Safe Browsing Habits 101

I’ve found that when I say “practice safe browsing habits” many people have no idea what I’m talking about. This is an unfortunate truth in our world, and I hope that by writing this post that I can help to educate some of you on how to stay safe on the Internet, so that more people will know and practice safe browsing habits.

I’ll break this up into categories. This will be an ongoing and updated page as I think of more tips to list here. I encourage those who read this post to submit your own tips in the comments for inclusion in the list if I’ve missed it, share your stories about what happened because you didn’t practice safe browsing habits, to share this link with your friends and family, and to give your opinion of this post and it’s content.

General Internet Safe Browsing Habits

1. Always check the address bar at the top of the screen to ensure you’re at the official website, and not a carbon copy of the website you think you’re at, hosted at a different address.
2. Always look for the little yellow padlock and the letters “https” rather than “http” when signing into an online account or making online purchases. This means that information you provide, such as your name, address, and credit card information, is being encrypted on it’s way to the web server that hosts the website you’re buying from. This is important because this information crosses many public devices before reaching its destination, and a man in the middle can access this data if it’s not encrypted.
3. Avoid shady sites which promise offers too good to be true such as: free electronics, free software that you normally have to pay for, pirated software, nude celebrities, and the list goes on.
4. Use a tool like AVG’s LinkScanner, which scans each page you visit before allowing you to visit it, preventing drive by downloads or malware installation scripts from infecting your computer.
5. Install Anti-Virus software. I prefer AVG, but there are other providers out there as well. It’s up to you to get the lowdown on each and make an informed decision as to which product to use. If you trust my judgment and technical knowledge more so than your own when it comes to this subject, pick up a copy of AVG Free. If you find yourself impressed with the free version, you might consider springing for the paid version, it has a lot of great features the free version doesn’t.
6. Always keep in mind that your Anti-Virus software is not a get out of jail free card to do whatever you like on the Internet and not get a virus. If you do not practice the safe browsing habits listed here, along with some good ole’ fashion common sense, in conjunction with your AV software, then you may do something which circumvents your AV software’s protection (such as downloading and installing a virus yourself). Also, considering How Anti-Virus Signatures Work, you may not always be protected from all the latest threats as they occur (that’s referred to as a zero day vulnerability), but if you’re practicing safe browsing habits, you may avoid a threat that even your AV software couldn’t have protected you from.

E-mail Safe Browsing Habits

1. Don’t open e-mails from people you don’t know.
2. Don’t open e-mail attachments from people you don’t know.
3. Beware of e-mail attachments from people you do know. If the e-mail said nothing about an attachment or you weren’t expecting one, get in touch with the person through some medium other than e-mail and find out what’s in the attachment, and make sure they sent it. It’s common for some worms to e-mail themselves to people in your contact list, so don’t automatically trust it just because it came from someone you know.
4. If opening e-mails from people you don’t know is a necessary evil (business e-mail, customer service, etc), or you’re just one of those people who lets their curiosity get the best of them, then consider using a virtual machine to open e-mails. Windows Virtual PC is a free download from Microsoft and will allow you to install any Windows Operating System inside a virtual environment separate from your Windows Operating System currently installed on your computer. So if you do get a worm, only your virtual pc is infected. It’s much easier to replace a quick virtual machine install that you only use to open e-mails rather then your entire OS and all the applications you installed on it.
5. Don’t pass on “chain letters” or forwards, at least not messages that have no informative value. It may seem harmless, and I’m not really sure what people’s motives behind starting them are, but the end result is a lot of useless Internet traffic which has to be processed before real e-mails and requests for web pages can be processed. It seems so innocent, how could forwarding one little chain letter hurt anything? Don’t forget there are millions of other people around the world doing the same thing, all that useless traffic adds up. Not to mention that they’re annoying and personally I question a person’s reliability if they forward me bad news or even worse, a message that just says I’ll have bad luck if I don’t pass it on. I have broken many chain letters in my time, and I assure you no ghost is going to kill you, and you’re not going to have bad luck, so break the cycle and don’t forward spam.
6. If you don’t want to part with thousands of dollars of your own money, getting nothing in return, then trash those generic e-mails from random foreign guy, who needs an American citizen to set him up a bank account in the US for whatever contrived reason, and will split the millions he saves by doing this with you, but somewhere along the line needs you to wire him a large cash sum. You’re not investing in your future, you’re giving your money to a con artist.

Social Networking Safe Browsing Habits

1. Be careful who you add as a friend to your social networking account. Day in and day out you probably post personal information such as names of people you know, where you work, where you’re currently at, what you’re doing, etc. Not to mention other personal information is littered across the site, potentially phone numbers, addresses, where you go to school, where you work, etc. This information can be used against you in many different ways, (such as how personal info is often used as security questions for online accounts to reset your password) so be careful who you grant access to your social networking account.
2. Keep a close eye on what applications you add. There are many applications on social networking sites like Facebook, Myspace, LinkedIn, etc which enhance our social networking experience. What we often don’t consider is what kind of privileges we’re bestowing to the people who wrote the software. Just as programs you install on your computer can do malicious things, apps you add to your profile can do malicious things as well, or in the very least unexpected things. Things like giving programs the ability to post to your profile without needing your approval, giving apps access to information about you on your profile that they don’t necessarily need to know to perform their intended function, and just generally giving these apps access to a lot of information about you and a lot of privileges on your page that you don’t necessarily want someone else you’ve never even met to have.
3. Watch out for strange messages from your friends which are full of bad spelling and grammar, and contain links to external pages (youtube is a popular scapegoat, but any page could be used). Even if your friend isn’t exactly a Harvard professor, bad grammar and spelling in messages is often a tell tale sign of a malicious or spam message that your friend didn’t really write. There are worms and other malware, a prime example being the Koobface worm, which spread fake messages asking you to check out a video in a link, or some other action. The link actually leads to an attack site where a script will try to install malware on your computer. Not exactly the gold you were expecting at the end of the rainbow, huh?