onto social networking websites. If you put too much information, it may come back to haunt you, for example as identity theft, spam email, or harassment, etc.
- Do not publish your email address on any website using plain text. If you really need to do it, then put the email address in an image. Reasoning: Robots (i.e. nasty computer programs written by criminals) scour the Internet looking for email addresses, and text email addresses are easy targets. Images on the other hand are much more difficult for robots to read.
- Be very careful when buying products online. If using eBay or a similar auction site, make sure you use a legitimate escrow service (like PayPal) to transfer your money to the seller. Avoid transferring the money directly to the seller’s bank account, or to a fake or disreputable escrow service, as your goods may well never arrive!
- Regularly update your web browser software and plugins (if it’s not being done automatically).
- Configure your web browser so that it doesn’t save encrypted pages to disk. (In Internet Explorer, this option is in the Internet Options, Advanced tab, under the Security heading.)
- Configure your web browser so that it doesn’t remember usernames, passwords, or form data.
- Seriously consider using a browser other than Internet Explorer. e.g. Firefox, Opera, Safari, Chrome, etc. Reasoning: Internet Explorer is the most used browser in the world, so criminals spend most of their time trying to find bugs in it that they can exploit. They spend less time hacking other browsers.
- Consider disabling, or at least regularly cleaning-up, your Local Shared Objects (also known as “Flash Cookies”). See the Adobe Local Shared Objects web page.
- Be extremely careful when using a Wi-Fi laptop at a wireless hotspot such as a café. If your firewall, anti-virus, and security setup is not 100% bullet-proof then you’ll be open to man-in-the-middle attacks at most wireless hotspots worldwide. It is not advisable to perform internet banking, share trading, or any other money-related activity at such a location.
- Disconnect your external webcam, or cover your internal webcam with tape, whenever you’re not using it. Some trojans turn on your webcam and microphone without your knowledge!
- Disconnect your internet connection when you’re not using it. It’s harder for someone to steal your information if your computer is only connected to the internet while you’re using it.
- If using a public computer, for example in a library, shopping center, or any other environment where the computer you’re using is not yours, think twice about accessing your banking, email, or social networking site. The computer may have a virus, trojan, or even a software or hardware keylogger. Do you trust the company that manages the public computer? Are they putting in the effort to keep it free of malware? Is it setup to prevent physical tampering by other customers?
- If you find a USB drive, CD, or DVD, on the street, in a hotel, or in an internet bar, stop and think twice about sticking it into your computer! Most computers running Microsoft Windows are configured by default to automatically run a program stored on the media when you stick it into your computer. This functionality is called AutoRun or AutoPlay. Due to the inexpensiveness of such media nowadays, this is becoming a more common way for hackers and secret service organizations to load a trojan onto your computer without you even knowing! There have been many real cases of this reported in the media. Consider disabling the AutoRun/AutoPlay functionality by following the instructions on the Microsoft website.
- When creating a “Contact Us” page for your own website, make sure the page includes a CAPTCHA 驗証碼 which stops robots spamming you. (A “CAPTCHA 驗証碼” is a challenge-response problem which is difficult for a computer to solve, thus stopping spam robots using your contact page to spam you.)
|Copyright © 2009 Andrew White||Created: 12 Aug 2009|
|Page authored by Andrew White||Updated: 22 May 2018|
safe web surfing, safe web browsing, safe web surfing tips, computer security tips, web surfing security, home computer security, cyber security tips, internet security, web security, insecure web page, identity theft, https, http, padlock, SSL, TLS