Security secrets that might help you thwart the bad guys.

You already know the basics of internet security, right?  You know to keep your antivirus program and patches up to date, to be careful where you go on the Internet, and to exercise online street-smarts to resist being tricked into visiting a phishing site or downloading a Trojan horse.

But when you’ve got the basics covered, but you still don’t feel secure, what can you do? Here are a few advanced security secrets and tips to help you thwart some of today’s most common attacks.

Remember, however, that security is all about trade-offs. With most of these tips, what you gain in security, you lose in convenience. But hey, it’s your computer. Be as paranoid as you want to be!

This may be the one piece of advice that will do most to keep you the safe on the Web: Steer clear of JavaScript, especially on sites you don’t trust.

JavaScript attacks are everywhere.  If you use Facebook, you may have seen one of the latest.  Lately, scammers have set up illegitimate Facebook pages offering things like a free $500 gift card if you cut and paste some code into your browser’s address bar.

That code is JavaScript–and you should never add it to your browser.  “Scammers use this technique to open up unwanted surveys, fill your social networking profiles with spam or even to send you to phishing pages,” says Chris Boyd, a security researcher with Sunbelt Software.

Disabling JavaScript in Adobe Reader can help, too.  According to Symantec, last year nearly half of all Web-based attacks were associated with malicious PDF files.  If victims had adjusted their settings to make it impossible for PDFs to execute JavaScript, they would have thwarted most of those attacks.

To disable JavaScript in Reader, click Edit, Preferences, JavaScript and then uncheck the Enable Acrobat JavaScript box to the right of the window.

The downside of all these defensive tactics is inconvenience.  With scripting disabled in your browser, many animations, movies, and dynamic Web pages simply won’t work–and many users get frustrated by the never-ending cycle of opening a Web page, seeing that it doesn’t work properly, and then choosing to allow scripting on that page.

The same holds true for Reader, where PDF-based forms may not submit properly if you’ve disabled JavaScript; nevertheless, many people don’t mind simply turning on Reader’s JavaScript whenever they need it.

Far too many people have had this experience recently: You’re surfing the Web on a totally legitimate site when a scary-looking warning message pops up suddenly. It tells you that your computer is infected. You try to get rid of it, but more windows keep popping up, urging you to scan your computer.

First off, never buy the software. It simply doesn’t work, and often it will trash your system. Either press Alt-F4 to close your browser directly or press Ctrl-Alt-Delete to open your system’s task manager and shut the browser down from there. Closing the browser generally puts an end to the pop-up problem.

They’re extremely popular programs, but Microsoft Office and Adobe Reader are not the strongest applications from a security perspective–especially when it comes to opening files that you think are probably okay but aren’t sure about.

Most bad guys subscribe to a big-tent theory of troublemaking. When they plan an attack, they usually aim at the most widely used software programs, which is one reason why Windows gets hit so much more often than Linux or Mac operating systems and also why people running Norton and McAfee get hit more too.

The old version of RealPlayer you downloaded a few years ago may be nothing more than a security hole today. If you don’t use a program, consider uninstalling from your PC.

People have to remember too many passwords on the Internet. Everyone knows this, but most of us get around the problem by using the same username and password over and over.

Hackers know this as well, and they’re happy to use it against you. Often they steal a person’s password and user name, perhaps via a phishing attack, and then try that combination on other popular services–Facebook, Gmail, PayPal, Yahoo–to see if it works there, too.

Luckily free and simple password management tools are available to keep track of your passwords for you. They are a bit more work–you may tire of constantly jumping between a password manager and your browser every time you want to log into a Website, but remember that security always involves trade-offs.

Original Story By Robert McMillan, IDG News Service. July 19, 2010 12:47 PM ET

Call Mad Dog Computer for your expert Portland computer repair at 503-922-1599. We promise to give you quality service at a price that is both competitive and reasonable! We serve the entire Portland Oregon metro area.


The Mad Pooch
Latest posts by The Mad Pooch (see all)