Important! Web Browser Security Last Updated 24 June 2010
Web browser security is important for two major reasons:
Businesses cant be trusted implicitly.
Criminals are trying incredibly hard to get through your defenses.
Where it comes to browsing the web securely it is important to understand what causes users to be exploited or what increase risks.
For example look at the next photo which in itself does not include any malicious malware however if one allows it, businesses will work very hard to fill it jammed pack with adware to shamelessly promote their sites, products or brands. Sometimes users are gullible enough to allow the install of so many that they effectively reduce the working visual field of the web browser as to render it unusable.
I must note that removing some of these plugins and addons is sometimes a job better left for your local technical expert as it may prove daunting to cleanup...
An Adware Infected web browser!
While promoting ones own brand by embedding functionality usually found on web sites within the web browser, is not malicious in itself, it does help open the door to unethical operators to embed malicious mechanisms that are sometimes used to increase their businesses visibility, which is harmless. While at other times it is a blatant attempt at spying on unsuspecting users or even stealing personal information, and sometimes attempt to cause destructive behaviors such as when malware is introduced...
Also one must consider the corporate love for data gathering of Internet user's behavior by profiling them and the web browser using tactics like browser fingerprinting and more. This invokes ethical and privacy concerns to mind...
You can have a look and see if your web browser is unique and have a report of what information it actually does provide to those sites... The Electronic Frontier Foundation developed a web page to inform users about the risk and to provide a more scientific approach to the issue.
So with these in minds I have written this article to assist in providing some clear guidance and I hope help you improve safety in your web browsing habits...
I begin with a few important pointers on issues rarely discussed in technical circles:
What Do These URL's Have in Common? They Share Exactly the Same URL Destination!
Malicious sites or links & e-mail based URL are often obfuscating the real URL destination...
Typically URLs can be Obfuscated in at least three ways to avoid recognition of the actual destination address.
A URL may consists of meaningless or deceptive text. Located after "http://" and before an "@" symbol.
The domain name can be expressed as an
Standard IP address
dotted-decimal
dword
octal
hexadecimal
all of these formats have variants such as base 10, 16, 32 , 64 and so on...
Characters in the URL can be expressed as hexadecimal numbers.
To Better understand these obfuscation methods look at the following example common with spammers and hackers who do not wish for you to understand the true destination of the link.
Look at the following: In this instance it is the regular Google URL: <http://www.google.com>
First convert it to it's own native IP: <http://64.233.161.104> ( Use Malhound ProInput Domain to obtain the last known IP address for any domain)
Then add some bogus authentication gibberish such as: <http://www.yahoo.com@64.233.161.104>
Then you convert the real URL into a single number with the IP/URL Decoder in Malhound Pro so it looks like a genuine document on the Yahoo.com web site:
You get this: <http://www.yahoo.com@1089053032> Paste this link in your browser, and where does it go? directly to Google.
Now to decode Obfuscated URL's or IPs you simply need to analyze the URL to identify the obfuscation method, isolate the IP and convert it back to domain name, and repeat the process in reverse... You can UseMalhound Pro to analyze both the URL and the domain for malicious elements.
This is not the only Obfuscation method or tactic, but it provides a good idea of what to look for and how to understand most of them and hopefully help protect against them...
There are also more basic but highly effective obfuscation methods such as the following one where they simply use text on a web page and a link label, to obfuscate user perception of the destination such as in the following example:
To Better understand , You need to look in the "URL display area" This area is located at the extreme lower left at the bottom of the web browser. To reveal the link's (URL) real destination address simply hover the cursor directly above the URL
You will notice that in this example the displayed url, and the link label are the same. However the URL Display area (Extreme lower Left corner) shows a totally different address. That is the true destination address... (Also consider possible obfuscation attempts as demonstrated above)
Also Keep in mind other method of obfuscation can make use of URL Redirection technology such as with URL Redirection services where they assist in hiding the referrer using META refresh where the link you see and click on may actually be redirected to another location...
The Internet is the Technical Equivalent of the Wild West...
The Internet is powerful but using it mindlessly is risky. As a result, I can not recall ever working on a system that was not infected with some type of Virus, Trojan or Spyware. Most have hacks and some are under complete control by hackers. This even though they usually have a commercial and often a top Brand anti virus and an anti Spyware software as well...
Funny thing is, most users almost always are in some type of denial about their own personal security risks or are totally oblivious to how many bots are actually active on the system. Not to mention the spam or Trojans, and other types of Malware their PC is often very busy distributing around the net!
How is that possible?
Web sites these days are no longer the safe heaven we once innocently enjoyed. There are hackers who are quite adept at web design, and who use many simple but highly effective social engineering tactics such as described in my opening to this article, or they are exploiting these skills to inject hostile code into business web sites who then inject the hacks into any computer that happen to visit by.
Yes... Probably Yours too!
Also you do not need to visit porn sites or Warez sites to be infected these days either. Just do a Google or Yahoo search, and analyze the URL returned by the results with Malhound Pro or some other similar tools, and you will be surprised by just how many are trying to infect you with hacks or exploits, and or tying to convince you to download a Trojan posing as "New Video or Sound Codec" or trying to install software to capture your keystrokes as you input passwords into secured sites.
Not to mention the large variety of software that allows one to view someone else's computer screen in real time while undetected. Often these infection are engineered, and sold by clever businesses claiming to help one find cheating spouses or to watch over the online activity of misbehaving employees. Resulting in the Breaching of everyone's privacy...
This all sounds alarming, but one can not underplay this reality in good conscience. However there is hope, and many effective tools are available to fight against these problems.
What can be done?
My Advice: In Windows, create a "New" user account with limited user rights (Do not use an Administrative account) for simple web browsing since given the possibility of an exploit, it would grant the exploit "God" mode on your PC, and trouble could quickly develop...
Also"ARM and Harden" your system.
You can begin by using Firefox with a good password manager such as Roboform and a few other powerful add-on to enhance Firefox's already good security...
Equip your Firefox web browser with the Free NoScript add-on. It will provide much increase in the control you will gain over the content processed by your web browser, within the sites you visit. This is effective since most hacks, and exploits are injected into your computer via your web browser using embedded scripts installed on the sites we all visit. Having the ability to selectively allow or deny scripts to run on any given web site is incredibly empowering from a security perspective...
Many cyber criminals develop sophisticated hack sites, and pay unsuspecting web site owners or use search engines to host ads leading to these sites, and to sites infected with exploits. Also many hacks these days are located on often poorly administered but legit business sites easily compromised by hackers as companies cut down IT services, and outsource to reduce expenses.
Fortunately several good, and Free Browser based link scanners are available to help defend against this. My personal favorite isWOT(Web of Trust) a free Internet security add-on for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. It also provides every users the ability to include their own input on every sites visited. Very nice tool.
Also McAfee SiteAdvisor works as an early warning system against many of those nasty sites, and will also block access to the ones with known hacks or hostile scripts. Browser Defender is also currently under development and looks promising.
Using the tools mentioned above you should always at least visually verify that no attempts are made to obfuscate the URL's displayed and maybe even Scan URL links to all web sites, and not only those you do not recognize before you click them to inspect them for exploits as well. Be most specially careful when doing Yahoo or Google searches, since many of the returned results look safe but are in fact often links to sites designed with a hack for the sole purpose of infecting unprotected visitors.
Another powerful method to protect against online infections is to run all your web activity within a virtual Sandbox as this will contain any unwanted changes or infections within the sandbox, and allow all changes made by Malware to be fully undone at will. We Recommend Sandboxie a free yet powerful, and easy to use sandbox.
Install a good keylogger Scrambler, as it will help prevent hackers getting your passwords using sophisticated keyloggers . We currently recommend KeyScrambler Personal it is Free, a simple yet powerful Key logger scrambler protection that works with your web browser.
Probably the best advice and easily the most important. Keep patching your system, and not only the operating system but all your applications as well. a good article is available here:
Also noteworthy: The best protocol is to use all the tools proposed on this page. Also all the tools mentioned above actually play nice with each other and with your existing security tools. So you can use them without worry...
Although what I wrote above is good advice it is by no means a complete explanation of what the best "over all" you can do to secure the whole system against intrusions. for more "thorough information on how to lock down tight read our Cyber Self Defense article.
By implementing these simple tactics you will be safer than most web users, as over 90% of the Internet population have no idea how to effectively defend themselves against the ever increasing number, and types of attack vectors, resulting in substantially increased risks for the rest of us.
Besides these tools actually do work, and are mostly Free.
If you need assistance in implementing these please call me:
or
Toll Free Canada & U.S.A.
1-866-204-4567
416-535-7396
Toronto & surrounding areas
All tools recommended in this article are available here:
ThreatFire uses advanced patent-pending technology to detect signs of malicious behavior commonly used by malware threats. ThreatFire is unlike traditional antivirus products that rely on old fashioned "signature" technology and require updating every time a new threat occurs.
By constantly monitoring the activity on your PC ThreatFire’s ActiveDefense technology is able to hunt down and paralyze threats that are too new or too clever to be recognized by traditional security software.
ThreatFire employs an intelligent behavioral engine to only alert you on truly malicious behavior, because sometimes even legitimate software may look malicious. This means you are only alerted when you really need to be.
Tired of dealing with rogue software, spyware and malware?
Tired of spending countless hours removing unsolicited software?
Try Sandboxie.
The award-winning Web browser is now faster, more secure, and fully customizable to your online life. With Firefox 3.6, we’ve added powerful new features that make your online experience even better.
Flagfox is an extension that displays a flag icon indicating the current webserver's physical location. Knowing where you're connected to adds an extra layer of awareness to your browsing and can be useful to indicate the native languages and legal jurisdictions that may apply. Additional information can be obtained via a multitude of external lookups and users can add their own custom actions. All actions can be added to the flag icon's context menu and set to icon click or keyboard shortcuts for quick access.
There's a Browser Safer than Firefox... ...it is Firefox, with NoScript!
The NoScript Firefox extension provides extra protection for Firefox, Flock, Seamonkey and others mozilla-based browsers: this free, open source add-on allows JavaScript and Java execution only for trusted domains of your choice (e.g. your home-banking web site). NoScript optionally blocks Flash and other potentially exploitable plugins too, and provides the most powerful Anti-XSS protection available in a browser.
NoScript's unique whitelist based pre-emptive script blocking approach prevents exploitation of security vulnerabilities (known and even not known yet!) with no loss of functionality...
KeyScrambler defeats keyloggers by encrypting your keystrokes at the keyboard driver level, deep within the operating system. When the encrypted keystrokes reach your browser, KeyScrambler then decrypts them so you see exactly the keys you've typed. Keyloggers can only record the encrypted keys, which are completely indecipherable.
Browse the Web Safely!
Bookmark this site!
Skype = Hermes.Computers
Get Expert Technical Help When You Need it Wherever You Are
If our Toll Free number is unavailable in your area, simply click on our "Call Back" Button when visible just above, or E-mail us, and request us to call You back at our expense.
or Try the Free International SKYPE to SKYPE Call with SKYPE Now! Operators available!
hermes.computers
Application Vulnerability Audit
Important Perform Applications Vulnerability Assessment
Most computer systems have many programs with exploitable vulnerabilities installed...
Get the Insecure or End of Life Application programs, patched before they can be exploited by the bad guys...
Call Now!
Environmentaly friendly
See why we are the No. 1 Environmental Choice!
Do you have any questions that I can help you with?
