Greetings everyone,
Normally I try and announce lots of cool new large features here (when I remember to); and I'm not much of a blogger. So I don't really put much up considering how many things are done between blog posts. But since Computer security on the web is right up my alley; I figured I would post on this subject as my customers, and my customers-customers are affected by this issue.
First my sympathies go out to the HC owner, all the HC sites, and the HC customers who have been affected by these malware hacks that have occurred on HC. It is disturbing that now sites our size are a target for the Malware infecting jerks.
Now, the first thing you can do to improve your ability for your computer to withstand getting a malware infection on a site you visit is run the latest Version of or . Running Internet Explo
der is not recommended.
The second thing you can do is make sure your plugins you are using in your browser; typically "Flash", "PDF", and "Java" (Not "JavaScript") are either running the latest version or are disabled.
In Chrome, you can type "about:plugins" in the url bar; and you should see a screen like:
You will notice I highlighted the link that will disable a plugin. If you see any plugins you don't use regularly -- I highly recommend you disable them.
The ones you probably need are (Chrome will keep up to date these 4 plugins):
1. Shockwave Flash -- used for like Youtube, Videos, and a Lot of web Games.
2. Chrome PDF Viewer -- used to read PDF files
3. Google Updater -- Helps keep the browser and google stuff updated
4. Google Update -- Helps keep the browser and google stuff updated
The ones you MIGHT need are:
1. Silverlight -- Some sites use Microsoft Silverlight (like NetFlix)
2. Java -- Some sites use Oracle/Sun Java, if you rarely use a Java site -- I would disable this one.
Again, if you don't use sites that use Java (we are not talking about JavaScript) or Silverlight; then I would highly recommend you click the disable button on these two plugins. Anything we can disable makes your browser a tad more secure. Every plugin you are running is another possible "attack" location.
In Firefox; you can do it via the "Firefox" button (circled in red) on the tab; click "Add-Ons" (in Orange)
Then you click the "Plugins" (red), and any plugins in this list you don't need to disable. Again, if you don't use Java or Silverlight disable it here by either clicking the "Disable" button, or right-mouse clicking and then clicking the disable on the menu (red).
After you are done disabling any plugins, click the link "Check to see if your plugins are up to date" (blue). (Or type in )
You should then see a screen like this:
If your Java is really out of date; it will give you the warning (in yellow); if any plugins it tracks are old it will give you and "Update" button (red) and any that it doesn't know about it will give you a research button. (green). Click "Update" on any that need to be updated and follow the instructions for updating those plugins.
Now one more thing you can do with Firefox that can really improve your security; and it is in the form of two "Add-ons". You can get them both from
.
The primary one is in Red and is called NoScript; this will BLOCK ALL JavaScript from ALL sites. So by default when you go to a new page JavaScript won't run. If you decide you need JavaScript on a site; you can enable it temporarily or permanently for that site. The nice thing about this; is if you decide to enable it on just HC and they do get hacked again. The odds are pretty large that the malware is actually linked/served from another server; and because NoScript by default won't run any additional JavaScript from any other sites it doesn't know run -- this means the JavaScript that would have attempted to compromise your machine, will never run. Now NoScript can be a little irritating initially enabling it for your normal sites; but once you have your "good" list built; you almost never have to touch it and the protection it affords is probably in my opinion greater than having a anti-virus program installed. Now I'm not saying don't use Anti-Virus, just that if properly used NoScript can keep you from getting quite a few types of infections in the first place.
The second one is call AdBlock Plus; it blocks ad's -- occasionally an ad network can deliver malware, this is pretty uncommon; but it has happened a couple times with some really large sites. So, I prefer to play it safe and recommend it also.
Nathan