10 Web Browsing Security Myths, Busted

September 4, 2012

Your PC may not be as protected as you think against malware and viruses.

When it comes to safely surfing the Web, you may think that you’re shielded from harm with updated anti-virus software and by avoiding risky sites and refusing to open unsolicited email from strangers. That should keep you and your computer hacker- and virus-proof, right?

Not so fast. A newly infected Web page is discovered every few seconds, according to Boston-based computer antivirus and network security products maker Sophos. That means that even if you think you’re at the top of your game in terms of keeping your PC safe, there’s always a looming threat that you may not be prepared for. Adding to that problem are some common misperceptions that make people believe that there’s no way anyone or anything can get into their computers unless they allow it to.

As you gird your PC defenses against viruses and hackers, don’t make the mistake of believing these myths:

  1. The Web must be safe, because I’ve never been infected by malware. Or so you’d like to believe. Many Web malware attacks steal personal information and passwords or use your machine to distribute spam, malware or inappropriate content without your knowledge. What you don’t know can hurt you if you’re not careful.

  2. I keep my anti-virus software up to date, so I’m protected against the latest Web dangers. Unfortunately, antivirus updates are developed in response to new threats. The perpetrators of malware, spyware, trojans and the like always have the jump on the various anti-virus software manufacturers. The best you can do is keep your software as up to date as possible to reduce the likelihood of infection.

  3. Company Web filters prevents employees from going to inappropriate sites. If only that were true. Hundreds of school kids and employees regularly use freely available anonymizing proxies, which enable them to surf the Web freely and unchecked. How easy is it? Just Google “bypass web filter” and you’ll find more than 1.2 million results.

    4. You don't have to download files to become infected. With "drive-by downloads," all you have to do is visit the website.

  4. If I don’t download any files, my system won’t get infected. Most malware infections now occur through a “drive-by download.” Hackers inject the malicious code into the actual Web page content, then it downloads and executes automatically within the browser as a by-product of simply viewing the Web page. All a user has to do is visit a hijacked website.

  5. Only naïve users get their systems infected. Remember, malware from “drive-by downloads” happens automatically without any user action other than visiting the site. Therefore, it doesn’t matter what level of computer expertise you have; if you visit sites on the Internet, you are at risk.

  6. Only “dodgy” sites are dangerous ones. If I stay away from these, I’m fine. According to Sophos, hijacked trusted sites represent more than 83 percent of malware hosting sites. That may seem like an incredibly high number, but consider that the goal of a malware maker is to infect as many visiting systems as possible. Therefore, the more popular the site, the better, from the malware creator’s perspective.

  7. Secure websites that you have visited in the past are still secure. There’s no guarantee that the page you’re visiting is the same one as before. Remember to check the address bar to inspect the URL or Web page address. It should begin with “https” rather than “http.” And, of course, always sign out when you’re finished visiting a secure site, preferably closing the browser as well.

  8. The “lock” icon means the site is safe from hackers. Sophos differs from others on this point. The company notes that the lock icon — usually found in the lower right of your screen or next to the Web address/URL — does indicate there is an SSL-encrypted connection between the browser and the server to protect the interception of personal sensitive information. It does not, however, protect against malware. In fact, it’s the opposite: Most Web security products are completely blind to encrypted connections, making them the perfect vehicle for malware to infiltrate a machine.

    9. The lock icon informs Internet users that the connection to a website is encrypted -- but that doesn't necessarily make the site safe from malware.

  9. Some browsers are more secure. Not according to Sophos. The company considers all browsers equally at risk because all browsers are essentially an execution environment for JavaScript, the Web’s programming language — and the key component in an attack by malware authors. Many attacks also leverage plug-ins, which run across all browsers. And don’t think the lesser-known browsers are less of a target by hackers or virus implantation experts. The more popular browsers simply get more publicity about unpatched exploits. But it’s the unpublicized exploits you should be most concerned about.

  10. I don’t have to worry about viruses because I use a Mac. Although Macs are less vulnerable to viruses and other bugs than their PC cousins, they’re still at risk. According to Trend Micro, one reason Macs appear more invulnerable is the operating system technology, which is based on the ultra-secure Unix kernel. Also, fewer people in general use Macs compared to PCs, which makes them a lesser target simply based on numbers. And most computer virus designers are more familiar with the PC platform and Microsoft Windows. Still, Macs can become infected, and they can also act as carriers – storing a virus while not infecting their actual system – and pass it on to Windows-based machines when connected to a network. You can also still fall victim to trojan horses, phishing and other online fraud.

 
Related stories

10 Web Browsing Security Myths, Busted

Your PC may not be as protected as you think against malware and viruses.

When it comes to safely surfing the Web, you may think that you’re shielded from harm with updated anti-virus software and by avoiding risky sites and refusing to open unsolicited email from strangers. That should keep you and your computer hacker- and virus-proof, right?

Not so fast. A newly infected Web page is discovered every few seconds, according to Boston-based computer antivirus and network security products maker Sophos. That means that even if you think you’re at the top of your game in terms of keeping your PC safe, there’s always a looming threat that you may not be prepared for. Adding to that problem are some common misperceptions that make people believe that there’s no way anyone or anything can get into their computers unless they allow it to.

As you gird your PC defenses against viruses and hackers, don’t make the mistake of believing these myths:

  1. The Web must be safe, because I’ve never been infected by malware. Or so you’d like to believe. Many Web malware attacks steal personal information and passwords or use your machine to distribute spam, malware or inappropriate content without your knowledge. What you don’t know can hurt you if you’re not careful.

  2. I keep my anti-virus software up to date, so I’m protected against the latest Web dangers. Unfortunately, antivirus updates are developed in response to new threats. The perpetrators of malware, spyware, trojans and the like always have the jump on the various anti-virus software manufacturers. The best you can do is keep your software as up to date as possible to reduce the likelihood of infection.

  3. Company Web filters prevents employees from going to inappropriate sites. If only that were true. Hundreds of school kids and employees regularly use freely available anonymizing proxies, which enable them to surf the Web freely and unchecked. How easy is it? Just Google “bypass web filter” and you’ll find more than 1.2 million results.

    4. You don't have to download files to become infected. With "drive-by downloads," all you have to do is visit the website.

  4. If I don’t download any files, my system won’t get infected. Most malware infections now occur through a “drive-by download.” Hackers inject the malicious code into the actual Web page content, then it downloads and executes automatically within the browser as a by-product of simply viewing the Web page. All a user has to do is visit a hijacked website.

  5. Only naïve users get their systems infected. Remember, malware from “drive-by downloads” happens automatically without any user action other than visiting the site. Therefore, it doesn’t matter what level of computer expertise you have; if you visit sites on the Internet, you are at risk.

  6. Only “dodgy” sites are dangerous ones. If I stay away from these, I’m fine. According to Sophos, hijacked trusted sites represent more than 83 percent of malware hosting sites. That may seem like an incredibly high number, but consider that the goal of a malware maker is to infect as many visiting systems as possible. Therefore, the more popular the site, the better, from the malware creator’s perspective.

  7. Secure websites that you have visited in the past are still secure. There’s no guarantee that the page you’re visiting is the same one as before. Remember to check the address bar to inspect the URL or Web page address. It should begin with “https” rather than “http.” And, of course, always sign out when you’re finished visiting a secure site, preferably closing the browser as well.

  8. The “lock” icon means the site is safe from hackers. Sophos differs from others on this point. The company notes that the lock icon — usually found in the lower right of your screen or next to the Web address/URL — does indicate there is an SSL-encrypted connection between the browser and the server to protect the interception of personal sensitive information. It does not, however, protect against malware. In fact, it’s the opposite: Most Web security products are completely blind to encrypted connections, making them the perfect vehicle for malware to infiltrate a machine.

    9. The lock icon informs Internet users that the connection to a website is encrypted -- but that doesn't necessarily make the site safe from malware.

  9. Some browsers are more secure. Not according to Sophos. The company considers all browsers equally at risk because all browsers are essentially an execution environment for JavaScript, the Web’s programming language — and the key component in an attack by malware authors. Many attacks also leverage plug-ins, which run across all browsers. And don’t think the lesser-known browsers are less of a target by hackers or virus implantation experts. The more popular browsers simply get more publicity about unpatched exploits. But it’s the unpublicized exploits you should be most concerned about.

  10. I don’t have to worry about viruses because I use a Mac. Although Macs are less vulnerable to viruses and other bugs than their PC cousins, they’re still at risk. According to Trend Micro, one reason Macs appear more invulnerable is the operating system technology, which is based on the ultra-secure Unix kernel. Also, fewer people in general use Macs compared to PCs, which makes them a lesser target simply based on numbers. And most computer virus designers are more familiar with the PC platform and Microsoft Windows. Still, Macs can become infected, and they can also act as carriers – storing a virus while not infecting their actual system – and pass it on to Windows-based machines when connected to a network. You can also still fall victim to trojan horses, phishing and other online fraud.

 
Related stories