Nefarious Sites (Phishing and Malware)

One of the biggest threats to your online safety is from nefarious websites which are specifically designed to either trick you into willingly disclosing your financial information or installing malware on your computer which forcibly takes your financial information from you. The act of tricking you out of your personal information is called Phishing and there are many sites that come online daily to do just that. Malware is a generic term which includes viruses, bot networks, key loggers, adware, spam relays, and spyware.

When these bad sites pop up on the Internet they are identified and added to a list. There are two ways that this list can be checked before your browser connects to the nefarious servers.

One way is with DNS. DNS stands for Domain Name Service and it looks up and returns the IP address of a named site. So when you type www.google.com into your browser, your computer first asks the DNS infrastructure on the Internet “What is the IP address for www.google.com?” DNS responds with a message that says, “The name www.google.com is found at IP address 74.125.65.99.” Then your browser connects to the IP address and the information is transferred. What if you had a typo and instead asked for www.goggle.com which a criminal set up to look just like google, but it was designed to secretly install spyware on your computer? Well, if you’re using OpenDNS the conversation would look like this. Your computer would ask OpenDNS “What is the IP address for www.goggle.com?” OpenDNS would look it up and see that www.goggle.com was flagged as hosted malware and is blocked, so it responds, “www.goggle.com is found at www.opendns.com, IP address 208.69.38.150” which is the IP address for the OpenDNS services and gives you a page explaining why you didn’t get to goggle.

But this approach isn’t foolproof. What if the link in email that you accidentally clicked on didn’t have a name in it, but sent you straight to the IP address for www.goggle.com? DNS is never called, and this protection doesn’t help you. Which brings us to our second option, use a proxy server. A proxy is something that acts on your behalf. So your browser only talks to the proxy, the proxy then gets the information the browser asked for and delivers it to the browser. A good proxy, like Bluecoat’s K9, will make sure the site is safe, just like OpenDNS does, but it is always called, even when the link in email is for an IP address.

There is one drawback to both of these solutions. They both depend on identifying and reporting the site as nefarious which takes time. This is called a “black-list” or a “negative” security model. It doesn’t hurt to use both OpenDNS and Bluecoat’s K9 Proxy; in doing so, you double your chances of stopping a criminal trying to rob you.

Browser Choice

What program you choose to use to surf the web is also very important to keep yourself safe. I am of the opinion that the safest browser to surf with is the latest, greatest version of Firefox. I have this opinion not because I feel its coders are more security minded than their competitors, although that was the case years ago. No, today, the reason why I feel Firefox is superior to other browsers is because of their plugins. Plugins are mini-programs that run inside your browser and change the behavior of how the browser works. This makes the Firefox browser vastly configurable and allows you do to so much more to protect yourself on the Internet.

It is my understanding that all modern day browsers support plugins now. I’m still standing behind FireFox because it has been doing it longer than the rest and the plugin code-base is more mature.

Browser Plugins

There are a few plugins that you absolutely must have for your browser. You need an Ad Blocker. You need a Bug or Tracker Blocker. You also need to be able to block scripts and flash content.

I recommend “AdBlock Plus” (or “AdBlock” for Mac) to block advertising. I recommend Ghostery (they have versions for all the major browsers) to block third parties from tracking you online. I recommend “FlashBlock” (or “ClicktoFlash” for Mac) to pause the loading of flash content — if you’d like to see the flash content you just have to click on the placeholder and it will be loaded. To stop scripts from running I recommend the “NoScript” plugin (JavaScript Blacklist for Mac).

All of these plugins are designed to break things. So if you install them you will need to configure them. For example, after you install them you may find that your online banking with your bank no longer works. You’ll need to go into these programs and put your online banking site in as an exception so it never blocks scripts from running.  But only do this with sites you trust.  My bank, and credit card company’s account services sites are the only sites I trust.

There are growing pains involved with security. Remember, our goal is to stop the bad things from reaching your computer. Chances are we’re going to stop a few good things in the process. It’s your job to identify that something good was stopped, and fix it. After about a week or two browsing with these new controls in place you’ll find that exceptions are now very rare.

Virus and Spyware Protections

These programs are of vital importance and I cannot stress how absolutely essential they are.  However, they do come with a cost, checking all those files against huge virus-finger-print lists will slow your computer down, so you want to pick the fastest and most effective program available. If you are running a windows computer I recommend removing your antivirus and installing Avira Anti-Virus Software. There’s a free version at http://free-av.com/ which is free for personal use. It’s the best anti-virus software made and it’s free. I also recommend “Spybot Search and Destroy” to stop spyware. If you are running on a Mac, ClamXav is free, but I haven’t found anything that compares to Spybot for the Macintosh. Some may argue that Mac’s don’t need virus protection. Believe me, some time soon someone is going to get tired of that smug attitude and write a devastating Mac virus just to shut those fanboys up. It is a fiasco waiting to happen.

Firewalls

It doesn’t matter if you’re running a PC or a Mac, always have your Firewall turned on — it’s built into every computer nowadays. Although it’s out of scope of this document to explain how to configure a firewall, I think it needs mentioning that having a misconfigured firewall is about as bad as having no Firewall at all. Only allow traffic to pass that you know should pass. If in doubt, deny it and see if anything breaks.

If you’re using a Mac I highly recommend Little Snitch. It’s an application firewall that acts like a traffic cop, either allowing or denying programs from connecting to the Internet.

Password Complexity and Storage

And last but by no means least is something overlooked all too often: pick a strong, unique password and don’t write it down. Nowadays that’s asking a lot. I must have 200+ logins on different web sites. It would be impossible for me to create and memorize unique, strong, passwords for each site; to remember them all I have to store them somewhere. Well, storing them somewhere secure is OK. Writing them down on paper isn’t secure, no matter where you store that piece of paper.

So to conquer this challenge I recommend PasswordSafe for the PC and 1Password for the Mac. PasswordSafe is free and the most robust offering I’ve found. 1Password is not free, but it’s extremely robust and easy to use as it’s integrated into whichever browser you use. When I go to my online banking site and I’m prompted to login, I right click on the login box. I’m presented with a 1Password list item. A submenu of that item displays all the “saved logins” for the URL I’m at. If I’ve been a victim of a phishing attempt, the site I’m on will not match the site in the 1Password configuration and I will not be able to login automatically and I’ll know right away something is phishy (pun intended). If I am on my online banking site when I right click, I’ll see my “Banking” login that I saved and labeled. Clicking on it, prompts me for the only password I need to commit to memory, my One and Only Password… or my 1Password. After authenticating to the 1Password program, it then automatically types in my username, 30 character, complex, password, and clicks the “login” button inside my browser to take me to the account summary page. It’s amazing, and if you buy one program ever, this is the program to purchase.

Following these steps will greatly enhance your ability to surf safely.

Did I miss something? Do you know of a better solution that the programs I suggested? Feel free to leave a comment.