Page 1 of 1

Safe Web Browsing Tips

PostPosted: Fri Jan 25, 2013 8:47 am
by xeo
After helping a member on here tighten up his computer a bit after he battled some adware I figured I would post some pointers for people who may not be in the know on such things. These are the top items I would recommend to anyone who wishes to take IT security seriously:

1. DO NOT USE INTERNET EXPLORER!!!! Go into Control Panel and remove Internet Explorer from your computer.

2. Use Mozilla Firefox or Google Chrome

3. Use Mozilla Thunderbird for Email or any other reputable client other than a Microsoft Product

4. Do not use Windows XP or Windows Vista. Shell out the money for Windows 7.

5. Get Adblock+, a browser addon. It will block advertisements and other such unwanted giblits of evil.

6. Get a Javascript blocker such as Noscript. These will essentially allow you to visit *any* website *safetly*. It will block Javascript unless you authorize it. The only downside to this is you will need to go to all of your favorite websites and authorize Javascript. Not really a huge deal.

7. Unless you specifically have a need for Java, uninstall it completely. Java is extremely vulnerable in its current state and I doubt it will ever be safe. There are vulnerabilities the vendor has lied about fixing or have refused to acknowledge.

8. Passwords... the longer the better, the more complex the better. Use capital letters, numbers, special characters such as: !@#$%^&*(). Make them totally unrelated to your personal interests or publically avaialble information about yourself. Complex randomness is the best. For example: "dj!#JO391jfe!!TT" No, that is not one of my passwords. PLEASE DO NOT USE A BLANK PASSWORD FOR WINDOWS. Use different passwords for different websites.

9. Email addresses, create multiple email accounts and segregate their usage into categories. Make one for screwing around, one for serious personal accounts, another for gaming, etc. The ones you use for personal banking or other such uses should be complex, for example: d3jf9e9w3je9fj@gmail.com. Use different passwords for each email.

10. Use atleast one scanning application. I use Spybot Search and Destroy from Safer-Networking. Others such as MalwareBytes or AVG are good. Scan and update regularly. The reason I like Spybot is because it can immunize you against threats using a number of methods.

11. Windows Firewall: turn it on, leave it on.

12: Windows UAC (User Access Control), turn it to maximum. Yes it is annoying, yes it will make you safer.

13: Executable files (EXE, MSI, COM, SCR, PIF, SHS). Do not run them until you have 100% verified the credentials of the source website. I also run them through http://www.virustotal.com. This website lets you upload files and it will scan them using 50+ virus scanners and show you the results. If it comes back clean, it is still not trustworthy until you verify the source is clean.

14: Windows Media Player: Stop using it. I like VLC (VideoLAN) player. Plays everything, even broken files. Music? Try Foobar2000.

15. Adobe Acrobat. Stop using it. Try FoxIT reader. The amount of patches for Adobe that are released per month blows my mind.

16. Microsoft Office. If you need it you need it, otherwise get rid of it.

17. Windows Update: Turn it on and verify it is working.

18. If you had kids using the computer, make them non-administrator accounts with non-blank passwords.

19. SSL/TLS secure browsing: If you are using online banking or any other sensitive website do not enter any password unless the session is encrypted. You may see a shield or padlock icon in the browser bar or somewhere letting you know it is encrypted.

20. Emails from a bank or anywhere else asking you to login. Do not use them. Go to your browser and type the address in manually. Please educate yourself about phishing. http://en.wikipedia.org/wiki/Phishing

21. Keep your software up to date! Check for new releases or updates atleast once a week.

22. Browser history, cookies, and Windows temporary files. Remove them once a day. There are applications that will do this for you such as CCleaner: http://www.piriform.com/ccleaner

If you want to take Windows security a step further and do some more advanced things, you can disable ICMP response, turn off unnecessary Windows services, change local group policy settings, change folder permissions or other such things. I'll leave the research up to you as there are entire books on this stuff.


Be Safe!

Re: Safe Web Browsing Tips

PostPosted: Fri Jan 25, 2013 9:54 am
by verz
Nice tips thanks,

xeo wrote:15. Adobe Acrobat. Stop using it. Try FoxIT reader. The amount of patches for Adobe that are released per month blows my mind.

Thanks, didn't know their was an alternative, I always like alternatives to buggy monopoly programs.

xeo wrote: 16. Microsoft Office. If you need it you need it, otherwise get rid of it.

I have been using OpenOffice open source, free, and IMO much better then Word- http://www.openoffice.org


I the realm of online security, I think Facebook is a big security hole most people have.

You are essentially building a large file full of pics and info on you. Who owns this file? and who going to own this file? Because you do not own it.
Facebook has also bought and is developing the largest facial recognition program in the world so if you face is on facebook you will get the privilege of being in this new program.

Also when you leave facebook and browse the web when you come back facebook harvests the tracking cookies it plants in your browser and they have on file all the websites and places you go to all linked to your name and whatever pics you have on your/their FB page.

If you are going to use Facebook you should at least isolate it in it's own browser. If you use firefox put facebook on chrome and only use chrome for things that are linked back to you personal identity like FB or business email accts with your full name. In your other browser you can also check your FB page to make sure a random person cannot see all your info.
Personally I don't go to any sites that would interest law enforcement or the secret police but I just don't want a file of every web site I have ever went to out there. It violates my privacy and I do not trust the cooperate entities that take ownership of these files.

Re: Safe Web Browsing Tips

PostPosted: Fri Jan 25, 2013 10:22 am
by magician59
Thanks, guys!

Re: Safe Web Browsing Tips

PostPosted: Fri Jan 25, 2013 2:19 pm
by dicey
Very good list xeo!

I almost do everything like you told except a few things and some stuff that is irrelevant for me because I do not have a family :)

Re: Safe Web Browsing Tips

PostPosted: Fri Jan 25, 2013 4:16 pm
by Aedalas
On the subject of passwords you might be interested in Lastpass. It's a PW management program that can generate a secure password anytime you create an account. You log in with a master password and the program handles all your logins for you. While I've never heard anything about it being vulnerable, it still does make me slightly nervous so I don't use it for my banking. Not really rational, but I don't fuck around when it comes to money.

I rarely use the password generator though, I use a lot of different devices and I can't install the program on all of them, like my work computer. So here is how I usually come up with passwords.

Think of a phrase, the longer the better. Just make sure that you can remember it as your password "key." You can even customize it to the site, for instance "I spend way too much time on Keypicking.com." Take the first letter of each word and keep the capitalization consistent (try to always get some in your phrase): IswtmtoK. It's kind of short but is only an example. Now translate it to leet-speak: 1$wtmt0K. There, secure password that isn't real easy to remember, but is easy to figure out on demand.

Re: Safe Web Browsing Tips

PostPosted: Fri Jan 25, 2013 10:12 pm
by Arctor
xeo wrote:6. Get a Javascript blocker such as Noscript. These will essentially allow you to visit *any* website *safetly*. It will block Javascript unless you authorize it. The only downside to this is you will need to go to all of your favorite websites and authorize Javascript. Not really a huge deal.

Run your browser in sandboxie http://www.sandboxie.com/ as well :D

xeo wrote:8. Passwords... the longer the better, the more complex the better. Use capital letters, numbers, special characters such as: !@#$%^&*(). Make them totally unrelated to your personal interests or publically avaialble information about yourself. Complex randomness is the best. For example: "dj!#JO391jfe!!TT" No, that is not one of my passwords. PLEASE DO NOT USE A BLANK PASSWORD FOR WINDOWS. Use different passwords for different websites.

A good method for most is to use something they can remember and pad it with a random pattern of characters that wouldn't be in a dictionary. `~~12!@Password@!21~~` would be just as hard to brute force as something of equal length and completely random.

xeo wrote:9. Email addresses, create multiple email accounts and segregate their usage into categories. Make one for screwing around, one for serious personal accounts, another for gaming, etc. The ones you use for personal banking or other such uses should be complex, for example: d3jf9e9w3je9fj@gmail.com. Use different passwords for each email.

http://spamgourmet.com/ is a good solution, you can give unique email addresses at will and it will all go to the one address. You can set them to only receive so many emails before it starts discarding them.

I'm tired so I will sum of a bunch of others and say... run anything you can in sandboxie or a virtual machine https://www.virtualbox.org/ (especially your prons), if you want to do really secure banking, boot from a linux live disk and do it from there.

Re: Safe Web Browsing Tips

PostPosted: Sat Jan 26, 2013 7:29 pm
by huxleypig
Come on guys, I'm amazed nobody's mentioned TOR yet?

It's awesome for online anonymity. Unless you just wanna be safe. I see anonymity AS safe but even I never use it for KP or any other lockpicking websites I visit. Only for the truly evil stuff, bwahahahahaha!

Re: Safe Web Browsing Tips

PostPosted: Sat Jan 26, 2013 8:04 pm
by xeo
huxleypig wrote:Come on guys, I'm amazed nobody's mentioned TOR yet?

It's awesome for online anonymity. Unless you just wanna be safe. I see anonymity AS safe but even I never use it for KP or any other lockpicking websites I visit. Only for the truly evil stuff, bwahahahahaha!



I tried to keep this for the average person. But yeah, TOR is hardcore.

Re: Safe Web Browsing Tips

PostPosted: Sat Jan 26, 2013 9:11 pm
by Arctor
xeo wrote:
huxleypig wrote:Come on guys, I'm amazed nobody's mentioned TOR yet?

It's awesome for online anonymity. Unless you just wanna be safe. I see anonymity AS safe but even I never use it for KP or any other lockpicking websites I visit. Only for the truly evil stuff, bwahahahahaha!



I tried to keep this for the average person. But yeah, TOR is hardcore.


TOR is only good for anonymity, I would recommend against using it for anything of importance because you are at the mercy of the exit node. They have the ability to do anything they want with your traffic.

Re: Safe Web Browsing Tips

PostPosted: Sat Jan 26, 2013 9:48 pm
by elbowmacaroni
Sticky

Re: Safe Web Browsing Tips

PostPosted: Sat Jan 26, 2013 9:50 pm
by elbowmacaroni
Oh, a note on TOR and this site... you may find that if you access this site via TOR, that you can't. Sometimes if you get a really fresh exit node you might be able to... maybe...

Re: Safe Web Browsing Tips

PostPosted: Fri Dec 04, 2015 11:11 pm
by LocksportSouth
TOR is great for people in countries without free, safe Internet access. War-torn Dictatorships, North Korea and the like. Course, it always gets a bad rap as a druggie tool :/

Little password tip - Make your passwords long, upper case, lower case, special characters (if the site allows it), numbers - you don't need to remember it. Save it in a notepad file with the site name. Nobody is going to hack your PC, you are at far more risk of password brute-forcing and SQL injection and whatnot than a hacker deliberately targeting your PC. If you're concerned, download an open PGP variant and encrypt your passwords folder, then you just need to remember 1 pass :). Alternatively, keep the passwords on a flash drive and only connect it when you need to log in to somewhere. If you save the passwords to your browser, make sure you have Windows passworded (for the truly paranoid, use a TrueCrypt variant such as VeraCrypt to encrypt your hard drive pre-boot.

In terms of kids using your computer - first off consider getting a cheap laptop for them to use. If they HAVE to use your PC, and you can afford it or don't mind getting it "for free", get a copy of Deep Freeze by Faronics.

VLC is a great choice for media player - also try out Media Player Classic. If you download the K-Lite codec pack, you get a copy bundled in. Then you have the player and all the codecs you need, and it's a lovely lightweight player.

Anti-virus - currently I'm using Kaspersky, but it's a toss-up between that and BitDefender. BD does have some shady practices with regards cancellations though so be careful, also if you happen to be using a RoG gaming motherboard, be aware that AI Suite will NOT WORK if have BD; it sees it as a virus and will block it. You can't get around this and there's a very public hoo-ha between the two companies about this.
As well as your regular always-on antivirus, keep the following installed and up to date: MalwareBytes Anti-Malware, SUPERAntiSpyware (sounds and looks like one of those dodgy-ass "fake antivirus" programs. It's not. It's awesome) and, if it's still going, Spybot S&D. Run them occasionally or when you suspect virus-like activity.

If you're more tech savvy and want to run risky programs, downloads, go to risky sites etc, get a copy of VMWare Workstation and run a different copy of Windows sandboxed away from your main install. Or just keep a cheap laptop around for that purpose, one you can just wipe when things go wrong.

The number one rule - as you get more tech savvy, you can (and will!) start to ignore many of these security points. Techies will commonly not follow the practices we preach. There was actually a survey done about this recently, I should dig it up sometime. There's a reason for that though - years of experience :P. Please keep yourself safe first and foremost, and if you decide to take more risks - well, you've been warned.