10 misconceptions of safe web browsing
Many web users today are suffering from misconceptions about safe web browsing.
You might think you’re being safe, however, a newly infected web page is discovered online every couple seconds. It is nearly impossible to stay up to date on infected sites—no matter your competency levels and experience with the World Wide Web.
To start this assessment, ask yourself the following:
- Do you practice ‘safe’ web browsing?
- Do you avoid ‘risky’ sites?
- Do you limit the time spent online during work hours?
- Do you use a secure web browser?
- Do you know what a ‘risky’ site looks like when you visit it?
If you answered “Yes” to any of these questions, then you MUST read this article!
Misconception 1: The web is safe. I know this because I’ve never been infected.
You may not even know you’re infected. Most malware attacks are designed to steal personal information and/or passwords. Some will use your machine for distributing spam, or other inappropriate content without your knowledge. Most users have no idea when they have been affected by malware and/or a viral attack.
Misconception 2: Users in my organization don’t waste time surfing inappropriate content.
If your organization does not have web filtering in place, then you would have no idea what users are doing on their machine(s). Nearly 50% of corporate Internet use is going unchecked today. That is an average of 2 hours per day (per user). More importantly, if employees are exposing their machine(s) to inappropriate content, there can be serious legal ramifications.
Misconception 3: My organization controls web usage through an established policy.
If an employee is smart enough, they can circumvent filtering policies by anonymizing their proxy and visiting any web site they wish to visit. Anonymizing proxies are widely used by students – and now are finding their way into the work force as these children graduate and become gainfully employed. If you do not think this in an issue, you can Google the term: ‘bypass web filter’ – you will find approximately 1.8 million ways to accomplish this task.
Misconception 4: Only sites containing pornography, gambling and other ‘questionable’ content are dangerous.
Trusted sites that have been hijacked represent more than 80% of malware hosting sites. Most of these infected sites are those that you may trust and visit on a daily basis. The reason for this is that popular sites with high traffic are bigger targets for those who wish to distribute malware and viruses.
Misconception 5: Naïve users are the only ones to get malware and viruses on their computer.
Malware from drive-by downloads happens automatically without any user action, other than visiting the site. Therefore, it doesn’t matter what level of computer expertise you have. The fact is, if you are visiting sites on the internet, you are at risk for viruses and malware.
Misconception 6: You cannot get infected unless you download files.
Most malware infections now occur through a “drive-by” download. Hackers inject the malicious code into the actual web page content, then it downloads and executes automatically within the browser as a by-product of simply viewing the web page. The malware is typically part of a professional exploit kit marketed and sold to hackers that leverages known exploits in the browser, operating system or plug-ins to infect the computer and download more malware. Again, it does all of this without a user having to do anything other than visit a hijacked web site.
Misconception 7: Firefox is more secure than Internet Explorer
All browsers are equally at risk because all browsers are essentially an execution environment for JavaScript, which is the programming language of the web and therefore used by all malware authors to initiate an attack. In addition, many exploits leverage plug-ins such as Adobe Acrobat reader software, which runs across all browsers. Although the more popular browsers may get more publicity about unpatched exploits, it’s the unpublicized exploits you should be most concerned about. The fact is, there is no safe browser; when security research firm Secunia tabulated the number of browser exploits reported in 2008, Firefox was actually the least secure.
Misconception 8: When the lock icon appears in the browser, it’s secure.
The lock icon indicates there is an SSL encrypted connection between the browser and the server to protect the interception of personal sensitive information. It does not provide any security from malware. In fact, it’s the opposite because most web security products are completely blind to encrypted connections: it’s the perfect vehicle for malware to infiltrate a machine.
Furthermore, some malware can exploit vulnerabilities to spoof SSL certificates to make users feel more secure or enable devious connections to fake banking sites. There are numerous recent examples of hackers creating elaborate phishing schemes that emulate bank, credit card, or PayPal sites complete with spoofed SSL certificates that are extremely difficult for the average user to identify as fraudulent.
Misconception 9: Web security requires a trade-off between security and freedom
While the internet has become a mission critical tool for many job functions, whether it’s Facebook for HR or Twitter for PR, it’s completely unnecessary to create a trade-off between access and security. A suitable web security solution provides the freedom to grant access to sites that your users need while keeping your organization secure. Policy settings for groups or individuals don’t need to be complex—a few quick steps through a wizard are all a user needs to secure and enable your organization.
When evaluating a web security solution, be sure to focus on the administration tasks you will use most often, such as establishing special policies for users or groups. How easy are these tasks? How much time do they take? How many steps are involved? Is documentation required to navigate through the process? These are all important security questions when managing a network or user group.
Myth #10: Endpoint security solutions can’t protect against web threats
Typically, this has been the case because the web browser is essentially its own execution environment: it downloads content, renders it, and executes scripts all without any visibility outside the browser to endpoint security products. However, this is changing. As a result, it’s opening up a whole new approach to web security, particularly for mobile workers who are operating beyond the traditional boundaries of the corporate network. Live Protection enables real-time malicious site filtering at the endpoint to protect mobile or remote workers who may be operating off a corporate network.
What does all this mean?
In a nutshell, this means that if you do not have a trusted IT partner that is managing security – FIND ONE!
AI Software can help you with this. Contact us today to learn how to keep up-to-date with the most recent security now . . . and in the future.
Terryterry@aisoftwareinc.com
No comments:
Post a Comment