I don't do 25 image galleries.
Each page with a reload, recenter, click NEXT, AND then repeat 25 times.
How browsers and security software can keep you safer online
by Ed Bott | August 10, 2011 12:15pm PDT | Image 1 of 25
Previous | Next
Where social engineering begins
Online criminals have a seemingly bottomless bag of tricks to get you to click on a link that leads to an unsafe download. The link can come via e-mail, or in search results, or as part of a normal looking web ad, like the one shown here.
That link leads to malware, but there's no easy way to be certain of that just from looking at the URL.
How do you avoid being victimized?
For a more detailed discussion, see the companion blog post, Who makes the best Windows security software? Surprise ...
Just In
I find it irritating. Especially the fact it takes so long to load. Facebook has the right idea with the overlay system they use, that prevents the entire page from re-loading every time you want to switch to the next/previous image.
@shryko or just put the whole images part in a div and use ajax to refresh it when you switch pictures, very simple to do
@shryko
same here. This is horrible. Why can't they load it onto the same page ?
Although I like to se al the images, I don't want to stare at the screen until it flickers and re-adjests with the new image. This suxx.
same here. This is horrible. Why can't they load it onto the same page ?
Although I like to se al the images, I don't want to stare at the screen until it flickers and re-adjests with the new image. This suxx.
@John238
Me too. Awful for a 20 year old company.
Me too. Awful for a 20 year old company.
1. Install NoScript
2. Don't Download A file in a format that the computer can directly execute.
3. And because of 2. Don't waste time with Anti-Virus Software
Its pretty simple
2. Don't Download A file in a format that the computer can directly execute.
3. And because of 2. Don't waste time with Anti-Virus Software
Its pretty simple
@Bodazapha
Really? Never download any kind of program file? What a boring life. No new games, programs, apps, applets, shows, vids, etc. etc. etc. etc.
Viruses are no longer the top threat because virtually any anti-virus program detects & defeats almost all viruses within hours (if not minutes) of the viruses entering the wild. Many users have finally gotten the message about Phishing, and so successful email based social engineered attacks are on the decline. 'On-Demand' trojans (once which users download themselves) are the malware of choice nowadays because many users are still duped into downloading root kits which they think is something else -- and those same people apparently don't use modern AV & malware blockers which mostly do block trojans/rootkits.
I rarely venture into the 'seemier side' of the internet, but I've clicked a few links in my time that my AV/AM software blocked. Still no infections here. Would most of the 'social engineering' trojans work on me? No ... and not particularly because of my AV/AM software, but simply because I'm not slow enough to think it's a good idea to download the latest FireFox or Google Chrome from an unknown 3rd party.
And regarding your Step 3 ... you can download a non-executable file (e.g., a compressed file or archive) with a virus or rootkit inside. Without AV/AM software, you will never know what hit you. Your advice is not realistic.
Really? Never download any kind of program file? What a boring life. No new games, programs, apps, applets, shows, vids, etc. etc. etc. etc.
Viruses are no longer the top threat because virtually any anti-virus program detects & defeats almost all viruses within hours (if not minutes) of the viruses entering the wild. Many users have finally gotten the message about Phishing, and so successful email based social engineered attacks are on the decline. 'On-Demand' trojans (once which users download themselves) are the malware of choice nowadays because many users are still duped into downloading root kits which they think is something else -- and those same people apparently don't use modern AV & malware blockers which mostly do block trojans/rootkits.
I rarely venture into the 'seemier side' of the internet, but I've clicked a few links in my time that my AV/AM software blocked. Still no infections here. Would most of the 'social engineering' trojans work on me? No ... and not particularly because of my AV/AM software, but simply because I'm not slow enough to think it's a good idea to download the latest FireFox or Google Chrome from an unknown 3rd party.
And regarding your Step 3 ... you can download a non-executable file (e.g., a compressed file or archive) with a virus or rootkit inside. Without AV/AM software, you will never know what hit you. Your advice is not realistic.
@Tivolier You completely missed the part Step 1 - NoScript - no malware.
And with your compressed file scenerio, I could download any bloody (insert fear of the week term here rootkit/virus>) compressed in a zip/rar and even view the zip/rar contents - heck even extract the zip/rar and as long as I dont click on the that little file THAT DIRECTLY EXECUTES - its pretty much Step 2.
and again Pretty simple
And with your compressed file scenerio, I could download any bloody (insert fear of the week term here rootkit/virus>) compressed in a zip/rar and even view the zip/rar contents - heck even extract the zip/rar and as long as I dont click on the that little file THAT DIRECTLY EXECUTES - its pretty much Step 2.
and again Pretty simple
@Bodazapha
Hey man I completely on the Firefox and NoScript!! Since I changed over from IE several months ago I have experianced no problems, no spam, no anything! I thought everybody got the memo about .exe files 15 years ago.
Thanks and have a great weekend.
CM
Hey man I completely on the Firefox and NoScript!! Since I changed over from IE several months ago I have experianced no problems, no spam, no anything! I thought everybody got the memo about .exe files 15 years ago.
Thanks and have a great weekend.
CM
Base your security in the MS browser and MS security programs and make bad boys be happy.
Use a true secure OS if you want security, not a patch over a patch.
Use a true secure OS if you want security, not a patch over a patch.
@ramon.sole@...
"Ouch!"
But, so true.
"Ouch!"
But, so true.
@ramon.sole@... The only secure OS isn't connected to the net, in fact it has no input ports whatsoever lol! The bad guys just haven't got around to your OS yet, that's all.
@Shadeburst Well, at least those of us not using windows will have some time before the bad guys get here. Beats being in the cross-hairs already.
well what is the best software, and how do I down load it?
"Trust Decisions" are ineffective. By the time the user gets to the point, they've already decided to trust the download. Plus, we have become numb to that popup to ask us what we want to do with the file, and blindly click "Run".
@William_P
Hence why the derisive term "Click Monkey" came into use.
Hence why the derisive term "Click Monkey" came into use.
The solution is quite simple to 99% of this stuff, Read The Screen. for all the expamples you list have suspect domains for example "oeachot.info/adobe-flash/". last I checked adobe flash is an Adobe product therefore it should be downloaded from Adobe, adobe.com is the domain. Like iI have told all my clients since the first pc's all the information you need is on the screen all that is needed is to Read It. Some sort of personal responsibility is required with computer ownership.
You can still bypass the download in a link in the Ie8 smartscreen filter block.
My browser is FF 4 which is a stinker anyway but I was too lazy to change it. Now you've convinced me. As I'm on a Windows platform I might as well use IE.
Good job at drawing out some of the more gullible and ignorant amongst us here for some reason. I have to think you're right about those that can't be bothered to read their screens and worse.
I'd read the earlier "Who makes the best..." article, but the pictures in this one really bring it home. Thanks!
Nice article as always Ed, but on the 7th screenshot, isn't there actually a way to override the decision? Cause I can clearly see the link named "Disregard and download unsafe file (not recommended)" 
Anyways, wouldn't AVG IS also work as an alternative? It has most of the features of Norton IS including the behavioural scanning in it's so called "Identity Protection" component.
Anyways, wouldn't AVG IS also work as an alternative? It has most of the features of Norton IS including the behavioural scanning in it's so called "Identity Protection" component.
It really is a pain to have to refresh a full page for each image. Multiple images per page or only an image refresh would be great, in fact I think I will stop going to pages that use a full page refresh per image. I didn't bother to view these images. Is it an ad display count that makes people refresh the whole page per image view?
@TBeckner
The captions under each picture are important, and I spent a lot of time on them. I know it's a PITA, but this is really the best format to tell a visual story like this one.
The captions under each picture are important, and I spent a lot of time on them. I know it's a PITA, but this is really the best format to tell a visual story like this one.
As above, PLEEZ, eliminate all the photos and print out the data!
FTW, Freedom Through Wisdom
FTW, Freedom Through Wisdom
Some free addons, when properly used, can greatly increase the security of Firefox.
Here is a sample list:
AVG Safe Search (part of AVG Free)
Controle de Scripts
JSView
No Script
Request Policy
Netcraft Anti-Phishing Toolbar
QuickJava
WOT (Web of Trust)
But the weak point in distribution of malware by social engineering is the lack of technical savvy by the average individual. The technogeek is usually the one who knows about Firefox security addons and how to use them.
Here is a sample list:
AVG Safe Search (part of AVG Free)
Controle de Scripts
JSView
No Script
Request Policy
Netcraft Anti-Phishing Toolbar
QuickJava
WOT (Web of Trust)
But the weak point in distribution of malware by social engineering is the lack of technical savvy by the average individual. The technogeek is usually the one who knows about Firefox security addons and how to use them.
Join the conversation!
The best of ZDNet, delivered
ZDNet Newsletters
Get the best of ZDNet delivered straight to your inbox
Vendor Showcase
