How to Have as Safe a Browsing
Experience as Possible Ads by Google Every day we get to hear about new
vulnerabilities and online hacks. Hackers are
preying around to steal your crucial data. The
most recent hack was of XDA-Developers forum . Though no user details were compromised.
Android smartphones are already suffering
from different vulnerabilities. And, we all are
fighting a never ending war to protect our
privacy online. So, among all these cyber hassles what can you do to protect data? What can an average Joe do? Well, don’t panic. We have you
covered. How secure can you be on the Internet? | Shutterstock In the past, we had shared some extensions for secure browsing on Chrome. But, here in this guide, I’d like to go a little broader. I’d like to
explain to you the basics of security in
browsers (no matter what web browser you
use) and also add some cool tips that will give
you complete safe browsing experience. This
guide is simplified for the Average Joe. The Security Basics What is HTTPS? Well, you can read about it on Wikipedia but I’d like to explain it here in real simple words. What
HTTPS actually does is, it secures the
communication between the server of the
website you’re accessing (that has HTTPS) and
the client (which is you using the PC). How does
it secure that? Using encryption. Encryption basically just creates a secret new language that
only the server and the client can understand.
That way no one (even hackers) will know what
is passing through the connection. Not every website can get a HTTPS/SSL
certificate. Each and every content gets
analyzed first. And, necessary security checks
are done. Also, a security check is done by all the browsers. Some websites try to create HTTPS connection that has a mixture of encrypted and
unencrypted content. That is why you get such
errors as below. Ads by Google Types Of Attacks Most browser-based attacks done by hackers
make use of Javascript. Developers use
Javascript to make their websites dynamic and
do stuff (like the ones listed below) that HTML
can’t. For example a pop-up on a button click.
You can’t do it without Javascript. Below are some attacks that hackers can perform on your
browser using a malicious website (a website
you don’t trust). There are many but these are
the most prominent right now. 1. Click-Jacking This is a type of attack make use of a button on
a website. A malicious code is inserted in
button-click and when the user clicks on the
button the code gets executed. It doesn’t matter
that you got your desired stuff on that button
click but it might have also inserted some other undesired entities. Well, most browsers prevent
such attacks. But, you need to be cautious
before you click a button on an untrusted
website (Especially download links and torrents). 2. XSS (Cross Site Scripting): Here the hacker encodes malicious content
(javascript) in such a way that that user finds it
to be trustworthy and uses that content and the
code gets executed which will allow the attacker
to get all the user credentials (like username,
passwords, settings, etc.). For example, you’re logged into some website with username
‘Mahesh’ and you get a message from
‘Suresh’ (that contains malicious javascript
encoded) and when you read the message the
script gets executed and it is now easy for the
attacker to hijack your user session because he has your login details. Well, this attack also can
be prevented by most browsers but some
scripts are encoded in such a way that they can
even fool the web browsers. 3. CSRF (Cross Site Request Forgery): Let me just directly tell you the example. You’re
on a shopping website and bought something.
And, malicious code is already on your system
(that might have entered by the above two
methods). So, this malicious code will run a
process in the background that will grab the specific URL from the browser through which
the product was bought. It will manipulate the
URL to do something malicious and request the
website to run it. And, the website will run it
because the website knows it’s the user logged
in requesting to process the URL. But, it’s actually the code that’s running in the
background requesting for it. Let Common Sense Prevail So, after reading the above attacks who do you
find to be the culprit? Attacker? Javascript? Web
browser? Actually, it’s YOU. You are the one that
clicked that download button, you are the one
that got lured by an email sent by a cute girl
(that contained the malicious code) even though it was in the SPAM folder. Well, mistakes are made by everyone and who
here cannot be fooled? So, to prevent yourself
from getting duped by such attacks, you can do
one thing. Turn off Javascript. It’s practically
impossible for any attacker to attack your
computer system (using a web browser) without Javascript. Only turn on Javascript for the sources and websites you trust. There are many extensions and plugins out
there that you can use to turn off Javascript on
the website. Also, browsers like chrome give
you inbuilt options to turn off Javascript for a
specific website. You can use ScriptSafe extension for Chrome and NoScript for Firefox. Also, Adblock plus can work as a backup for these plugins. As it will
protect you from malicious ad-clicks. Do you love the Microsoft’s Edge browser? Here’s how you can make it ad-free. Use a Password Manager We’ve shared enough about this topic here on
GT. Here are some quick links to get you started
if you don’t use a Password Manager. What is a Password Manager? – Wikipedia (If you don’t trust us, you surely trust this one.) Why use a Password Manager? – We’ve shared some great features of LastPass (a Password Manager) which will give you a
clear idea. Which Password Manager should you use? – We’ve done many comparisons between
different password managers. Like LastPass Vs 1Password, 1Password vs Dashlane and KeePass vs LastPass. Just start using a Password Manager if you
aren’t already. It will make you web browsing
much safer. Anti-Malware + Antivirus First off, if you don’t know what is the
difference between Virus and Malware then read this explainer. Or else, here’s quick overview: Computer Virus: The name itself explains it. It spreads its infection to others. One infected file
(virus itself with malicious code) will infect
other files and those files will, in turn, affect
other files. Thus, spreading the malicious code Malware: This is a software program that performs actions on behalf of you without you
knowing it. Also, Malware can be categorized
into Spyware and Adware. They both belong in
the category of Malware. So, why use Anti-Malware with an
Antivirus? This is one of the best things I’ve learned to
keep my PC secure. This will surely keep your PC
away from Viruses and Malware. What you have
to do is just use your favorite Antivirus (I rely
on Windows Defender. And, I never regretted).
Along with that use an Anti-Malware (I use MalwareBytes). Oh NO! This will add two-fold security to your PC. If
Windows Defender (or your Antivirus software)
misses a virus or malware then the Anti-
Malware will surely catch it. So, if anything
malicious gets downloaded from your Web
browser then it will be surely be terminated by these two. I’ve explained about it deeply on my blog. How to Find If a Site is NOT Safe? There are few website out there that can help
you find if a website is trustworthy. You can
use scnaurl.net or Norton’s Safe Web. You can add the URL of the website or a specific URL like
a download link. Also, Google scans each and
every URL that is shown in the search results.
You can use their technology to check if the
website is safe or dangerous. Visit their Transparency Report Diagnostics Page. You are Your Own Worst Enemy I had mentioned this earlier that you are
yourself are the culprit. You are letting the
attacker attack your browser/system. The
malicious code won’t even enter your system if
you don’t respond to malicious websites. All you
have to do is just make sure that what you’re doing is recommend by a trusted source or
website. And, of course, you can definitely trust
us. ALSO SEE: How to Keep Your Android as Secure as Possible How-to/Guides Internet a
No comments:
Post a Comment