Hackers/Malware vs. How to Safely Use the Internet

For the past two years, I’ve been on edge when it comes to my digital world. I never know if I’ll wake up and see a website defaced, a server being DDoSed or hacked, or my own computers infected by some 0-day junk. No, I’m not paranoid — that’s the voice of experience.

Excluding spam, malicious computer activity exponentially increased in 2011. It was simply out of control, and I thought it would only get worse as the years pressed on.

Everything from very large corporations to home computers were targeted by an array of groups and individuals.

If you’ve never heard of this, or taken steps to protect yourself, I’m not surprised. It doesn’t seem to make local news coverage. Ratings-hungry cable networks long ago abandoned topics deemed too complex for the average TV nincompoop. Print news buried it. The news we do get has been sidetracked by politics or the weather.

However, for somebody who relies on the internet to run a business, this can be just as devastating as any hurricane or tornado. We’ve seen a decrease in the past year, but is it a calm before the storm? Here are some ways that you can try and protect yourself.

Don’t Rely On Software!

Malware users have upped the quality of their viruses, trojans, rootkits and Javascript exploits, targeting homes and businesses. Simply visiting a website can fill your computer with extortionist software and password-stealing backends.

In past years, fending off malware was often as easy as running the latest software, picking pretty much any “Internet Security” suite (McAfee, Norton, Kaspersky, etc), and not opening weird email attachments. Those rules still apply, but don’t really provide protection anymore.

In 2011, I was infected five times with severely malicious software:

• a new variant of the Conficker worm,
• a new variant of the ms0cfg32.exe “system crasher”,
• a new variant of the Whistler (Wistler) bootkit,
• a new variant of the Defender.exe fake anti-virus extortion software,
• and a Google search redirect trojan.

If you find yourself laughing, then understand you’re who I’m talking to here. I’m not a “newbie” and am quite computer savvy. In fact, for the entire period from 1993 to 2010, I had less than five incidents with system infections — most of them harmless Word macro viruses in the late 1990s.

So what to do?

How To Browse the Internet

Easily the most common way to catch an exploit is by going to a website — both sites you trust and new ones that you’ve “surfed” to. Four of my five exploits came from websites. One of those was from a site I trusted. (The 5th one came from a thumb drive from my mother’s computer. Thanks mom!)

Any site can be infected at any time, and by a myriad of exploits. There’s the common attack vectors — injecting additional Javascripts, Java or ActiveX. But more and more hackers are infecting a site’s software — WordPress, phpBB, vBSEO, WHMCS, OpenX, ad networks — meaning both you and the site admin may be unaware of what’s going on. It’s buried too deep to be easily detectable.

For many people, the answer has been to use NoScript and ad blockers, as well as purge cookies on a regular basis, but that’s really the wrong approach. It’s too aggressive. It’s like killing an ant bed with an a-bomb. Yes it works, but overreact much? You annoy yourself, as well as harm the income of sites you frequent.

The best method to have is a “two browser” policy. With all the good web browsers now available — especially Firefox, Pale Moon and Seamonkey — there’s no excuse to use only one. Make one your “safe” browser, and use it only at sites you trust: online banking, shopping at Amazon, visiting The Digital FAQ, etc. And lock down the other one: disallow Javascript (NoScript), cookies, and ads.

If you’re a Microsoft Internet Explorer user, stop using it — IE is unsafe. Period.

Finally, run FlashBlock on both browsers, and allow sites to run Flash on an as-needed basis. For example, when intentionally viewing a YouTube video. Far too often, Flash ads have been used to exploit ad networks.

What To Do for Trusted Sites?

What about sites you trust, but get hacked, you ask? Also run NoScript on your safe browser, but allow it to run all the common scripts. For example, this site has not only scripts from digitalFAQ.com, but:

• Social: Facebook, Digg, StubleUpon, Twitter
• Analytics: Woopre, Tynt, Google
• CDNs: Akamai
• Ads: Google, OpenX, Doubleclick, others

Some of those are for your benefit, some are for ours. Blocking them prevents the site from functioning correctly — you cannot login, content is missing, the layout looks odd, the wrong fonts are displayed. If you’re not sure what something is, use Google and look it up. If the site is legitimate, the scripts probably are, too.

Should the site become infected in the future, it’s usually going to try and load a script from another server, and NoScript will catch it. So it acts as a backup protection.

How To Browse the Internet on Servers

One of the dumbest things a server admin can do is browse the internet from a server — even if it’s a safe site. Generally this isn’t done from Linux servers, but from Windows servers. Having a built-in GUI can make you lazy. Beyond that, most browser have memory leaks, so it slurps up the RAM, and makes sites and applications run slow even after its been closed.

Any time a browser is run on a server, you need to do two things:

1. Lock it down: No Javascripting, no Java, no ActiveX, no plugins, no Flash, no ads, no cookies, nothing. Only enable individual sites if absolutely required.
2. Go portable. Never install a browser on a server. Only use portable versions that unzip in a folder and run from there.

The only time you should visit a site from a server is to download trusted software directly from the vendor. Or to use the server’s own web-based control panel (Plesk, Website Panel, Enkompass).

In Part Two

In the next editorial, we’ll take a look at some of the software you can use to protect yourself. Some is freeware, some is payware. I’ll also share a few horror stories! Don’t let this happen to you!

Have comments or feedback? — Be sure to share your thoughts at this forum post.

Copyright Notice: All guides, articles and editorials found on digitalFAQ.com are copyright by The Digital FAQ and/or the respective authors. Articles may not be copied, borrowed, full-quoted or reproduced in any manner, online or in print, which includes blogs and forums, without the written email consent of Site Staff (which may or may not be given, for free or fee). Know that digitalFAQ.com staff does routinely monitor online plagiarism, and we do send takedown notices to site admins and/or web hosts (DMCA et al legal actions) as is necessary. If you would like for others to read articles found on The Digital FAQ, simply link to our content. (Note: Printouts for personal use is specifically allowed.)