How browsers and security software can keep you safer online
by Ed Bott | August 10, 2011 12:15pm PDT | Image 1 of 25
Previous | Next
Where social engineering begins
Online criminals have a seemingly bottomless bag of tricks to get you to click on a link that leads to an unsafe download. The link can come via e-mail, or in search results, or as part of a normal looking web ad, like the one shown here.
That link leads to malware, but there's no easy way to be certain of that just from looking at the URL.
How do you avoid being victimized?
For a more detailed discussion, see the companion blog post, Who makes the best Windows security software? Surprise ...
Just In
Each page with a reload, recenter, click NEXT, AND then repeat 25 times.
same here. This is horrible. Why can't they load it onto the same page ?
Although I like to se al the images, I don't want to stare at the screen until it flickers and re-adjests with the new image. This suxx.
Me too. Awful for a 20 year old company.
2. Don't Download A file in a format that the computer can directly execute.
3. And because of 2. Don't waste time with Anti-Virus Software
Its pretty simple
Really? Never download any kind of program file? What a boring life. No new games, programs, apps, applets, shows, vids, etc. etc. etc. etc.
Viruses are no longer the top threat because virtually any anti-virus program detects & defeats almost all viruses within hours (if not minutes) of the viruses entering the wild. Many users have finally gotten the message about Phishing, and so successful email based social engineered attacks are on the decline. 'On-Demand' trojans (once which users download themselves) are the malware of choice nowadays because many users are still duped into downloading root kits which they think is something else -- and those same people apparently don't use modern AV & malware blockers which mostly do block trojans/rootkits.
I rarely venture into the 'seemier side' of the internet, but I've clicked a few links in my time that my AV/AM software blocked. Still no infections here. Would most of the 'social engineering' trojans work on me? No ... and not particularly because of my AV/AM software, but simply because I'm not slow enough to think it's a good idea to download the latest FireFox or Google Chrome from an unknown 3rd party.
And regarding your Step 3 ... you can download a non-executable file (e.g., a compressed file or archive) with a virus or rootkit inside. Without AV/AM software, you will never know what hit you. Your advice is not realistic.
And with your compressed file scenerio, I could download any bloody (insert fear of the week term here rootkit/virus>) compressed in a zip/rar and even view the zip/rar contents - heck even extract the zip/rar and as long as I dont click on the that little file THAT DIRECTLY EXECUTES - its pretty much Step 2.
and again Pretty simple
Hey man I completely on the Firefox and NoScript!! Since I changed over from IE several months ago I have experianced no problems, no spam, no anything! I thought everybody got the memo about .exe files 15 years ago.
Thanks and have a great weekend.
CM
Use a true secure OS if you want security, not a patch over a patch.
"Ouch!"
But, so true.
Hence why the derisive term "Click Monkey" came into use.
Anyways, wouldn't AVG IS also work as an alternative? It has most of the features of Norton IS including the behavioural scanning in it's so called "Identity Protection" component.
The captions under each picture are important, and I spent a lot of time on them. I know it's a PITA, but this is really the best format to tell a visual story like this one.
FTW, Freedom Through Wisdom
Here is a sample list:
AVG Safe Search (part of AVG Free)
Controle de Scripts
JSView
No Script
Request Policy
Netcraft Anti-Phishing Toolbar
QuickJava
WOT (Web of Trust)
But the weak point in distribution of malware by social engineering is the lack of technical savvy by the average individual. The technogeek is usually the one who knows about Firefox security addons and how to use them.
Join the conversation!
The best of ZDNet, delivered
ZDNet Newsletters
Get the best of ZDNet delivered straight to your inbox




























