Welcome to Scribd. Sign in or start your free trial to enjoy unlimited e-books, audiobooks & documents.Find out more
Download
Standard view
Full view
of .
Look up keyword
Like this
0Activity
0 of .
Results for:
No results containing your search query
P. 1
Untitled

Untitled

Ratings: (0)|Views: 1|Likes:
Published by bellbottoms20018139

More info:

Published by: bellbottoms20018139 on May 03, 2011
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as TXT, PDF, TXT or read online from Scribd
See more
See less

05/03/2011

pdf

text

original

 
Security Secrets the Bad Guys Don't Want You to KnowYou already know the basics of internet security, right?You know to keep your antivirus program and patches up to date, to be careful where you go on the Internet, and to exercise online street-smarts to resist beingtricked into visiting a phishing site or downloading a Trojan horse.But when you've got the basics covered, but you still don't feel secure, what can you do? Here are a few advanced security tips to help you thwart some of today's most common attacks.Remember, however, that security is all about trade-offs. With most of these tips, what you gain in security, you lose in convenience. But hey, it's your computer. Be as paranoid as you want to be.Avoid ScriptingThis may be the one piece of advice that will do most to keep you the safe on the Web: Steer clear of JavaScript, especially on sites you don't trust.JavaScript is very popular, and for good reason. It works in almost all browsers, and it makes the Web a lot more dynamic. But it also enables bad guys to trickyour browser more easily into doing something that it shouldn't. The deceptioncould be something as simple as telling the browser to load an element from another Web page. Or it could involve something more complicated, like a cross-sitescripting attack, which gives the attacker a way to impersonate the victim on alegitimate Web page.JavaScipt attacks are everywhere. If you use Facebook, you may have seen one ofthe latest. Lately, scammers have set up illegitimate Facebook pages offering things like a free $500 gift card if you cut and paste some code into your browser's address bar.That code is JavaScript--and you should never add it to your browser. "Scammersuse this technique to open up unwanted surveys, fill your social networking profiles with spam or even to send you to phishing pages," says Chris Boyd, a security researcher with Sunbelt Software.But miscreants can add JavaScript to hacked or malicious Web pages, too. To avoid attacks there, you can use a free Firefox plugin called NoScript that lets youcontrol which Websites can and cannot run JavaScript in the browser. NoScript goes a long way toward preventing rogue antivirus programs or online attacks frompopping up when you visit a new Website.By blocking scripting everywhere and then using NoScript to build a whitelist oftrusted sites, you can derail most of the so-called Web drive-by attacks that currently plague the Internet.NoScript also comes with a cross-site scripting blocker. Cross-site scripting has been around for a while, but these days bad guys are using it more frequentlythan ever to seize control of online accounts on sites such as Facebook and YouTube.If you don't use Firefox, you still have some options for cracking down on scripting. Like Foxfire users, Google Chrome users can disable JavaScript universallyand then build a whitelist of sites where it's permitted.Unfortunately, neither Internet Explorer nor Safari has a NoScript equivalent, but IE users can adjust their Internet Zones security settings to require promptsbefore scripting. And IE 8 includes new cross-site scripting protection to wardoff some attacks.Disabling JavaScript in Adobe Reader can help, too. According to Symantec, lastyear nearly half of all Web-based attacks were associated with malicious PDF files. If victims had adjusted their settings to make it impossible for PDFs to execute JavaScript, they would have thwarted most of those attacks.To disable JavaScript in Reader, click Edit, Preferences, JavaScript and then uncheck the Enable Acrobat JavaScript box to the right of the window.The downside of all these defensive tactics is inconvenience. With scripting disabled in your browser, many animations, movies, and dynamic Web pages simply won't work--and many users get frustrated by the never-ending cycle of opening a Web page, seeing that it doesn't work properly, and then choosing to allow scripting on that page.The same holds true for Reader, where PDF-based forms may not submit properly if
 
you've disabled JavaScript; nevertheless, many people don't mind simply turningon Reader's JavaScript whenever they need it.Back Out of Rogue Antivirus OffersFar too many people have had this experience recently: You're surfing the Web ona totally legitimate site when a scary-looking warning message pops up suddenly. It tells you that your computer is infected. You try to get rid of it, but more windows keep popping up, urging you to scan your computer.If you do this, the scan invariably finds security problems and offers to sell you software that will take care of the problem. This is rogue antivirus software. The only thing the software does is put money into the pockets of criminals.Rogue antivirus programs have emerged as one of the most annoying security problems of the past few years. To the victim, the pop-ups can seem like an infectionthemselves. Every time you try to close a warning window, another one appears.Here's what you do:First off, never buy the software. It simply doesn't work, and often it will trash your system. Either press Alt-F4 to close your browser directly or press Ctrl-Alt-Delete to open your system's task manager and shut the browser down from there. Closing the browser generally puts an end to the pop-up problem.Another way to steer clear of rogue antivirus attacks is to be careful when reading up on a hot news story. The bad guys follow Google Trends and Twitter's Trending topics, and they can quickly promote one of their malicious Web pages to the top of Google search results.Google tries to control this activity, but when a breaking news story is involved, the evil doers are often one step ahead. "Cut down on the risk of being affected by only reading news sources you trust, or--at the very least--search GoogleNews for news services you haven't seen before," says Sunbelt's Boyd.Next: Use Less-Popular Apps; Verify That Your Programs Are Up-to-DateFoxit Reader or PDF Studio. Similarly, ou can check .doc and .ppt files in OpenOffice. The downside is that, in a nonstandard application, files may not look exactly as they should. This drawback might make such apps unsuitable for daily use, depending on your needs, but even so you should consider using them to open dubious documents in.Use a Service Like Gmail or VirusTotal to Check Documents That You Do OpenWhy do security experts use alternative PDF and .doc readers?They've warned us for years not to open attachments that come from untrusted sources. Strange .exe files are a sure sign of trouble, but hackers have also foundways to break into computers by tricking users into opening maliciously encodeddocuments. The vast majority of these attacks take advantage of known flaws inolder programs; but in addition, new attacks--called zero-day attacks--periodically pop up, exploiting flaws that software makers haven't yet patched.By now you know to find an alternative document reader, but if that doesn't workfor you, consider adopting other methods to double-check documents and avoid viruses.One approach is to let Google do the checking for you. Forward attachments to aGmail address, and Google's filters will scan it for malware. Then, you can convert the document and read in Google Docs to see whether it's legit.Another tip is to submit files to Virustotal. This free scanning service runs your file through 41 antivirus scanning engines. If any of the programs identifiesit as malicious, Virustotal will let you knowKnow What Programs You Use, and Verify That They're Up to DateRealPlayer you downloaded a few years ago may be nothing more than a security hole today. If you don't use a program, consider uninstalling from your PC.To trim unwanted apps, visit the Windows Install/Uninstall section of the Control Panel. As a rule of thumb, if you're not using a program, lose it.From a security perspective, every program--especially a widely used app--is just another path that hackers can use to break into your system. A useful securitytool is the Secunia Online Software Inspector, which scans your PC for out-of-date software.Mozilla page, you can check to see whether your various browser plug-ins--for Chrome, Firefox, IE, and Opera--need updates.

You're Reading a Free Preview

Download
scribd
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->