1 in every 14 downloads is malicious!
Microsoft announced a scary statistic this Tuesday, that Windows users are downloading a malicious piece of software, like a virus, malware or spyware once out of every fourteen downloads made online. This sounds like a scary number, but the fact is that modern browser security updates have forced the bad guys to resort to new (and devilishly ingenious) ways to tempt you to to actively do something to open yourself up to attack. This is different than the bad-old-days of insecure browsers, where a line of malicious code could open you up to a threat. Would-be online scammers, spammers and hackers today resort to social engineering tricks to lure you in.
Although far from a complete list, these three simple tips will ensure that you lessen your risk of attack when using the internet.
A typical social engineering trick looks like this:
A friend’s Facebook page offers you a link to view videos of cute puppies (or something like that) , and when you follow the link the video seems to be broken, the site, helpfully, suggests that you download a video decoder (codec) to view the video. You oblige and download the exe file, but somehow the cute puppies video never seems to load. . . your friends now see mysterious links from you about cute puppies . . . of course what you really need to worry about is the file on your computer that is harvesting your personal information and sending it to a server in Bulgaria.
How could you have avoided this situation in the first place?
1. Use a modern web-browser
Internet Explorer 9, Firefox, and Google Chrome’s most recent versions have built-in mechanisms to warn you off if you unintentionally wander into social engineering territory. The single most effective thing that you can do to protect yourself is update to the most recent version of these tools.
As of May, 2011 these are the most recent versions on the PC with links to the (safe) download site:
- Firefox 4 (soon to be updated again to FF5)
- Internet Explorer 9
- Google Chrome – a great choice because it auto-updates for security and feature fixes silently in the background.
2. Be aware of the links you click
One of the most effective things you can do is to look at the destination of your link to determine if it looks legitimate. In every browser, when you hover over a link, you can see a preview of where you are going in the bottom of the browser window. If find yourself considering clicking on a link, but think to yourself, “hey, I don’t normally visit websites called http://X0Liwz5.bg/”, you would probably be better of looking for a safer site. (See, I told you there was a server in Bulgaria harvesting your information!)
3. Be active in choosing the source of your download
Another way to avoid these kinds of traps is to stop searching randomly for downloads and look to reputable repositories for a safer download. This isn’t a complete list, but here are a few starting points.
