Tag Archives: Mozilla Firefox

Having a dedicated computer for online banking

Clipart of bills and coins
Image via Wikipedia

Here’s a great idea that doesn’t get talked about enough: having a computer you use only for online banking and other financial activities, and a different computer for games, music and general Internet usage.

It seems like an expensive route to have two separate computers, but think about it—your financial machine only has to be just powerful enough to handle an operating system, an Internet connection and a web browser. You don’t need massive amounts of RAM or a great (or even particularly good) video card. You could probably even find a used laptop running Windows XP (if you’re a PC user; however I would not recommend Windows Vista) if you poke around. Install your antivirus software and Mozilla Firefox with the NoScript plugin, and you’re ready to go. I would also recommend setting up a separate email address for anything related to finances, and only check it with your financial computer.

What this does is keeps your financial activities separate from everything else; you’re not likely to encounter malware by logging in to your credit card providers or financial institution’s website. In the meantime, if you run into malware trouble on your “fun” computer while mucking about on the Intertubes, the damage will be limited. Your banking passwords won’t get snagged by a keylogger you picked up on an infected website, even if your Facebook password does.

Of course, buying a separate computer is going to cost money whether you go new or used, and in any case you have to keep your security software up-to-date on both machines. It’s not an option for everyone. However, if you can swing a few hundred bucks for a dedicated banking computer and some good security software, it’s just one more layer of protection.

Online security: teach your children well.

I don’t have any kids yet, but I know a few people who do.

Okay, so I know more than a few. I know many, and almost all of them have something in common: their computers are constantly being infected with viruses, trojans and other types of malware. I’m not talking about the occasional adware popup or tracking cookie—these machines are usually just crawling with malicious software.

There’s sort of an old myth that your twelve year old is always going to know more about the computer than you. Perhaps this is true when it comes to first-person shooters and making goofy videos, but kids don’t know everything about computers, and security is one of those areas where they generally seem to lack the fundamentals.

Of course, they’re invincible, too. There’s always that. Ask them sometime; “Is it even possible that you might run into a virus on the Internet?” They’ll probably look at you like you’re an idiot. Again.

But it happens, and it seems to happen a lot. You’ve got to educate your kids about malicious software, because a keylogger doesn’t care who downloads itself; it’s going to send login and password information, whether it’s to a Facebook profile (bad news) or your financial accounts (worse).

First, if you’ve got kids using the Internet, try to keep an eye on them at least some of the time. Since this is impossible, though, make sure you’re using Firefox with the NoScript plug-in. No Internet Explorer! There are more holes in that browser than a hunk of Swiss.

Secondly, learn about the various dangers yourself, and make sure you warn your kids. No kid is going to be able to resist “lol is this you?” or “lol funny video” followed by a shortened URL, unless someone tells him that such links lead only to malware.

Thirdly, obtain the burliest antivirus and firewall software you can afford, and pay the money to keep it updated. This is vital anyway, but if you’ve got kids clicking a mile a minute on Facebook and Twitter, you really need to take maximum precautions.

I suppose you could try to limit your kids’ access to the Internet, but you could also try to wrestle a grizzly bear while you’re at it. Good luck with that one.

Finally, consider getting your own computer or laptop that the kids aren’t allowed to even touch, and use that one for business and banking. At least your accounts will be safe(r), assuming you’re taking the necessary precautions on this computer as well.

Okay, does this post officially put me in the “old person complaining about young people” camp? It does sort of have that “I tell ya, the kids today, with their Facebooks and their Twitters,” flavor doesn’t it?

I don’t know, but I know it’s important to get your kids hip to the dangers of malware as soon as you can. Your own financial security may depend on it.

Ransomware: It’s a fake virus scanner, only more violent.

Last September, I wrote about fake virus scan pop-ups that you sometimes encounter while using a web browser, sometimes known as “scareware.”

What I didn’t cover was a class of malicious software known as “ransomware,” the fake virus scanner’s more violent cousin. The difference?

  • Scareware: tries to trick you into purchasing useless software and probably installs spyware, adware and other malware.
  • Ransomware: poses as a virus scanner, but locks up your computer and forces you to purchase useless software to unlock your computer. Also likely installs a bunch of other malware, in addition to the fact that you’ve just given criminals your credit card number.

It’s kind of the difference between a con artist and a mugger, I guess.

There’s no real way to tell offhand whether a fake virus scan pop-up window is scareware or ransomware. It doesn’t really matter—you don’t want it either way. The same rules for prevention apply in both cases.

Both start the same way: you visit a website and a window pops up that tells you your computer is infected with a virus. The pop-up almost always has an “OK” and a “Cancel” button. Do not click on either of these, because they both install the malware.

You can click on the “X” in the upper-right corner of the window, but I don’t even like to do that. I use “CTRL-ALT-DEL” to force the browser to close. I think the Mac version of “CTRL-ALT-DEL” is “Command-Option-Escape.”

After I’ve shut down the browser, I run a virus scan and a spyware scan. It’s sort of a pain and it takes a while, but too many people value convenience over security, and they end up paying for it. There are very few instances in which it’s not possible to find something else to do while your virus scanner runs. You don’t have to be on the Internet 24/7, you know.

Now, I’m not one to tell anybody what brand of web browser to use, but I will say one thing on the topic: since I switched from Internet Explorer to Firefox with the NoScript plug-in, I haven’t had a single scareware window pop up. I’m not telling you what to do. I’m just sayin’.

Also, I know it costs money, but you cannot afford not to do it: install some good antivirus software, keep it updated and keep your subscription current. Norton, McAfee, Kaspersky; I don’t care which one you use, just use something. No, it’s not super cheap, but if you’d rather shell out $79 to unlock ransomware than spend $69 on actual protection…well, in that case I think there’s just something the matter with you.

Finally, for an extra level of protection, install the excellent (and free!) Spybot Search & Destroy. Yes, right now. There is one annoying thing about this software, though, and it’s Microsoft’s fault: in Windows Vista and Windows 7, in order to run S&D properly, you can’t just click on the icon. You have to right-click the icon and select “Run as administrator.” You won’t be able to actually remove anything if you skip this step.

There’s a recent story about ransomware at MSNBC, with a video that shows the malware in action (and actually shows you how to unlock it with hacked registration codes).

LongURL: How to see where a shortened URL takes you before you click.

Twitter (and to some extent, Facebook) have seen the rise of the URL Shortener.

When you want to share a link on Twitter, you run into a problem: the web address you need to paste takes up most or all of your allotted 140 characters, which leaves no room for your commentary, or extends beyond 140, which renders the link useless. However, sharing links is about half of what people use Twitter for (other than pointless babble and talking about what they just ate. Amiright?).

Along came the URL shorteners.

With a URL shortening website, you can enter a long web address, and the site will create a link that only uses up a few characters, which leaves room for you to tell people exactly what the link is.

For example, if you wanted to point to this article on Twitter, you could paste this link:

http://fraudpreventionunit.org/2010/01/12/longurl-how-to-see-where-a-shortened-url-takes-you-before-you-click

Or you could use this:

http://bit.ly/cMIkCZ

The first one uses up 109 characters, which only leaves you room to say “Cool!” or something, which makes the link look suspicious. The second link only uses 20, which leaves you 120 characters, more than enough for a short sentence or explanation.

Bit.ly is just one of the popular URL shorteners. Others that spring to mind offhand are Ow.ly, Tr.im, and Tinyurl.com. WordPress has its own service, too; Wp.me.

Now, here’s the problem. When you look at a shortened URL, there’s no way to tell where it takes you. Of course, you can look at the text it was pasted with, but there’s a problem there, too: several years ago, somebody discovered that it’s possible to lie on the Internet.

What this means is that a person with questionable intentions could post a shortened URL and tell you it’s a link to an interesting video or article, but have the link actually take you to a site that will install some form of virus or spyware (read: financial and identity theft risk) onto your computer.

Along comes LongURL, a shortened URL decoder.

LongURL is a site that allows you to paste a shortened URL and it will tell you the address of the site it points to. It’s sort of like a reverse phone lookup.

It’s not just a website, either. If you’re using Mozilla Firefox as your web browser (and, to be honest, you really should be), you can install LongURL as a plugin. This means you don’t have to visit the LongURL website every time you want to expand a URL.

“But,” I can hear some of you saying, “isn’t it awfully inconvenient to have to check out every shortened URL before I click it? I don’t want to slow down!”

Well, that’s one of the attitudes that keeps Internet crime so lucrative. It’s been a long time since malware was the exclusive domain of nerdy suburban kids and college students trying to cause disruptions or simply stroke their own egos by putting out a widespread and annoying (but relatively harmless) virus. These days, most of the people creating malware and using all these different tactics to distribute it are involved in organized crime and/or terrorism (or at best, extremely scummy marketing practices). It’s all about money now.

When you insist on unconsciously following any link you feel like following, without taking a moment to consider the possible consequences, all in the name of not wanting to slow down, you’re playing right into these criminals’ hands. It won’t be long before you fall for a shortened URL phishing attack and end up with a computer just brimming with bad juju.

I mean, it’s hard enough to keep your computer clean if you are paying attention, what with so much of the software industry’s insistence on rushing sub-par products to market that are vulnerable to things that, frankly, should have been eliminated 15 years ago (all in the name of speed, as usual). If you’re just blindly speeding along and not taking a couple seconds to look where you’re going, you’re going to run into something nasty before too long.

Ask yourself this: “Would I rather take an extra five seconds to check out what this URL is pointing to, or would I rather end up with a computer full of viruses (which could take hours or days to fix) or an identity theft situation (which could take months to fix)?”

Go to LongURL. Pay attention. Stay vigilant. Slow down.

Microsoft Internet Explorer vs. Mozilla Firefox: which browser is safer?

Just the other day, news of a pretty major hole in Internet Explorer versions 6 and 7 was made public (no word on whether or not the vulnerability applies to version 8, which is the latest one at this time).

Why did the “hacker” in question make this information public? Some people might assume he or she wants to cause widespread chaos, but I actually think it’s good to publicly post things like this. This forces Microsoft to come up with a patch for the problem as soon as possible.

However, I recently decided I’m sort of done with always waiting for Microsoft to patch browser software that has more holes than a hunk of Swiss, and made the switch to Mozilla Firefox.

I can’t really give you the tech-head reasons why I feel Firefox is the better, safer browser (mostly because I’m not much of a tech-head), but a large portion of the Internet-savvy population agrees that it’s the way to go.

For one thing, Firefox is “open source” software. A whole community of programmers is constantly making improvements to it. Should the rare security vulnerability come to light, it’s fixed in record time.

Microsoft is at a disadvantage here. Being a huge corporation with shareholders’ interests as their primary concern, they have multiple levels of bureaucracy to work through before they can release anything. I’m sure even a simple security patch is met with resistance—”This will mean publicly admitting a weakness, which could hurt share prices!”

I’m not saying Microsoft couldn’t release a great browser right out of the box, I just think that with their deadlines and the need to think about profitability above all else, they tend to rush releases before everything is ready.

The cool thing about Firefox is that there are all kinds of plug-ins (or “add-ons”) available. Right now, I run the latest version of Firefox with a plug-in called “NoScript.” This nifty little program starts you off by blocking ALL Flash, Java and JavaScript programs. As you visit websites, you get to choose whether or not to allow it to run all, some, or none of the scripts embedded in the site.

For example, if you visit Facebook, it will start by blocking every script. Then you can select “Allow facebook.com” to run scripts. There will usually be several different websites per page running scripts, so you can select whether or not you trust them. If you don’t like the look of one of the URLs, simply don’t allow that site to run code, or search for it on Google to find out what it is (for example, I don’t let Fastclick.net run scripts. Ever).

There are some other good plug-ins, most of which I haven’t looked at. Some block pop-ups, some probably don’t work too great at all. The Firefox site has a big list of available add-ons.

There are a million better articles than this one about “Internet Explorer vs. Firefox” (just do a Google search), but if you’re ready to switch now, go download Firefox here and get the NoScript plug-in here.