Students! As anyone on a Windows machine who has visited good ol' CrunchGear in the past few weeks knows: the Internet can be a dangerous place. There's malware everywhere, dumb, time-wasting YouTube videos are embedded all over the place, and Flash advertisements constantly contrive to steal away your processor cycles. Really, if at all possible, you should just avoid the Internet entirely: it's rarely worth the effort. But, I know this isn't an option for many of you. That's where this post comes into play. Hopefully by the time you're done reading it, you'll be a little bit safer as you troll the Internet late at night instead of doing your work.
Yes, this is the security article.
Is security the most exciting thing in the world? YES! It actually is fairly exciting, particularly when you consider how much work the "bad guys" put into causing mischief.
The following is aimed primarily at Windows users, if only because Windows users are the ones who have to deal with the most malware-related nonsense online. Should Mac (and Linux) users adopt some of the more general principles? Yeah, sure: nothing wrong with developing safe Web habits.
So here's what I did. I spoke to a bunch of folks at various anti-virus companies to get an idea of what are some of the things that you can do right now to be as safe as possible online. Hopefully the following helps out at least a little bit.
Have a legitimate copy of your operating system
Staying safe online begins even before you launch your Web browser. You really, really ought to be using a legitimate copy of your operating system, i.e. Windows, so you can apply important updates and patches as they come along. Jeff Horne, the director of threat research at Webroot, stressed to me that even though Microsoft has done a heck of a job in recent years of keeping Windows as secure as possible, that only applies to you if you can update your system. It's not always the case that pirated copies of Windows can access Windows Update, so do yourself a favor, spend the $100 on a genuine copy of Windows 7. Doing so can save you a lot of grief down the line.
Have up-to-date anti-virus software running at all times
You quite literally would be a fool to browse the Internet in 2010 on a Windows machine without any sort of anti-virus software up and running. The free version of AVG is the bare minimum here. I looked at two suites in recent weeks—Webroot and Kaspersky —and both more than do the job. (Malware Bytes in another one worth checking out, but I haven't used the paid version of that.) And students, I would be shocked if your college or university doesn't offer some version of anti-virus protection for you to use. I would check with your school's IT folks to see what, if anything, they have for students.
One of the main things Jeff Horne from Webroot mentioned was the rise of social network-borne malware. It could be something as simple as a "like" or "dislike" highjacking, or something far more sinister. Horne says internal tracking shows 40 percent of people on social networks between the ages of 18 and 29 accept friend requests no questions asked. Marks, marks everywhere. Stone Cold Steve Austin said it best: don't trust anybody. Just because your "friend" sends you a Facebook message to check out a "really hot video" or some other trash doesn't mean you're obligated to click on the link or open any attachment. Here's a fun story: a few months ago I received a Facebook message from our very own Matt Burns telling me I had won a free iPad. Clearly this was a clever ruse designed to get me to click on something that would have led to Bad Things™. I knew the message was bogus because, well, if anyone on this planet knows I have no interest in getting an iPad, free or otherwise, it would be Matt Burns. Get your act together, Matt!
Consider using something like NoScript
NoScript could be the best add-on for Firefox, even better than AdBlock (never mind the emotional baggage that comes with using AdBlock!). NoScript will block any stupid Web site scrip from running before it causes CHAOS~! I believe there was a nasty script on CrunchGear not too long ago that was causing people problems. I know because, upon visiting my very own site, I had at least 18 different trojan infections. It literally took 60 minutes to clean up my system! I could have prevented this by viewing the site using NoScript, then having only the bare essential scripts turned on. The add-on can be a bit of a pain to to work with at first, but once you build up a sufficient white list you should be A-OK.
Don't visit trash sites
Really, if your computer catches a cold because you were browsing Russian HotFile release blogs you have only yourself to blame. I would not recommend visiting, shall we say, "interesting" Web sites on a machine where you have valuable data stored on.
Don't do your online banking from the local Starbucks
Let's say you're at a public place, like a café or the library on campus. How smart is it to use the freely accessible Wi-Fi to pay your mobile phone bill, or to check your bank balance? Not very smart at all! All it takes is one smart aleck kid running a man-in-the-middle attack to steal so much of your private data. I know because, well, let's just say I've seen such attacks in action. But, let's say you just have to check your bank balance while drinking a fancy drink at Starbuck: might you consider setting up a VPN? Giganews, the popular Usenet provider, has a pretty easy to use piece of software bundled with Diamond accounts called VyprVPN that does just that: it encrypts your communication. (You can also buy VyprVPN separately.) While the absolute safest policy would be to only access sensitive data from an Internet connection you control, encrypting your data with something like VyprVPN (or any other VPN for that matter) is the very next best step.
That's pretty much it, kiddos. Make sure all of your software is up to date, use a proper anti-virus, and don't go clicking on stupid links all over the place. Pretty basic, yes, but if everyone on the Internet practiced even the most basic form of Web safety the world would truly be a better place.
Failing that, you could always just stop using the Internet altogether. It's a fad anyway. Can't get any malware if you're not wasting time online.