Warning: your computer might be infected!

noscript logo. lelijk beestje, dat script-monsterWarning: your computer might be infected while surfing the web! Because these days web criminals aren’t just attacking government or corporate servers any more, but your browser as well. That way they can steal/ manipulate your data or install other malware. Most of these attacks happen while you are surfing and all the anti-virus software and spyware-scanners in the world will not fully protect your system and data (as Clopin found out while cleaning multiple PC’s of his family). The good news? There are only two big threats: malicious javascript and your own utter stupidity. And both can easily be countered.

Although stupidity is normal, you should try to live by one simple rule: don’t download software. Just don’t. And if you really must, only install if it comes recommended by at least one trusted source such as a computer-literate friend or a high-profile tech website. But don’t download software because a flashing red text on some obscure website tells you your computer is “infected”. Don’t “install a new version of Flash Player” to see that free porn movie. Don’t download, don’t install. Don’t!

Protecting against evil javascript (and malicious html, css, flash, java, …) is another issue. Attacks such as XSS, XSRF or clickjacking are barely visible. You’ll be happily surfing, clicking hyperlinks left and right, logging into your favorite web-apps and before you know it your data has been stolen or tampered, a password was reset or someone gained access to one of your online accounts. Entirely disabling javascript is not an option (you need it for most of modern web-applications to run), but if you’re a security-conscious Firefox-user there’s an easy solution; Noscript.

Noscript is a Firefox-addon that simply blocks all code (Javascript, Flash, Java and Silverlight) from being executed, protecting you by default against almost all types of browser-based attack (“almost”, as I’ve seen a nice proof-of-concept of a history-stealing web-page that only uses CSS-trickery, which Noscript can’t block). If you’re on a site you trust, you simply tell Noscript to temporary or permanently allow javascript -and other code- for that site and you’re back in web2.0-land. It may take some getting used to (a.o. to build a good permanent whitelist to allow your default sites to function), but it’s a great tool that can even double as a flashblock and (to some extend) adblock plus replacement!

So, to summarize; don’t install software and install Noscript and all will (probably) be well.

3 thoughts on “Warning: your computer might be infected!

  1. florisla

    Discipline is best enforced by inconvenience. Even in Windows, you can create an ‘admin’ user and a ‘restricted’ one. I found this increases the life time of a ‘clean’ install dramatically.

    Of course, it’s better to avoid Windows altogether…

    Reply
    1. frank Post author

      Absolutely, but even those precautions won’t protect you from XSS, XSRF of clickjacking, as these are entirely different types of attack.

      Reply
  2. PC Maintenance

    First thing first, this is an excellent post. Lot of this may be beyond the average computer users perview.But, with threats looming at every nook and corner, being fully aware and updated about the loopholes will help protect data!

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *